u/Financial_Bonus_4606

▲ 19 r/opsec

OPSEC Check please

I have read the rules.

I’m new to Tails/Tor and want to check whether my setup makes sense from an OPSEC perspective.

Threat model:

I want to reduce linkability between this browsing activity and my daily identity/devices. I mainly want protection against tracking, data brokers, accidental account linking, local network observers, and my ISP seeing that I use Tor. I am not claiming this makes me “untraceable”.

Current setup:

- separate used old laptop

- fresh reset, no personal accounts on it

- Tails booted from a 16 GB USB stick

- no persistent storage enabled

- Tor Browser inside Tails

- no personal logins, no Gmail, no WhatsApp, no social media

- no browser extensions

- no downloads unless I fully understand what I’m doing

- webcam covered

- I shut Tails down after use instead of saving anything locally

I understand the basic OPSEC rules: don’t log into personal accounts, don’t reuse identities, don’t install extensions, don’t open random files, don’t mix this setup with my normal life, and don’t randomly change Tor Browser settings.

My questions:

  1. For the threat model above, is this a reasonably solid beginner setup?

  2. What are the biggest remaining linkability risks if I actually follow these rules?

  3. If Tails is used without persistent storage, what traces, if any, remain on the laptop after shutdown?

  4. Are bridges worth using if I mainly want to hide Tor usage from my local network/ISP?

  5. What types of downloads are especially dangerous from an OPSEC perspective?

I’m trying to understand the limits of this setup and avoid beginner mistakes.

reddit.com
u/Financial_Bonus_4606 — 7 days ago
▲ 21 r/TOR

OPSEC Check please

Hello, I’m new to Tails/Tor and want to check whether my basic setup makes sense from an OPSEC perspective.

I know anonymity is a tool, not magic. I’m not asking whether this makes me “untraceable” or “invisible”. I’m asking what realistic linkability risks remain if I follow basic OPSEC rules.

Threat model:

- privacy-focused browsing and research

- avoiding tracking by websites/data brokers/maybe even state actors

- avoiding linking this activity to my daily devices/accounts

- hiding Tor usage from my local network/ISP if possible

- not "trying" to do anything illegal

Current setup:

- separate used old laptop

- fresh reset, no personal accounts on it

- Tails booted from a 16 GB USB stick

- no persistent storage enabled

- Tor Browser inside Tails

- no personal logins, no Gmail, no WhatsApp, no social media

- no browser extensions

- no downloads unless I fully understand what I’m doing (when is this supposed to be?)

- I shut Tails down after use instead of saving anything locally

I already understand the basic OPSEC rules: don’t log into personal accounts, don’t reuse identities, don’t install extensions, don’t open random files, don’t mix this setup with my normal life, don’t change Tor Browser settings randomly.

My questions:

  1. Is this a reasonably solid beginner setup for privacy-focused browsing and research?

  2. Assuming I actually follow the OPSEC rules above, what could still realistically link this activity back to me?

  3. What are the biggest OPSEC mistakes people still make even when using Tails correctly?

  4. If Tails is used without persistent storage, what traces, if any, remain on the laptop after shutdown? Is simply unplugging the USB stick enough?

  5. Are bridges worth using if I want to hide Tor usage from possibly "everyone"

  6. About downloads: when are downloads relatively okay, and when are they a serious OPSEC risk?

Please don’t just answer “if you don’t know what you’re doing, don’t use it.” I’m trying to learn properly and I’m asking for specific technical or OPSEC weaknesses in this setup.

reddit.com
u/Financial_Bonus_4606 — 7 days ago