2023

OPSEC Bible - What it

takes to be Secure?
BOWTIED ANON

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

DISCLAIMER
This book should be used to get an overview about what needs to be
done to live a secure and private digital life & beyond. I have written
guides wherever I can and provided links elsewhere, just double click
and follow the instructions.

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027
WARNING
This book is intellectual property of BowTied Anon and no part of this
book may be reproduced, displayed, modified, or distributed without
the prior and express written permission of the publisher (reachable
@bowtiedanon_ on Twitter, and contact@bowtiedanon.com). This
book is licensed for your personal use only and may not be sold or given
away. Pirating this guide is prohibited and any attempts to illegally
obtain or distribute it will be dealt with strictly by our legal team.

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

TABLE OF CONTENT

DISCLAIMER .......................................................................................................... 1
WARNING ................................................................................................................ 3
Why Privacy Matters? ............................................................................................... 6
Threat Modelling, what does it Mean? ..................................................................... 6
CHECKLIST ............................................................................................................. 8
Password Strategy ................................................................................................... 12
RSS .......................................................................................................................... 17
Backup Protocol ...................................................................................................... 18
Metadata Cleaning Protocol .................................................................................... 19
Browser Protocol ..................................................................................................... 20
Ad Blocking ............................................................................................................ 21
Compartmentalize your Digital Life ....................................................................... 22
Encrypting Emails ................................................................................................... 23
Recommended Applications & Tools ...................................................................... 24
Messaging & SIM Protocol ..................................................................................... 31
On Phone Numbers ................................................................................................. 32
2FA BACKUPS ....................................................................................................... 45
Everyday Carry ....................................................................................................... 46
Portability ................................................................................................................ 47
Wearables ................................................................................................................ 47
Hosting .................................................................................................................... 48
Money Privacy ........................................................................................................ 49
Cryptocurrency ........................................................................................................ 49
Advanced Data Protection (ADP) ........................................................................... 50
Physical Security ..................................................................................................... 51
Travel Security Checklist ........................................................................................ 51
Facial Recognition................................................................................................... 51
Remote Devices Management................................................................................. 51
Incognito Voice........................................................................................................ 52
Vehicle Privacy ........................................................................................................ 53
Camera Sec .............................................................................................................. 53
Anti-Doxx Protocol ................................................................................................. 54

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Steps to take if burned ............................................................................................. 54
Tricks of the Trade .................................................................................................. 55
Training ................................................................................................................... 56
Secure Document Destruction................................................................................. 57
Death Kit ................................................................................................................. 57
Jurisdiction .............................................................................................................. 58
Approved Products .................................................................................................. 59
Recommended Services .......................................................................................... 59
My Other Products (Discounted) ............................................................................ 60
Further Reading ....................................................................................................... 61
What’s next? ............................................................................................................ 62

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

 “We kill people based on metadata.”
- Michael Hayden,
ex NSA director

Why Privacy Matters?

If you have bought this eBook, it is safe to assume you think privacy and security
is important. But let’s just visit it quickly before we dive in to the tricks of the
trade.
The advantages of privacy are pretty clear to us IRL but when it comes to digital,
we often don’t know that it is being violated. Every time a popup comes just ask
yourself, should I give my consent or not? Slowly but surely, you will reach to a
point where your digital environment is private.
Some advantages of a private digital environment:
1. Lower spam calls/emails.
2. Lower frauds/smaller threat surface.
3. Ever been to China? It sucks big time when government knows your every
move.
4. Your ex-GF/BF is less likely to harm you.
5. Data Breaches will happen, if you have better habits your important data
won’t leak.
6. Your employer is less likely to take advantage of you.
7. Your identity is important, bad actors will use it if you don’t protect it.

Threat Modelling, what does it Mean?

The first step in your privacy and security journey is to define your threat model.
It’s just a fancy word to describe what are you hiding and from whom?
Basic Threat Analysis:
1. What I want to protect?
2. From whom?
3. How likely is the threat?
4. What are the consequences if the threat succeeds?
5. How much inconvenience am I ready to take to prevent the consequences?
Let’s take your X account as an example. If you paid for X premium your card is
on file in X HQ. What does that mean exactly? If the authorities wanted to know

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

about who is behind this account’s screen, they will know it. If you are not doing
something illegal, you shouldn’t be that concerned about this anyways. If you are
an account with a real face, that’s way worse. Now everyone is watching and they
know that, it’s you. If someone wants to attack you, they will have way more
ammunition than if you didn’t have an IRL account.

So, if you are an aspiring cartoon, your threat model should look like this:

0. I want to provide some value to the world.

1. But I want to protect my real identity.
2. From the general public.
3. The threat is very likely if you have bad OPSEC
4. The consequences will be you losing your job or worse family.
5. Some inconvenience is OK to prevent a direct correlation of my account to
IRL identity.
The last one is 2 faced. You want to keep your Wi-Fi work secret from IRL people
and you want to keep your IRL identity secret from your online frens. In an ideal
world you will have enough WiFi money and contacts to move to a place where
nobody asks you who you are or what you do, or better they understand your line
of work.
The best case is, you have a reasonable cover IRL. This could be anything, “remote
job” works these days.

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

CHECKLIST

People who have spent a reasonable time in privacy communities will object oon
the whatsapp suggestion. And to be honest, it is a justified one. Whatsapp is End to
end encrypted which means that Facebook/Meta doesn’t have your exact messages
but they still have your metadata which is more oil-y.
I want people to move away from apple’s walled garden & insecure-sms to
whatsapp.
The ideal messaging app is signal. Just peruse them on messaging features like
stickers and what not, bully them if you may but we have to bring people to signal,
its about time.

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Tier 0 (must have)
☐ Create a threat model (video)
☐ Have a password system
☐ Minimal permissions in Android and IOS apps
☐ Maximize privacy settings in staple apps/platforms (twitter, google etc)
☐ Setup 2FA
☐ Backups
☐ Auto Update systems

☐ Change search engine

☐ Change browser
☐ Delete Old Accounts (Search name on google, email, password manager, 2fa app)

☐ Have VPN on work, Create Socials with Café Proxies and use them with VPN at
home.
☐ Encrypt your drives
☐ Setup secure communication lines

☐ Metadata Cleaning Protocol

☐ Online and local identity minimalism (lowest number of apps, delete unneeded
stuff on disk, only local accounts in windows/mac)
☐ BIOS password and verified boot (just use Mac though)

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

 Tier 1
☐ Change your staple OS to something privacy respecting like Fedora Siverblue
☐ Change your mobile to GrapheneOS on pixel 7
☐ Using a more private domain provider like njal.la
☐ Randomize IP
☐ Setup vpn kill-switch
☐ Have multiple proxies / public Wifis

Tier 2
☐ Anonymous amazon (PO box, privacy.com/mysudo card, Alias email and fake
name)
☐ Harden your browser
☐ Learn to use Firefox containers
☐ Customize uBlockOrigin Extension
☐ Test browser uniqueness
☐ VOIP Phone number (jmp.chat, mysudo)

Tier 3
This is hiding behind company / layering

☐ LLC Formation with stripe integration

☐ Business phone number
☐ Protocols / SOP’s

Tier 4
☐ Wipe HDD’s
☐ Home security and dash cams
☐ Integrity of files (sha256)
☐ Authenticity of files (gpg)

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

 Tier S
I will have a dedicated guide for this in the future, stay tuned.

☐ Ghost address – po box, mail/freight forwarding, llc backed

☐ Nomad residency, Tax Residency
☐ Legal Infrastructure – trust and trustee
☐ New Vehicle Purchase Through a Trust (Non-Nomad)
☐ New Vehicle Purchase Through an LLC (Nomad)
☐ Loan management through the trust

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Password Strategy
What if your banker says that you lost access to your money and they ain’t giving
you any penny?
Well, that’s how you will feel when someone else takes over your account, I mean
any account. ofcourse losing a goodread account that you don’t even remember
creating doesn’t hit the same nerve as losing your 10k follower account but it’s
about making habits that will serve you in the long run.
Passwords are like keys to the digital property you own but the catch is, most of
the time you can’t prove the ownership except with an email and a password, and
maybe a phone (not recommended for low-to-mid priority accounts - sms is
insecure). Pretty different than a house I must say, where you can just get in, even
if you lost the key, through a window or a back door (and your neighbors won’t
call the police, hopefully)
Sold you enough on “why passwords matter?”
We need some system to manage our passwords, find other ways to access our
accounts and recover when we have lost the access.
Bitwarden is the best service that comes to my mind, It will sync with all your
devices and its E2EE (simply meaning IF the company doesn’t know your master
password, they can’t access any of your stuff whatsoever - false for most
companies).
You can try their official site, self-host or can just give a test drive by making an
account here (This is one of the few European orgs that provide a basket of
privacy services so that you don’t have to self-host - pretty useful)
Another option is to create a Database of accounts by using a desktop client called
KeepassXC, It won’t sync with all your devices but you will have all your accounts
saved securely in a file - pretty handy. If you are a techie, you can sync the file
with something like syncthing.
Hardware keys are basically passwords but are stored in a physical device (think
pen drives but only for unlocking your accounts). I recommend Yubikey Series 5
NFC
You can read about my analysis on hardware keys here.
Multi Factor Authentication - It basically adds further protections over your
account, think a safe that can only be opened by having multiple keys AT once. I
use authenticator pro (switch on automatic backups plz), the privacy community
seems to like aegis too. If you are on iPhone you can give Ente Auth a try. Don’t

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

use sms for this, SMS is very unsecure, people can just snoop in and look over
your stuff.

And talking about Multi Factor Authentication, you may want to read this fabulous
article about being locked out of your digital life. And you may want to think about
Single Point of failure.
How many passwords to remember?
Memory is your last defense and mostly depends on torture tolerance if you are
exposed to that kind of a threat (most aren’t), so memory will serve you good in
most cases.
I’d say memorize atleast 6-7 types of passwords and revise them by SRS (the more
you repeat them, more likely you will remember them, highly recommend using
Ankidroid for revision of certain information).
1. Banking Accounts - these should all have different passwords and you
shouldn’t use these passes anywhere else.
2. High-stake Accounts - Main email, Twitter, and the likes, just like banking
a/c, have different passwords.
3. Master passwords - your bitwarden and keepassXC passes go here.
4. Throwaway passwords - these are passwords you use where you won’t be
needing the accounts after you used them once (use it with temp-email 1 ).
You can have a pattern in your head like <some phrase>#<number> (these
patterns are not secure but for throwaway passwords they are quick). You
can use something like pashword for this use-case.
5. Codes - whatsapp 2fa, phone passwords, ATM pins (just rote learn a few and
rotate them)
Don’t create accounts that you will not be needing, use temp mail and throwaway
passwords for stuff that asks to create an account but you are not interested in
creating one (but need the stuff anyways).
If something is out there on the internet, chances are, it will stay forever. There are
services that automate deleting info off the internet but we don’t even have access
to the good ones (and others seem sketchy). I may or may not write a guide on
finding a good service for the same.
How strong the passwords should be?

1
just search google for “temp email”, use whatever that comes up.

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Use password phrases, they are more difficult to crack and easy to remember - I
have no idea where the fad of using something like <personal-info>@<numbers>
came from but that’s easy to crack by someone who knows you or possibly a
cracking software by using custom wordlists.

Websites these days will make you add upper case, number and special character.
So, you should just use a password phrase, make the first character upper case and
add ‘#’ at the end with some numbers.
The sections below maybe too advanced for normies, be warned. Just switch on
ADP on Apple devices and you will be just fine without reading the below
sections. Don’t forget to print the backup key and update your recovery contacts.
Use Proton for email, contacts, calendar and you are golden.
Encrypt stuff
Math is the last frontier of human progress that the government will regulate so
trusting math is the best strategy. If you encrypt stuff, nobody can have access to it
even if they have a warrant. The caveat ofcourse is that if you forget the password,
nobody can help you.

Turn on ADP on your Iphones, print the backup key and store it somewhere safe
AND update your recovery contacts. Email, contacts and calendar are not
encrypted, you should use Proton for that anyways. (contacts aren’t natively synce
though)
Turn on full disk encryption on your desktops NOW (Bitlocker on windows,
Filevault on Mac, LUKS on Linux). Mobile device is encrypted by default and
they are more secure than desktops by far. Don’t use face or thumb unlocks, they
are convenient but they are just not secure enough.
Don’t use cloud providers (cries in gdrive) directly, use cryptomator. If you prefer
IOS, switching on ADP is the best thing you can do as it encrypts the Icloud. If you
want to encrypt a single file, this web service is pretty handy. If you want to
encrypt stuff and manage keys on android, it doesn’t get better than openKeychain.
Encrypting Emails (PGP)
Download the public key and import it into the "keyring" of whatever PGP
software you're using (GnuPGP cli, Kleopatra, OpenKeychain, etc).
In Thunderbird, check "Encrypt (PGP/MIME)" and it selects the keys for each
recipient. In gmail and the likes, you need to first encrypt the message with an
external application and paste the encrypted stuff in the body.

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

SSH
From OpenSSH 8.2, you have support for FIDO/U2F
FIDO/U2F Support
This release adds support for FIDO/U2F hardware authenticators to OpenSSH.
U2F/FIDO are open standards for inexpensive two-factor authentication hardware
that are widely used for website authentication. In OpenSSH FIDO devices are
supported by new public key types ecdsa-sk and ed25519-sk, along with
corresponding certificate types.
ssh-keygen(1) may be used to generate a FIDO token-backed key, after which they
may be used much like any other key type supported by OpenSSH, so long as the
hardware token is attached when the keys are used. FIDO tokens also generally
require the user explicitly authorise operations by touching or tapping them.
Generating a FIDO key requires the token be attached, and will usually require the
user tap the token to confirm the operation:
$ ssh-keygen -t ecdsa-sk -f ~/.ssh/id_ecdsa_sk
Generating public/private ecdsa-sk key pair.
You may need to touch your security key to authorize key generation.
Enter file in which to save the key (/home/djm/.ssh/id_ecdsa_sk):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/djm/.ssh/id_ecdsa_sk
Your public key has been saved in /home/djm/.ssh/id_ecdsa_sk.pub
Veracrypt
I use veracrypt for storing govt id pics and banking details and sometimes backup
keys of digital accounts.
Crypto Wallets
Crypto wallets are different in the sense that they need to produce more keys to
sign stuff so you need a different kind of hardware. I recommend setting up a cold
multi sig wallet with Coldcard and Cobo vault (now Keystone Pro). you can use
seedsigner as a backup (and if you are broke).
You should use Sparrow Desktop Wallet.
Though just buy Passport if you got the change.
Suggestion to Auth Providers
Please add the ability to add password hints and directly signing in with an email
link without password. People shouldn’t write their whole passwords as hints but

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

just one word can tell them which password they used. This is a great strategy in
my opinion.
Bonus
If you know what to do with this below link, you probably should - it’s pretty cool.
https://github.com/usagi87/asteroid-2fa

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

RSS
Learn to use RSS, this is the feed you want to follow:
https://twitter.com/bowtiedanon_/status/1706835833305919638

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Backup Protocol
3-2-1 backup strategy:
3 backups
2 locals (one in working system and one in external HDD/SSD)
1 off-site / cloud
Linux – timeshift to btrfs
Windows – https://christitus.com/urbackup/ , The in-built recovery points system
feels legacy. Full Snapshots is the way forward.
Android - neobackup if root available, backup through individual apps’ settings,
syncthing the backup folder. Seedbvault feels over kill.
IOS – Through Finder in Mac, iTunes in Windows.
Mac – Time Machine?
Substack backup example (Apply this strat for all critical online services):
https://twitter.com/bowtiedanon_/status/1700823653662036368

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Metadata Cleaning Protocol
Use these applications just before sharing any media online, this should delete all
metadata about the file but be warned, the file itself (pixels in the image for eg)
may contain some information that may be traceable back to you.

Android

Exif Eraser - https://github.com/Tommy-Geenexus/exif-eraser

iPhone

Metapho - https://apps.apple.com/us/app/metapho/id914457352

Mac / Linux

Mat2 - https://0xacab.org/jvoisin/mat2

Windows

https://exiftool.org/

Watermark removal – you can use ffmpeg for removing logos in videos,
use history brush in photoshop for images, for pdf’s just copy text to
.txt file, save it and export to pdf from there.

Cloack your photos from AI - http://sandlab.cs.uchicago.edu/fawkes/

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Browser Protocol
ALWAYS UPDATE THE BROWSER(S)

Brave without the greed:

https://twitter.com/bowtiedanon_/status/1705219581839831227
Brave is the best daily driver rn as most websites are optimized for chromium-
based browsers and they harden it further but they add some greed so we remove
it.

Edge kinda has the best in-place Translation. Though firefox translations is getting
there.

Best Firefox config – Arkenfox+FilterStalker + Containers

You can use ungoogled chromium on linux desktops.

IOS Safari Hardening –

https://twitter.com/bowtiedanon_/status/1709551884736884979

In android, cromite feels it, keep it updated with Obtainium.

If you want to use multi-identity browsers, use ghost.

There is a big rage about Arc browser, seems the better new way to browse the web
(but tread carefully as I have no idea about its security and privacy)

Testing tools:
1. deviceinfo.me: Check Browser leakages.
2. ipinfo.io: Check which IP you are operating with.
3. GRC Shield Up: Check which ports are open of the (home) network.

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Ad Blocking

• You should use uBlock extension for all your desktop browsers.
• For YouTube you can use NewPipe on android, aYou+ and Freetube on
Desktops.
• For Spotify you can use Xmanager on Android and SpotX for Desktops
• You can also block ads on your whole home network by setting up Adguard
Home or just setting up NextDNS as your default DNS in your home router.

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Compartmentalize your Digital Life
1. The first level is ofcourse using Firefox containers.
2. In android you can setup work profiles and other profiles.
3. You can use Sandboxie for Windows, though windows in-built is better.
4. You can use different Browsers and local user accounts for work, personal
and others. Workspaces is only visual aid not compartmentalization of any
kind.
5. You can Dual boot different or same OS’s.
6. You can learn to use Qubes OS.
7. You can have Different devices for different activities.
8. You can buy Disposable devices like burner phones and spin up disposable
VM’s in QEMU.

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Encrypting Emails
If both you and the sender is using Tutanota or Skiff, no need to setup encryption
manually.

Windows - GPG4Win
IOS - CanaryMail
Mac - GPGSuite
Thunderbird as your primary email client on desktop and K-9 on android.

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Recommended Applications & Tools
Kindly note these are mostly for “Productive” reasons, not privacy or security.

I have put ** on those which increases privacy and security though.

Local AI
• Upscayl – 4x resolution your Bing AI pics.
• https://ai.meta.com/llama/
Cloud AI
• Tldv.io – summarize videos.
• Voice.io / Eleven Labs – text to human voice
• Perplexity AI – search and get answers without links.
• Adobe Firefly- genAI on context.
AI Writing
If you never wrote before, please learn writing before then use tools to leverage.
• Editor – Scrivener + Hemingway
• Grammer – ProWritingAid
• Copy - SwipeBuilder

Screen Management
• Macos - night shift and lunar
• Windows - IRIS
• Android - inbuilt (night light + bedtime mode + extra dim)
• Linux - f.lux
• iPhone - guide

Web Extensions
• Ublock** – block ads and annoyances, https://rentry.org/filterstalker
• Libdirect** – direct all your staple websites to their privacy frontends
• Consentomatic – automatically clicks “I disallow cookies”, superficial but
increases web UX anyhow.
• Don’t use cookies auto delete, just enable “delete cookies on close” in
browser and create exceptions for staple sites by clicking lock button in the
address bar.

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

 • SponserBlock – skip all the fillers/sponsor stuff in YouTube videos.

Cross Platform
• Calibre – Ebook Management
• Bleachbit – delete residue after uninstalling
• Jdownloader2 – downloader we all needed, its not open source though.
• VLC – The OG video Player / MPV – Best Subtitles support
• Qbittorrent – The OG GUI torrent client
• Bitwarden - best for cross device passwords
• Veracrypt** – encrypt files and folders, by making a vault file.
• KeepassXC** – best local password manager
• Joplin** – cross device notes app
• Ankiweb – Learn Cram anything quickly
Adobe Alts
• Premier – Davinci
• After Effects – no alt, maybe blender.
• Photoshop – Affinity Photo / Gimp
• Illustrator – Affinity Designer
• Dreamviwer (lollll) – Webflow
• Indesign – Kindle Create

Video Games
• ProtonDB – Linux/SteamDeck Support
• AIO VC Redist

Windows
• Optimize your Windows for Privacy - SophiApp**
• Win11 optimizer – Chris Titus**
• Ungoogled Chromium - When Firefox is blocked by piece of shits
• Musicbee - Best Music Player
• Rainmeter - Best Widgets System
• SumatraPDF – OG pdf Reader
• JpegView – best in class image viewer
• Notepad++ - notepad on steroids

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

 • 7zip – only archiver you need
• FileZilla – Best in class FTP Client
• TinyNvidiaUpdateChecker** - Update your gpu drivers without bloat
• VSCodium** – the OG Editor without the Microsoft bloat
• Cider.sh – Apple music is best as a service but its desktop client sucks big
time.
• Tenacity** – Audacity without the greed
• Gajim** – Best in class XMPP client
• Schildichat** – Best Element Matrix client
• Better font – Windows lacks Mac’s font but we know it doesn’t
• https://portableapps.com/apps/internet - portable apps are nice.
• hwinfo - no-frill Hardware identifiers
• Windirstat – Analyze your disks.
• Group Policies - Delete bloat the OG way
• Win11 debloat and clean install - The OG guide we all need
• Wallpaper Engine - Beauty
• privacy.sexy** - Scripts to debloat windows
• PowerToys
• Better Firewall - Portmaster**
• Automations - AutoHotKey
• VM – Spice Guest Tools
• Android Remote Tool - ScrCpy
• System backup and restore https://christitus.com/urbackup/
https://www.aida64.com/ (NOT IMPORTANT)
https://reversing.info/posts/guardedregions/ (NOT IMPORTANT)
Cross Mobile
• Xodo – Best PDF viewer and annotator, switch off per-app internet though.

Android
• Universal Android Debloater
• Tasker- Automations
• collabora-office
• coreIRC Go – IRC is not dead, can bridge with matrix and use Schildichat.
• Cromite – Good Browser
• Fdroid – alternate app store
• Aurorastore** – Install Apps from google play with somewhat more privacy.
• Feeder – RSS Reader
• k-9 – mail client
Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027
 • Fairmail – the OG Mail Client
• Moneroju – Monero Wallet
• mozc – Japanese keyboard
• florisboard - Keyboard
• libretorrent – open-source torrent client, but no frills is prob Flud
• mpv – best in class subtitles
• vlc – OG video player
• QKSMS – OG Open-source SMS Client
• SD Maid – OG cleaner
• Signal – use with burner, usernames will change the game.
• Voice** – audiobook player
• Yet another call blocker** – privacy respecting spam blocker, it uses
crowdsourced Database shouldianswer
• Appmanager – the OG
• Cheogram – Telegram client with in-line translations.
• DeepL – Best in class Translator specially for Spanish.
• Duolingo – the OG Language app
• FFupdater** – Update all your browsers in one place
• Gmaps WV** – Gmaps in a sandbox
• HexViewer – Hex Editor
• Jiten – Best Japanese Dictionary
• Longshot – automatic scrolling screenshot
• Memegen Pro – good meme generator but imgflip does the job
• Nextdns** – on-device DNS + Firewall done right
• SimpleNotes** - nice temp notes app
• Obtainium** – directly update apps from github releases and other sources
• OpenScan – Open Source CamScanner
• BinaryEyes – Open Source QR Scanner
• Tachiyomi – the OG Manga Reader
• Windscribe** – Good Free VPN (30GB)
Rooted Android:
(Note Root is a less secure state, don’t do it on a daily driver)
• Proxydroid – Proxy on individual Apps
• AuroraService - Aurora Store Silent Installs
• Fdroid Priv – F-droid Silent installs
• OpenEUICC – Open source eSim
• Shamiko – hide root
• Neobackup – best app backup solution

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

LSPOSED
• Zygisk-lsposed – Best in class script injector
• Android faker – fake Hardware identifiers
• Devoptshide – hide developer options from apps.
• Hidemyapps list – hide root
• XprivacyLua – prevent apps from abusing permissions

IOS
• https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/
• Canary Mail** - PGP on iPhone
• Backup** via Finder (Mac) or iTunes (Windows)
• PhotoMath
• Add custom apps – Altstore
• hyperweb.app** – only safari extension you need
• Color Widgets – OG Widgets
• Teleprompter
• Pro Camera

Jailbroken:
(Note ipa’s can be installed via altstore as well – no jailbreaking needed)
(Note Jailbroken is a less secure state, don’t do it on a daily driver)
• ios.cfw.guide
• uYou+ - YouTube client
• Spotify++ (w/ Sposify)
• iTorrent
• ipaspot.app
YouTube Channels
• iDeviceMovies
• CrackUriDevice

Shortcuts:
Open the Link and click on “Add Shortcut”, and access them from shortcuts app.
• Removes water from the speaker grills
• Dictate text to notes

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

 • Show clipboard and more
• Video Downloader

MacOS
• https://forum.keyboardmaestro.com/t/getting-started-with-keyboard-
maestro-and-the-forum/6
• Littlesnitch - OG firewall
• Backup and Restore
• Productivity Suite - Aptonic
• Better Apple Music client - cider.sh
• MacOS Cleaner - Clean-Me
• Clipboard manager - Maccy
• ScreenSavers
• macosicons.com
• dynamicwallpaper.club
• https://github.com/drduh/macOS-Security-and-Privacy-Guide**
• https://github.com/notAperson535/OneClick-macOS-Simple-KVM
• macscripter.net
• Mac randomization - LinkLiar**
• Neofetch for mac - macfetch
• https://github.com/sveinbjornt/Sloth Nice GUI for lsof.
• https://alt-tab-macos.netlify.app/
• https://saurabhs.org/advanced-macos-commands
• https://betaprofiles.com/ - no-frills beta installs
• https://macmenubar.com/
• https://github.com/Yelp/osxcollector (unmaintained)
• https://apphousekitchen.com/ charge Limiter App
• https://github.com/corpnewt/USBMap

Linux
• Fedora Silverblue – best Desktop distro yet (prob something like nixos &
immutable is the future)
• Usbguard - protect you from usb attacks
• Timeshift - the OG backup solution (use btrfs partition)
• conky - system info on desktop
• okular -good pdf viewer

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

 • box86 - x86 on ARM
• winehq - Windows apps and games on linux

Hardware
• Open-Deck
• coreboot + Qubes on Thinkpad t440p
• OpenWRT on TP-Link Archer A7
• Yubikey Series-5 NFC (Hardware keychain)
• AsteroidOS Smartwatch
• Privacy Filter

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Messaging & SIM Protocol
Apps:
1. Signal: daily driver
2. Encrypted Matrix rooms: public stuff
3. Session & qtox: Tor Level shit
4. Briar: local communication (can be used to setup LAN messaging)

Numbers:
1. Physical SIM for Gov ID / Banking – nobody knows about
2. Google fi for family, close friends and travel
3. Jmp chat number for business
4. Jmp chat number for spam
5. Sms verification – smspool.net, others

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

On Phone Numbers
This is from my substack. This is very important hence I have pasted this here;
other articles are available there only.
People use SMS for banking communication, 2FA verification and to verify with
online services to increase credibility. (And for P2P communication)
But SMS is inherently insecure2
We could have lived with it, if it was not private, but insecure? That’s just too
much!
Hence, I propose this post.

2FA
You shouldn’t be using your mobile number as 2FA mechanism that’s just counter-
productive; I recommend Ente Auth for IOS and Authenticator Pro for Android
(Privacy community likes aegis). Just make sure to switch on auto backup and save
the file somewhere safe.

Verification
For throwaway accounts, smspool.net is nice.
For others, can use jmp.chat (5$ per month) and ironvest (5$ gives you 1 phone
number, 50 emails & 35 masked cards) or some shady Russian site/Forum (Tread
carefully).
The full proof way is to get google fi (30$) and port it into jmp chat in the same
month only (additional number costs 2.5$ not 5$)

Security
The apex of secure P2P communication is Burner + Signal. Nothing comes close.

Vendor Lock-in
2
They tried to secure SMS against MITM attacks after 2G but even 5G seem to have problems. More info here.

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

You probably have heard about vendor lock-in if you are on this corner of the web,
fortunately the major gov’s all around the world, have mandated that you are free
to port your number to any carrier of your liking (without change in country code
ofcourse).
But it will still go through traditional towers.
VOIP basically bridges the Telecom Infra to the Internet.
This helps in 2 ways:
1. Attackers can’t snoop in your messages and calls as these services are E2EE
(from the point of Telecom-Bridge stitch)
2. You can use any country’s number anywhere if you have internet (and if you
have Satellite Internet like StarLink, that’s potentially anywhere on the
planet)

Flagged as VOIP
But the problem is, a lot of VOIP numbers are sold at pennies to untrusting parties
and hence aren’t really good for verification. That’s why companies have
Databases (or API from some service) that prevent you from using a “bad” VOIP.
The best course of action is to buy a physical SIM and port it into a VOIP service.
Google Voice takes 20$ to port it. Jmp Chat offers porting as well.

Area Codes
\( +\hspace{1mm}y_1y_2y_3\hspace{1mm}
(z_1z_2z_3)\hspace{1mm}a_1a_2a_3\hspace{1mm}b_1b_2b_3b_4\)

y’s → Country code.

Approximately,

z’s → are used for specific function, eg. corporate, toll-free etc.
a’s → are used for area code
As an example, you can checkout UK’s.
A corporation builds Infrastructure from the ground up and sign up a contract with
the government. Different Corps and gov decide which areas would get how many
Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027
numbers and area codes are assigned on the basis of geography, population and
spectrum.
Services use this as a filtration mechanism to discard the numbers that are not
allowed for verification.

eSIM
eSim helps to load mutliple carrier data remotely and you can switch between them
without doing anything physical.
Price Comparison - esimdb
For Devices that don’t support eSim - esim.me & esim.5ber.com
DIY - https://xdaforums.com/t/a-tricky-way-to-use-esim-on-cn-in-variant.4609543/
Open-Source Implementation - https://gitea.angry.im/PeterCxy/OpenEUICC
Anonymous eSIM - silent.link
eSim Kinda tries to solve these 2 problems (as you can switch between profiles
easily):
1. Coverage: If you travel a lot, you know some areas have different signals for
different carrier networks. Satellite Internet solves this. Or you could just get
each of every Carrier.
2. International Roaming - If you travel a lot internationally, you know it costs
a lot to get coverage for your number in another country. Google Fi is a
pretty cool option that tackles this problem for US Residents.

JMP Chat
This is the king of VOIP, but onboarding is somewhat not user friendly so here I
will try to explain it.

It works with XMPP Clients. What is XMPP? It’s just like eMail but for Instant
Messaging. It’s a protocol that can have multiple clients (Apps) that can
communicate with each other (just like eMail). (Technically its jabber not XMPP,
but it doesn’t matter)
I will take an Android Client “Cheogram” as an example here. Because you get
snikket instance (server for your clients) and phone number attached to it upon

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

sign up automatically. You can use any client or platform for login after you got
the account.
Open up, just click “sign up”.

It should turn to this:

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Choose the phone provider, jmp is okay for US/CA. For UK I recommend AA, if
you are technically inclined. Twillio is a no-no.

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

After some time, it should ask to choose number. Use an area code you like.

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Now you will need to add 15$ minimum deposit. It’s 5$/month, Credit card will be
charged to deposit 15$ whenever the account reaches 0. Use my affiliate Code -
“BKTK57SA” for a free month after initial deposit.

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027
I recommend adding cheogram.com bot and jmp support’s contact. Support is top
notch but sometimes the replies may take some time.

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

“cheogram.com” bot will be your account dashboard.

If you are more curious about jmp chat, you can check out their FAQ and blog. If
you are curious about how they developed this stuff, check out their team’s wiki
here.

These questions are probably worth your time:

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Twitter Verification
I am taking twitter as an example because they have been notoriously the most
difficult to get “VOIP” verified. They probably have a detailed Database of trusted
carriers as people are getting this:

But I have found one provider that was able to give a “trusted” carrier number.
There are probably others, so let me know by DM’ing through Twitter if you found
one too.
It’s Andrew’s and Arnold, you set this up in XMPP clients by following this guide.
Just test the number before adding any deposit. You can copy paste each number
during sign-up in twitter’s “account information” to see if it goes through.

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Whatsapp
1. Messages are E2EE, that’s pretty fortunate considering more than 2 billion
people3 use it.
2. Metadata isn’t, so the data brokers know who you are talking with and some
other stuff.
3. It is owned by THE big brother, Facebook. That’s something.
4. Seirdy wrote a pretty cool article “WhatsApp and the domestication of
users”.

iMessage
1. Blue Bubbles vs Green Bubbles: Explained! | Marques Brownlee
2. iPhone gets RCS
3. iMessage between iPhone and iPhone is E2EE but icloud backups aren’t, so
enable ADP please.

Appendix A- Feature set of a Number

1. SMS - Sending + Receiving + addons
2. MMS
3. Voice Calling
4. Video Calling

Appendix B – Data
When a corp builds up an Infra it invests a lot of money and then some, for the
marketing and other usual business stuff. They cover their costs from end users for
some years and then reap profits.

But what happens is, they never decrease their prices and only increase them even
when they have cooped a lot of cash. So the overall market culture decides the
prices in the end.
Price of data over the world has this infographic.

3
https://about.fb.com/news/2020/02/two-billion-users/

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027
2FA BACKUPS
(Very Important)

When you register a site for 2FA, you get backup codes

My advice is to divide those codes in 3 equal parts then store in

1. Encrypted drive (veracrypt)

2. Write it in a diary (I trust my home, you may not - invisible ink, cypher, cayman
island vaults)
3. Encrypt it and store it in cloud/email.

backup your 2FA app and syncthing it.

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Everyday Carry

Hacker Kit
Glytch's Hacker EDC Bag - Version 2.0 | Hak5

Self Defense
What Does A CIA Spy Carry Every day? | Shawn Ryan Show

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Portability
https://www.anonstrategies.com/p/portable-terminal

Wearables
This is probably the next best spyware if you don’t use your mobiles securely.

I personally use AOS installed via this: https://asteroidos.org/watches/catfish/

Otherwise, you can get any fitness tracker that is supported by these guys:

https://gadgetbridge.org/

You can see what all, the corps collect here:

https://foundation.mozilla.org/en/privacynotincluded/categories/fitness-trackers/

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Hosting
The best investment I ever did was a self-hosted NAS for my home, but I
understand people may not be comfortable doing that even if they are technically
inclined for obvious reasons (cries in maintenance)

I may provide readymade home servers that I service remotely, let me know
through twitter DM’s if you are interested.

Full DIY - NAS Killer: https://forums.serverbuilds.net/t/guide-nas-killer-4-0-fast-

quiet-power-efficient-and-flexible-starting-at-125/667

Handholding - Synology Ds923+: The NAS That Permanently Changed My

Privacy Life | Techlore

You know what to do with this: https://flemmingss.com/a-minimal-configuration-

step-by-step-guide-to-media-automation-in-unraid-using-radarr-sonarr-prowlarr-
jellyfin-jellyseerr-and-qbittorrent/

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Money Privacy
Gumroad - https://twitter.com/bowtiedanon_/status/1705949030134730814

https://www.anonstrategies.com/p/anonpay

https://www.anonstrategies.com/p/identity-buffer

Cryptocurrency

• p2p Monero Buying - localmonero

• Best Monero Wallet - monerujo
• p2p Bitcoin - agoradesk.com
• on-chain private Bitcoin Wallet - samouraiwallet
• Lightening Wallet (low fees btc / daily driver) - Phoenix
• Bisq – P2P Exchange
• Fiat to Coin - https://stealthex.io/
• Cakewallet is nice if you want to buy crypto with card.
• Metamask – best DeFi wallet
• Eth / E/KVM based assets – safe.global

Best setup for fiat to crypto is always an offshore bank with crypto support.
Panama Bank – MEXC

Shitcoin mooning & airdrop farming security:

https://twitter.com/bowtiedanon_/status/1744420025174544652

Crypto Trading Setup:

• https://dexscreener.com/
• https://app.uniswap.org/swap
• https://raydium.io/swap

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Advanced Data Protection (ADP)
These plans are provided by big tech themselves, if you want to increase the
security of your accounts.
Google - https://landing.google.com/advancedprotection/

Apple ADP - https://support.apple.com/en-in/guide/security/sec973254c5f/web

Apple Lockdown - https://support.apple.com/en-us/HT212650

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Physical Security
https://www.anonstrategies.com/p/physical-security

Travel Security Checklist

https://www.anonstrategies.com/p/travel

Facial Recognition
https://www.anonstrategies.com/p/face

Remote Devices Management

TODO

• VMware Workspace ONE

• MobileIron
• Microsoft Intune

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Incognito Voice
Anon Spaces

(in-built X incognito mode incoming)

1. Clownfish Voice Changer

2. don't use phrases, you use irl - be your internet self.
3. careful of what info you want to share and not (think before speak)
4. speak slowly

P.S. the real threat here is your irl circle not AI

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Vehicle Privacy
https://twitter.com/bowtiedanon_/status/1725555099622351242

Camera Sec
https://www.synology.com/en-global/surveillance

SpyCam Testing - https://www.youtube.com/watch?v=J5ctijPFLyY

Dash cams and go pros TODO

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Anti-Doxx Protocol
https://www.anonstrategies.com/p/doxx

Steps to take if burned

Know your rights and laws

1. Don’t Panic.
2. Delete everything you can from the internet related to that specific identity
(accounts, comments …).
3. Delete everything offline you have related to that identity including the
backups.
4. (If using a physical SIM) Destroy the SIM card and trash it in a random
trash can somewhere.
5. (If using a physical Burner Phone) Erase then destroy the Burner phone and
trash it in a random trashcan somewhere.
6. Securely erase the laptop hard drive and then ideally proceed to physically
destroy the HDD/SSD/Laptop and trash it somewhere.
7. Do the same with your backups.
8. Keep the details of your lawyer nearby or if needed, call them in advance to
prepare your case if needed.
Return to your normal activities and hope for the best.

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Tricks of the Trade
Cafe WIFI’s

You can use café WIFI’s (that are not commercial IP’s, not mcd for e.g.)
to create anonymous social accounts rather than buying Proxy IP’s that
may or may not work.

Hidden communications in plain sight

It’s always beneficial to hide things in plain sight rather than making
special space for them, add things in a book in a shelf for e.g.

How to spot if someone has been searching your stuff:

1. Just take a pic

2. Leave eraser residues inside written material to see if someone
read it.

Safe Word

Ask your loved ones to tell you something that only the 2 of you are
aware of, if you think they are compromised.

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Training
1. Memory: Learn 1 language every 10-12 months, cheat sheet.
2. Learn to kick, punch and use a knife and a Baton as a weapon.
3. Image training – imagine the whole situation and carefully go
through it in your mind to prepare yourself.
4. Non-dominant handwriting
5. Dual N-Back Training 5 minutes, app
6. Mental Chess/Arithmetic 5 minutes
7. Meditation – deconditioning

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Secure Document Destruction
BleachBit: only cleaning software you need, can shred files too.
RedkeyUSB – portable eraser for all OS’s

Death Kit
1. Have a Traditional Will.
2. Have a Living Will.
3. Have a Living Trust.
4. Digital Vault (Password Manager and Veracrypt Container)
5. Have banking, trusts, llc, exchange nominees.
6. Have Digital Accounts Strategy (Data Release & Destruction
Plan)

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Jurisdiction
https://bowtiedanon.com/jurisdiction/

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Approved Products
https://bowtiedanon.com/approved/

Recommended Services
1. 1984.hosting
2. njal.la for domains
3. Proxies - rainproxy.io (residential), Gridpanel (mobile proxies)
4. VoIP Number - jmp.chat
5. fi.google.com/about – get this and port to jmp chat. Though Fi is pretty great
for international roaming.
6. if you can trust google, google voice is the cheapest voip option – though
doesn’t work everywhere.

VPN
Fully anonymous – Mullvad with Monero for TOR level Shit.
Free – Windscribe (30GB)
Paid Daily driver – Proton
Honorable mention – IVPN

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

My Other Products (Discounted)
apply coupon “OPSECAFF” for discounted rates on my other products:

anonshop.io/telegram – 25$
anonshop.io/windows – 9 $
anonshop.io/apple – 9 $

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

Further Reading
https://github.com/jermanuts/bad-opsec

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027

What’s next?
I can write an encyclopedia on privacy and security but reading it is of
no use, if you don’t apply it in your life. This will take some time as
you are essentially changing your lifestyle and habits but, in the end,
you will have a private digital infra and beyond.

If you need any more info, or want me to cover something else as well,
you can reach out to me on email contact@bowtiedanon.com or on
Twitter ( @bowtiedanon_ ).

Prepared exclusively for jaylreynolds0@gmail.com Transaction: 0136619027