Section 2: Setup

Step 1 — Setup your computer

OS Encryption

This is the first step is also your last line of defense in a worst case scenario. Use VeraCrypt to encrypt your OS. For the extra paranoid, you can also setup a hidden operating system where you essentially have 2 completely separate operating systems, depending on which password you enter during the decryption process, and its nearly impossible to prove the existence of the other.

Virtual Machine

Whether you’re using your existing computer, or a dedicated device, I strongly recommend running a VM (virtual machine) on it, and restricting your alter-ego activities to it. This has the extra benefit of containing most malware inside the VM itself, which could also deanonymize you if you’re sharing the same OS for your regular and alter-ego activities. Think of it as a quarantine zone, and everything inside has space AIDs. You don’t want anything going in it (personal information), and more importantly out of it.

Never use this VM to access any of your existing accounts including but not limited to your bank, Gmail, Twitter, Facebook, Yahoo, Instagram, Pornhub, your local church’s message board, etc.

Don’t open the browser inside the VM until you get a VPN, as you run the risk of getting fingerprinted and tracked while on your ISP IP address.

Step 2 — Get some Bitcoin

Contrary to popular belief, Bitcoin is not anonymous. All transactions and wallet (account) balances are public information. Bitcoin does hide the identity of the wallet holder. Unfortunately, simply spending the Bitcoins on products/services in your name nullifies this. You can watch a video on this subject here.

There are many exchanges online where you can buy Bitcoin, all of which will require personal identification, which sometimes goes above and beyond what you need to provide to trade on the stock market. You have plenty of opportunity to expose yourself as you use Bitcoin, so at the very least try not to do that at the very beginning.

The best thing to do is buy Bitcoin with cash. You can use LocalBitcoins for this purpose. Alternatively you could use a Bitcoin ATM if one is available in your city. Keep in mind some of them require extreme measures like providing your ID, palm scanning, DNA samples and first born child sacrifice in order to use them. Only use the ones that don’t require any of these things, unless you hate your kids.

You will also need a wallet. I’m not talking about getting another highly fashionable Bacon Wallet you may be carrying around already, but a Bitcoin wallet, which is unfortunately not bacon flavored.

When it comes to storing your Bitcoins you have 3 options: online wallet, computer wallet and cold storage. We’ll ignore cold storage for the purposes of this article.

There are many online wallets being provided by various companies, but they suffer from the same issues mentioned above (need to provide private information). I personally like having the wallet on my computer since I’m the only one truly in possession of my Bitcoins, and I don’t have to rely on any 3rd party which has my private information or is constantly at a risk of getting robbed. Here is a good list of wallets you could use. Make sure you’re looking at the “Desktop” category. The downside to using these is that if your hard-drive crashes, and you made no backups, all your money is gone.

Step 3 — Get a VPN

Now that you got your computing environment setup, and acquired Bitcoins, it’s time to get a good VPN for situations where TOR is blocked, or you must change your IP to a specific country in order to access a service.

Fire up your TOR Browser, and head over to your favorite VPN provider’s website. Most will ask you for an email, you can use a disposable email provider for this purpose. Some providers don’t even ask you for an email, which is a good sign of their commitment to privacy.

Firewall

Make sure the provider you choose has a proper firewall built into the client, not just a “kill switch”, which is basically snake oil, since it’s a reactive measure that simply shuts off the processes of your choice if the VPN connection drops. Between the connection dropping, and your browser being forcibly closed by the app, there is no guarantee that packets will not leak, not to mention all the other applications running on your computer, including the OS itself, which make random requests to random servers at random times. With a kill switch you won’t be able to protect yourself from leaks.

A firewall on the other hand is a proactive measure, which if properly implemented, fails closed, meaning all activity outside of the tunnel is firewalled at all times, by default, so if your connection drops, there is nothing for the application to do, and you can guarantee that not a single packet will leak revealing your ISP assigned IP address to the outside world. Windscribe, IVPN and AirVPN all have excellent firewalls which use Windows Filtering Platform and pf to block all activity outside of the tunnel.

Those who don’t trust the application level firewall, can setup Whonix, which uses a separate VM which functions as a router for the VM where your activity takes place. If connectivity drops for any reason, packets cannot go out to the Internet.

Protocols

Of the 3 commonly used protocols, I strongly encourage using the open source OpenVPN protocol. PPTP is entirely broken and unsafe to use, and IPSec/L2TP is easily detected and arguably already exploited by the NSA.

Now that you chose your VPN provider, pay for the account with Bitcoin and connect to a server of your choosing.

Step 4 — Setup your browser

Unless you plan to use TOR exclusively, you will need another browser that you will use in conjunction with the VPN you just got.

I don’t recommend using Google Chrome or Firefox, as they have tracking built in. I recommend getting the latest stable version of Chromium (what Chrome is based on), with no Sync or WebRTC support. Alternatively you can use Palemoon, but the extension support is very limited.

Then install the following browser extensions:

Step 5 — Get a password manager

Weak and reused passwords are usually the number one cause of accounts getting hijacked, and a compromised account on any 3rd party service may assist an adversary in deanonymizing you. You can’t prevent or foresee security issues which may exist in the service itself, but at least you can do your part by generating strong and unique passwords for all the services you use. There are many password managers out there, LastPass, KeePass and Dashlane are just some of them.