Operation Security Handbook

2022 Edition Edition

Minimal Burner Laptop Requirements:
CPU 4-core, 8-threads with Virtualization Support (must be enabled in BIOS)
RAM 16 GB
SSD 128 GB
USB 3.0 or better. 2x ports minimum
Additional Required Stuff:
USB Flash Drive 64-128 GB. One you can leave in the port, for example, SanDisk Ultra Fit
Another SSD 128 GB, 2.5 inch
SSD Enclosure Orico 2.5 SSD enclosure. USB-C to USB 3.0. Buy on Ebay or somewhere
WiFi Router Flash DD-WRT yourself or buy a pre-flashed router. Some router models are
impossible or very difficult to flash, so be careful while choosing
OPSEC Minimap:

Linux Mint 19.3 (Encrypted and with MAC changer) → VPN (Mullvad) → Virtualbox →
VeraCrypt Hidden Volume on SSD connected via USB 3.0 → Whonix Gateway with obfs4
bridges → Windows 10 VM

Part 1: Host OS
Download & install Linux Mint 19.3 Cinnamon. As you install, make sure you enable full disk
encryption, as well as encrypt the Home folder. Set a strong, complex password, alphanumeric with
special symbols is strongly recommended, length: 32 symbols or more total. Don't store any of your
passwords digitally, write them down with a pen in a small notebook somewhere. Memorize them if
you can. After Linux Mint is set up, updated and drivers are set up, we can get started.

Step 0. Install Opera

1. Download and install Opera. Then install an extension called WebRTC Leak Prevent from
Chrome Web Store. Change the default search engine to DuckDuckGo.

2. Browse using Opera on Host OS now. But don't do anything naughty.

Done.
Step 1. Installing Mullvad
1. Go to www.mullvad.net. Install the latest version, the .deb package.

2. Run Mullvad. Once logged in, go to Settings . First, go to Preferences and make sure to
enable Launch app on start-up and Auto-connect. Second, go to Advanced and make sure to
set OpenVPN transport protocol to TCP.

3. Open am.i.mullvad.net and make sure it's all green. Run it every time you boot to Host OS.
Make sure it's always on.

Done.

Step 2. Installing and setting up VeraCrypt

1. Go to www.veracrypt.fr. Download the latest version, unpack it and double click on
veracrypt-x.xx-setup-gui-x64 and in the popup dialog click Run in Terminal. I'm sure you
can manage the rest. Ok, installation done!

2. Get your other 128 GB SSD and put it inside Orico Enclosure, then connect it to the laptop
via USB 3.0. Pick a port where it's least likely you'll be able to accidentally pull out the cable
while the drive is on: be careful not to do that!

3. Run VeraCrypt and click the Create Volume button.

4. Create a volume within partition/drive. Next ►

5. Hidden VeraCrypt volume. Next ►

6. Select Device (Pick the Orico drive). Next ►

7. Encryption algorythm: AES(Twofish(Serpent)). Hash Algorithm: SHA-512. Next ►

8. Create an easy to remember password for an Outer Volume. This is the password you will
use in case someone forces you to reveal it to them. Next ►

9. Move your mouse randomly until the progress bar fills up. Format

10. When it finishes, a folder will open. Copy some sensitive-looking (but not anything illegal)
files in there. It's up to you what to put in there, get creative. Get back to VeraCrypt. Next ►

11. Hidden Volume. Next ►

12. Same settings as in 7. Next ►

13. Hidden Volume Size. Set it to 110 GB. Next ►

14. Create a strong, complex password, alphanumeric with special symbols is strongly
recommended, length: 32 symbols or more total. Next ►

15. Set filesystem to NTFS. Next ►

 16. Select I will mount the volume only on Linux.

17. Move your mouse randomly until the progress bar fills up. Format

18. After a little while you'll be notified that the volume has been created successfully.

19. Finally, go to Veracrypt main window and click the Select device button and select your
VeraCrypt drive. OK

20. Select Slot 1 and click the Mount button, in the popup, enter password and wait until it
mounts. Sometimes it can give you false negatives, in case it does, just click on OK and wait
again. Okay, Hidden Volume is now mounted.

Done.

Step 3. Installing and setting up Virtualbox

1. Go to www.virtualbox.org. Download Virtualbox for Ubuntu 18.04 / 18.10 / 19.04 and
install it.

2. Run Virtualbox. Go to File → Preferences. In General in Default Machine Folder and

VRDP Authentication Library type in the same thing for both (without quotes):
'/media/veracrypt1'. OK

3. In Host OS open Terminal and run the following command: sudo usermod -a -G
vboxusers <username> . Where <username> is the name of your Linux username you
chose during installation. This will enable you to mount any external USB devices inside
your VM.

4. Download the latest VirtualBox Extension Pack and install it. We'll discuss what Virtual
Machines you will need to install on it in Part 2.

Done.

Step 4. Installing and setting up BleachBit

1. Go to www.bleachbit.org. Download and install the Bionic Beaver version of BleachBit.

2. Run Bleachbit and Bleachbit as Administrator and tick every checkbox except these in
System: Free disk space and Memory. Go to Edit → Preferences. In the General tab untick
Check periodically for software updates via the internet. Here are the checkboxes that must
be ticked: Hide irrelevant cleaners, Overwrite contents of files to prevent recovery and
Confirm before delete. Leave every other checkbox unticked.

3. You can close it for now.

Done.
Step 5. Installing and setting up MacChanger
1. Open Terminal and type: sudo apt-get install macchanger.

2. Choose No to Automatic MAC changer. It doesn't work for some reason, so we will do it
manually later.

Done.

Step 6. Setting up Root Password

1. Open terminal and type: sudo passwd root.

2. First enter user password, then new root password twice.

Done.

Step 7. Replacing NetworkManager with Wicd

NetworkManager, the default network manager that comes with Linux Mint will not let us to change
MAC address, so we will have to replace it with an different network manager called Wicd. It's a bit
janky looking, but it works. Do not remove NetworkManager before installing Wicd or you'll have
to reinstall Linux Mint and redo everything up to this point!

1. Go to Start → Software manager. Search for Wicd and install it.

2. Open Terminal and type: su –. When asked, enter your root password.

3. Then type: sudo apt-get purge network-manager.

4. Close every app except Mullvad and restart the computer.

5. Once you're logged back in, click once on network icon. .on the taskbar.

6. You should be able to figure out how to connect to your Wi-Fi from here.

Done.

Step 8. Setting up Automatic MAC Changer

Thanks to this trick, your MAC will change automatically every time you restart your computer.

1. Open Terminal and type: su –. When asked, enter your root password.

2. Type: ifconfig. This will show all available network interfaces. You will need to get the
name of your wifi, it usually starts with 'w'. Typically it's called wlan0, but it could be
something else, this is why we need to make sure with ifconfig.
3. Type: nano /etc/systemd/system/macspoof@.service. Copy and paste the
following lines (in Terminal you Paste by pressing Ctrl+Shift+V).

[Unit]
Description=macchanger on %I
Wants=network-pre.target
Before=network-pre.target
After=sys-subsystem-net-devices-%i.device

[Service]
ExecStart=/usr/bin/macchanger -r %I
Type=oneshot

[Install]
WantedBy=multi-user.target

Save the file by pressing Ctrl+X, then press Y and hit Enter.

4. Type: systemctl enable macspoof@wlan0.service. Change wlan0 to the name

of your wifi you got from ifconfig.

5. Type: nano /etc/NetworkManager/dispatcher.d/random_mac.sh. Copy

and paste the following lines. Change wlan0 to the name of your wifi you got from ifconfig.
#!/bin/sh

IF=$1
STATUS=$2
MACCHANGER=/usr/bin/macchanger
WLANIFACE="wlan0"

if [ -z "$IF" ]; then
echo "$0: called with no interface" 1>&2
exit 1;
fi
if [ ! -x $MACCHANGER ]; then echo
"$0: can’t call $MACCHANGER" 1>&2
exit 1;
fi

if [ "$IF" = "$WLANIFACE" ] && [ "$STATUS" = "down" ];

then
/usr/sbin/ip link set $IF down
$MACCHANGER -r $IF
/usr/sbin/ip link set $IF up
fi
Save the file by pressing Ctrl+X, then press Y and hit Enter.

6. Type: chmod +x /etc/NetworkManager/dispatcher.d/random_mac.sh.

 7. Close everything except Mullvad and reboot.

8. Open Terminal and type: macchanger -s wlan0. Your Current MAC should now be
changed to a random one.

Done.
Part 2: Guest Operating Systems
We will need two Operating Systems: Whonix and Windows 10.

Step 0. Downloading and verifying Whonix

1. Go to www.whonix.org → Download → Linux → Whonix with XFCE. Click [Expand] on
the right.

2. Download Whonix, OpenPGP Signature and the Signing Key (www.whonix.org/patrick.asc).

Leave them all in your default Downloads folder.

3. Open Terminal and type: su –. When asked, enter your root password.

4. Type: gpg –fingerprint.

5. Type: chmod --recursive og-rwx ~/.gnupg.

6. Go back to the Terminal and type: gpg --keyid-format long –

withfingerprint ~/Downloads/patrick.asc. Verify that it says the followng:

pub rsa4096/8D66066A2EEACCDA 2014-01-16 [SC] [expires: 2021-04-17]

Key fingerprint = 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA
CCDA
uid Patrick Schleizer <adrelanos@riseup.net>
sub rsa4096/3B1E6942CE998547 2014-01-16 [E] [expires: 2021-04-17]
sub rsa4096/10FDAC53119B3FD6 2014-01-16 [A] [expires: 2021-04-17]
sub rsa4096/CB8D50BB77BB3C48 2014-01-16 [S] [expires: 2021-04-17]

7. Type: gpg --import ~/Downloads/patrick.asc.

8. Type: gpg --verify ~/Downloads/Whonix-Gateway-14.0.0.7.4.ova.asc
~/Downloads/Whonix-Gateway-14.0.0.7.4.ova.

Replace the highlighted parts with actual file names of the files you've just downloaded.
Press Enter.

It will think a bit and will come back with response. If the second line says Good
signature from "Patrick Schleizer <adrelanos@riseup.net> ", then
it's all good, you have a legit copy of Whonix now. Pay no attention to all the warnings that
follow.

If it says BAD signature from "Patrick Schleizer

<adrelanos@riseup.net>", then something's wrong DO NOT use this Whonix for
anything, it has been tampered with!

But I'm sure that in your case everything will check out just fine :).

Done.
Step 1. Importing and setting up Whonix Gateway
1. Run Virtualbox and go to File → Import Appliance, window will open, just click the folder
button and navigate to your Whonix .ova file you've downloaded. Next ►

2. Do not change any settings. Import, then Agree. Wait for it to import. Once it does, two new
Vms will appear in Virtualbox: Whonix-Gateway-XFCE and Whonix-Workstation-XFCE.
We're only interested in Whonix Gateway, so you can delete Whonix Workstation. You can
also leave it, maybe it'll come handy.

3. Select Whonix Gateway and click Start .

4. Once Whonix Gateway loads, you will be greeted with Anon Connection Wizard. If not, then
you can run it manually: Start → Anon Connection Wizard.

5. Select Configure. Next ►

6. Tick I need Tor bridges to bypass the Tor censorship checkbox. Select Connect with
provided bridges. Transport type: obfs4 (recommended). Next ►

7. Local proxy configuration. Do not change anything here. Next ►

8. Summary. Next ► Wait until the .icon on the taskbar becomes green.

9. WhonixCheck will run. While it's running, go to Start → WhonixCheck. Right click on it and
select Add to Panel. This will add a WhonixCheck icon to the taskbar, you will have to run it
every time you start Whonix.

10. After WhonixCheck is done, it will show you a results window. If there are any red
messages, then open the Terminal and type in: sudo apt-get-update-plus
distupgrade. Type Y when it asks Y/N. Wait until it finishes, which running for the first
time could take a while. Go make yourself some coffee. Then run WhonixCheck again, the
messages should be all green now.

11. Change user and root passwords.

Default username user
Default password changeme
Open the Terminal and type in: sudo passwd user. Change it. Then type: sudo
passwd root. When asked, type in the new user password you've just created. Then type
in your new root password twice.

12. Sometimes you will need to Restart Tor. Go to Start → Restart Tor GUI . Right click on it
and click Add to Panel. Before restarting you will be asked for root password.

13. Shut down Whonix for now.

Done.
Step 2. Installing and Configuring Windows 10 VM
Since Windows 7 is no longer supported in 2020, we are forced to look for an alternative. Here's the
problem with Windows 10: it is basically a giant keylogger that's able to track and spy on absolutely
everything you do, send it to Microsoft and from there they can choose to hand over that info to LE
(Law Enforcement) or whoever else they are in bed with. That's obviously not good for us. So with
this in mind, here's how we can safely use Windows 10 VM for our needs.

1. Download and official Windows 10 ISO from Microsoft:

www.microsoft.com/enus/software-download/windows10ISO. Or you can find it elsewhere,
one thing though: it must be official, with no junk in it.

2. Run Virtualbox.

3. Click on New . Then in the Create Virtual Machine window click Expert Mode. Name it
Windows. And for the Version select Windows 10 64-bit. Set Memory size to 8192 MB.
Create. In the Create Virtual Hard Disk make sure the File location is set to
/media/veracrypt1/windows/windows.vdi. Set File size to 80 GB. Set Hard disk file type to
VDI. Set Storage on physical hard disk to Dynamically allocated. Create

4. Select the newly created Windows VM and click on Settings . Change the following
settings:

System

→ Motherboard

Untick Floppy.

→ Processor

Processor(s): 4
Extended Features: Enable PAE/NX

Display
→ Screen

First, tick this checkbox: 2D Video Acceleration.

Set Video Memory slider to a maximum value.

Storage
In Storage Devices select the Optical Drive .
Then in Attributes click on the CD icon. Select the Windows 10 ISO you have
downloaded earlier.
 Network (Important!)
→ Adapter 1

Attached to: Internal Network

Name: Whonix

USB
Set the USB Controller to USB 2.0 for now, you can try changing it to USB 3.0 after
you install Windows 10, but it's not guaranteed to work.

Now plug in your 64-128 GB USB Flash Drive and click on this icon . Select the
drive you've just plugged in.

User interface
Untick Show in Fullscreen/Seamless. Use Right Ctrl+F to switch from windowed to
fullscreen your VM from now on, because it's cooler this way.

Hit OK.
5. Start your Windows VM and install Windows 10. When asked for a product key, click on I
don't have a product key. Wait for the installation to finish. For your Region select United
States. For Language select English. When you're asked to Choose privacy settings for your
device, turn off EVERYTHING and hit Accept. After the initial setup is done, install
Virtualbox Guest Additions and restart Windows.

6. Now you will need to configure the Network. In the Taskbar right click on this icon .and
choose Open Network & Internet Settings → .Network and Sharing Center → Change
Adapter Settings. Right click on Ethernet and choose Properties. Select Internet Protocol
Version 4 (TCP/IPv4) and click Properties.

Select Use the following IP address radio button and put in the following IP addresses:
IP address: 10.152.152.XX Instead of XX, put in any number from 1 to 99
Subnet mask: 255.255.192.0

Default gateway: 10.152.152.10

For Use the following DNS server addresses:

Preferred DNS 10.152.152.10

Server:
Click OK to close the window. And Close.

7. Go to Start → Windows Settings .→ Update & Security and fully update Windows.
8. Download and install the latest Firefox. Equip it with the following addons: NoScript,
Privacy Badger, HTTPS Everywhere and NordVPN Browser Extension. Last one isn't
necessary, but it'll make life easier, cause without it you'll have to solve endless capchas.
You can buy a NordVPN account on DNM for cheap. Change the default search engine to
DuckDuckGo. If NoScript won't let you access any site, you can temporarily Disable
Restrictions for this Site.

9. Download and install Avast Free Antivirus.

10. Download and install NetLimiter 4 from their official site. Launch it and go to Help →
About and registration. Register the program with this:
Registration Name: Vladimir Putin #2
Registration Code: XLEVD-PNASB-6A3BD-Z72GJ-SPAH7
Next, go to Tools → Options and change the following settings:

Service

→ Blocker

First, make sure the Blocker enabled checkbox is ticked.

Set both Default Blocker Action In/Out to Ask.

Client

→ General

Make sure the Run the client on system startup checkbox is ticked.

→ Tray icon

Make sure that all 3 checkboxes are ticked.

Hit Save.
Using NetLimiter:

Whenever you get a popup, follow these general rules:

Open the NetLimiter main window, select the program in question and in Info View on
the right you will see informaion about it.

Deny everything from Microsoft. Tick Remember checkbox so you won't have to deal
with this popup every time it wants to access the network.

And obviously Allow all apps that you yourself are using. Like Avast, Firefox, Riot,
Tor Browser, Proxifier, Specialized Browsers, etc.
11. SUPER IMPORTANT! This will block all spying services in Windows 10. Go to
getblackbird.net/download/. Download Blackbird (64-bit) and run it.

1. Wait for the System Scan to complete and it will return with the results that look
something like this:

2. Press S key to perform Full System Scan. After it finishes, press any key to return to
the main screen.

3. Press / key and then press any key to perform Blackbird STD (No, STD does not
stand for Sexually Transmitted Disease! It stands for SpyTask Destroyer). If some spy
tasks cannot be disabled, press F:

4. Go to the main screen again and press SPACE to apply Blackbird to Windows. When
it finishes, restart Windows. Run Blackbird again. In case it says [ Not blocked ]
on Telemetry / Hosts:

Try applyng Blackbird again and restart. Now it should look like this:
 5. On the main screen press A to start the App Manager. Disable the following apps:

Windows Apps System apps

Advertising.Xaml LockApp
BingWeather MicrosoftEdgeDevToolsClient
GetHelp MicrosoftEdge
Getstarted PPIProjection
Messaging AssignedAccessLockApp
Microsoft3DViewer CallingShellApp
MicrosoftOfficeHub CloudExperienceHost
MicrosoftSolitaireCollection Cortana
MicrosoftStickyNotes narratorquickstart
MixedReality.Portal XboxGameCallableUI
Office.OneNote ParentalControls
OneConnect CBSPreview
People
Print3D
ScreenSketch
Services.Store.Engagement
StorePurchaseApp
Wallet
Windows.Photos
WindowsAlarms
WindowsCamera
windowscommunicationsapps
WindowsFeedbackHub
WindowsMaps
WindowsSoundRecorder
WindowsStore
Xbox.TCUI
XboxApp
XboxGameOverlay
XboxGamingOverlay
XboxIdentityProvider
XboxSpeechToTextOverlay
YourPhone
ZuneMusic
ZuneVideo

Ok, so this will disable some apps that we'll need to replace in Step 3.

6. On the main screen press B to create a backup of everyhing you did. After that:

Run Blackbird every time you start Windows from now on. If it's not all green as seen
on the screenshot above, then apply it again & restart.

Done.
Step 3. Building App Library, setting your apps up

1. Now download a Windows version of VeraCrypt. Then just repeat Part 1: Step 2 here, only
now create the Hidden Volume on your 64-128 GB Flash Drive. The process is identical here
on Windows. Use this to store all your illegal stuff. Then create a folder called Portable
Apps, so you always have them when you reinstall. You can also duplicate those to C:\ drive
for easier access, this is up to you. Put the following apps in it:

VeraCrypt | Use your 64-128 GB Flash Drive to create a Hidden Volume on it.
Everything | Windows Search replacement.
IfranView | Photos replacement.
Notepad++ | A better Notepad.
ShareX | Snipping Tool replacement.
SummatraPDF | Small and really fast PDF reader.
Tor Browser | For your DN needs.
Electrum | For your BTC Needs.
KeePassXC | Password Manager.
Easy EXIF Delete | Delete EXIF data.
Pidgin | A Jabber client.
CCleaner | Pirate version 5.44.6575 or lower from somewhere. Don't use latest versions.
Bleachbit | Another cleaner.

And here's a list of installable apps you will have to download and install each time you reinstall
Windows:

Firefox | See Step 2-8

Avast | See Step 2-9
NetLimiter | See Step 2-10
Paint.NET | For your image editing needs
OpenOffice | For your Office needs
Riot | ---

2. Everything. Since Blackbird broke Windows Search, we're gonna replace it with this. Pin it
to taskbar for convenience. Run the program, Choose an option: Run as administrator. OK.
Go to Tools → Options → General → UI and untick Run in Background checkbox. OK

3. IfranView. Go to Options → Properties/Settings → Extensions → Select all → OK.

4. Notepad++. No explanation needed.

5. ShareX. Ctrl + PrintScreen to take a screenshot. Will ask to upload on first time, just say
No. Deny any connections with NetLimiter.

6. SummatraPDF. Go to Burger Menu → Settings → Options. Set Defualt Zoom to 100%.

Untick Remember opened files checkbox. OK. Right click on any PDF file and select
Properties. Click Change... button and navigate to SumatraPDF.exe.
7. Tor Browser & Electrum. No explanation needed.

8. KeePassXC. Create a new database and put it somewhere on your Encrypted USB Flash
Drive. Use randomly generated 32 or more alphanumeric with special symbols passwords,
unless some site won't let you.

9. Easy EXIF Delete. Delete EXIF data of every JPG you upload anywhere.

10. Pidgin. Folow these steps:

1. Go to otr.cypherpunks.ca and download OTR Plugin for Pidgin. Install it.

2. Run Pidgin and let's configure it. In Accounts window click Add.

3. In Basic tab: Set Protocol: to XMPP. Come up with your Username. In Domain: type
exploit.im. Leave Resource field empty. Come up with a good password.

4. Advanced tab: → Connection security: set it to Require encryption. Tick Allow

plaintext auth over unencrypted streams checkbox. In Connect port: put in 5222. In
Connect server: type exploit.im. For File transfer proxies: type
proxy.eu.jabber.org.

5. Proxy tab: make sure it's set to Use global settings.

6. Click the Add button.

7. Next, in the Buddy List window go to Tools → Plugins. Find Off-the-Record

Messaging, select it and tick the checkbox. Now click on Configure Plugin. In a
window that will open click the Generate Key button and then make sure that every
checkbox you see there is ticked.

Done.

11. CCleaner. Follow these steps:

1. Run CCleaner. In Cleaner → Windows tab, tick every checkbox, except the last one:
Wipe Free Space. In the Applications tab tick every checkbox as well.

2. Go to Options → Settings → Secure Deletion, select the Secure file deletion (Slower)
radio button and select Very Complex Overwrite (35 passes) from the dropdown
menu.

3. In Options → Settings → Privacy and untick every checkbox.

Done.

12. Bleachbit. Tick every checkbox except System → Free disk space.
Done.

Part 3: Putting it all to Practice

Here's how you operate your new OPSEC.
Checklist: from Boot to Shutdown, from A to Z

--------------
Booting up -------------
-

1. Turn on your computer, enter your Encrypted Disk password. Then enter your User
password in order to log in to your desktop.

2. Start Mullvad. You should have done Part 1: Step 1-2 by now, so it should start
automatically.

3. Start Opera and go to am.i.mullvad.net and make sure it's all green. If not, then follow the
recommendations on that page.

4. Plug in your Orico-VeraCrypt SSD to a USB 3.0 port. Run VeraCrypt and mount the
Hidden Volume.

5. Run Virtualbox.

6. Start Whonix Gateway first. Wait for to turn into . Run WhonixCheck.
 Make sure every message is green.

7. Start Windows VM.

8. Run Blackbird. Make sure it's all green.

9. Run FlushDNS.bat as an Administrator. What is this, you ask? Let me explain:

1. Open Notepad.

2. Type ipconfig /flushdns in it. Save it to desktop as FlushDNS.bat.

10. Do your business.

-------------------
Shutting Down ------------------
-

1. In Windows VM, close all of the programs and unmount all encrypted volumes.

2. Run Flush_DNS.bat

3. Run CCleaner.

4. Run BeachBit.

5. Shut down Windows VM.

6. Shut down Whonix Gateway.

7. Close Virtualbox.

8. Unmount your encrypted volume in Veracrypt and close the program.

9. Run BleachBit.

10. Run BleachBit as an Administrator.

11. Do not close Mullvad.

12. Shut down Linux.

Deleting EXIF from images

Any JPG images you want to upload need to have their EXIF data removed first.

1. Run Easy EXIF Delete.

2. Click Select Images and load in all the JPGs you want. The ones that have EXIF in them
will indicate so: Exif Found.

3. Select them all and click Delete Exif. Exif Found will change into Not Found. These
imagse can now be safely uploaded.
DD-WRT WiFi Router

You can set up Mullvad VPN to run directly on a router with DD-WRT on it. I won't describe
how, because you can easily google it. The benefit of that is this way your ISP will not be able
to tell if you're using a VPN or not.
 What you can and can't do

Besides the obvious stuff, you can:

• You can safely use this setup on your Home Wifi • Use Riot, Jabber, etc.
• Use Tor Browser for DNMs, etc.
• Use BTC, don't forget to tumble
• Do what we're all here for

Besides the obvious stuff, you cannot:

• Do anything you do on your normal computer, like login to your acounts, etc.
• Download torrents

Some of your Fingerprint is generated from your OS / VM Hardware.

That's why you must reinstall Windows often. Repeat Part 2: Step 2 at
least once every month.

---

Also once in a while don't forget check whonix.org for Whonix updates
This guide is aRiot Marketexclusive.

and reimport appliance for that VM.

That's it for this guide, I hope you've enjoyed it. If you want to say thanks, you can send me a tip:
183ECjyvPntrja2vo5YjPSxTWytddg58iL