WARNING: The content here only serves educational purpose. You are fully responsible for your actions.
We do not encourage any kind of sensitive activity or crime.

Roadmap Progress (as of Q3 2025)

Welcome to our quarterly activity recap of the OPSEC Bible Roadmap: The Opsec Bible covers a wide array of topics and tutorials, but all share the same goal: empowering the individual, to tell them how to make themselves ungovernable. Privacy comes first, then anonymity, and lastly deniability.

(yes i changed it from monthly to quarterly, as monthly seemed to be unecessary)

Beyond our Privacy/Anonymity/Deniability classification we have 3 types of tutorials:

• Clientside Tutorials: Achieving your opsec goals on your own computer/mobile
• Serverside (Self-Hosting) Tutorials: Achieving opsec goals on your home server
• Serverside (Remote) Tutorials: Achieving opsec on remote servers (VPSes / Dedicated servers)

Within this classification of tutorials we have a special category of tutorials called the "Core tutorials" which are basically the tutorials that enable everything that is opsec-related that we are talking about. You can consider those to be the actual backbone of your operational security.

Our roadmap is based on the following critical tutorials first and foremost, as they are actually making possible every other opsec tutorial that we have.

First of all i want to congratulate and thank all of our excellent contributors who helped get the opsec bible to where it currently is right now, as it's been a really INTENSE last 3 months, as you can see below:

Clientside tutorials (13 completed out of 21)

The clientside tutorials have had some new tutorials added recently, as we felt that there were some topics that really needed to be covered

• SimpleX Deniable Chats #317: currently WIP, the tutorial is currently being written by a new contributor
• NEW: The Dangers of ordering drugs online #495: While i don't want to recommend people to order drugs in the first place, i want us to anyway talk about it to explain all the dangers that it poses, since this is after all a major reason people flock to the darknet in the first place.
• NEW: The Dangers and limits of Javascript Fingerprinting #496: Such a popular topic on the darknet, and it is also the source of unecessary paranoia and misunderstandings. We're going to clear it all up and explain how exactly javascript affects your attack surface, especially in our vm-based internet use segmentation context.
• NEW: Bypassing KYC procedures using AI image generation #292: This one has tremendous potential, it will potentially enable everyone to literally outright bypass every KYC procedure out there, to allow themselves to freely use services anonymously, whether the website administrators want it or not.

Serverside Self-Hosting tutorials (11 completed out of 16)

Good progress in that section since the last 3 months, currently this section is missing the following tutorials:

• NEW: Automating Emergency Shutdowns (mouse/keyboard activity detection) #508: Probably a very simple solution to a complex problem. Using the mouse and keyboard is everyone's first reflex when checking a computer after all, we'll turn it into a trap for the adversary if they try to touch either of those.
• Serverside Sensitive VM setup (whonix in a VC hidden volume) #327
• Host-OS WAN internet connection failover #185
• Automating Emergency Shutdowns (webcam movement detection) #328
• Automating Emergency Shutdowns (detecting usb changes) #329

Serverside (Remote) Tutorials (13 completed out of 14)

And here we have seen most of the progress since our last roadmap recap, we only have one tutorial left to complete:

• Multi-Owner Infrastructure Dead Man's Switch (via SimpleX bots) #315

Nowhere Community News

Since last roadmap recap, Oxeo0 has been generously providing privacy front-ends on both Tor and i2p, definitely check those out while they remain available:

List of all new blogposts (including the non-critical ones) from June

Below are all the new tutorials that we published in Q3 2025:

• 2025-09-14: Sensitive Remote Servers Organization
• 2025-09-14: How to safely use the Sensitive VM
• 2025-09-08: Reddit’s Decline for Real Privacy Discussions
• 2025-09-07: Setting up Invidious to watch YouTube privately
• 2025-08-31: Man arrested for donating to a terrorist organization
• 2025-08-29: Backup data remotely without revealing contents to the VPS provider - BorgBackup
• 2025-08-29: Canadian truckers protesters' bank accounts frozen
• 2025-08-27: Privacy Laxism is real and it's part of the problem
• 2025-08-27: The Downfall of Pompompurin
• 2025-08-27: Corporate censorship: Steam forced to delist games
• 2025-08-26: Setting up SafeTwitch to watch Twitch privately
• 2025-08-25: Being lured into meeting someone IRL
• 2025-08-25: Internet Usage Segmentation Setup [GrapheneOS addition]
• 2025-08-23: What if a FOSS Project Turns Malicious? (Building SimpleX from Source)
• 2025-08-22: How to Get an Email Account Anonymously [update replacing protonmail]
• 2025-08-22: Git LFS over Tor - Proof of Concept
• 2025-08-20: Docker Intro: Installation, Setup and Basic Operations
• 2025-08-17: The Nowhere Community and our Services
• 2025-08-16: 10 things you must do if you are pro-freedom
• 2025-08-16: How the states manage to pass abusive laws
• 2025-08-14: Disguising Tor traffic with Cloak
• 2025-08-13: How to mine Monero easily using Gupax
• 2025-08-12: Where are VPNs, Tor, Monero and SimpleX Legal ?
• 2025-08-12: The Downfall of IntelBroker
• 2025-08-11: How to have privacy on your Router (OpenWrt)
• 2025-08-10: Black Hat Hacking Sensitive VMs Tutorial
• 2025-08-10: How to redirect your clearnet audience to the Darknet
• 2025-08-09: Password Management 101: How to use Keepass [old tutorial update]
• 2025-08-08: Setting up Redlib to browse Reddit privately
• 2025-08-04: The Downfall of AlphaBay
• 2025-08-04: Being forced into becoming an Informant
• 2025-08-03: The Private and Anonymous Email Problem
• 2025-08-02: Being lured into telegram for sensitive use
• 2025-07-31: Solitary Confinement
• 2025-07-30: Restricting Onion Service Access with Client Authorization
• 2025-07-28: Making Your Home Server Reachable via a Hidden Service (SSH + Cockpit + VNC via Tor)
• 2025-07-27: Being forced into violence by gangs
• 2025-07-25: How to transfer Activities across Identities
• 2025-07-25: Never tell your bank that you bought crypto
• 2025-07-22: Deniably renting servers from the Sensitive use VM
• 2025-07-21: What is my Attack Surface ?
• 2025-07-21: USB-triggered server shutdowns
• 2025-07-19: The Downfall of Silk Road
• 2025-07-19: Corporations are the cancer of FOSS projects
• 2025-07-18: How to prepare for the arrival of CBDCs
• 2025-07-17: Scheduled Automatic Server Randomization with Mullvad VPN CLI
• 2025-07-16: USB-triggered shutdowns
• 2025-07-15: How to route your entire network through a VPN on the router
• 2025-07-15: How your finance can be your downfall
• 2025-07-14: Opsec Mistakes - Improper Monero Usage
• 2025-07-13: Identity Segmentation Fails: Emails, Usernames, and Passwords
• 2025-07-12: The futility of talking OPSEC on Statist platforms
• 2025-07-11: Linux Basics
• 2025-07-10: Public media is funded propaganda
• 2025-07-09: Ensuring Your Privacy is Intact with OpenSnitch
• 2025-07-08: Lawfare Explained
• 2025-07-08: Why can't I trust Server-side Encryption ? [old tutorial rewrite]
• 2025-07-07: Opsec Mistakes - The Downfall of Incognito Market
• 2025-07-06: Technology either serves you, or the state
• 2025-07-06: Privacy Frontends - Avoiding Centralized Tracking
• 2025-07-03: The postal system explained
• 2025-07-02: Fallacies used to dissuade you from using Freedom technology
• 2025-07-02: Why Dread isn't always the place to go to for opsec advice
• 2025-07-02: Why are we not recommending QubesOS yet?
• 2025-07-01: Mounting a remote drive over Tor (using SFTP)

It's been a crazy quarter, especially both July and August, and again, i'm infinitely grateful to whoever contributed to the opsec bible so far, and i'm looking forward to completing this project.

The Future of The Opsec Bible

Once we finish writing all the opsec bible blogposts that i envisionned (even though i bet it won't ever end). At least when we finish all the Core tutorials, the project will enter phase 2:

• Phase 1: Building: Finish writing all Core tutorials
• Phase 2: Benchmarking: Grow our visibility organically + Keep the tutorials updated

Once everything's written, it's just a matter of keeping all tutorials updated as the tech we recommend may evolve, and the threats may evolve too. That's essentially the benchmarking phase, we'll get to see how our advice holds up as the visibility of the opsec bible grows and gets seen by a bigger audience, which could see threats that we didn't spot yet.

To help us do so, we're also going to focus on making Darknet Lantern as robust as possible, as it will be a key component to grow our visibility exponentially.

Suggest changes
Nihilist 2025-09-27
Donate XMR to the author:
8C1MNeB4KEHGApg6sPxFPn3NWERD3mPv7AjC8mCm1CJCXjoKnf36SYBdZ6ywCMdZRC4cxu7Uax3tufDqMXS2mLvHNCJzQZS