AD/_XL,DC


DIGITAL SELF-DEFENSE

For everyone, especially persecuted groups


ADVANCED SECURITY & PRIVACY

For everyone, especially journalists, academics, public servants


AI, SECURITY TESTING, WEB DEVELOPMENT

Ethical hacking, web publishing, AI/LLM


OPERATIONAL SECURITY & ANONYMITY

For activists, whistle blowers, freedom fighters


CENSORSHIP EVASION

For anyone under oppressive governments


PERSONAL SECURITY, ANTI-SURVEILLANCE

For activists, whistle blowers, freedom fighters


NEWS, RESOURCES

Technology, freedom, democracy | Tools, education




OPERATIONAL SECURITY & ANONYMITY

Operational Security | 4.1
Tracking, De-anonymization | 4.2
Basic Anonymity | 4.3
Easy Anonymity | 4.4
Flexible Anonymity | 4.5
Serial Numbers | 4.6
Digital Forensics | 4.7


Intended Reader

The following sections are intended for individuals and organisations that are, or suspect they soon might be, targeted by well resourced adversaries – anywhere in the world. For starters, that would be activists, whistle blowers, and all sorts of freedom fighters. | 2025.12.22

Privacy vs. Anonymity

First off, let's clarify the meaning of these words. Privacy is when others can see who you are, but not what you're doing (e.g. when going inside a restroom). Anonymity is when others can see what you're doing, but not who you are (e.g. when wearing ski goggles and ski mask in the slope). In the following sections we're aiming for anonymity.

Booking, Support

Book security testing or workshop. And support the development of Abstrude.





OPERATIONAL SECURITY | 4.1

10 Rules for Advanced Operational Security – OPSEC

Here's ten good rules for your OPSEC. Inspired by ethical hackers; The Grugq, Nathan House, Addie LaMarr, Liz The Developer, Naomi Brockwell, and others. In no particular order:

1. Never tell anyone, about anything. Never share any unnecessary details, during activities – or outside of activities.

2. Never trust anyone, or anything. Use the Zero Trust model.

3. Never mix up identities/aliases/the-real-you. Never do any personal activity, while doing whistle blower activities. Never do alias-B activites at the same time as doing alias-A activities. This is to avoid surveillance systems correleating your real identity with your aliases. Use different hardware and service providers for each alias, if possible.

4. Be uninteresting, blend in. Don't get caught for silly stuff like speeding or similar, which could grant further investigation.

5. Be paranoid. Plan well beforehand, double check steps and processes, use VPN-kill switch, disable Bluetooth and bult in WiFi (if using Ethernet cable, or USB-WiFi adapter), avoid anything wireless (e.g. keyboard, mouse, headphones), in BIOS – disable camera and microphone – but still put tape over them. Assume "smart" devices (e.g. TVs) are compromised - i.e. recording and transfering conversations in real-time (e.g. CIA's Weeping Angel malware, info at WikiLeaks). Never leave a device unattented, never leave the screen unlocked – set it to auto-lock within short after inactivity, configurate password managers to auto-logout, use 2FA/MFA everywhere possible, use whole disk encryption on all devices and power down fully after use, store devices locked away/hidden.

6. If your technical understanding is low, stick to simple setups and methods, sush as the *Easy* option described below here [3.4].

7. Avoid logging. Save as little information as possible, delete logs/files when done. Set browser history to off, set OS file history to off. Use general descriptions instead of explicit details in any related communications. Pay in cash only, leave no money trails.

8. Be professional. Threat your activites as a job, as a business. Educate yourself, be curious, connect the dots. Be systematic, create and follow intentional, proceedural processes.

9. Anti-profiling. Don't be private, don't be personal even, be professional only. Make habits and routines more random. Use English (or a third, fourth language) instead of your mother tongue, mix US/UK words and spelling.

10. Protect your assets. Consider a Faraday Cage (a must for even turned off phones, mobile routers, airtags/other trackers, etc.). Encrypt everything. Don't stress - work in a paced and systematic manner. Be prepared, always.





TRACKING, DE-ANONYMIZATION | 4.2

IP Address

Every internet connection has a specific IP address, which identifies the specific point of connection (e.g. your work place, your home, or a café's WiFi). It should be clear that the very first step in gaining the first short inch of anonymity, is by using an open WiFi that's not tied back to your identity. Go to cafés, libraries, airports, and similar - preferrably on the other side of town, and/or in a random pattern.

MAC Address

Every device has a unique MAC address hardcoded into every WiFi-card, Ethernet-card (cable connection), etc. (*Has nothing to do with Apple or Macintosh.) This MAC address identifies each device within a local nework (LAN/WLAN), such as the cafés WiFi. To avoid leaving MAC traces, always use MAC changer/spoofing software. Also, best practice is to use an external USB-connected WiFi-adapter, which was bought and paid fully in cash. This way, if attacked by malware/virus that log your MAC address, your adversary will only get their hands on either the fake MAC address, or the real one - but that has no (money)trail back to you.

Cookies

Websites store small files, so called cookies, on our devices when visiting their sites. Some of this is needed for functionality (e.g. logging in, shopping cart contents). But cookies are also used to track users accross the internet, even when – especially when, users go to completely different websites than the one that stored the cookie on the users' device. For example Google, Facebook, and Amazon would very much like to know exactly where you go on the internet, so that they can both sell that data to all kinds of shady byers, and to adjust advertisements to target your unique weaknesses, as well as shape your beliefs, opinions, and beahviours by exposing you filter bubles. And more!

Fingerprinting

Some users delete their cookies, but are still tracked. But how? With so called super cookies, browser fingerprinting, device fingerprinting. Our devices are actually unique enough to be differentiaded from ech other, kind of like a human finger print. Servers can see many details about our devices, e.g. what OS and web browser you're using, what browser settings and plugins you have, screen resolution, even the browser window size, etc. (Which is why TOR users are recommended to not resize the browser window.)

Smartphone App Permissions

The above is valid for all devices, incl. laptop/desktop computers, but when it comes to mobile devices (iOS, Android), it's beyond disastrous in terms of privacy. Many apps request a lot more permissions than actually needed, e.g. access to GPS/geographical position, access to all photos and videos on the device, and/or the ability to read your text messages, SMS/MMS. (In OS settings, limit each app's permissions to the absolute minimum of what's needed for them to do what you need them to.)

Identifiers, StingRays

Each and every phone has unique identifiers (IMEI, MEID, CDMA) exposed to cell towers, geo-spatial position is constantly triangulated, and there's a lot of closed source code running. Fake cellphone towers (StingRays) can be used to force phones to downgrade the connection to 2G and then reveal the unique identifiers – as a way to track, for example, protesters at a rally.

Malware, Virus

Especially "israel" has made themselves known for developing smartphone viruses, or malware (short for malicious software), which they sell, distribute, host infrastructure and give support for, to questionable regimes/governments all over the world. To mention just one name – Pegasus, a so called no-click malware, infects a smartphone without the user doing anything – all the attacker need is the phone number. After infection, the attacker has complete access to everything on the phone, in real-time, e.g. microphone, cameras, messages, social media, emails, files, photos, videos, sensors, GPS, unencrypted internet traffic incl. VPN and TOR, even deleted files can be restored. This malware has been found on thousands of phones owned by journalists, politicians, activists, dissidents, etc. Now make your own conclusion wether this is a clear signal about our near future...

In other words, don't expect real privacy, or any useful level of anonymity when using smartphones.

Avoid Cross-Contamination

Make sure to not carry any devices that could identify you, such as Airtags (sending Bluetooth pings to any and every Apple device nearby), or the equalent tracking devices within the Android ecosystem.

Also, don't carry any phone or device, that can in any way what so ever be tied back to you, such as via creditcard payment (money trail), or simply by the geo-spatial pattern of movement (GPS). Meaning, a device that is stored in your home, workplace, or car, while being turned on, or even (seemingly) turned off, are registered in various (surveillance) systems. Consider a Faraday Cage, but be aware that they can leak.

More About Surveillance

There's many more ways to track and de-anonymize internet users, but the above should suffice to set the stage. If curious for more, look into for example Vault 7 – wikileaks.org and NSA PRISM – archive.org.





BASIC ANONYMITY | 4.3

TOR Browser

The Onion Router Browser is a hardened – more secure version of the Mozilla Firefox web browser. It encrypts and routes your web traffic through an anonymizing network of servers – pealing layers off of an onion, if you will. Note that this only means your web traffic (incl. DNS queries) from within the TOR Browser specifically, i.e. not other internet traffic such as FTP, installed email client, or other web browsers on your device. Your web traffic makes three random hops, via three different – random servers. Each server knows only about the last hop / the last server, meaning that the final server within TOR – hop_#3, don't know where in the world hop_#1/server_#1 – your entry point, is located.

Your web traffic could, in theory, originate anywhere in the world – as it looks to the rest of the internet – after the TOR network is exited. Your web traffic then travels the last bit over the normal, clear/non-encrypted internet, unless you're visiting a web site on the dark web – which looks like "somerandomlookingaddress.onion" – then your web traffic stays inside TOR, inside the so called dark web.

Anti-Fingerprinting

The TOR Browser looks a lot more neutral to the web sites you visit, thereby rendering fingerprinting and super cookies a lot less useful, if not completely useless. For this reason, don't change any settings, don't install any extensions, don't even change the size of the browser window.

Basic

Both security and privacy are increased by using TOR Browser – but doesn't really provide any true anonymity. So called advanced persistent threat (APT) actors, such as nation state governments and "intelligence" agencies (14 Eyes) will still be able to figure out who you are – and what you're doing. But more basic surveillance will likely fail – such as advertising businessess tracking your activities around the internet, and your internet service provider (ISP) watching your every move online (and selling that information to anyone willing to pay for it).

In other words, simply installing TOR Browser on your regular computer or smartphone, will generally provide increased security and privacy – more so than any VPN service – albeit over a much slower connection. And in a locked down web browser that can't display all web pages correctly. But if you risk serious consequences, and/or your adversaries are APT, then you need to take a much more refined route, as detailed below here [Easy Anonymity, Flexible Anonymity].





EASY ANONYMITY | 4.4

Tails OS

Easy? Well, not exactly. There's nothing easy with attempting anonymity on the internet, but compared to the basic option above here, this option is good enough for many use cases.

TOR

Tails OS is a version of Linux that exclusively use The Onion Router – TOR, for all your internet traffic – not just web traffic. Your data is encrypted, and is routed along randomly chosen paths within the TOR network, where each server/node, knows where the traffic came from - only one step backwards in the chain, thus the exit node does not know where in the world the entry node was (as detailed above [3.3]).

Anti-Fingerprinting

Tails has been locked down – hardened, to make sure it's fingerprint is as neutral as possible, and to minimize risk of malware/virus getting a hold.

Amnesia

Tails never writes anything to the hard disk and only runs from the memory of the computer. The memory is entirely deleted when you shut down Tails, erasing all traces. This protects you if a forensic analysis on your computer is ever made. If malware/virus infected your computer, most kinds of them will effectively be removed as well.

MAC Address Changer

Tails automagically changes (spoofs) the MAC-address of your computer's networking card (WiFi card), a unique string a letters and numbers that are hardcoded into the device, in other words – the original MAC address never changes, unless it's temporarily changed by software.

This is very important because that MAC-address is what identifies your specific computer within the local network – for example the café's WiFi (similarly to how the plate on a car idnetifies it in the streets). This way whatever traces are left on the local network, is going to be tied to a computer/networking card that never existed. The caviat is, it does not work on all WiFi cards – so, make sure there was no warning message saying the MAC change was unable to proceed!

External WiFi-adapter

Best practice is to not use your computer's built in WiFi-card. Instead, get an external USB-connected WiFi-adapter, paid for with cash. If the MAC Changer software malfunctions, your anonymity is still protected. Learn more here!

Install and Use Tails OS

1. Get a USB-memory (Preferrably paid for with cash)
2. Download Tails OS from tails.net
3. Validate the checksum
4. Install Tails on the USB-memory (Follow instructions at tails.net)
5. Restart computer and enter BIOS, configure the start up disk to be the USB-memory and save, now computer boots into Tails OS

*Note A) If you can do without JavaScript, make sure to turn it off in the TOR Browser
*Note B) If you get a promt saying MAC Changer was not able to change/spoof the MAC address, use a different computer, or a different external WiFi-adapter





FLEXIBLE ANONYMITY | 4.5

Whonix OS

First off, for anyone that's more of a be–ginner in this, it's generally considered safer to just use the easy option described above here [3.4]. For someone who has a foundational grip on how the pieces below here complete each other, and/or someone who needs to be able to install and use a variety of applications, this flexible option is probably the best way forward.

Multiple Linux OS in VirtualBox

Here we will layer several anonymizing methods, as well as several layers of isolation, to protect against malware/virus that threat actors are known to use, or attempt to use to infect your system. Malware could try to read and transmit hardcoded/permanent serial numbers on your machine, e.g. from your motherboard, harddrive, and more. Using a secondary, isolated OS – in VirtualBox, can minimize this attack vector.

VPNs and TOR Combined

You can combine VPNs and TOR, for added layers of different anonymization techniques, as well as to mitigate wherever TOR might be blocked. In this section we'll install everything needed for an isolated environment, adding VPNs, and routing all traffic via Whonix for the TOR part (as an alternative to simply using the Whonix Workstation).

Install Host OS + Guest OS

1. Download a version of Linux, e.g. Debian, Ubuntu, Mint, and prepare as installation media, on a USB-memory
* Consider installing the host OS on an external harddrive (HD), or external Solid State Drive (SSD), or USB-memory, if not internal. If external, enter BIOS to configure the external to be start up drive
2. Install host OS on the chosen drive, restart computer, unplug the installation media USB-memory when prompted, computer now boots into new the Linux OS
3. Install Uncomplicated FireWall, enable, and verify status is enabled. Open the Terminal, type each row and press ENTER, separately:

sudo apt update && sudo apt upgrade
sudo apt install -y ufw
sudo ufw enable
sudo ufw status

4. a) Install Net Tools, and take note of your MAC address. In Terminal:

sudo apt install -y net-tools
sudo ifconfig

4. b) Alternatively, in Terminal:

ip link show
ip addr

5. Install MAC Changer, when prompted – set it to change MAC every time you start the OS. Alos, change MAC address manually, and take note of new/spoofed MAC. In Terminal:

sudo apt install -y macchanger
sudo macchanger -r -b <insert original mac address – from step #4, or name of wifi adapter>

*The last row should look something like: sudo macchanger -r -b wlan1, or: sudo macchanger -r -b 11:aa:22:bb:33:cc

6. Consider installing/using a VPN client (e.g. Mullvad, or some other service that accepts payments via cash-in-snailmail)
7. Download and install VirtualBox
8. Download a second copy of Linux, e.g. Debian, Ubuntu, Mint, Kali (a distro for ethical hacking, with tools preinstalled), hereby referred to as Linux-B
9. Install Linux-B in VirtualBox (now Linux-B runs in an isolated environment, which is more secure compared to direct hardware install as with Linux-A)
10. Install and enable Untangled FireWall – UFW in Linux-B (see instruction above), make sure status is enabled
11. Consider installing/using a VPN client in Linux-B (e.g. Mullvad)
12. In VirtualBox, go to settings for Linux-B, disable copy+paste and file transfers in both directions between host OS (Linux-A) and guest OS (Linux-B)

All Traffic Through TOR + VPN

So far the flexible option for anonymity have been a lot about end-point protection (IP, MAC, serials, cookies/finger printing, isolation), to minimize trails when using necessary network infrastructure. To really make this setup worthwile – utilising it's flexibility to add more layers of anonymization, compared to simply using Tails OS, you can add TOR via Whonix OS. This is a Linux distro, that comes as two separate installs, both intended for VirtualBox. Whonix Gateway is for handling network traffic only, Whonix Workstation is for everything else.

A few drawbacks with TOR, that can be mitigated, are: your ISP, the cafe's ISP – the WiFi, might block TOR connections, or a network administrator might flag TOR use as suspicious. Therefor you might want to, or have to, run a VPN client on your host OS (in this guide referred to as Linux-A, the primary OS on, your hardware). That way TOR is encapsulated inside the VPN traffic, so to say, effectively rendering the use of TOR invisible to the cafe-WiFi(s ISP).

If the other end point, e.g. a forum or a news website, is blocking traffic from TOR, you can add another VPN client inside the Whonix OS Workstation or whatever OS you use as the Linux-B option (the secondary OS, inside VirtualBox).

Well resourced adversaries do run timing attacks on the TOR network, meaning they can see and identify specifically your traffic both when it's entering and exiting TOR. Nation state governments and other APT actors are known to operate TOR exit nodes – for the purpose of surveilling, collecting, and storing the data. Adding VPNs should mitigate this threat, at least to some extent.

Install and Use Whonix OS

1. Download and install Whonix in VirtualBox
2. To use Whonix, first start the Whonix Gateway, then start the Whonix Workstation (in that order)
3. Before doing anything else, in both Gatway and Workstation, open Terminal and run:

sudo apt update && sudo apt upgrade

4. In Whonix Workstation, check your IP address: in the web browser, go to for example whatismyip.com or whatismyipaddress.com, and you'll see that your IP is most surely listed as a TOR exit node. This is exactly what you want!

Whonix Gateway – with Whonix Workstation

Of all the options presented, this is the most secure, private and anonymous way to access the internet, to use TOR Browser – for both dark web (.onion) sites, and for regular / clear net sites (.com and such).

Whonix Gateway – with Other OS

If you want to route all your internet traffic from Debian, Ubuntu, Mint, or Kali, through TOR, it can be done using the Whonix Gateway (more securely so than without Whonix). Note that the IP address of the Whonix Gateway is hardcoded to: 10.152.152.10 and the Whonix Workstation IP address is hardcoded to: 10.152.152.11.

Configuration

1. In VirtualBox, go to settings for your Linux-B installation, select the Internal Network and change the name to exactly: Whonix (case sensitive – note the capital W)
2. Start your Linux-B (Debian, Ubuntu, Mint, Kali, etc.). In it's settings panel, set the IP address to: 10.152.152.12, set the subnet netmask to: /18 (255.255.192.0). Set the default route, default gateway and preferred DNS to: 10.152.152.10
3. In your Linux-B, check your IP address: in a web browser, go to for example whatismyip.com or whatismyipaddress.com. Your IP address is now coming from the TOR exit node, and it'll most surely be defined as exactly that if you do an IP look up

*If using TOR Browser in your Linux-B, read up on how to avoid TOR-over-TOR, or better simply use TOR Browser only in the Whonix Workstation





SERIAL NUMBERS | 4.6

Identity Exposure Risk

One way internet users can be de-anonymized, is by malware infection – for example via vulnerabilities known as Zero Days. These vulnerabilites, or bugs in the code, are known to be used by "intelligence services", amongst others, to attack TOR users. Malware could potentially run commands, to try to read hard coded (permanent) hardware serial numbers – that can be used to track down who ever purchased the hardware in question (money trail). And/or be used for other types of correleation (profiling).

Let's run a few commands in the Terminal, in whatever Linux distro you've chosen as your workstation, or your Linux-B (as referred to in this guide) that runs in VirtualBox. Hopefully no hardware serial numbers are exposed to potential malware/virus:

sudo apt update
sudo apt install -y dmidecode
sudo dmidecode bios
sudo dmidecode system
sudo dmidecode baseboard
sudo dmidecode chassis
sudo dmidecode processor
sudo dmidecode memory
sudo dmidecode cache
sudo dmidecode connector

If you are able to convey any real – original serial numbers, consider replacing that piece of hardware with an alternative bought and paid fully in cash. Perhaps you need to replace a whole computer, depending on what part is exposed.





DIGITAL FORENSICS | 4.7

"Deleted" Files

When you delete a file on a computer, smartphone, or other device, the files isn't actually deleted. Rather, what happens is that the operating system marks this part of the disk (SSD, HD, flash) as available for writing to, for saving another file right here. Though, this specific part of the disk could stay in this state, i.e. not actually overwritten, for an extended time – in theory forever.

Forensic Analysis

Anyone who has access to the device (and has gotten past the wholedisk encryption), can restore these supposedly deleted files. This problem becomes bigger when one realize that for example web browsing history/files are stored in cache folders, and that Windows store the names of folders, and that storage is not cleaned out when deleting folders. And the list goes on!

Hide Traces

BleachBit is free and open source, available for Windows, macOS, and Linux. Use it to delete unneccesary files, and securely overwrite empty space. In Andrew Ziem's own words:

"...free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn't know was there. /---/ ...includes advanced features such as shredding files to prevent recovery, wiping free disk space to hide traces of files deleted by other applications."

Download BleachBit

Windows
macOS
Linux (Alma, Debian, Fedora, Kali, Mint, openSUSE, Parrot, Ubuntu)

Debian Based

In Terminal:

sudo apt update
sudo apt install -y bleachbit





BOYCOTT, DIVESTMENT, SANCTIONS AGAINST "israel"

The global Boycott, Divestment and Sanctions (BDS) movement, firmly believes that ending the complicity of states, corporations, and institutions in “israel’s” ongoing, live-streamed genocide against 2.3+ million Palestinians in Gaza [and the West Bank] is the most effective form of solidarity with the Palestinian struggle to end the genocide and dismantle “israel’s” 78-year-old regime of settler-colonialism and apartheid.bdsmovement.net


BOYCAT – ETHICAL SHOPPING

Search brands and scan products, to see if it’s being boycotted and why. Make ethical shopping choices with confidence!boycat.io


JMAIL, JEFFTUBE – THE "israel"/TRUMP/EPSTEIN FILES

Read the PDF-file emails! [SFW, redacted]jmail.world Watch the videos! [SFW, censored]jmail.world/jefftube




WEAPONS OF MASS EDUCATION℠

AD/_XL,DC

Abstrude

From Latin abstrūdō; to conceal, hide, push or thrust away. Evolved to abstruse; difficult to comprehend or understand, obscure. Synonyms; cryptic, covert, secret.

Privacy

No tracking, no cookies. Only HTML and CSS, plus one JavaScript function for color inversion – sessionStorage, deleted when closing browser.

Technical

Optimized for Brave – a privacy and security oriented browser.

Legal

All information is provided in a best effort, beginner friendly manner. Intended for educational purposes only – how anyone make use of it, is their own responsibility. By choosing to utilize any of the mentioned tools or methods – in part or in whole, You confirm Your agreement with the aforementioned statement.

Booking

Book security testing or workshop.

Support

The continued efforts of developing Abstrude can be supported via:

Buy Me a Coffee (Stripe)
– BTC bc1qxtfks0vy3x6w9p7t9cvxkxsx56ptmfm0wydwld
– ETH 0xa1AEbebe632D8170D7a4d716B44Ef93F64Ed62c6
– Referrals Proton | Starlink | Simply

Contact

hind.rajab@abstru.de | Instagram | UpScrolled | Substack | Twitter/X | GitHub

[A]bstrude © 2025 – 2026


"If voting changed anything, they would make it illegal." ― Emma Goldman