Maximum Security Suite

Mullvad is essential for high-risk work. Pay with cash mailed anonymously or cryptocurrency. Your account number is your only identifier - memorize it and store it securely offline. Use multihop connections for sensitive work (routes through 2 VPN servers). Never use the same server for different projects. In hostile environments, use bridge mode to hide VPN usage from ISP. Always enable kill switch to prevent accidental data leaks.

Signal is your primary secure communication tool. Use a dedicated device if possible. ALWAYS verify safety numbers with contacts - this prevents man-in-the-middle attacks. Enable disappearing messages with short timers (1 hour or less) for all conversations. Use sealed sender to hide metadata. Never screenshot sensitive messages. Consider using separate Signal accounts (different phone numbers) for different contexts. In extreme cases, use Signal through Tor for IP protection.

Tresorit and Sync.com both offer zero-knowledge encryption - even they can't access your files. For maximum security, encrypt critical files with VeraCrypt before uploading (double encryption). Use separate accounts for different projects to compartmentalize data. When sharing files, use encrypted links with strong passwords sent via separate channel (Signal). Set short expiration times. Never store encryption keys or passwords in the cloud. Maintain offline encrypted backups of critical files on external drive stored securely.

ProtonMail is Swiss-based with strong privacy laws. Create account via Tor for anonymity. Use hardware key 2FA (YubiKey). For non-ProtonMail contacts, use PGP encryption - generate key pair and publish public key. Verify all contacts' keys via trusted channel. Use email aliases to compartmentalize different work. Access via Tor .onion address when needed. Never access from compromised networks without VPN. ProtonMail encrypts subject lines only between Proton users - use generic subjects with external contacts.

Tor Browser is essential for anonymous research and accessing censored information. NEVER login to personal accounts via Tor - this defeats anonymity. Use only for anonymous browsing and accessing .onion sites. Don't maximize window (fingerprinting). Set security to "Safest" level (disables JavaScript) for sensitive work. Use bridges in hostile environments to hide Tor usage from ISP. Combine with VPN for extra protection (VPN -> Tor). Create new identity frequently. Never download files via Tor unless absolutely necessary.

Bitwarden with hardware key 2FA is essential. Use anonymous email for account. Purchase YubiKey ($45) - physical key required for access. Generate 25+ character passwords for all accounts. Store master password offline in secure location - if you lose it, no recovery possible. Export encrypted backups regularly. Consider using separate Bitwarden accounts for different contexts (personal, work, activism). For maximum control, self-host Bitwarden on your own server. Never use SMS 2FA - hardware key only.

Tails OS is for highest-risk situations. Boot from USB for sensitive work - leaves no trace on computer. All traffic routes through Tor automatically. Use for: sensitive communications, handling leaked documents, accessing censored information, protecting sources. Configure persistent storage for PGP keys and essential files. Never connect to personal accounts from Tails. Maintain separate Tails USBs for different projects. When done, remove USB and restart - computer returns to normal with no trace of your work. Tails is used by journalists worldwide for source protection.