[narrator]

They can find out who's running a node, send the cops and put them in prison. It's not hard. Look at China. The idea that we can technologically solve political problems is a bit of a fantasy. If the government wants to get you, they will.

[mirimir]

They will, if your OPSEC is weak.

[Khaine]

everyone's OPSEC is weak. It is incredibly hard, if not impossible to have good OPSEC with the level of surveillance and tracking performed by companies like facebook and google.

[mirimir]

Huh? Against Google and Facebook, it's not at all impossible. Or against the FBI. Against the NSA, it's hard to say.

I have not seen any reported pwnage that didn't involve obvious OPSEC failures. You just need to compartmentalize, and avoid creating associations.

[Khaine]

Which is easier said than done. All it takes is one slip up for your hard work to be undone. One tiny mistake.

Advertisers are looking to de-annoymise you, three letter agencies are trying to de-annoymise you and all it takes is one minor slip upper being too unique (i.e. your combination of web browser, addons, screen size, IP address, etc).

It is almost impossible for a regular user to be anonymous, to have good opsec, for extended periods of time.

[mirimir]

Sure, people screw up. So systems must fail nonfunctional/closed. Whonix is an excellent example. Tor runs in one VM, and user apps run in another VM. The Tor VM is not a router. There's no forwarding. It merely exposes Tor ports on a private network. So apps can have no Internet access except through Tor.

Regarding uniqueness, using personas that must remain unlinked on the same physical machine is very risky. Given the risk of guest-to-host breakout. And because hardware signatures may be visible remotely. If WebGL is enabled in VMs, Internet sites can link VMs on a given host (graphics card) that use the same virtual graphics driver. In particular, ones meatspace identity should never share a physical machine with any personas that's at all risky. They should also be compartmentalized on separate LANs.

So Debian and the Ubuntu family have the same signature. But Windows, OS X, Centos/Fedora, Arch/Manjaro and PC-BSD have different signatures. So one can use VMs with different WebGL signatures on the same hardware. But only for personas where linkage would be survivable.

[Erlangolem]

In the US and most Western countries, it takes a lot of work to do what you’re describing, and there would be pushback. Going after a few people is no problem, but a whole population? No. China can do it because it’s an autocracy, with a long history of autocratic rule, strong central government and weak institutions. In the US politicians have to get re-elected.