how is my stupid opsec : OpSec | Torhoo darknet markets

FYI, the very first US big tech to collaborate with NSA after 9/11 was Microsoft, because they already had extended information exchange. This has not changed.

I strongly recommend you to have second laptop for darknet. Besides Microsoft collecting information about you, your employer might install spyware as well (I assume you use an employer provided laptop).

Or at least run Tails from an USB-stick on your Windows machine. This has the drawback that any Linux/Tails 0-days could leak laptop or network metadata which can be matched with uploaded Windows metadata.

Be sure you calculate the cost of your compromise first. What sentence would you get if you got fully compromised? How would your future life be affected by that, career, employment, family....?

This will tell you how long you need to go to secure yourself.

Windows is a big NO. If you must use it for some reason, use Tails properly at least.

how is my stupid opsec

by /u/lecamel 🍼 • 2 days ago in /d/OpSec

Sadly i must have windows 11 as my Main OS , but disabled all data sending consents in settings ( ikr that's not enough )

i have Virtualbox with fedora + vpn with killswitch --> using vm+vpn to connect to my RDP

i only use RDP to do mainly light blackhat stuff like cracking maybe some fraud etc..

so my Threat-level -> Crime

i have a feeling this is kinda stupid having vm on windows but sadly due to my work i must have windows
is there's anything that i can do to minimize windows spyware activities ?

and does this work or not safe since i have alot of docs connected to my real identity on windows

1.Windows 11 as your base OS? Completely compromised from the start.[/b]
Disabling telemetry in settings is cosmetic. Windows still runs dozens of hidden services, connects to Microsoft domains, and logs actions under the hood even with every "privacy" setting toggled.

Forensic tools used by LE can scrape:

Prefetch logs
Recent file access
Jump lists
Thumbnail caches
Memory dumps with clipboard, passwords, or session info


3. VirtualBox is not secure from your host.
If Windows is compromised (malware, forensic capture, or a Microsoft backdoor), your Fedora VM is fully exposed.
VBox has a long history of VM escape vulnerabilities some proven in live exploits:

CVE-2018-2698 – VGA escape to host
CVE-2020-2575 – Local privilege escalation
CVE-2024-21115 – Out of bounds escape used at Pwn2Own


RDP is extremely noisy and fingerprintable.
RDP leaks screen resolution, input device types, and system locale.
Logs everything on the RDP server unless hardened.
Timing correlation attacks can trace RDP usage across Tor/VPN layers.
It’s a top method used by LE to reconstruct operator sessions.

• Stop using your real identity system for any OPSEC ops.
• The fact that docs connected to your IRL identity live on the same drive as your “crime” activity is all it takes to put you away.
• Use a separate physical device for OPSEC.
• Airgapped or running Qubes OS.
• Avoid RDP unless it's isolated inside hardened, hidden services.
• SSH over Tor with strict routing and monitoring is safer. GUI access is a fingerprinting and log magnet.
• If your threat model is the feds your current setup guarantees they’ll connect your real identity to your actions.

involving windows or microsoft products in general is a big no no bro

it's like asking a police officer for a ride to your plug's house.

why not get you a 16gb flash drive for like $5 and install tails on it for free?