Security & Privacy

Tor Browser

Why Tor?

The Tor Browser provides anonymous browsing through onion routing, protecting your identity and location by encrypting traffic and routing it through multiple relay nodes. It's essential for accessing .onion sites and maintaining privacy.

Installation (Linux)

# Download Tor Browser
wget https://www.torproject.org/dist/torbrowser/13.0/tor-browser-linux64-13.0_en-US.tar.xz

# Extract archive
tar -xvf tor-browser-linux64-*.tar.xz

# Navigate to directory
cd tor-browser_en-US

# Run Tor Browser
./start-tor-browser.desktop

Installation (macOS)

# Using Homebrew
brew install --cask tor-browser

# Or download directly from torproject.org
# Open .dmg file and drag to Applications

Installation (Windows)

Download the installer from torproject.org/download and run the .exe file. Follow the installation wizard.

Configuration

• Security Level: Set to "Safer" or "Safest" in Settings → Privacy & Security
• NoScript: Enable to block JavaScript on untrusted sites
• Bridges: Use bridge relays if Tor is blocked in your region
• New Identity: Click the onion icon → "New Identity" to get a new Tor circuit

Resources

• Official Tor Project
• GitHub: Tor Browser Launcher
• Tor Browser Manual

VPN Configuration

Why Use a VPN?

A Virtual Private Network (VPN) encrypts your internet connection and masks your IP address. While Tor provides anonymity for .onion sites, combining Tor with a VPN adds an extra layer of privacy for your regular browsing.

Recommended VPNs

• Mullvad VPN: No-logs policy, anonymous account creation, accepts cryptocurrency
• ProtonVPN: Switzerland-based, audited no-logs, free tier available
• IVPN: Open-source, privacy-focused, no phone number required

Mullvad Installation (Linux)

# Download .deb package
wget https://mullvad.net/download/app/deb/latest -O mullvad-vpn.deb

# Install
sudo dpkg -i mullvad-vpn.deb
sudo apt-get install -f

# Launch Mullvad
mullvad-vpn

ProtonVPN CLI (Linux)

# Install via pip
pip3 install protonvpn-cli

# Initialize
protonvpn init

# Connect to fastest server
protonvpn connect --fastest

# Check status
protonvpn status

# Disconnect
protonvpn disconnect

VPN + Tor Setup

Recommended order: You → VPN → Tor → Internet

1. Connect to VPN first
2. Launch Tor Browser
3. Access .onion sites through Tor

Note: This prevents your ISP from seeing Tor usage, but the VPN provider can see you're connecting to Tor (though not what you're doing).

Resources

• Mullvad VPN
• GitHub: Mullvad
• ProtonVPN
• GitHub: ProtonVPN CLI

PGP/GPG Encryption

Why PGP?

Pretty Good Privacy (PGP) and its open-source implementation GNU Privacy Guard (GPG) provide end-to-end encryption for messages. Essential for secure communication on darknet platforms.

Installation

# Debian/Ubuntu
sudo apt-get update
sudo apt-get install gnupg

# macOS (using Homebrew)
brew install gnupg

# Verify installation
gpg --version

Generate Key Pair

# Generate key (interactive)
gpg --full-generate-key

# Choose options:
# - Key type: RSA and RSA (default)
# - Key size: 4096 bits
# - Expiration: 1-2 years recommended
# - Enter your email and passphrase

Export Public Key

# List keys
gpg --list-keys

# Export public key (ASCII armored)
gpg --armor --export your@email.com > pubkey.asc

# Display public key
cat pubkey.asc

Encrypt & Decrypt

# Encrypt a message
echo "Secret message" | gpg --encrypt --armor -r recipient@email.com > message.asc

# Encrypt a file
gpg --encrypt --armor -r recipient@email.com file.txt

# Decrypt
gpg --decrypt message.asc

Sign & Verify

# Sign a message
echo "Message" | gpg --clearsign > signed.asc

# Verify signature
gpg --verify signed.asc

Best Practices

• Use strong passphrase (20+ characters)
• Store private key backup in secure location
• Use 4096-bit keys for maximum security
• Set expiration date (1-2 years)
• Publish public key to keyservers if needed
• Verify fingerprints before trusting keys

Resources

• GnuPG Official Site
• GitHub: GnuPG
• PGP Best Practices

Tails OS (Advanced)

What is Tails?

Tails (The Amnesic Incognito Live System) is a security-focused Debian-based Linux distribution aimed at preserving privacy and anonymity. It runs from a USB drive and leaves no trace on the computer.

Key Features

• Routes all internet traffic through Tor
• Leaves no trace on the host system
• Includes encryption tools (PGP, LUKS)
• Persistent storage option for files
• Pre-configured for anonymity

Installation

1. Download Tails ISO from tails.boum.org
2. Verify the download using PGP signatures
3. Create bootable USB using Etcher or dd command
4. Boot from USB (may need to change BIOS settings)

# Create bootable USB (Linux/macOS)
# WARNING: This will erase all data on the USB drive
# Replace /dev/sdX with your USB device

sudo dd if=tails-amd64-5.8.img of=/dev/sdX bs=4M status=progress
sync

Resources

• Official Tails Website
• GitLab: Tails Source Code
• Tails Documentation

Additional Security Tools

Whonix

Operating system designed for anonymity. Runs in virtual machines with all traffic forced through Tor.

• Whonix Official Site
• GitHub: Whonix

KeePassXC (Password Manager)

Open-source, offline password manager with strong encryption.

# Install KeePassXC
sudo apt-get install keepassxc  # Debian/Ubuntu
brew install keepassxc           # macOS

• KeePassXC Official Site
• GitHub: KeePassXC

VeraCrypt (Disk Encryption)

Free, open-source disk encryption software for creating encrypted volumes.

• VeraCrypt Official Site
• GitHub: VeraCrypt

OPSEC Best Practices

Operational Security Guidelines

• Compartmentalization: Keep identities separate, use different accounts
• Metadata: Remove metadata from files before sharing
• Browser Fingerprinting: Use Tor Browser, avoid extensions
• Time Zone: Be aware of timestamps revealing your location
• Writing Style: Avoid unique phrases that could identify you
• Social Engineering: Be skeptical of requests for information
• Software Updates: Keep all security tools updated
• Physical Security: Protect devices, use full-disk encryption

Further Reading

• Crypto OPSEC Self-Guard
• Privacy Guides