Privacy for paranoids

You trust no one. Not your phone, not your OS, not the cloud—and you’re right to question everything. Whether you're escaping surveillance, avoiding big tech, or simply going full OPSEC, this guide is your digital tinfoil hat and body armor rolled into one.

🧨 Who This Is For

🔒 Whistleblowers, leakers, or researchers in hostile environments
🕵️ Security professionals, red teamers, or black hats
👤 Individuals targeted by governments, corporations, or stalkers
🧍 Just paranoid as hell—and that’s okay

⚠️ This guide is not about convenience. It's about maximum control, compartmentalization, and plausible deniability.

🧱 The Foundation: Digital Compartmentalization

Never mix personas. Never reuse data. Never cross the streams.

Aspect	Rule
Devices	One OS, one purpose. Burner phone, burner laptop.
Accounts	One alias per context. No real data.
Emails	Separate inboxes per identity. Never forward.
Browsers	Never reuse sessions. Use containers or live boot.
Networks	Air-gapped when possible. Assume all connections are poisoned.

💻 Operating System: Trust Nothing, Audit Everything

✅ Recommended OS (Live, Hardened, Minimal):

🛡️ Tails OS: Amnesiac OS via USB; Tor built-in
🔐 Qubes OS: VM-based compartmentalization
👻 Whonix: Tor-gateway-isolated system (paired with Qubes or VM)
💿 Kali Linux (Hardened) with full-disk encryption and cold storage

💣 NEVER use Windows or macOS for paranoid operations. Assume keyloggers, telemetry, and backdoors.

📡 Communication: No Metadata, No History

Type	Tool	Notes
Messaging	Session	No phone, no metadata, onion-routed
Voice/Video	Jami	Peer-to-peer, decentralized, encrypted
Email	Calyx Institute Mail or ProtonMail via Tor	Anonymous registration only
Forums	[Tor + new identity per session]	Post using disposable aliases

🔕 Bonus:

Block microphone, camera, WiFi hardware via BIOS or physical switches.
Tape the webcam. Disable USB ports.

🌍 Browsing: Never Expose Your Real IP

Primary: Tor Browser (don’t touch configuration unless you know what you’re doing)
Fallback: Mullvad Browser + VPN (Mullvad or IVPN, no email required)
Tools:
- Privacy Badger
- CanvasBlocker
- Block WebRTC leaks (Firefox about:config tweak or uBlock filters)

👣 Delete cookies, avoid JavaScript, and disable images if needed. JS is lava.

🔐 Encryption: Encrypt Everything

💽 Full-Disk Encryption: LUKS, VeraCrypt, or native FDE
🗃️ Cloud Storage: Don’t. But if you must, encrypt with Cryptomator first
📁 File Vault: VeraCrypt with hidden volumes
📂 Metadata Removal: Use MAT2 or ExifTool

🧨 Burn after reading: Create self-destructing files using secure delete tools like shred, sdelete, or BleachBit.

📡 Network: Layer Your Obfuscation

VPN (no logs, no email) → then → Tor
Public WiFi or stolen 4G dongle (burner SIM)
MAC spoofing: macchanger or randomized virtual MACs
DNS Leak Protection: Use encrypted DNS (DoH or DoT), or default to Tor’s .onion resolution

🕸️ You are not anonymous unless you separate who you are, where you are, and what you do.

📱 Mobile: If You Must Use One...

Use GrapheneOS or CalyxOS on a Pixel device
No Google account, no SIM card, no GPS enabled
Use F-Droid apps only (Audited, open-source)
Secure messengers: Session, SimpleX, Molly-FOSS fork of Signal

🔥 Burner rule: Use once, reset, dispose.

🧰 Useful Tools

Tool	Purpose
BusKill	Dead man’s switch for your laptop
OnionShare	Anonymous file sharing via Tor
Tinfoil Chat	Air-gapped chat over serial
KeePassXC	Offline password management
GPG	Encrypt/sign emails and files

🕳️ Escape Protocols

Have pre-written exit scripts to delete/overwrite data instantly
Backup encrypted data to a physically distant, secret location
Establish code phrases with trusted parties
Use kill switches and reboot wipes (Tails helps with this)

👽 Final Thoughts

This isn’t a lifestyle for the faint of heart. But in a world of global surveillance, corporate overreach, and data warfare, being paranoid isn’t always irrational.

🧠 Paranoia is just pattern recognition taken seriously.

Stay cold. Stay clean. Stay compartmentalized.