Let me first start off by saying I wish I didn't have to write this. I wish that instead I could be writing about that one time the American Income Life Insurance, owned by Globe Inc., initially estimated 5,000 customers were impacted in their data breach. Turns out, they were off by a mere 845,000 or a factor of 170x. Tee hee, corporate math. Oh how I'd cherish the fact that the insurance company got breached again in September 2025 and yet somehow the parent company's stock is up 22% since last year.

As much as I enjoy making fun of corporations bumbling about security like it's quantum computing challenges, there is some real shit going down and it might really shake up after the No Kings Rally tomorrow so we're having a bit of service interruption our Our Daily Breach to bring you this special report.

I want to be able to tell you that only criminals have anything to be concerned about, but when their definition of "crime" or "terrorism" becomes this broad, we're all being threatened with a not so great time.

I could just shut up and stop saying anything on Discord, but that would be smart. Instead I'm going to show you something I learned recently that I believe they don't want you to know:

How to host infrastructure anonymously

You're gonna need another place to set up shop

To follow the old hacker adage of "don't hack where you rest at", you will not be using your home network connection. Go to a library or a spot you know has good internet but also good privacy, with limited surveillance.

You're gonna need a secure operating system

There is not enough harm reduction in the world to make Windows or MacOS viable operating systems to conduct this activity. You should consider using an alternative computer (old laptop if you have one) and use Tails.

You're gonna need Tor

You will only use the Tor browser from here on out.

Do not use Firefox or even Librewolf for any steps. No you cannot Chrome privacy mode, but thanks for making me chuckle.

You're gonna need a burner email address

Register for a new email on Tuta, it will take ~48 hours and it may not work at all. Try again until it works.

Do not use an email address you've used before or anything that can be traced back to you or your pseudonyms. Get weird.

Do not send yourself a test email to make sure it works. That's not how burners accounts work.

Once you get this anonymous email address, you're already good to start blogging on Tumblr/WordPress to share your love of frogs or whatever else they, as in the oppressive regimes, don't want you to write about.

I want to give a fair warning from this point on I'll be writing about technology and practices that may go against your values. A member of our own editorial board described the concept of this article as "antichrist". I understand that sentiment against cryptocurrency and anonymous hosting, it's a drain on our planet's resources to reward scammers & irresponsible hosting practices. I truly wish there was an alternative path to protecting your identity when hosting sites & services but there isn't one that will protect you from them. ISPs are going to comply with any indictment request and will willingly give up your information, they have little choice in the matter. If you really want to self-host this in a place they can't touch, consider hosting your server in a lawyer's office. If that's not an option, keep reading and bear with me.

You're gonna need to find a Bitcoin ATM

Dress covert, hat, COVID mask, sunglasses. Wear clothes you do not usually wear. If you happen to own a pair of privacy glasses (example, not an endorsement), now is the time to use them.

You'll need to find the right Bitcoin ATM. Some ATMs require face & ID validation. Those will not work for protecting privacy. Some require SMS confirmation, that can work, there is a workaround online.

Don't use one in your local neighborhood, find one outside of your regular commutes. There are tons of Bitcoin ATM map sites, use one appropriate for your region. For my Canadian comrades here you go: https://localcoinatm.com/bitcoin-atm/

Yes before you mention, I'm aware you are generally paying 30% above market rate for the BTC. Again, if there was an alternative... I'd suggest it here, but consider this the tax for anonymity.

You're gonna need to convert that BTC into Monero

Bitcoin is pseudoanonymous by design. You cannot use it for covert funding. You must swap it for Monero. This is not free either, so consider this in your estimates for funding your operations.

Use your burner email to sign up for an exchange that does not do standard Know Your Customer (KYC) practices, you can find a list of exchanges that fit this criteria on https://kycnot.me/

You're gonna need to find the right ISP

Now depending on where you need to host this infrastructure you'll want to reference the Tor Project's community list of Good ISPs: https://community.torproject.org/relay/community-resources/good-bad-isps/ to find the right ISP for you. For this context, we need one that offers a virtual private server (VPS) service, doesn't ask a lot of questions and accepts Monero. Some example providers from Iceland:

flokinet.is
1984.is

You're gonna need SSH keys

Don't be lazy, create a unique SSH key to connect to your remote infrastructure.

I know you're close and you probably want to start deploying shit right away now that you're finally connected to the remote host but before you do, there are some things to consider:

You're gonna need to sanitize your logs and set traps

You need to make sure your history isn't held against you. Sanitize your system logs of sensitive information.

Set traps for intruders. One approach is to use canary files that shouldn't be accessed at all by anyone, even you. Set a listener for that file and respond appropriately. Maybe for you that's a dead man's switch to delete everything except for this one file:

⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣴⣶⣶⣤⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⣤⢶⣤⠀⠀⠀⢰⣿⡿⠻⡛⠻⣧⠀⠀⠀⠀⠀⠀be gay, do crime!⠀⠀⠀⠀
⠀⠀⠀⠀⢀⡞⠁⠈⠙⠳⣄⠀⠈⣿⣧⣴⢳⣴⣿⠂⠀⠀⠀⠀⢄⡀⡇⢏⣔⡀
⠀⠀⢀⣴⠏⠀⠀⠀⠀⠀⠈⠷⡂⠉⠻⣿⣻⣿⠇⠀⠀⠀⠀⠀⠀⢠⣿⡃⠉⠀
⢐⣖⢶⣏⠁⠀⠀⠀⠀⠀⠀⣆⢷⣄⡠⣨⣉⣁⣠⢢⣶⡀⠀⠀⢀⡾⠁⠀⠀⠀
⠈⠘⠊⠈⠀⠀⠀⠀⠀⠀⢷⣍⣳⣖⣵⢿⡲⠭⠴⠃⠈⠳⣄⠰⣾⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⢈⣓⢲⣷⢿⡅⣧⣙⡒⠋⠀⠀⠀⠸⠟⠂⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⢠⣄⠁⠿⠁⠈⠓⠀⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⣻⣤⣿⣾⣋⣻⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⣤⠟⠋⠛⠟⠹⣷⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⣀⣠⠞⠁⠀⠀⠀⠀⠀⠘⣆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠐⣿⡃⠀⠀⠀⠀⠀⠀⠀⠀⢹⣤⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠘⡆⠀⠀⠀⠀⠀⠀⠀⠀⢸⣯⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⢹⡀⠀⠀⠀⠀⠀⠀⢠⡞⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠐⣿⡄⠀⠀⠀⠀⣤⡟⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⡀⣴⠞⠋⠀⠀⠀⠀⠈⢧⡀⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠨⢪⠃⠀⠀⠀⠀⠀⠀⠀⠀⠙⠛⠫⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀

I hope you find this guidance on hosting censorship resilient infrastructure helpful. If you did, I encourage you to visit the folks at RiseUp and AnarSec that inspired this piece at: https://riseup.net/ and https://www.anarsec.guide/, respectively.

Take care, stay safe this weekend. If you happen to live in a state suffering from ICE raids, I recommend reading an account on why it's safer in the front.