In this thread I will discuss basic level OpSec to an illicit oriented perspective:
1-Changing your Ip and using a VPS (or various):
If you are going to perform an attack (or not) you are always going to use a VPN, Mullvad is the best option, it doesn't save the logs and it is based in Sweden. The other option is a proxy, for obvious reasons (you don't want the feds knocking at your door).
For the VPS you will need a proxy for the outgoing traffic (of the VPS) if not, your Ip will probably get flagged/reported and the VPS will be taken down by the VPS provider (and the feds will know you are the owner because of the payment method unless you pay with cryptocurrencies), make sure to always connect to the VPS with a VPN or proxy.
If you are using a proxy you also want to change your DNS server and encrypt the communication.
You will also want to change your Ip every few hours.
2-Encrypting everything:
For your pc, you want to encrypt everything, and for that Veracrypt is probably the best option out there, it is open source and still maintained by the devs.
I also recommend enabling BIOS user and admin encryption from the BIOS settings.
3-Secure communication:
For communication the best option is probably Telegram, the downside of it is that the chats aren't encrypted by default, you will need to use the secret chat option to encrypt them. Also you can use PGP signature in your messages to prevent someone supplanting your identity.
Using your phone number to create an account is a horrible idea if you are doing illegal stuff, the best option is to buy a phone number for XMR (Monero).
4-Creating and storing passwords and important files:
A long password, 20-40 characters with numbers, uppercase, lowercase and special symbols won't be cracked. For storing the passwords an option is to write them down but since they are very long it is not the best option, ideally you would use Keepass, it supports the AES standard with AES-256, SHA-256, HMAC-SHA-256 and SHA-512.
For storing files, if you have the money I would recommend to build your own NAS and detaching it from the network when you aren't using it.
5-Operating systems:
If you are a paranoid your best option would be Whonix (Kicksecure OS based) or Tails (Debian Linux based), both of them can be portable, have a special encryped storage and route the traffic trough the Tor network.
For the not/less paranoid people my best take is to use Arch linux or Black Arch linux with a hardened kernel.
Another (not very good but very comfortable) option is to use WSL with Kali Linux or Arch Linux.
6-Hardware:
For the laptops you will want to unplug the Wi-Fi card (use ethernet if possible), webcam and microphone and enable PAM authentication.
For the Pc's try to unplug the Wi-Fi card, most of the mother boards come with it.
7-Network security and malware prevention:
Malware is a big threat, you want to get your hands on a very good AV, also upload the files you have downloaded to VirusTotal before executing them if they are from an untrusted source. A good approach would be to also check the checksum of the file after downloading it.
For the network protection a basic firewall configuration will be enough since this isn't a really big threat if your computer isn't compromised.
Keep in mind:
-Correlation attacks will destroy you, don't ever login with same Ip to anything from your daily life if you have done something bad, change your Ip constantly. Optionally you could use a kill switch so you don't leak your traffic.
-Encrypt everything and use end-to-end encrypted messaging services and mail services that don't store data/store data encrypted and preferably don't collaborate with law enforcement.
-Use XMR to pay for services whenever you can.
-Clean your Pc constantly.
-Use Temp mail for services you aren't going to use daily.
-Use several emails.
-Don't leave from your Pc without encrypting it.
-Don't store your google passwords and usernames.
-Change your identity.
-Use Firefox and customize the settings.
I hope this thread is useful for everyone.
Let me know anything that can be added to the thread to make it better.
1-Changing your Ip and using a VPS (or various):
If you are going to perform an attack (or not) you are always going to use a VPN, Mullvad is the best option, it doesn't save the logs and it is based in Sweden. The other option is a proxy, for obvious reasons (you don't want the feds knocking at your door).
For the VPS you will need a proxy for the outgoing traffic (of the VPS) if not, your Ip will probably get flagged/reported and the VPS will be taken down by the VPS provider (and the feds will know you are the owner because of the payment method unless you pay with cryptocurrencies), make sure to always connect to the VPS with a VPN or proxy.
If you are using a proxy you also want to change your DNS server and encrypt the communication.
You will also want to change your Ip every few hours.
2-Encrypting everything:
For your pc, you want to encrypt everything, and for that Veracrypt is probably the best option out there, it is open source and still maintained by the devs.
I also recommend enabling BIOS user and admin encryption from the BIOS settings.
3-Secure communication:
For communication the best option is probably Telegram, the downside of it is that the chats aren't encrypted by default, you will need to use the secret chat option to encrypt them. Also you can use PGP signature in your messages to prevent someone supplanting your identity.
Using your phone number to create an account is a horrible idea if you are doing illegal stuff, the best option is to buy a phone number for XMR (Monero).
4-Creating and storing passwords and important files:
A long password, 20-40 characters with numbers, uppercase, lowercase and special symbols won't be cracked. For storing the passwords an option is to write them down but since they are very long it is not the best option, ideally you would use Keepass, it supports the AES standard with AES-256, SHA-256, HMAC-SHA-256 and SHA-512.
For storing files, if you have the money I would recommend to build your own NAS and detaching it from the network when you aren't using it.
5-Operating systems:
If you are a paranoid your best option would be Whonix (Kicksecure OS based) or Tails (Debian Linux based), both of them can be portable, have a special encryped storage and route the traffic trough the Tor network.
For the not/less paranoid people my best take is to use Arch linux or Black Arch linux with a hardened kernel.
Another (not very good but very comfortable) option is to use WSL with Kali Linux or Arch Linux.
6-Hardware:
For the laptops you will want to unplug the Wi-Fi card (use ethernet if possible), webcam and microphone and enable PAM authentication.
For the Pc's try to unplug the Wi-Fi card, most of the mother boards come with it.
7-Network security and malware prevention:
Malware is a big threat, you want to get your hands on a very good AV, also upload the files you have downloaded to VirusTotal before executing them if they are from an untrusted source. A good approach would be to also check the checksum of the file after downloading it.
For the network protection a basic firewall configuration will be enough since this isn't a really big threat if your computer isn't compromised.
Keep in mind:
-Correlation attacks will destroy you, don't ever login with same Ip to anything from your daily life if you have done something bad, change your Ip constantly. Optionally you could use a kill switch so you don't leak your traffic.
-Encrypt everything and use end-to-end encrypted messaging services and mail services that don't store data/store data encrypted and preferably don't collaborate with law enforcement.
-Use XMR to pay for services whenever you can.
-Clean your Pc constantly.
-Use Temp mail for services you aren't going to use daily.
-Use several emails.
-Don't leave from your Pc without encrypting it.
-Don't store your google passwords and usernames.
-Change your identity.
-Use Firefox and customize the settings.
I hope this thread is useful for everyone.
Let me know anything that can be added to the thread to make it better.