pseudonymous-identity.md

Pseudonymity Guide

This guide aims to provide the reader with a simple yet effective way to create and operate a new pseudonymous identity. It contains a basic introduction to privacy, highlighting steps you can take today to diminish the footprint you leave online and reduce the overall risk of falling victim to online doxxing, stalking, coercion, and other undesirable consequences of browsing the internet. After you have taken basic privacy steps, you will be able to create and use a new, pseudonymous identity.

It is important to note that perfect privacy is not practical. Aiming for the perfect setup, one that would allow you to be a true ghost on the internet and unreachable by global, skillful entities with unlimited resources, would require an incredible amount of daily work, effort, and time to achieve –– if it's possible at all. Additionally, striving for the perfect setup will most likely freeze you or lead you to despair once you realize you haven't reached it after countless dedication. So, remember: perfection is the enemy of good.

Table of Contents

• Introduction

  • Threat Model
  • Hardware and Software Choices
    • Smartphones
    • Computers
  • Device Usage

• What to Use

• Create Your New Identity

• Operate Your New Identity

Introduction

The internet has become a hotbed for data harvesting as users are faced with ever-increasing requirements of data submission to access online services (aka know-your-customer, or KYC, procedures). Although KYC is marketed as being a counter-terrorism practice, it often leads to users having their personal information compromised. This is because data collecting companies, such as a phone company or bank that, which collect data to offer their services, are bad in securing that data.

The solution is not always hardened security for those companies' systems. The companies will always pose a security and privacy issue because they represent single points of failure: one system that guards many data points. Compared to a distributed system, it is easier for such a single system to be targetted by hackers or attackers, and so they will be.

But full anonymity in the internet is likely a far-fetched reality. Tracking companies and their practices can extend far beyong your browser and its cookies. Someone who seeks online anonymity––or at least pseudonymity––must go at great lengths, usually at the expense of time and money.

Therefore, before you start thinking about hiding from the entire online world, you should think about who or what you're trying to guard against.

Common attacks that anyone should consider actively protecting against include:

• Marketing manipulation. Marketing companies can purchase your information from other corporations, e.g. banks, social media, hospitals or clinics, and bombard you with their marketing efforts through mail, email, phone number, etc. This can also be used to manipulate persons or groups of people, as in the Cambridge Analytica case.
• Credit card fraud. Bad actors can steal your information through social engineering or phishing scams and make purchases in your name. This can usually be reverted but will result in at least many days of headaches.
• Identity theft. Also through social engineering, people can commit crimes under your name, permanently injuring your personal records and affecting your life forever.
• Personal stalking. Technology has enabled tracking to be easier and more accurate, often putting peoples' lives in danger. Information sellers can also be harmful in this case, and might've been liable in the Amy Boyer case.
• Government surveillance. Some examples include: ECHELON, FinCEN, XKeyScore, Fascia, Optic Nerve, and PRISM. The issue is that many of these projects, created to target and trim terrorism, more often than not don't deliver and end up harming civilians.

Mass surveillance is dangerous; it can silence or manipulate people. Privacy, including digital privacy, is not only a basic right but should be encouraged and practiced by regular people everyday.

"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say." – Edward Snowden.

Bottom line is, everyone can benefit from adding even a little extra privacy in their online lives.

Threat Model

Before creating your pseudonymous identity, you should step back and take some time to figure out your threat model and the security requirements associated with it.

NOTE: Be aware that this guide does not aim to help you guard from highly skilled, highly motivated actors with unlimited resources –– such as high-profile nation-states (in terms of resources, e.g. the U.S.) who are coming after you individually or an individual with unlimited resources who wants to track you down. In these cases, you'd need tactics that go beyond the scope of this guide.

You should think about what you want to protect and who you want to protect it from. Additionally, you may want to consider the consequences if you fail. This will help you to determine how serious each threat is and plan accordingly. You will most likely take into account the likelihood of each threat happening and evaluate it against the potential harm it may cause and the general cost to protect against it. In the end, you'll have to decide how much trouble you're willing to go through to try and prevent potentially dire consequences. This might require listing out the options you have that could help mitigate such scenarios and proof-testing them one by one.

The exact steps you should take to define your threat model go beyond the scope of this guide. We will present you, however, with an overview and link to good resources. Generally, you should think about:

1. What do you want to protect? Think about the assets you have which you don't wish to lose. This could encompass a wide range of goods, from physical to digital and pure information. It could be your bitcoin, your identity, your car, your smartphone, etc. Think about each and every good you wouldn't want falling into undesirable hands and list them out.
2. Who do you want to protect it from? Now, look back on your list of assets that you want to protect and think about who shouldn't get a hold of them. This may change from asset to asset. For example, you might not want your spouse to have all the keys to your bitcoin, but it probably wouldn't bother you to have them borrow your car. Again, you'll have to think about your unique circumstances, priorities, and levels of threat. In summary, who or what are the people/companies/governments that shouldn't be able to get to or control or seize each of the listed assets?
3. How bad are the consequences if you fail? Take a moment to think about the worst-case scenarios that could come true if that entity took hold of that asset. Would they only be able to steal the asset itself? Would you or your family be put in danger? If so, what kind, online danger or physical danger? Both? It might also be helpful to rank the potential consequences; it might make it easier for you to spot the worse ones.
4. Which potential consequences should you really guard against? You may take into consideration both the likelihood of that consequence happening as well as how dire it would be. If something really bad is very likely to happen and is possible to be guarded against, that could be on the top of your priority list. Of course, not everything is preventable, but that also doesn't mean you shouldn't try. Threat modeling will help you figure out what you should work towards improving so that the chance of someone doing something bad with that diminishes. So in this step, you should focus on deciding what threats you should work to mitigate.
5. How much trouble are you willing to go through to try to prevent the potential consequences selected in the previous step? Different assets and different bad actors require different measures for protection, and that is what this step covers. Here you will think about what would be necessary to mitigate the chance for each threat to actualize. Let your thoughts run free and outline all the possible steps you could take to make sure that threat's likelihood of happening would be diminished significantly or completely. Think about the options you currently have available to help mitigate your unique threats. Then, you will need to decide which of those steps you are willing to act upon. This is necessary because some of them might require a commitment of time, money, or skills which you either may not have or may decide not to be worth committing to. So elicit the requirements for mitigating each threat, in terms of money, time, efforts, technical skills, and others. Next, carefully evaluate how realistic each action is for your circumstances and rank them in priority so you know what you need to do and when you need to do it.

The above five steps are based on the Surveillance Self Defense (SSD) initiative of the Electronic Frontier Foundation (EFF). You can find the complete guide here –– it encompasses different requirements based on your specific activity. Take a look at it through the lens of the new identity you want to create and its required activities or scenarios.

For more complete ways of determining your threat model, you can browse through these resources:

• Threat Modeling: 12 Available Methods by Carnegie Mellon University
• LINDDUN privacy engineering: a systematic elicitation and mitigation of privacy threats in software systems
• Threat Modeling Cheat Sheet: OWASP Cheat Sheet Series
• PASTA Threat Modeling
• STRIDE Threat Modeling
• DREAD Risk Assessment Model
• Smart Custody: threat modeling for your bitcoin and secure storage best practices.

Hardware and Software Choices

Different hardware and software choices may create different threats. The following outlines major security issues for smartphones and computers.

Smartphones

A team of researchers of Johns Hopkins University published a report that goes in depth into the security of smartphones. The team compared the advertised security efforts of both iPhone and Android phones, mainly seeking to determine what security measures in these phones prevent unauthorized access to user data and how third parties may be able to bypass these measures. A summary of the report's main findings are below. It can help resolve the common arguments about whether iPhone or Android provides better security and privacy.

iPhone

Main findings:

• iCloud is a big vulnerability. When Apple's cloud backup services are enabled for an end-to-end encrypted app, if iCloud is used that encryption is compromised.
• Encryption keys are not evicted from the device's memory when the phone is locked, only when it is turned off, leaving it vulnerable to exploits while locked but on.
• Passcode guessing attacks are often feasible using a tool called GrayKey.

More details:

• iPhones are widely used, so it is highly valuable to seek exploits on iPhones.
• Apple software and technical modifications are centralized, so the user can never be sure their device is not vulnerable.
• iOS 14 introduced some privacy control features, but they focus on ensuring privacy against app developers only. That is a meaningful step, but those features do not protect against the phone itself.
• iCloud backup data is vulnerable, since Apple has the keys. This includes: app data, Apple Watch backups, device settings, home screen and app organization, iMessage, SMS, MMS, photos, videos, purchase history from Apple services, and ringtones.
• iCloud data accessible to Apple includes: Safari history and bookmarks, calendars, contacts, find my iPhone, iCloud Drive, messages in iCloud, Notes, photos, reminders, Siri shortcuts, voice memos, wallet passes.
• iCloud data that is end-to-end encrypted includes: Apple card transactions, home and health data, iCloud Keychain, Maps data, memoji, payment information, quicktype keyboard vocabulary, screen time, Siri information.

Conclusion:

"With sufficient time, money, and fortunate circumstance (e.g. capturing a phone in an after first unlock (AFU) state), law enforcement agents can typically extract significant (if not all) personal data from modern iOS devices, despite Apple's claims around user privacy. This is exacerbated by Apple's failure to widely deploy Complete Protection over user data, and its failure to more broadly secure cloud services. (particularly, in the decision to store cloud authentication tokens in AFU). These facts combine to offer extensive access to law enforcement agents, rogue governments, and criminals."

Therefore, although there are strong protections in place for Apple iPhones, these are mostly security ones, apart from the recently introduced privacy features in iOS 14. But even then, they don't guard against the phone itself, which we can never be certain is not compromised. However, if one is using an iPhone for any reason, they are fairly well guarded against remote attacks if they disable iCloud completely. But the device will still be vulnerable if the attacker have it in their hands, due to the availability of encryption keys in memory and the fact that those keys are not evicted on locking the phone –– only on turning it off.

Android

The report also researched Android phones.

Main findings:

• Android has an auto-backup feature for all apps as default that is not encrypted. Developers have to explicitly and deliberately opt out of that and opt into end-to-end encrypted backups.
• Android involves the coordination of many different companies, which means a large attack surface.
• Native apps do not provide end-to-end encryption and there is extensive usage of Google services, which do not use end-to-end encryption.
• Decryption keys remain in memory at all times AFU, making them vulnerable to capture.

Conclusion:

"The primary takeaway from this discussion is that there are many techniques to bypass user data protections on Android. Lacking an analogue to iOS Complete Protection, decryption keys for user data remain available in memory at all time after the first unlock of the device; live extraction then becomes a question of breaking security controls instead of breaking cryptography or hardware. Additionally, the extent of Google's data collection affords law enforcement and rogue actors alike considerable user data, acquirable either through the legal system or through a device bypass."

Conclusion on Smartphones

A good rule of thumb is to favor free and open source software (FOSS), which Android at its core is; however, the intensive data harvesting practices of Google undermine many of its benefits. The main issue with Android therefore lies in Google and its mandatory services, a default on Android devices. In that sense, using iPhone with the least of Apple services enabled, as well as opting out of iCloud completely, should provide increased security, and also increased privacy, in comparison. But there is a possibility to "de-Google" an Android device. Popular FOSS solutions exist to harden an Android phone, removing Google services and bringing encryption as a standard. Two notable ones are CalyxOS and GrapheneOS. But their assessment currently goes beyond the scope of this guide, so do your own research.

Computers

Choosing a computer to use is also important. Generally, you should apply compartmentalization here and use a dedicated computer for your advocacy needs, and again, choose a free and open source software (FOSS) solution. But your setup can vary based on your budget, time, and technical skills.

• A basic starting setup would be to compartmentalize partially and have the Tails operating system in a USB drive for usage with the laptop or computer you already have and use. Tails will route all traffic through the Tor anonymity network as well as strictly compartmentalize storage, getting rid of all data when you turn it off (if in Amnesia mode). If you use Tails exclusively for your new identity's needs, and your regular computer for your real identity, your setup would be considerably secure and private. However, it can be improved.

• A mid-range budget setup entails buying a used laptop for cash and running the Debian Linux distribution on it. Debian is generally more secure and private than Windows and macOS, and therefore using it for your real identity's purposes, if possible, can be beneficial. On top of that, you can have Tails on a USB drive and use that for your advocacy needs.

  • An alternative to Linux is purchasing an used, old Mac in "for parts" condition and using Tails in it. But in this case a model from 2012 and newer is best due to software update availability.

• A better but more expensive setup would be to have one computer exclusively for each use case. For example, having your regular, now sanitized Windows or macOS computer for your real identity's needs; one laptop running Debian for tasks that require greater security and privacy; and a dedicated laptop for the most critical activities running Tails, Whonix, or Qubes OS. But this setup would only work if you don't mix identities with use cases and devices, because your behavior patterns can be used to deanonymize your Tor usage. Also, higher time, effort, and technical dedication are required in this setup.

Device Usage

A quick note about hardware choices for your technological needs. You have plenty of options regarding what to use, but perhaps the most important aspect is how you use it.

For every problem or issue you face, you also face decisions. Often, those decisions are crafted by taking into consideration the tradeoffs between ease of use and the consequences. In digital systems, people often turn to the most convenient solution possible, pushed by the "technology was created to make our lives easier" narrative whilst completely ignoring the unintended side effects or the risks associated with each technological choice.

Here, we propose steps you can take to regain some of your online privacy. Some of these will require you to lose some convenience, but the associated benefits gained should be worth the extra effort. Reference this YouTube video playlist from TechLore for a primer on why privacy is important and some steps you can take to reclaim yours.

Generally, you could –– and should:

• Remove bloatware. Every hardware comes with default software already installed out of the box. Evaluating which ones you must keep versus the ones you can safely delete without compromising the functioning of the system can go a long way. Bloatware can compromise the performance, security, and privacy of that system –– and thus yours too.
• Remove apps and programs not used frequently. The idea is similar to the bloatware case, but here you are the one keeping unnecessary apps and programs you don't really use anymore. Make a habit of regularly evaluating the many applications you have installed in your system and see if you still need them installed. The greater the number of applications, the greater the attack surface and the bigger the system's vulnerability. You are better off uninstalling a certain app and installing it again once you need it than just keeping it around. Only keep the bare minimum of applications that you need. And while you're at it, you can also remove unused files.
• Be skeptical of links. Everytime you receive a message with a link, especially if it includes a sense of urgency, do not click on it. Be aware. Check the website, scrutinize the link to make sure it is pointing to where it should be. Some phishing sites use similarly-looking characters to fool you into thinking it's a legit site. Check for those. If the link is a shortened URL, use a URL expander service such as URL Expander or Expand URL to see what the full link looks like. If the link came from someone you know and it looks suspicious, consider giving that person a call to confirm veracity.
• Use a VPN. Some think Virtual Private Networks (VPNs) are the holy grail of privacy, but that is often not the case. VPNs are better for security, because they make sure all your network traffic gets tunneled through their encrypted channels. You also get a new public-facing IP address. Overall, there are plenty of advantages to using a good VPN. However, there are also bad ones. By using a VPN you're trusting that company not to snoop on your traffic or keep logs of it, and a bad VPN would do just that –– spy on your network traffic and keep logs. Additionally, it might be helpful to use a VPN service that does not require extensive information for account setup and that you can pay for with Bitcoin. Mullvad is a good choice for all the above reasons, and they have an onion website too.
• Harden your internet browser. Your internet browser can reveal a great deal of information about you. So you should carefuly consider which one to use, how to use it, and when to use it. There are plenty of hardening guides online and different people prefer different browsers. I like Firefox because it is open source and flexible for customization. Here's a good Firefox hardening guide and here's another one. Proceed with caution though and just harden it as much as you need; things can break otherwise. If you use plenty of things which broke after hardening the browser, consider using separate browsers for different types of tasks. Again, you might need to determine how far you want to go.
• Use the Tor Browser. Using the Tor Browser is not a fix-everything solution, but it is a good, easy solution you can embark on right away. As you progress in your journey to online anonymity or privacy, the Tor Browser may become the smallest part of your setup, but until then, it can be a significant step up in your current habits. Dedicate Tor Browser usage to sensitive online searches, advocacy use cases, or other activities that require greater privacy and security from your end. That alone can provide a compartmentalization that you can start performing right now, with zero time and effort requirements and without needing to purchase additional hardware. But beware that your Internet Service Provider (ISP) will be able to know that you're using the Tor anonymity network, and that alone can be undesired in many places: it is often looked at as suspicious even if no bad acting is being done. So, for greater privacy benefits, connect to your VPN first, then Tor. If you face Tor censorship instead, you might need to use Tor Bridges.
• Perform regular updates. Software updates exist for a reason. Yes, they do often introduce nice and cool new features. But more importantly, they fix bugs. Every software has some kind of bug, and updates fix them; this is how it works. So make sure you're keeping up with your devices' software updates. Some will give you the option to enable autoupdates.
• Compartmentalize email addresses. On a basic threat model, you can ramp up your privacy from online companies and data centers through email compartmentalization. It will separate your behavior, allowing you to use a different email address for every service you sign up to or every activity you conduct. Simple Login is one such provider. But note that for an advanced threat model, you would be better off not trusting a third party company and using the Tor Browser to manually create new email addresses for each use case. That would require greater effort and time, but would also yield greater privacy.
• Compartmentalize phone numbers. Similar to email addresses, you also can (and should) use one phone number with each activity, identity, or use case you conduct. For a simpler threat model, a service such as the one provided by MySudo can go a long way. For a riskier set of threats in a more advanced threat model, you would need greater time and dedication; you would need to physically purchase a new SIM card, with cash and without revealing your identity if possible, for each identity or use case.
• Compartmentalize payment cards. Another piece of information about you that you can compartmentalize online is credit/debit card information. You can use a company like Privacy.com to generate card aliases for each purchase, store, service, or use case. Again, doing it by yourself is always better, although in this case slightly more complicated. It can be unrealistic in most places and countries to open a bank account or get a payment card with your pseudonymous identity, for example. Even though you can purchase prepaid debit cards in a local pharmacy in places like the U.S., personably identifiable information (PII) is more often than not required, undermining your privacy. A realistic alternative to the third party service here is to use "clean" bitcoin for purchases; and if the store itself doesn't support it, you can use a platform such as Bitrefill to buy gift cards with BTC.
• Compartmentalize devices. Software separation is good, but physical separation is better. If you have two identities, or two different roles or jobs which you wouldn't like getting mixed or doxxed, consider having separate devices for each. If you also keep them separate themselves, that's a bonus. And if one phone gets compromised and becomes a wiretap and tracking device, information in the other device will likely be safe. Evaluate if you could benefit from having multiple devices and go down that route if so. And just so that doesn't incur a high investment, you don't need a flagship device most of the times. Also –– if you end up using two separate phones for two different uses, get two different VPNs, one for each; compartmentalize that as well.
• Prevent physical access. This one might be a bit harder, but there are some steps you could take to diminish the risk of having your device be compromised through physical access. You can, for instance, make sure you don't lose sight of it when on risky environments. That is to say that maybe losing sight of your phone while at home likely won't incur high risk, but leaving it in your hotel room while you go for a jog could pose a more serious threat. So analyze and think what would consist threatening situations and hug that phone if you need to. One note on physical access, which is something this guide will cover in the next section: if you ever find yourself walking into risky places or situations, either don't bring your phone with you (you can take a burner phone instead) or turn it off. When you turn your phone off, its encryption keys are evicted from memory, increasing the security of your data (at least marginally). And when leaving your device unattended, you can put it in a temper bag, or a Faraday bag, or both. Again, analyze and think how far you need to go in your specific case.
• Consider resetting your devices from time to time. Although not a complete and flawless solution that fits every circumstance, resetting your devices can be a good idea if they have become too bloated, or if you think they have been compromised by software, or if you just want to start anew. Doing it regularly can be even better. Just don't assume that if you're doing this you don't need to perform the other steps in this section; they complement each other.
• Choose FOSS solutions over proprietary ones. Every time you choose to sign up for an online service or company or choose to download an app, you should think about the potential consequences of that decision. For instance, you should consider what the data collection policies of such app or service is, how hard it is to delete your account and its information, and if you have other alternatives. Generally, opt for free and open source software whenever possible. Although such tools will often not be as easy to use as proprietary software, you often gain in privacy. Proprietary software is literally a black box, and so you don't actually know what it is doing when you use it. This wiki privacy guide provides a nice list of alternative solutions for "de-googling" you life. Be sure to reference privacytools.io whenever you need a new software solution for a certain use case (they also have an onion website). Small choices can go a long way!

Note: for dissidents, human rights activists under totalitarian regimes, or other people on critical situations: the above tools might just not suffice. With that threat model, you would need to go at greater lengths for increasing their privacy or even strive for complete anonymity. Nonetheless, everyone can benefit from even the smallest steps; how far you go will depend on their threat model. To cite them again, some good resources, complementary to this guide, for determining digital security and privacy needs and actionable steps are the EFF Surveillance Self-Defense and Front Line Defenders: Security-in-a-Box guides.

What to Use

After understanding privacy basics, taking initial steps to increase your online privacy and sanitize your existing identity, and understanding some of the hardware and software choices you have and their tradeoffs, you can now analyze all that and settle on the perfect setup for yourself.

Below are choices you can take based on their required dedication of time, money, effort, and skill level, from the least to the most demanding.

• Tor Browser. You should use the Tor Browser for your pseudonymous identity only if you have absolutely no time, no money, no technical skills, no effort to allocate, and very limited resources. The reason is that it will provide the smallest level of protection for you, but is also the easiest to use, as you also would not need to purchase additional hardware. You can simply use the computer you already use, install Tor Browser in it, and use that for your advocacy needs. But beware of the shortcomings of this setup too, notably the limited protection it will give you. Tor usage can be deanonymized based on your non-Tor usage and behaviors, so keep that in mind.
• Tails. If you have a larger amount of time and learning motivation, but still has limited resources and can't purchase a dedicated laptop, you might want to use Tails. Although not perfect, Tails can help you protect your digital life from censorship and surveillance in a somewhat easy way. You can setup a Tails USB stick to temporarily turn your computer into a secure machine or stay safe while using the computer of somebody else. Do note that if used on a compromised machine, for instance a computer with viruses or with malicious hardware, like keyloggers, Tails won't always be able to protect you. Considering how difficult it can be to spot some malicious software and hardware in a given device, physical compartmentalization is always a better choice.
• Tails on a dedicated laptop. If your budget allows it, you might want to purchase a dedicated laptop to use for your sensitive activities over Tor on Tails. You can purchase a used business laptop for cash and install Debian on it for increased privacy and security and lower costs. You can also buy a used MacBook Air from 2012 or 2013 for cheap, reset it, and harden it for increased security and privacy; then you can use it more safely with Tails. Just make sure you only use this computer for the very specific set of activities your identity needs.
• Whonix or Qubes OS on a dedicated laptop. The reason for having these two operating systems separately here is because of the increased hardware and system specifications they require. Both Whonix and Qubes OS are more demanding to the machine they run on, so you'd need a bigger budget –– and more time and effort –– to set it up. Also reference this comparison (onion site here) to judge which system would be better for your specific case.

Please note that depending on your threat model you may be required to go at greater lengths to have full anonymity, including anonymous phone numbers. If that's your case, please reference The Hitchhiker's Guide to Online Anonymity.

Create Your New Identity

After you have taken basic yet important steps to increase present privacy, carefully thought about your threat model, and identified where and how you can harden your privacy and security, you can begin the identity creation process.

It is important to define the scope of your new identity. As you've completed the steps above, think about how your identity will interact with the world. More precisely, what will your identity do, through which mediums, with which tools, and when? Having that clear (and often written down) will help you along the way to prevent you from getting distracted.

For the following steps, use the setup you selected in "What to Use." At the very least, use the Tor Browser going forward in an internet connection that is not your home's and that has no video footage. All the following steps will assume you're using Tor.

Note: The following steps seem small and simple, however, it may take you a considerable amount of time to go through each one. You should take your time to complete them right! Each tip or mention is worth considering and going through, so be calm and do it right rather than quick.

On downloads: Always download through Tor, and always verify your downloads. Below download buttons for software products there is usually a "Verify Signature" or "GPG signature" little icon (or something similar). Always click on that and go through the steps to verify your download, otherwise you won't know if you downloaded the correct software or if it was tampered with.

1. The first thing you need is clean bitcoin, which you can get in KYC-free sources. Find more about it and ways to get it here and here. The Hitchhiker's Guide to Online Anonymity cited above also has a section on this. Take your time to get clean BTC because this is essential to the remainder steps. Bitcoin itself is not anonymous, but it can be if you use it with good practices in mind.

   • Buy it in batches to different addresses, because you don't want to deal with change too much, as it can hurt your privacy.
   • Use a good wallet such as Samourai or Wasabi that uses Tor by default.
   • Both wallets above will enforce some good practices for Bitcoin addresses and transactions, as well as let you CoinJoin your coins, increasing your anonymity (if you do it right). If you're using Samourai you can also make your spend a CoinJoin to increase spending privacy –– which will be important in the next step.

2. Purchase a good VPN service. Head over to Mullvad's onion website and create a new account. This will generate an account number; then, select the amount of time you want to fund your account for and pay with your clean bitcoin. It will help your anonymity to use the full contents of one UTXO for paying Mullvad, because then you wouldn't receive any change. But that may be hard to coordinate, so if not possible to match, just having your change a large amount instead of a negligible one will make it harder for chain analysis companies to spot which is the payment and which is the change.

   • After you have paid, download the Mullvad app only to the devices your new identity will be using. Note that it may take a while for your account balance to update and see your payment, due to blockchain confirmations, so be patient.
   • When Mullvad is fully set up on your devices and working, always connect to it for all of the remaining steps. Also connect to it first, then connect to Tor / Tor Browser.
   • You can also go in Mullvad app's Settings > Advanced > Always Require VPN, so that if your connection goes down the app will block internet access.

3. Pick an email provider, but don't create your account just yet. ProtonMail is my personal advice, and should be the best choice for most people. But there are other good alternatives as well. You can reference this page for choosing a privacy-preserving email provider that best fits your needs.

4. Search for and pick a pronounceable handle. Whilst doing everything over Tor (connecting to your VPN first), start thinking on what your new identity's name would be like. Focus on readibility, and it should be pronounceable as well. Search for and pick a handle that:

   • Is not already in use by ProtonMail (or the email provider you chose in the previous step).
   • Is not already in use by GitHub.
   • Is not already in use by Twitter (optional).
   • Is not already in use by Gmail (optional).
   • Has a cheap domain name available. Use Namecheap to search for and buy the domain if you wish to do so, since it accepts bitcoin and has some privacy-preserving features enabled automatically as well as some policies for protecting customer rights. This will be especially useful if you need to set up a website for advocacy, a donation page, or something of the sorts.

   Alternatively, you can use a full name, instead of a simple handle, with more complete personal details to create a full identity (reference Fake Name Generator for help with this).

5. Get a new phone number. You will need it for creating some accounts later on, so do it anonymously if you can: buy a prepaid SIM with cash. That is not possible in some parts of the world, however, since KYC information may be required either to buy it or to set it up. So analyze what is best in your circumstances and considering your threat model. In either case, do not use your real identity's phone number going forward.

   • If your budget allows it, also get a new phone. In most cases, and to make your identity's Operational Security (OpSec) easier, you can buy an affordable Pixel 4a with cash and de-google it with a security- and privacy-conscious OS, such as Graphene or Calyx. But that may be hard to find in some areas or your skill level may not be there yet, so reference the Android-iOS discussion fleshed out in this guide's intro to decide.

6. Buy a WebAuthN key (SmartCard) for security. Purchase a YubiKey in person with cash. You can find resellers near you in their website. If there are none, adjust and purchase by revealing the least amount of personal information you can; notably, you can use a private mail box to prevent disclosing your home address.

7. Create your email account. Go to the email provider you selected and create your email account. If they have an onion hidden service, Tor Browser will automatically redirect you so maybe wait a minute after the site has loaded to begin the account creation process.

8. Generate new GPG keys. Remember to use your pseudonymous handle and its email as your key's user ID.

   • Follow this guide for creating your own keys and establishing a hardened setup with your new YubiKey.
   • Alternatively, if technical skills become a bottleneck, save your YubiKey for later and have your email provider create GPG keys for you (ProtonMail supports this). Although not perfect, it is functional and may be acceptable for some threat models –– and you can generate a new GPG keypair for your identity later when you're more comfortable using it.

9. Create your GitHub account. Of course, this assumes you'll need a GitHub account; if you won't, you may skip it. But it doesn't hurt to create one, as you might need it some day. So, create one, at least for securing your handle.

   • Add your GPG key to your GitHub account.

10. [Optional] Create other accounts. Your new identity might need additional accounts depending on its required activities. Go ahead and create them. Remember to use VPN and Tor for everything and provide the least amount of private information possible. Most service providers will prompt you for many pieces of information but most of it is not truly necessary for account creation. Just beware of that and create it attentively.

    • Note: some of your identity needs can be accomplished with similar, more private and secure tools than mainstream ones. For example, you might need a document editing tool and Google Docs might jump out in your head as the go-to service, but often you could use CryptPad instead. Refer to Privacy Tools every time you realize you need to sign up for a new service and evaluate if there's a more private alternative that suits your needs.

Phew! If you performed each and every step with caution and attention, your new identity should now be set and ready to be used. You have a pronounceable handle, a new phone number, an email address, maybe a domain, GPG keys, a YubiKey, and a GitHub account with GPG-commit signing enabled.

Operate Your New Identity

Your main goal while operating your pseudonymous identity should be to prevent having it be linked back to your real-world identity, because if that happens then all your work goes to waste. There are many techniques you can use to ensure that to the best of your ability, but that can vary depending on your specific circumstances.

Read more about privacy and anonymity to become more aware of the different ways adversaries may be able to threaten them. Also beware and grow accustomed to some basic security best practices for defending yourself:

• Create secure passwords (some complementary thoughts on strong passwords here).
• Use a password manager.
• Enable two-factor authentication and use your YubiKey.
• Mind your communications.

Generally, however, since the main goal is to avoid links to your real identity, you should focus on compartmentalization. The level to which you commit to compartmentalizing parts of your life will, again, depend on your available time, skills, and budget.

The best case scenario, which you should strive for, is to have one separate device for each activity. That entails having one mobile device, one laptop, one phone number, one YubiKey (mabe here you'd want to have a second one as backup), and one of each device you might need for your pseudonymous identity –– and use them only for that single identity! Need a new identity? Then you'd need new devices.

But that is often not feasible, and rather than quitting it altogether, you should start small and build your way to the top. Striving for perfection is good if it means stimulating you to improve, but it can quickly become detrimental if it stops you from acting. Therefore, start with the good rather than the perfect.

In either case, you should compartmentalize as much as you realistically can at a given time.If you currently can't buy a new smartphone for your new identity, you can at least grab a new phone number, which is fairly cheap in most places, and a new VPN account with a different provider than your real identity's VPN. If your current phone supports two SIMs, for instance, you can use both numbers and both VPN accounts, switching VPN connections every time you need to connect to an app and based on the identity that app is associated with. I know, that can be rather cumbersome, but that's what a lower budget will often require.

Similarly, if you can't afford a new laptop, you can start by buying a VPN subscription as described previously in the guide and use the Tor Browser. However, that would only suffice for more basic threat models. You might then consider dedicating some time to flashing Tails onto a USB stick and learning the basics of the anonymity live operating system. That will enhance your setup right away, as Tails will enforce many best practices for you.

However, you always need to remember that all these tools are not perfect and that you might still be at risk. For instance, Tor can do little for you if you use it wrong. It currently goes beyond the scope of this guide to discuss why and provide some steps one could take to mitigate it, but here are some good and thorough guidelines (really read this!). If you're more inclined to academic research, reference Free Haven's Selected Papers in Anonymity.