Maintaining Anonymity Online and In Person
Updated June 23, 2023
This article was written by request. It could be better. Please do your own homework and look far and wide for good info.
If anonymity was easy, more people would do it. The more anonymous you want to be, the more inconvenient everything you do becomes. As transgender people are further persecuted, and as the genocide against us picks up pace all around the world, the more dangerous it will be to operate in activist circles. Make no mistake, participating in DIY HRT, whether you brew, distribute, or just consume, is an act of political dissent and depending on your locale it may be punished as such. Just because something isn’t illegal today, doesn’t mean they won’t hold it against you next week when it is.
The Hitchhiker’s Guide to Online Anonymity is a project that is more researched and thorough than we could ever be here. They regularly update a roughly 500 page PDF with best practices on being fully anonymous online. We have a backup of v1.1.8-pre.1, published June 2023, located here.
Below here is some rough information that we threw together meant to be a high level overview of some of the rudimentary concepts we know. This is here below because we understand most people will not want to venture into a 500 page document.
It is of our opinion that you should protect yourself from anyone who may be snooping on your activities. This is a huge subject and we will focus just on high level points. This is all information that we have learned over time and unfortunately do not have any solid resources to recommend on where you can learn. Hopefully this is enough to get you started and googling the right info.
The intensity of your activity should determine the level of OPSEC (operations security) that you employ. For example, we see this website as a major risk to our personhoods: if the government wouldn’t punish us for it someone in a red hat surely would. Therefore, we strive for full anonymity around it. Only people who we directly partner with on it know this belongs to us, and the traces we leave around the internet largely cannot be tied back to us.
It is up to you to determine the risk level of your activity and what methods you want to employ to mitigate that risk.
Remember that, just like with sterilizing HRT vials, you want to avoid a single point of failure. Assuming a single thing you’re doing will protect you leaves you open for a single point of failure. Redundancy is key.
We’ll talk about protecting ourselves from two different straw men, cops and red hats. Cops represent anyone employed by or working on behalf of the government. Red hats are anyone who wishes to cause us harm because it’s their hobby.
Let’s talk about some tools
Your Phone
Do not allow your phone to be unlocked with biometrics. Once I was driving and our friend unlocked my phone with my face by shoving it in front of me. That was just to turn off our Sad Cat Girl Summer 2023 playlist, but it just as easily could have been a cop who wanted to read my texts. Cops can legally use your biometrics to get into your phone in some locales, and even if it’s against the law, since when has the law stopped the police?
Use a passcode to lock your phone. Now if a cop gets it they need a warrant to see what’s inside.
Location services should be off as much as possible.
Do not bring your phone to illegal actions. It’s always tracking you.
iPhones are likely more secure of devices than Android phones. We can infer this by looking at the business models of both Apple and Google. Apple makes their money selling hardware. Google makes their money selling data. If you’re able, opt to use an iPhone. Apple will still sell you out to the police, but we can assume they have stronger security practices because of their business model.
Signal
Signal is an end-to-end encrypted messaging app for both android and ios. Signal is open source and is evaluated by independent security researchers. WhatsApp will claim the same level of security, however we would STRONGLY advise against trusting that claim. Meta, the owners of WhatsApp, have a horrific trackrecord of boot licking.
If the encryption itself used in signal chats can be cracked, it’s only possible using equipment within the deepest of NSA black sites, and we guarantee they don’t give a fuck about us. Independent evaluation helps ensure there are no backdoors or zero-day exploits, though always keep auto-updates turned on so any vulnerabilities are patched ASAP.
Use Signal as an alternative to text messages or any sort of online chat app when you are talking about anything even remotely not in line with the law. Both you and the person you’re chatting with have to be on signal for it to work. Set disappearing messages if your topic is particularly sensitive. Set a pincode to get into signal.
Signal Calls
You can even place phone calls over the signal app that purport to be encrypted in the same way. Because it requires you to physically speak, it is inherently more dangerous to use than text. This is due to the possibility of malware on your phone recording you, Amazon Alexa listening, any other form of listening device, or even just someone who can overhear you through thin walls.
VPN (virtual private network)
A VPN obscures the websites your visiting from your ISP (internet service provider) and any cops that might also have access to that data. This is typically a software that you install on your computer that routes all your internet traffic through it.
When you route all your traffic through a single network you are simply relocating the point of failure. Now instead of your ISP and any cops they sanction watching your traffic, it’s the VPN and their cops. Therefore, you should have an exceptionally high level of trust in the VPN provider you choose. VPNs aren’t cheap to run. Never trust a free VPN, they are 100% selling your data.
Most VPNs are not trustworthy. They are often located in countries that have vast data sharing agreements with other countries.
We exclusively use ProtonVPN. Proton has a long proven track record of respecting user privacy, and is based in Switzerland, which has some of the most intense user privacy laws in the world.
Speaking of ProtonVPN, use Proton Mail. They have super encryption on everything and, again, great privacy.
Gmail, Yahoo mail, AOL, whatever, any free email service, they’re ALL selling your data. They are ACTIVELY reading your email. Our gmail accounts only serve to get us access to essential google products. Nothing of consequence goes there.
Social Media
Social media include Instagram, Facebook, Reddit, Tumblr, Pintrest, YouTube, TikTok etc. etc.
Nothing we do that bares any consequence to our life goes on social media. We respect the folks who are using their name, face, and platform to advocate and educate about DIY HRT. They are doing something really important to get the word out about this. That said, we do not believe that there is long term safety in that. If the cops won’t get you for it then the red hats eventually will.
Even if the attack from red hats isn’t physical, we don’t need the anxiety in our life of someone doxing us on twitter because we’re trannies with a vast amount of knowledge about HRT.
Social media can also be used as a blueprint for piecing together parts of your life to help bad actors understand your story. By analyzing your posts people can learn much more than you realize.
Additionally, as with gmail and free vpns, when a great service is free, you’re paying with something else. Social media’s data harvesting practices are extreme. We don’t know how far they go, but we do know what they do goes far beyond what you do just on the apps. Limit your exposure as much as possible, especially around illegal or dissident activities.
Reddit is an important source for DIY info. You can make your account with a burner email over Tor if you need to comment and talk there without reddit being able to tie the account back to you. Don’t do anything sensitive on Reddit over your phone. All HRT Cat activity on reddit is done this way.
Tor/Tails/Dark Web
Tor: the onion routing network. Not to be confused with a VPN. When you are connected to tor, all your internet traffic is routed to multiple servers all around the globe in an effort to obscure the origin of the web traffic. Tor is an open source protocol used by journalists, activists, people doing super illegal shit, and also the CIA. Tor was originally invented by the US Navy. It is believed that the CIA operates a very significant portion of the Tor network in an effort to spy on those who use it. It’s impossible to substantiate those claims. Tor is how you access the Dark Web. You do not need the dark web for many activities regarding DIY HRT. However, Tor’s privacy protocol can be very useful for ensuring that the most sensitive part of your operation isn’t connected to you.
Tails: is an operating system that runs directly off of a flash drive. Tails is a version of linux that is 100% security focused. All internet traffic generated on Tails is automatically routed through Tor, no setup required. It has many other privacy features that make it the #1 choice for doing things you’re #notsupposedtobedoing. Tails doesn’t work great with Mac computers, we recommend a chromebook or a thinkpad to run it.
Dark Web: While Tor can grant you access to the dark web, you still have access to what is referred to at the “Clear Net” where you are still under some of Tor’s protections. The dark web can get you access to all sorts of shit, we like the website “tor taxi” for gaining access to the essentials. The dark net is not a safe place. You need to assume that everything there wants to scam you. Read the “dark net bible” for an intro on how OPSEC with tor works.
Cryptocurrency
If you are buying HRT or HRT raw powders online, especially testosterone, we recommend you purchase with cryptocurrency. We stick to using Monero as much as possible as it is substantially more anonymous than bitcoin or ethereum.
If you are selling HRT online, you should only be taking payments through crypto. There are payment providers who will facilitate this. We don’t sell online, but if we did, we would have strict rules in this regard.
Domain Names and Web Hosting
Again for if you’re selling online. We love Njalla. You can access them through Tor, pay in crypto, and give zero information to them. You can buy your domains and host both directly from them.
We get our domain from Njalla, however because this project doesn’t make money we decided to find a free hosting option. If we were selling HRT we would absolutely be hosted on Njalla.
More
More to come as we think of it. Please feel free to contribute.