Jason Voorhees
π―ππ― ππππ π΅πππππ
- Joined
- May 15, 2020
- Posts
- 59,314
- Reputation
- 165,788
This thread took some time to make bevause of so much misinformation online and secrecy regarding all these methods were. In this thread I have
coverd all viable methods for regular people* and the risky, advanced techniques used by Russian and Chinese hackers like Turla. Step-by-step, with legal risks and consequences for the shady stuff. You can skip part 2 if you don't want be on CIA's watchlist. And yes I have used chatgpt to summarize, correct grammar errors, paraphrase certain parts but all the points and ideas in this thread are throught my own research.
Part 1: Anonymity Tools for Regular People.
These are legal practical steps anyone can take to protect their digital identity. Perfect for privacy-conscious folks who are not international criminals
Harden Your Operating System
Even before you use VPNs or Tor, your OS leaks data.
Options:
Use privacy-focused Linux distros like:
Tails OS (bootable, routes all traffic through Tor)
tails.net
Qubes OS (compartmentalized, VM-based
www.qubes-os.org
Disable telemetry in Windows/Mac.
Use local accounts, not cloud-linked logins (like Microsoft or Apple ID)
Also always use Brave Browser because your Browser is the biggest privacy hole
1. Use a Reputable VPN
Use paid, audited VPNs that donβt log your data:
NordVPN: https://nordvpn.com/
ProtonVPN: https://protonvpn.com/
Steps:
Subscribe (~$3β$12/month).
Install the app.
Connect to a privacy-friendly country (e.g., Switzerland).
> Avoid free VPNs β most log your data or sell it.
2. Browse with Tor
Download from torproject.org
Steps:
Install Tor Browser.
Use for sensitive browsing (e.g., research, whistleblowing).
Never log into personal accounts on Tor.
Cons:
Slower than regular browsers.
Many sites block Tor.
Exit nodes can be monitored.
3. Explore I2P (Invisible Internet Project)
Get I2P β a decentralized network like Tor but optimized for peer-to-peer communication.
Steps:
Install Java-based I2P software
geti2p.net
Run the I2P router in the background.Configure the I2P router
Unlike Tor, I2P encrypts all traffic end-to-end and is designed for hidden services (e.g., private file sharing, chats).
>Even slower than Tor, smaller network, complex setup. Illegal if used for illicit activities (e.g. dark pool markets).
4. Use Private Torrent Trackers
Private trackers are invite-only BitTorrent communities with strict rules to avoid tracking.
Steps:
Visit forums like r/OpenSignups.
Get invites to IPTorrents, Redacted, etc.
Use a VPN while torrenting.
Maintain a good seed ratio.
> Legal risk if downloading copyrighted content.
5. Use Virtual Machines (VMs) for Isolation
VMs like VirtualBox (https://www.virtualbox.org) create
isolated environments to browse or open risky files. Great for isolating risky activities.
Steps:
Install VirtualBox or VMware.
Set up a Linux-based VM (e.g., Ubuntu).
Use for risky browsing, suspicious files, etc.
Use snapshots to easily revert state.
6. Use Encrypted Communication Apps
Signal for calls/messages: signal.org
ProtonMail for secure email: protonmail.com
Tips:
Use a burner phone/email for setup.
Enable disappearing messages on Signal.
7. Use Privacy-Focused Search Engines
DuckDuckGo
StartPage
> No tracking or profiling.
8. Use Disposable Emails
For temporary accounts or sketchy sites, use:
Temp Mail
> Don't link these to your real identity.
9. Avoid Smart Devices
Skip Amazon Echo, Google Home, etc. If you have them right now. Toss it in the bin. I was shocked when I found it out that these devices are always listening and are keeping logs of all the conversations it is even in their privacy policies but no one cares to read them
10.DNS Privacy
DNA translates website names (like google.com) into IP addresses.
Even if you're using a VPN or Tor, your DNS queries can still leak revealing what sites you're visiting to.
>Use encrypted DNS like Cloudflare 1.1.1.1 via DNS-over-HTTPS/TLS. Tools like Pi-hole + Unbound block trackers and keep DNS traffic local. Always test for DNS leaks
one.one.one.one
dnsleaktest.com
11. Payment Privacy
Never use your real credit/debit card for private tools or services. Instead, use prepaid debit cards bought with cash, gift cards, or privacy coins like Monero. USAcels can generate burner cards via Privacy.com. For crypto, avoid KYC exchanges and always use a VPN or Tor
Part 2: Russian Hacker Tactics (Satellite Internet & BGP Hijacking)
These are advanced, risky methods used by Russian APTs like Turla. They're not viable for regular people due to illegality and severe consequences but I will still talk about them in detail because of how much I have read about them and spent so much time finding legit info. Doing any of this is directly going to land you on the CIA's watchlist.
1. Satellite Internet Hijacking
Used by Russian APTs to anonymize C2 servers.
Goal: Hijack unencrypted DVB-S satellite traffic to avoid detection.
Requirements:
Satellite dish ($100β$500)
DVB-S card (e.g., TBS-6922SE)
Linux system
Skygrabber software
Steps:
1. Point dish at satellite beams (e.g., over Somalia, Afghanistan).
2. Scan for unencrypted DVB-S frequencies.
3. Sniff traffic using Skygrabber.
> Goal: Find active IP addresses of satellite users.
2. IP Spoofing & C2 Command Routing
Once IPs are identified:
Spoof them to hide C2 servers.
Now that you have acquired spoofed IPs you now use it for malware control/data theft. Route malware commands over the satellite traffic. e.g AcidRain malware
> Makes tracking very hardβlooks like legitimate satellite traffic.
3. BGP Hijacking (Bonus)
BGP hijacking is the illegitimate takeover of groups of IP addresses by corrupting Internet routing tables maintained using the Border Gateway Protocol.
Used by: ISPs like Rostelecom, even China Telecom.
Steps:
1. Announce fake ownership of IP blocks (e.g AWS, Google).
2. Route traffic to attacker-controlled servers.
> Example: In 2020, Russian ISPs hijacked BGP routes from Google/Amazon.
Everything in Part 2 is very very illegal.
Doing any of this in this = federal crimes. Think terrorism-level consequences (treason, espionage)
If this were GTA, you'd have 5 stars and a tank after you after you do stuff like this. So don't try to be an edgelord because law enforcement agencies are not playing around when it comes to these things. They take it all very seriously.
Conclusion:
If you just want to stay anonymous legally, stick to:
VPNs
Tor/I2P
Private trackers
VMs
Signal/ProtonMail
Privacy search engines
Donβt do anything in Part 2 unless you enjoy orange jumpsuits and windowless rooms.
coverd all viable methods for regular people* and the risky, advanced techniques used by Russian and Chinese hackers like Turla. Step-by-step, with legal risks and consequences for the shady stuff. You can skip part 2 if you don't want be on CIA's watchlist. And yes I have used chatgpt to summarize, correct grammar errors, paraphrase certain parts but all the points and ideas in this thread are throught my own research.
Part 1: Anonymity Tools for Regular People.
These are legal practical steps anyone can take to protect their digital identity. Perfect for privacy-conscious folks who are not international criminals
Harden Your Operating System
Even before you use VPNs or Tor, your OS leaks data.
Options:
Use privacy-focused Linux distros like:
Tails OS (bootable, routes all traffic through Tor)
Tails - Home
Qubes OS (compartmentalized, VM-based
Qubes OS: A reasonably secure operating system
Qubes is a security-oriented, free and open-source operating system for personal computers that allows you to securely compartmentalize your digital life.
www.qubes-os.org
Disable telemetry in Windows/Mac.
Use local accounts, not cloud-linked logins (like Microsoft or Apple ID)
Also always use Brave Browser because your Browser is the biggest privacy hole
1. Use a Reputable VPN
Use paid, audited VPNs that donβt log your data:
NordVPN: https://nordvpn.com/
ProtonVPN: https://protonvpn.com/
Steps:
Subscribe (~$3β$12/month).
Install the app.
Connect to a privacy-friendly country (e.g., Switzerland).
> Avoid free VPNs β most log your data or sell it.
2. Browse with Tor
Download from torproject.org
Steps:
Install Tor Browser.
Use for sensitive browsing (e.g., research, whistleblowing).
Never log into personal accounts on Tor.
Cons:
Slower than regular browsers.
Many sites block Tor.
Exit nodes can be monitored.
3. Explore I2P (Invisible Internet Project)
Get I2P β a decentralized network like Tor but optimized for peer-to-peer communication.
Steps:
Install Java-based I2P software
I2P Anonymous Network
Anonymous peer-to-peer distributed communication layer built with open source tools and designed to run any traditional Internet service such as email, IRC or web hosting.
Run the I2P router in the background.Configure the I2P router
Unlike Tor, I2P encrypts all traffic end-to-end and is designed for hidden services (e.g., private file sharing, chats).
>Even slower than Tor, smaller network, complex setup. Illegal if used for illicit activities (e.g. dark pool markets).
4. Use Private Torrent Trackers
Private trackers are invite-only BitTorrent communities with strict rules to avoid tracking.
Steps:
Visit forums like r/OpenSignups.
Get invites to IPTorrents, Redacted, etc.
Use a VPN while torrenting.
Maintain a good seed ratio.
> Legal risk if downloading copyrighted content.
5. Use Virtual Machines (VMs) for Isolation
VMs like VirtualBox (https://www.virtualbox.org) create
isolated environments to browse or open risky files. Great for isolating risky activities.
Steps:
Install VirtualBox or VMware.
Set up a Linux-based VM (e.g., Ubuntu).
Use for risky browsing, suspicious files, etc.
Use snapshots to easily revert state.
6. Use Encrypted Communication Apps
Signal for calls/messages: signal.org
ProtonMail for secure email: protonmail.com
Tips:
Use a burner phone/email for setup.
Enable disappearing messages on Signal.
7. Use Privacy-Focused Search Engines
DuckDuckGo
StartPage
> No tracking or profiling.
8. Use Disposable Emails
For temporary accounts or sketchy sites, use:
Temp Mail
> Don't link these to your real identity.
9. Avoid Smart Devices
Skip Amazon Echo, Google Home, etc. If you have them right now. Toss it in the bin. I was shocked when I found it out that these devices are always listening and are keeping logs of all the conversations it is even in their privacy policies but no one cares to read them
10.DNS Privacy
DNA translates website names (like google.com) into IP addresses.
Even if you're using a VPN or Tor, your DNS queries can still leak revealing what sites you're visiting to.
>Use encrypted DNS like Cloudflare 1.1.1.1 via DNS-over-HTTPS/TLS. Tools like Pi-hole + Unbound block trackers and keep DNS traffic local. Always test for DNS leaks
1.1.1.1 β The free app that makes your Internet faster.
Install the free app that makes your phoneβs Internet more fast, private, and reliable.
DNS leak test
Never use your real credit/debit card for private tools or services. Instead, use prepaid debit cards bought with cash, gift cards, or privacy coins like Monero. USAcels can generate burner cards via Privacy.com. For crypto, avoid KYC exchanges and always use a VPN or Tor
Part 2: Russian Hacker Tactics (Satellite Internet & BGP Hijacking)
These are advanced, risky methods used by Russian APTs like Turla. They're not viable for regular people due to illegality and severe consequences but I will still talk about them in detail because of how much I have read about them and spent so much time finding legit info. Doing any of this is directly going to land you on the CIA's watchlist.
1. Satellite Internet Hijacking
Used by Russian APTs to anonymize C2 servers.
Goal: Hijack unencrypted DVB-S satellite traffic to avoid detection.
Requirements:
Satellite dish ($100β$500)
DVB-S card (e.g., TBS-6922SE)
Linux system
Skygrabber software
Steps:
1. Point dish at satellite beams (e.g., over Somalia, Afghanistan).
2. Scan for unencrypted DVB-S frequencies.
3. Sniff traffic using Skygrabber.
> Goal: Find active IP addresses of satellite users.
2. IP Spoofing & C2 Command Routing
Once IPs are identified:
Spoof them to hide C2 servers.
Now that you have acquired spoofed IPs you now use it for malware control/data theft. Route malware commands over the satellite traffic. e.g AcidRain malware
> Makes tracking very hardβlooks like legitimate satellite traffic.
3. BGP Hijacking (Bonus)
BGP hijacking is the illegitimate takeover of groups of IP addresses by corrupting Internet routing tables maintained using the Border Gateway Protocol.
Used by: ISPs like Rostelecom, even China Telecom.
Steps:
1. Announce fake ownership of IP blocks (e.g AWS, Google).
2. Route traffic to attacker-controlled servers.
> Example: In 2020, Russian ISPs hijacked BGP routes from Google/Amazon.
Everything in Part 2 is very very illegal.
Doing any of this in this = federal crimes. Think terrorism-level consequences (treason, espionage)
If this were GTA, you'd have 5 stars and a tank after you after you do stuff like this. So don't try to be an edgelord because law enforcement agencies are not playing around when it comes to these things. They take it all very seriously.
Conclusion:
If you just want to stay anonymous legally, stick to:
VPNs
Tor/I2P
Private trackers
VMs
Signal/ProtonMail
Privacy search engines
Donβt do anything in Part 2 unless you enjoy orange jumpsuits and windowless rooms.
Last edited:
