Operational Security Checklist for Tor Users

1. Use only Tor Browser or Tails. Never access Tor-related accounts from a regular browser. Tor Browser is specifically configured to resist fingerprinting — other browsers leak unique identifiers through canvas, WebGL, fonts, and screen resolution.

2. Never maximize Tor Browser. Maximizing the window reveals your screen resolution, which is a fingerprinting vector. Keep Tor Browser at its default size. Tails avoids this by using a standardized screen resolution.

3. Do not install browser extensions. Every extension changes your browser fingerprint and potentially introduces vulnerabilities. Tor Browser comes with uBlock Origin — do not add anything else. Extensions like password managers, ad blockers, or privacy tools make your browser unique among Tor users.

4. Use VPN + Tor for defense in depth. A VPN before Tor prevents your ISP from knowing you use Tor. Connect to a VPN first, then launch Tor Browser. This is especially important in countries where Tor usage itself is monitored or restricted.

5. Never mix identities. Each anonymous identity must exist in complete isolation. Never log into an anonymous account and a personal account in the same browser session, even in different tabs. Use separate Tor Browser profiles or separate Tails sessions for each identity.

6. Use unique passwords for every account. A password reused across identities is a direct link between them. Use KeePassXC to generate and store unique, strong passwords for every account. Maintain separate KeePassXC databases for compartmentalized identities.

7. Do not reuse usernames, email addresses, or writing styles. Stylometry (analyzing writing patterns) is a real deanonymization technique used by law enforcement and intelligence agencies. Vary your vocabulary, sentence structure, and punctuation across identities. Avoid distinctive phrases or expressions you use in your real identity.

8. Use different cryptocurrency wallets for each identity. Never send funds between wallets associated with different identities. Use Monero for maximum privacy, and generate new wallets for each identity.

9. Use Tails for sensitive operations. Tails is a live operating system that runs from USB, routes all traffic through Tor, and leaves no trace on the computer after shutdown. For the most sensitive activities, Tails is non-negotiable.

10. Never use your regular computer for anonymous activities. Your regular computer has browser cookies, saved passwords, cached data, and software that can leak your identity. Use a dedicated device or a live OS like Tails.

11. Disable location services and Bluetooth. Turn off Wi-Fi when not in use. Your device's MAC address and Wi-Fi probes can reveal your location and identity. Use Ethernet when possible, and spoof your MAC address if using Wi-Fi.

12. Be aware of timing correlation. If you are always active on an anonymous account at the same hours, and those hours correlate with your real-world timezone and schedule, this creates a correlation risk. Vary your activity times or use a scheduling tool to post at random intervals.

Good OPSEC extends to your server infrastructure. If you host services on your anonymous identity, those servers must be as anonymous as everything else. AnubizHost provides offshore VPS hosting in Iceland, Romania, and Finland — paid with Monero or Bitcoin, no KYC, no identity verification.

Our Tor-optimized servers include full root access for hardened OS configurations, NVMe SSD storage for reliable performance, and DDoS protection to keep your services online. Deploy Tor hidden services, onion sites, or privacy infrastructure on servers that cannot be linked to your identity.

Do not undermine months of careful OPSEC by hosting on a provider that knows who you are. AnubizHost exists specifically for users who need infrastructure without identity exposure. Explore our Tor hosting plans and maintain your OPSEC end to end.