Articles

  1. Practical Anonymity for Political and Religious Dissidents
  2. Simple Censorship Circumvention
  3. Storing a Sensitive Document
  4. Telegram Privacy Settings
  5. Introduction to Tor Browser
  6. How to Connect to a Proxy Before Tor in Whonix
  7. Pre-Proxy + Tor + Post-Proxy
  8. Who Uses Tor in Not-Free Countries
  9. Tor + OpenVPN
  10. Tor + Cloak
  11. How to Install, Configure, and Run Shadowsocks-Libev
  12. Shadowsocks-Rust on Linux Server and Windows Client
  13. Shadowsocks-Rust on AlmaLinux Using Teddysun Repo
  14. Shadowsocks + Cloak
  15. Shadowsocks + Cloak by Script
  16. Shadowsocks with kcptun Acceleration
  17. How to Install, Configure, and Run V2Ray + WS + TLS + CDN
  18. V2Ray Server with Domestic Relay
  19. VLESS with Wulabing XRay Script
  20. Xray with VLESS and XTLS using ProxySU and Qv2ray
  21. HyNetwork Hysteria
  22. How to Install, Configure, and Run Trojan-GFW
  23. Quickly Set Up Trojan-GFW
  24. Quickly Set Up Trojan-Go
  25. NaiveProxy + Caddy 2
  26. IPsec with Libreswan
  27. L2TP/IPsec with PSK with Libreswan
  28. IKEv2 with Libreswan
  29. IKEv2 with strongSwan
  30. OpenVPN on NAT IPv4 OpenVZ VPS
  31. OpenVPN + Tunnelblick XOR Patch
  32. OpenVPN + Obfsproxy
  33. OpenVPN + Shadowsocks
  34. OpenVPN + V2Ray
  35. OpenVPN + Stunnel
  36. OpenVPN + Cloak
  37. Double VPN with pfSense
  38. Double VPN for Windows Users
  39. VPN Chains
  40. OpenConnect
  41. WireGuard
  42. WireGuard + Shadowsocks
  43. WireGuard + V2Ray
  44. WireGuard + Cloak
  45. WireGuard + udptunnel
  46. Obfuscated SSH
  47. Iodine DNS Tunnel on Port 53
  48. Pingtunnel ICMP Tunnel

Anonymity for Political and Religious Dissidents

From Thomas Paine’s Common Sense in the eighteenth century to Russian samizdat in the twentieth, dissidents have had good reasons to publish their ideas anonymously. These reasons continue into the twenty-first century, where governments from Venezuela to Iran to China seek to censor and intimidate.

In many regimes, the Internet user faces two threats: censorship and deanonymization. This double burden makes his task more complex than if he had to face only one or the other.

Before devising a solution, it is important that the user define his threat model. Who are his adversaries, and how might they operate?

At the outset, we will rule out mobile technology, which is notoriously insecure. Use only wired connections to the Internet and never wireless.

Tor may be a part of any solution that aims at anonymity. But do not depend on Tor alone. America’s NSA, Britain’s GCHQ, Germany’s BND, and Russia’s FSB have all worked to deanonymize Tor users. In repressive regimes, it often makes sense to combine Tor with a pre-proxy such as Shadowsocks or V2Ray. This also mitigates the risk of any single technology containing unknown flaws (“zero days”).

If the risk is physical seizure of devices, Tails makes sense. Tails is designed to be booted from a USB storage device and to leave no trace of the user’s activity on either the hard disk or the USB device. It thus defends against scrutiny of the device itself. However, Tails is of limited usefulness in countries where meek-azure bridges are required to bypass censorship. A better choice in this case might be a live CD of a Linux operating system.

If the device is in a physically secure environment, consider virtualization as protection against many deanonymization exploits. Whonix is a prebuilt arrangement of virtual machines designed with anonymity in mind. Qubes provides even stronger protections.

Even with virtualization, the host operating system needs your attention. Set a BIOS password. Install an open-source operating system. Encrypt your hard drive. Linux distributions often make this easy by offering to encrypt your hard drive during installation.

In both host and guest, avoid installing unnecessary software. Use only well-known, well-established, open-source software. Verify the developer signature on software before you install it. Enable and configure your computer’s firewall.

Finally, pay attention to operational security. Do not sign in to any account linked back to you, especially one that stores your phone number or uses a phone number for authentication. Compartmentalize your real identity and your virtual identity. Avoid leaving a money trail that can be traced back to you. Be cautious about people who approach your virtual identity or who email you attachments.

All this is subject to change, so keep learning. You should read much, much more than this article. Stay up to date with emerging technical and social engineering techniques used by governments. Sites such as Citizen Lab report on recent developments. Overcoming censorship, in particular, is often compared with an arms race or a cat-and-mouse game. It is necessary continually to develop new solutions.

Resources

Updated 2022-11-02 (forked 2023-09-04)