oxeo0/opsec-blogposts
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/opsec-blogposts.git synced 2025-05-17 08:27:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

move tutorials to new repo

Browse source
This commit is contained in:
nihilist 2025-05-06 15:58:25 +02:00
parent df0647a632
commit ccf5a7caf9
1956 changed files with 25133 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

104
internetsegmentation/index.md Normal file
View file

@ -0,0 +1,104 @@
---
author: nihilist
date: 2024-04-26
gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/71"
xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
---
# Internet Usage Segmentation Setup
In this tutorial we're going to cover how to properly segment your internet usage. This is the most common opsec practice that you should always use. We're going to base ourselves off from the pyramid of internet use that we have seen [previously](../opsec4levels/index.md), to be able to replicate each of the 4 OPSEC levels into our current setup:
![](../opsec4levels/0.3.png)
## **Different Internet Usage**
The most common OPSEC mistake out there is the lack of internet usage segmentation. Most people don't have this reflex when they first discover Anonymity and Privacy online. Thing is, **it is not possible to be fully anonymous for everything that you do online** , there will always be some service that is vital to you, which you will need to access with your real world identity (for example, to access your bank account, or some insurance website, etc). However it is definitely possible to implement proper internet usage segmentation:
In this case we're going to differentiate 4 types of Internet usage:
![](2.png)
_Internet Uses:_
1. _Public use_ : What you do is public knowledge
2. _Private use_ : What you do is NOT publicly known
3. _Anonymous use_ : What you do is meant to be done without revealing your identity
4. _Sensitive use_ : What you do is meant to remain secret at all cost, only to be known by you
With each different Internet usage, we have different requirements:
![](3.png)
_Requirements:_
1. _Public use_ : No requirement ; you can use closed source software (meaning it's all public), using your IRL identity
2. _Private use_ : only open source software, + you use a pseudonym instead of your IRL identity
3. _Anonymous use_ : open source, using a random, meaningless identity not sensitive
4. _Sensitive use_ : open source, using an other random meaningless identity, **AND if the adversary seizes the device, they musn't be able to prove the existance of the Sensitive VM**
Now with this we identified the 4 most typical internet use cases, and their requirements.
## **Identity Management**
As we said previously, segmentation is required for each internet use. This extends to the Identity you use online. For example you cannot use your real name when trying to use the internet anonymously. So you need a different identity for each use case:
![](4.png)
_Different Identities:_
1. _Public Identity_ : **Linus Torvalds** (used on websites that ask for your identity)
2. _Private Identity_ : **Nihilist** (used on websites that may KYC, but pseudonym is preferred)
3. _Anonymous Identity_ : **ZacharyJr** (used on anonymous websites, non-sensitive use)
4. _Sensitive Identity_ : **Dread Pirate Roberts** (used on anonymous websites, sensitive use)
The important thing here is that you must make sure that each identity have nothing in common, **it must always remain impossible for and adversary to be able to link those identities together.**
## **Multiple Virtual Machines (VMs)**
To help you implement your internet usage segmentation, you can use VMs to make sure the segmentation is present inside the system:
![](5.png)
_Virtual Machines:_
1. _Public use_ : No requirement ; you can use a windows VM for all closed source software and KYC use
2. _Private use_ : you can use a Debian VM, with only open source software (ex: [SimpleX chat](../privatesimplex/index.md))
3. _Anonymous use_ : you can use Whonix VMs (it forces every connection to go through Tor)
4. _Sensitive use_ : You can use Whonix VMs, but they need to be inside a [Veracrypt hidden volume](../veracrypt/index.md)
_Sidenote:_ [QubesOS](../qubesos/index.md) is based off the same segmentation principle, that every use must remain isolated (or compartmentalized) into VMs, for specific uses. It also uses Linux and Whonix VMs, while using the Xen hypervisor instead of libvirtd QEMU/KVM, but the concept remains the same.
## **Internet Usage Segmentation Recap**
Now with this setup, one can segment their Internet use with a system implementation (VMs) along with the associated Identities for each usecase.
![](6.png)
For further details on how to dissect your OPSEC, check out this tutorial [here](../opsec/index.md), because using the right technologies is only the first half of the work, you also need to have the correct behavior while using them.