Skip to content
Operational Security

OPSEC & Anonymity Guide

A practical, threat-model-driven guide to maintaining operational security when accessing privacy-sensitive platforms on the Tor network.

🎯 Threat Modelling First

Before implementing any security measures, define your threat model — who are you protecting yourself from, and what are the realistic capabilities of that adversary? Security measures have costs: complexity, usability friction, and time. Implement proportionate to your actual risk.

Common Threat Actors

  • ISP surveillance: Your internet provider can see that you're connecting to Tor. Mitigated by Tor bridges or VPN-over-Tor.
  • Exit node interception: Traffic leaving Tor exit nodes is unencrypted if the destination doesn't use HTTPS. Not applicable to .onion sites (traffic never leaves Tor).
  • Platform compromise: Law enforcement or attackers may seize platform servers. Mitigated by zero-knowledge architecture and PGP encryption of sensitive data.
  • Phishing & social engineering: The most common and successful attack vector. Mitigated by address verification and scepticism toward unexpected messages.
  • Operational errors: Deanonymisation through pattern of life, reused usernames, or accidentally revealing personal information. Mitigated by strict compartmentalisation.

🦊 Tor Browser Configuration

Download & Verification

Download Tor Browser exclusively from torproject.org. On every download, verify the cryptographic signature of the installer using the published PGP key. This protects against compromised mirrors or man-in-the-middle delivery attacks.

Security Level: Safest

Before accessing any .onion site, click the Shield icon in the toolbar → Advanced Security Settings → set to Safest. This configuration:

  • Disables JavaScript on all non-HTTPS sites
  • Disables WebGL, which can reveal hardware information
  • Disables audio/video media autoplay
  • Removes many browser fingerprinting vectors

Never Customise Browser Settings

Every customisation to Tor Browser — installing extensions, changing fonts, adjusting window size — makes your browser fingerprint more unique. Use the default configuration. Do not maximise the browser window, as screen resolution contributes to fingerprinting.

No Additional Extensions

Never install browser extensions in Tor Browser. Even privacy-focused extensions like uBlock Origin increase your fingerprint uniqueness. The default configuration is carefully tuned — additions are always harmful to anonymity.

💻 Operating System Security

Tails OS (Recommended)

Tails is an amnesic operating system that runs from a USB drive, routes all traffic through Tor, and leaves no trace on the host computer. It is the gold standard for high-security darknet operations. Download from tails.boum.org and verify the ISO signature before writing to USB.

Whonix

Whonix runs as a pair of virtual machines: a Gateway VM (running Tor) and a Workstation VM (where you browse). Even if the Workstation VM is compromised, the attacker cannot bypass the Tor Gateway to learn your real IP. More flexible than Tails but requires a host OS and VirtualBox/KVM.

Compartmentalisation

Never use the same OS session for both clearnet and darknet activity. Maintain completely separate hardware or VM environments. Cross-contamination — even a single misplaced browser window — can deanonymise months of careful operational security.

🔑 PGP Key Management

Generate a Dedicated Keypair

Generate a new PGP keypair specifically for each platform you use. Use GnuPG (GPG) with Ed25519 or RSA-4096. Never reuse keypairs across services — key reuse enables correlation across platforms.

Protect Your Private Key

Your private key is the single most sensitive piece of data in your operational security setup. Encrypt it with a strong passphrase. Store it only on air-gapped storage or an encrypted volume. Back it up in at least two secure offline locations.

Verify Before Trusting

Before sending any sensitive information to a vendor, verify their PGP key fingerprint across at least two independent sources — their platform profile and their Dread forum account. A single character mismatch is a critical red flag indicating possible key substitution.

🌐 VPN + Tor Configurations

Tor-over-VPN (VPN → Tor)

You connect to a VPN first, then connect to Tor through it. Your ISP sees only VPN traffic. The Tor entry node sees the VPN exit IP, not your real IP. The VPN provider can see that you're using Tor. Best when you need to hide Tor usage from your ISP.

VPN-over-Tor (Tor → VPN)

You connect to Tor first, then route through a VPN. The VPN provider cannot see your real IP (only a Tor exit node). The destination site sees the VPN IP, not a Tor exit. Complex to configure correctly. Best for accessing clearnet sites that block Tor exits.

Tor Bridges

If you cannot use a VPN or need to hide Tor usage without a VPN provider's involvement, use Tor bridges — unlisted entry nodes that are harder for ISPs to block. Obfs4 and meek-azure bridges are most effective against ISP-level Tor blocking.

📋 Core OPSEC Rules

  1. Never use your real name or linked usernames on any darknet platform.
  2. Never reuse passwords or PGP keys across different services or platforms.
  3. Never discuss darknet activity on clearnet platforms — phones, social media, SMS.
  4. Never access darknet sites from a workplace or institutional network.
  5. Never photograph packages or post any evidence of transactions anywhere.
  6. Always verify onion addresses character by character before entering credentials.
  7. Always check the canary before each session to confirm platform integrity.
  8. Always use Safest security mode in Tor Browser without exception.
  9. Never enable JavaScript on .onion sites unless absolutely necessary and only after careful risk assessment.
  10. Assume all communications may eventually be reviewed — only discuss what is legal and necessary.