Privacy, Anonymity and Compartmentalization

HotCakeX
10 min readJul 23, 2023

--

Privacy, Anonymity and Compartmentalization

This article explores the topics of privacy, anonymity and compartmentalization. These concepts are interrelated and essential for protecting one’s identity, data and online activities from unwanted surveillance, tracking, interference and bad actors.

First, we discuss privacy, which is the right to control what information is collected and shared about oneself. Privacy is important for maintaining personal autonomy, dignity and security. We also discuss what the right mindset and approach is to privacy and how to develop and grow it in yourself.

Next, we cover anonymity, which is the state of being unknown or unidentifiable by others. Rather than doing it in a carte blanche way, we discuss how to do it tactically, the right way.

Finally, we introduce compartmentalization, which is the practice of separating different aspects of one’s life or identity into distinct compartments or personas.

Lastly, I will show you how to compartmentalize software in Windows using virtualization technology. Virtualization is a technique that allows you to run multiple operating systems or applications on a single physical machine, isolated from each other.

Privacy and the illusion surrounding it

In today’s day and age, privacy is a bottomless pit. As long as you are connected to the Internet, your online activity is monitored or recorded at least by some entity or person somewhere in the world, either intentionally or through bulk data collection. The only escape from that is to renounce all electronic devices and dwell in a shielded underground chamber.

Privacy advertisements, advocates, tools, programs are all fundamentally flawed. All they can do at best is to change which entity or company has access to your data. They can’t prevent the data from being collected in the first place.

Tor Brief: A Quickfire Discussion

Tor network is an inherently defective privacy instrument. It’s vulnerable, its traffic is readily identified, severely limited or blocked. It’s a partial solution that is not even accessible to everyone. That includes any pluggable transports and bridges of any types.

Tor is intended to be used by the citizens of the countries with authoritarian, dictatorial, and oppressive regimes, such as Iran, places where the government is evil and citizens need help to stay private.

In those countries, where people’s and journalists’ lives are in peril, where activists and regular citizens need free access to the Information flow to share information, Tor is the prime target for swift blocking. Tor’s traffic is the first thing that usually gets blocked in a repressive country or when an uprising happens.

So what is the purpose of Tor when you can’t use it in the most important situations, where your life depends on it?

Tor network fails to safeguard people’s anonymity because its traffic reveals that the user is employing Tor and arouses undue attention, it doesn’t protect freedom of expression because it simply doesn’t work in places where it’s most needed, thus it can’t help people access censored or restricted information. This is the reason for the emergence of new tools and protocols such as Xray, V2ray, VLess and so on.

All of this demonstrates how ineffectual Tor network and any software depending on Tor network is. That encompasses OSes such as Whonix that assert to preserve your anonymity and so forth.

In my tests, on a perfectly uncensored and fast Internet connection, one of the simplest operations in Whonix, which is synching system time over Tor network, takes at least 2 minutes, and that’s just in the first few days. After that, half of the time the time sync fails completely and shows errors, effectively preventing from using the OS because anything you want to do, including syncing data or any useful task at all that requires a correct system time, would lead to data loss, which did happen to me in my tests.

It’s a very poor idea to construct an entire OS founded on a network like Tor that solely employs TCP, has very high latency, is unreliable and its traffic is easily identified and blocked.

So where does that leave us? Using Tor in free western countries. Now the question is, why would you desire to voluntarily use a very sluggish network in a free country with unrestricted flow of information?

Threats to Democracy and Western Values

The Western world faces multifaceted challenges from entities intent on eroding its foundational values and societal norms. These adversities manifest through diverse tactics, including disinformation campaigns, psychological operations, cyber warfare, terrorism, among others. They should be examined thoroughly, as they are critical to cultivating an informed perspective on privacy and anonymity.

Important Sources and Proofs That Are Good to Read And/or Watch

United States Government: Designated Foreign Terrorist Organizations

United States Government: State Sponsors of Terrorism

Microsoft: Iran accelerates cyber ops against Israel from chaotic start

Microsoft: Rinse and repeat: Iran accelerates its cyber influence operations worldwide

Microsoft: Iran turning to cyber-enabled influence operations for greater effect

Inside Tehran’s Soft War

High-Level Iranian Spy Ring Busted in Washington

Member of Iranian Influence Network Visited Biden White House Five Times

All iranian newspapers cheering and Praising chaos and encampments in American Universities

Great speech: by Eva Vlaardingerbroek

Great talk: Natasha Hausdorff responds to the ICRC on the Geneva Conventions

The concept of psychological operations (PsyOps) revolves around influencing the emotions, motives, objective reasoning, and ultimately the behavior of individuals, groups, and even governments. These operations are frequently orchestrated by enemy intelligence agencies, military forces, and other covert organizations.

The enemy recognizes their military limitations, so their strategy involves sowing division from within — a path to conquest.

It is imperative, therefore, to remain alert and well-informed, fortified with veracity and knowledge.

Tactically Identify Friends and Foes, a Reality Check

One of the first steps to protect your privacy is to identify and decide who is included in your trusted circle and who falls outside of it, based on your personal goals and values. This will help you choose the appropriate tools and strategies to safeguard your information and avoid unnecessary risks. You need to decide a level of privacy for yourself to adhere to.

Take into account the information highlighted in the preceding section on Threats to Democracy and Western Values when making decisions regarding privacy and anonymity. Recognize that you are an integral part of this broader reality and context.

You cannot stay private and hidden from agencies with global reach such as NSA, CIA, Mossad and other western intelligence agencies, the same people that prevent the civilized part of the world from turning into terrorists’ paradise. If they really want you, then there must be good reason(s) for it, and they can get you anywhere you go.

As a privacy-conscious person, you should be clear and discerning about who your allies and adversaries are. You should not look at the subject from a single point of view and fail to see the bigger picture which is the real world and what happens in it.

Why Tactically?

Privacy decisions require clarity and foresight. You should not jeopardize your relationships with your friends, colleagues or other allies. Your anonymity and privacy should not harm them or negatively affect your life and interactions with them.

What if You’re Already Well-Known and Popular?

If you’re already famous and have a large following, then it’s hard to erase your digital footprint. This is not necessarily a bad thing. Anonymity is not for everyone and people have different preferences and goals. This post just explores one of the many possible lifestyles.

Anonymity, the Wrong Way

Anonymity with the aim of facilitating and using tools to try to stay undetected from the western intelligence agencies can hurt the security. Terrorists and threat actors should not be undetectable, under the radar or be able to keep a low profile. Their actions and plans should always be visible.

Therefore, anonymity with this particular mindset is not only futile, but also harmful. It can make you a target of suspicion and investigation, or even a victim of malicious actors who may exploit your vulnerability. It can also weaken the collective defense and resilience of the society against the real enemies who want to harm you.

Anonymity, the Right Way

There are misguided and ill-intended people out there: stalkers, trolls, script-kiddies called anonymous groups, doxxers, criminals, irritating privacy intruding people in general. People that do not share the same values as you do in the civilized world. They are the ones that you need to protect yourself from. They are the ones that you need to be anonymous from.

To protect yourself from these groups of individuals, you need to take proactive measures. This is the proper type of anonymity and one that is the most advantageous.

Always remember this fact: Those people can only know as much about you as you permit them to. You are in control.

Anonymity Through Obscurity

We talked about anonymity, the right way. So how can we achieve this anonymity exactly? By embracing anonymity through Obscurity.

Obscurity is the state of being difficult to understand or interpret. It is different from anonymity, which is the state of being unknown or unidentifiable. Obscurity can be achieved through various methods, such as using encryption, misinformation, or noise to mask your identity or activity online

That implies, rather than attempting to conceal from those groups of individuals, playing by their rules.

They, (the same group we talked about in the previous section), want to get information about you? OK then, provide them information, false credible information.

  • Leave breadcrumbs for them online to find and follow, make it subtle and look like they worked for them
  • Let them think they know you
  • Let them think your OPSEC is weak and they’ve won
  • Establish a large multi-faceted barrier between your real-life identity and the one you allow the stalkers and malicious people to believe

I’m intentionally not going into details about them. Those methods have been proven to be successful on many occasions.

Moreover, be aware of the company the software or online service that you use belongs to. For example, Google is one of the biggest data mining companies in the world, if not the biggest. You desire to advertise your product in the most efficient way? You give it to Google. That’s what their business is about. In comparison, a different company like Microsoft, is about providing services, that’s their primary source of income.

Be cautious about other companies that offer free products and services. if something is free, then you and your data is the price that you are paying, unknowingly.

OSINT

When I want to remedy a problem, I usually address the root cause of it. By securing your privacy and anonymity in such fundamental ways described in this guide, you automatically address a lot of other things such as OSINT, which stands for Open source intelligence, and relies on whatever data available on the Internet. You are nullifying their data about you without them even noticing, and that is definitely one of the goals. It’s a tool that is useful in the hands of friendlies but can be harmful in the hands of adversaries.

Windows Sandbox

Windows Sandbox is a useful environment for using software without ruining your system. It provides a pristine, disposable and secure place that replicates your host OS.

It enables you to run applications in an isolated and ephemeral virtual machine on your Windows computer. When you exit the Windows Sandbox, everything inside it is discarded.

This repository offers pre-made Windows Sandbox configurations that cater to specific use-cases and software. The main files bear the .WSB extension. The configs enforce heightened security wherever possible.

You can use them for any task that you like, you can combine the configurations, increase or decrease the RAM usage, etc.

  • Configs that provide region-specific time zones, 2GB RAM.
  • Config that launches Tor browser in Windows Sandbox, 3GB RAM.
  • Config that launches Tor browser in Windows Sandbox, 3GB RAM, Copy&Paste allowed.
  • Config for Downloads Folder Detonation Chamber, automatically maps the host’s Downloads folder in read-only mode, 4GB RAM.
  • Config for Photoshop (latest version, currently 2023), 6GB RAM. With Windows Sandbox’s GPU paravirtualization, graphics-intensive programs can run smoothly and isolated in it. No internet connection.
  • Config for Luminar (This one is for Luminar Neo), another graphics-intensive program that can run isolated in Windows Sandbox, 6GB RAM. No internet connection.

Those are only a portion of the configs I use, you can create a config for any software.

You can also use Hyper-V VMs for long-term use cases, it’s a great, safe and optimized hypervisor.

Continue Reading About Security

Refer to this GitHub repository for proper security guidelines and tools.

--

--