an exercise in lowering your attack surface in physical situations

In certain situations, you'll need to crawl out from behind your keyboard to interact with people in real life. Going out into the real world creates risks, such as being de-anonymized, experiencing wrench attacks, or swapping shitcoins on a bender. So, generally, it's best to leave your keys at home and be a little paranoid. This guide is definitely overkill, but it's a fun exercise in paranoia and OPSEC.

Problem: Existing with some comfort in society requires technology. Commerce, transport, and communications require you to carry a mountain of data with you on your phone. Once it’s fallen into the wrong hands, it’s trivial to find out everything about you.

Solution: Shed your normal device and create a new economic identity for when you are out and about.

In order to be a functional member of society, you need the following things:

1. Identity - Something to fill in the sign-up fields

2. Money - Something to fund your activities

3. Cards - Something to interact with Web2 rails

4. Hardware - Something to manage it all

5. Apps - Something to spend the money on

With these 5 things, you can operate within society. The hard part is getting all of these things without having to completely dox yourself. Let's run through an example to go from crypto to being anonymous in real life:

To start, you need a pseudonym - a name that you'll use with this economic entity. Maybe it shares the same first name as you, or something completely different. There are tools out there to help you along with the process, like the Fake Name Generator. You'll also need an email to go along with it (I'd suggest ProtonMail) and a new set of crypto wallets for both ETH and Bitcoin.

Once you've created all of this, back it up properly.

To fill your pristine wallets, you'll need to anonymize some ETH (I'd suggest no more than 5 ETH to begin). You can utilize the Aztec Network to shield these funds. Once you've deposited, wait a few days before withdrawing. Make sure to withdraw in common amounts (e.g., 1 ETH, 2 ETH, 0.5 ETH) and never withdraw the total amount you've deposited into the same wallet.

For some privacy-conscious services run by Bitcoin Maximalists, you'll need some real BTC. Ever since the demise of renBTC, it's been harder to trustlessly bridge back to the Bitcoin network. There are some anonymous middlemen that exist like StealthEx, but ideally, Threshold Network hurries up and ships their un-mint feature!

Withdraw these funds to a newly created wallet that you've backed up. This wallet is the starting point of your anonymous identity. Never send funds back to any of your normal wallets or exchange accounts. One slip-up and everything you've done from here on out is compromised.

Next, you'll need a prepaid VISA or Mastercard for when you want to interact with the real world. There are a few services that offer single-load prepaid cards, like FCF Pay. These will work for most merchants, but in some cases, you need a reloadable card. Reloadable cards without KYC are harder to come by, have large fees, and low limits. You really only want to use these for opening/verifying an account, then use gift cards/prepaid cards after that. One provider I’ve found is PST, but other providers are hard to come by

These hoops are annoying to jump through but are designed like that to discourage this behaviour.

Now that you have some funds, you can begin to purchase the items you'll need. First on the list is a new phone. I suggest a Google Pixel 6a ($399) with GrapheneOS. You could buy this second-hand for cash or new on Amazon, shipped to a locker/drop-off point.

Next, load GrapheneOS using its easy web installer. Graphene has hundreds of configurable security features, but as a minimum, I'd suggest a PIN code.

A phone without a SIM is fairly useless. Silent Link offers a no KYC eSIM that has fairly competitive data rates worldwide. I'd suggest getting a plan with a phone number so we can log in to some of the apps we might want to use.

With that all set up, you've got a fresh IMSI (SIM card identifier) and a new IMEI (phone's radio identifier). Make sure you practice some basic OPSEC when handling the phone, as pointed out by Snowden:

https://twitter.com/Snowden/status/1589213629320433667?

You can start populating your fresh phone with apps that you might find useful. Ideally, use free and open-source applications as much as possible. These can be found in the F-Droid app store.

While good for the basics, it's a far cry from the creature comforts of the big tech apps like Uber, Airbnb, Lime, FreeNow, or whatever. To get access to those without using Google Play services, you need the open-source Aurora Store.

Then, when signing up, we'll use various parts of the previous steps:

• 2FA is sent to your new SilentLink eSIM,

• Debit card to validate payment and satisfy KYC requirements

• Gift cards from BitRefill to actually fund the use of these purchases

That's it, you're a whole new person. No data leakage from who you are to your new economic identity. Which, as you can see from above, is a pretty hard thing to come by without spilling KYC, location, preference, biometric data about yourself.

It's a lot of effort, but in the end, you can touch grass knowing the most anyone will know about you from your phone is what you want them to.

Here's a list of some relevant resources to check out when considering this exercise in paranoia.

• Privacy

  • Aztec Network - Zero-Knowledge privacy protocol

  • Railgun Protocol - Zero-Knowledge privacy protocol

  • Tornado Cash - The original ZK privacy tool. NOT RECOMMENDED!

• Wallets (After privacy)

  • Metamask (Desktop)

  • Rainbow Wallet (Mobile ETH/EVM)

  • BlueWallet (Mobile BTC/Lightning)

• Google Pixel 6a - Cheap, solid & good battery

• Graphene OS - Barebones privacy first OS for Pixel hardware

  • Pin Code unlock / Biometrics for apps

  • Auto restart timer enabled

• Silent Link - No KYC global eSIM w/ Bitcoin/Lightning/XMR payments

• Mullvad - No KYC VPN service w/ crypto payments

• Basic Identity - Randomly generated Personal Identifiable Information (PII)

• Proton Mail - An encrypted email account for the new identity

• Generators - pls think carefully before using these tools

  • Profile Pic - StyleGAN2 generated image of a person that doesn't exists

  • Verif Tools - Document generator for various ID verification needs.

• Prepaid

  • FCF Pay - 5,000 USD max

  • Pay with Moon - US merchants only

• Reloadable

  • PST.net - 250 USD max limit

• Gift Cards

  • Bitrefill - Biggest & best gift card store with instant delivery.