Kompletní OPSEC Průvodce

Open-source software and hardware

• • Use open-source software so you can check what it's doing
• • Avoid closed-source software - it may contain backdoors
• • Use Linux with hardening tools (Kicksecure, Whonix)

Encryption

• • Encrypt communications and data with end-to-end encryption
• • UseAge a PGP/GPGfor encrypting files and messages
• • Encrypt entire drives withVeraCryptorLUX

DNS protection

• • Use DNS encryption (DoT, DoH, DNSCrypt) to protect against ISP snooping
• • Consider DNS over Tor for maximum privacy
• • Do not use your ISP's DNS

Virtual machines

• • Use VMs to separate different activities and increase security
• • WhonixQEMU VMs are recommended for anonymous use
• • Qubes OSfor maximum insulation

Password management

• • Use a password manager (KeePassXC, Bitwarden)
• • Generate strong, unique passwords (20+ characters)
• • Never use the same passwords for multiple accounts
• • Enable 2FA wherever possible

Secure file sharing

• • Share files securely withSyncthingvia VPN or Tor
• • Use for anonymous sharingOnionShare
• • Remove metadata from files before sharing

Front-end privacy

Use alternative front-ends for popular services:

Tor Browser

• • Use Tor Browser to browse the web anonymously
• • Set the security level to"Safest"
• • Disable JavaScript for maximum security
• • Use bridges (obfs4, meek-azure, Snowflake) in censored countries
• • Never log into personal accounts through Tor

Anonymous virtual machines

• • UseWhonixQEMU VMs for anonymous use
• • Tails OSfor temporary sessions without tracks
• • Separate anonymous activities from the host system

Anonymous Finance

• • UseMonero (XMR)for anonymous financial transactions
• • Avoid centralized exchanges (CEX) requiring KYC
• • Consider Decentralized Exchanges (DEX) asHaven
• • For P2P exchange usebisqueorRetoSwap

Residential proxy

• • Get a residential proxy anonymously to access Tor blocking sites
• • Helps bypass geo-restrictions and censorship
• • Services likeThe VPN Mysteryoffer residential IP

Hidden Services (.onion)

• • Access .onion sites for better anonymity
• • UseSimpleXfor anonymous chats
• • Use anonymous emails (DNMX, Mörk)

Temporary systems

• • UseTails OSfor temporary, sensitive use
• • Tails can be run from USB and leaves no traces of use
• • All data is deleted on shutdown

Deniable encryption

• • UseVeraCryptto create hidden volumes for sensitive data
• • Outer volume contains innocent data, inner hidden volume contains sensitive data
• • Unable to prove the existence of a hidden volume

Steganography

• • Hide data in images or videos
• • Tools:Steghide, zuluCrypt
• • Allows sensitive information to be transmitted without arousing suspicion

Duress mechanisms

• • Set upduress PINfor quick data wipe (GrapheneOS)
• • Helps when you are forced to disclose data
• • Consider an app's "panic button" for emergency situations

Regular updates

• • Keep software and systems up to date
• • Patch known vulnerabilities as soon as possible
• • Use a package manager to manage updates

Firewall and network monitoring

• • UseOpenSnitchto monitor network traffic
• • Block unauthorized outgoing connections
• • Identify suspicious activities

Software Verification

• • Verify software integrity before installation
• • UsePGP signaturesto verify authenticity
• • Check hashes of downloaded files

Physical security

• • Protect physical devices from unauthorized access
• • Use locks for USB ports
• • Encrypt entire drives in case of theft
• • Consider a tamper-evident sticker on the device