tl;dr

quick definition first. “host machine” in this article = your actual laptop or desktop, the operating system you use every day. “vm” = the virtual computer running inside it. whenever a step says “in the vm” or “host”, it matters which one.

  1. set up a vm using VirtualBox. works on both mac (intel and apple silicon) and windows. install Ubuntu inside the vm, then install Tor Browser inside the Ubuntu. on the host machine itself (NOT the vm), also run a no-log vpn with leak protection turned on. Mullvad is the easy pick. buy this one in your real name if you want, it doesnt matter. it exists to keep your real IP hidden if the vpn inside the vm ever drops.
  2. install the Railway wallet on your host machine. buy ETH on Binance or Kraken, send it to your host Railway, and shield it (heres how). now install Railway again, this time INSIDE the vm. separate install, fresh wallet, never seen your real-identity addresses. send the shielded ETH from host Railway to vm Railway. unshield inside the vm. that vm wallet now has no on-chain link to your name. you spend from here on out.
  3. inside the vm, buy a phone number at SMS-PVA using the vm Railway funds. for accounts you want to keep (Telegram), rent long-term, around $30/month.
  4. still in the vm, register Protonmail. verify with the SMS-PVA number from step 3.
  5. register Telegram (still in the vm) with the rented number. set a Cloud Password immediately, or someone who later gets that number recycled can SMS-verify into your account.
  6. buy a Mullvad account from inside the vm. install it. this one is the vm-level vpn, separate from the host vpn in step 1.
  7. buy a domain at Namecheap from the vm. $50 minimum crypto deposit. register with completely fake personal data. they dont check.
  8. buy a server at BitLaunch (also from the vm). use Latitude.sh if you need beefy roots.

done. the rest of this piece explains the why.

the threat model

three kinds of people might try to find out who you are. who you need to worry about decides how paranoid you have to be.

  1. casual investigator. a journalist, a curious ex, a corporate snoop, an aggressive HR person. they can google you, run public WHOIS lookups, do a reverse image search on your profile pic. they cant force any company to hand over your private data.
  2. serious investigator. a cop, a private-investigator firm, a tax agency, someone suing you in court. they can write subpoenas and force normal companies in their country to hand over what they have on you. they can compare timestamps across different services to link accounts. they cant break the cryptography in Tor or in a privacy-crypto setup, unless you mess something up first.
  3. state-level adversary. the NSA, GCHQ, FSB, MSS, anyone who can watch internet traffic at country-scale and has real deanonymization tooling.

everything below is built for the middle one, the serious investigator. if the NSA is specifically after you, none of this is enough. youre reading the wrong blog, you want academic papers.

go full paranoid and you never actually do it. the effort is too high, and when you spend 30 minutes booting up a pc made out of wood and coins collected in the subway, youre going to stop doing it some day. and then it wasnt worth it. go zero paranoid and you may as well not have bothered. the goal is the middle.

prereqs: a vm, and Tor

you dont do any of this from your normal laptop session. you do it from a virtual machine, a sandboxed second computer running on your existing computer, with its own OS, its own browser, its own everything. if you screw something up, you nuke the vm and rebuild.

important caveat. the vpn inside the vm can fail. if it does, the host machine’s real IP can leak out. so: run a second vpn on your host machine too. one you can buy with your real name as long as it doesnt log. Mullvad is fine for this. turn leak protection on. now even if the vm-level vpn drops, your host vpn keeps the real IP somewhat protected.

which vm platform

VirtualBox. free, runs on windows, linux, and (as of VirtualBox 7.2) on Apple Silicon macs. on intel macs too. its nice.

which guest OS

Ubuntu. install Tor Browser inside. windows works too if youre more comfortable with it. doesnt really matter, whats important is that you actually use it.

Tor, briefly

Tor encrypts your traffic and bounces it through three random volunteer servers before it hits the public internet. the site you connect to sees a Tor exit nodes IP, not yours. your ISP sees you connecting to Tor, not to the site. Tor Browser handles all of this for you.

the one rule

dont log into anything from your real identity inside this vm. ever. once your real email or real social account touches this vm, the isolation is gone. new vm if you slip.

for the ultra-paranoid (side note)

theres stronger setups worth knowing about, just to be familiar with the landscape:

  • Whonix - two-vm force-Tor architecture.
  • Qubes OS - host OS where each program runs in its own vm.
  • Tails - amnesic live OS.

these are heavier and not required for the rest of this piece. mentioned just so you know they exist, because theyre interesting on their own.

1. starting funds: where your real identity actually lives

everything downstream depends on breaking the chain between your KYC’d crypto purchase and the wallet you actually spend from. this is the only step in this article that ties you to your legal name. if you mess this up, every later step is recoverable from the chain by anyone willing to do the work.

so dont mess around here. but also dont overdo it. you dont need to buy crypto with cash from a bitcoin atm in another city. you need to use Railgun.

step one: buy ETH on a real exchange

use Binance, Kraken, or whatever exchange is easy and legal where you live. youll be KYC’d. the exchange knows who you are, ties your bank withdrawal to your wallet, has it all on file. thats fine. were about to break the link.

rough budget for a year of operations:

  • domain: ~$15
  • small VPS: ~$120 ($10/mo)
  • phone numbers: $10 for one-shots. add ~$360 if you keep a Telegram number long-term ($30/mo).
  • vpn: ~$60
  • gas + slippage on the privacy hops: ~$50

round up to $1000 worth of ETH if you want a full year-long runway with margin. less is fine if you dont need the long-term phone rental.

withdraw the ETH to a personal wallet you control. dont shield directly from the exchange. use an intermediate self-custody wallet, any ETH wallet works. MetaMask in a normal browser if you dont have a hardware wallet. the intermediate hop just gets the funds off the exchange.

step two: shield through Railgun

install Railway. its the canonical wallet for the Railgun privacy protocol on Ethereum. Railgun lets you “shield” tokens into an encrypted pool. the funds are still on the public chain, but the public chain sees only an encrypted commitment, not your address-to-address transactions inside the pool.

send the ETH from your personal wallet to Railway. inside Railway, shield it.

step three: send the shielded ETH to a new wallet on the vm

inside the vm, install Railway again. fresh wallet, never seen your real-identity addresses. send the shielded ETH from your original Railway address to the vm Railway address. the send happens entirely inside the shielded pool. nothing about it appears on the public chain.

now unshield on the vm. the unshielded ETH appears at a public Ethereum address that has no on-chain link to your KYC’d purchase. this is the wallet you spend from for everything downstream.

the caveats

  • anonymity-set size matters. Railgun’s privacy is bounded by the size of the shielded pool. ETH on Ethereum mainnet has the largest anonymity set.1
  • timing and amounts. if you shield $1,000 and unshield $1,000 ten minutes later, a competent analyst can link those two transactions. mitigations: wait at least 24 hours between shield and unshield. shield more than you need so the unshield amount doesnt match the shield amount.
  • optional second hop. swap your unshielded ETH to a different chain via 1inch, or swap to Monero via a non-KYC swap service and back. each hop adds noise. for most threat models, one Railgun hop is enough.

2. phone number

you are now on the vm, Tor is up, you have an anonymously-funded wallet. everything from here is paid for in crypto from that wallet.

the recommendation

SMS-PVA. operating since 2013, covers 60+ countries, takes crypto, offers a long-term-rental tier for accounts you want to keep.

rough 2026 pricing:

  • one-shot Telegram number: $0.30 to $1.30 depending on country.
  • one-shot Protonmail number: $0.05 to $0.20 in EU pools.
  • long-term rental for Telegram: around $30/month for a stable number.

the long-term rental rule

if you want to recover access to a Telegram account later, you need SMS to the exact number you used at signup. if the number got reclaimed and given to someone else, youre locked out. so: for any account youll log into more than once, rent the number long-term. dont use the one-shot pool.

for one-shots like Protonmail (where you only need the number at signup, then never again), the cheap pool is fine.

country selection

stick to asian or european numbers. asian (indonesia, malaysia, philippines) for Telegram, european (germany, netherlands, UK, ireland) for Protonmail. avoid russian numbers, theyre blocked or unreliable.

alternates

providerwhen
Crypton.shhigh-privacy posture (Tor onion, Monero, warrant canary). server was seized june 2025, came back. use for high-value accounts.
5sim.netbackup. dont park balance there.

3. email

Protonmail. inside the vm, over Tor. register. because youre on Tor, Proton will probably ask you to verify with a phone number, use one from SMS-PVA.

the username

dont pick a username out of your head. your brain is a boring language model that produces patterns you dont realize are patterns. whatever you instinctively type is more likely than you think to leak something. initials, a year you care about, a hobby, a place you used to live.

instead:

  1. open YouTube. click a random video. look at the top comment. take the commenters username.
  2. click another random video. take the first three letters of the top commenters name there.
  3. concatenate. thats your email.

its ugly, its unmemorable, thats the point. youre aiming for “looks like a random persons email”, not “evocative of a persona”. save the credentials in a password manager.

4. communication

Telegram

register with a long-term-rented number from step 2 (not a one-shot pool number, see the rental rule above). once registered, immediately:

  1. set a Cloud Password in Settings > Privacy and Security > Two-Step Verification. this is the password thats asked for in addition to the SMS code on a new device. this is the single most important Telegram setting in this article. without it, anyone who later gets your number reclaimed can SMS-verify into your account. with it, even with the number, they cant.
  2. pick a username with the same YouTube approach as above.

X / Mastodon / Signal / whatever

same pattern. disposable or long-term-rented phone number, randomized username, no real-name fields, no real-photo fields. dont follow anyone you follow on your real account. dont post about anything youd post on your real account. the deanonymization here is rarely technical, its almost always behavioral.

5. vpn, last

why is the vpn last? to pay for a vpn, you needed an anonymous payment method. to get that, you needed crypto in a privacy wallet on a vm. chicken came before the egg.

the recommendation

Mullvad. signup is a single auto-generated account number. no name, no email, nothing else. pay with Monero (preferred), Bitcoin, or by mailing cash. theyve been raided once (april 2023 in gothenburg) and the police left empty-handed because there was nothing to seize.2 august 2025 third-party audit by Assured Security came back clean.

alternates

  • IVPN. gibraltar, audited by Cure53 seven years running, RAM-only servers, Monero, no email at signup.
  • Proton VPN. switzerland, fourth Securitum no-logs audit landed 2025. note: ProtonMail (different product, same parent) has under court order instrumented logging on a specific account in 2021.3 ProtonVPN itself has not, but worth knowing the parent has.

avoid

  • Kape-owned (ExpressVPN, CyberGhost, Private Internet Access, ZenMate). owned by Kape Technologies, an ex-adware company. Kape also owns several of the “best vpn 2026” review sites recommending its products.
  • Cryptostorm. unaccountable ownership history, no audit.
  • Perfect Privacy. RIP since late 2024.
  • NordVPN. works. marketing-heavy mass-market operation, not the OPSEC pick.

buying a domain

Namecheap. $50 minimum crypto deposit, then pay for the domain out of the balance. register the account with completely fake personal data. name, address, phone, all fake. they dont check as long as crypto pays. their “WHOIS privacy” hides the fake data from the public on top of that, so its double-covered.

what this defeats: public-records searches, OSINT, mass-data-broker dragnets. what it doesnt defeat: a subpoena to Namecheap. their billing system still has the fake details and the crypto-payment trail, and if a court order shows up they hand it over. if you specifically need to defeat a subpoena on the registration data itself, you want a nominee-registrar model. different scope, future article.

buying a server

BitLaunch is the default. panama-based, sells DigitalOcean / Vultr / Linode capacity as the back-end so you get mainstream-quality VMs with anonymous front-end signup. email-only at registration, no name, no phone, no ID. pays in 50+ cryptocurrencies including Monero. Tor allowed for signup and management. hourly billing.

abuse complaints get forwarded upstream. fine for a blog or a small service. not the move if your service draws DMCA notices.

if you need a dedicated server (guaranteed cores, lots of RAM, fast NVMe, your own routed IPs, hardware-level isolation) and a VPS isnt enough, use Latitude.sh. bare-metal in multiple global locations, accepts crypto, anonymity-friendly at signup.

what this stack actually protects you from

after all that, you have:

  • an email address with no connection to your legal name.
  • a phone number paid for in crypto, ditto.
  • a wallet whose funds entered the public chain at an address with no observable link to your KYC’d exchange purchase.
  • a domain whose Namecheap account isnt tied to your bank.
  • a server registered to an email Namecheap doesnt know, paid by a wallet nobody can link to you, accessed only over Tor + a paid vpn.
  • all of it done from a vm you can nuke if anything weird happens.

this stack defeats:

  • WHOIS scrapers, public records searches, OSINT-by-Google.
  • mass-surveillance data brokers, they have nothing useful to sell.
  • most subpoena pipelines for the privacy-friendly providers.
  • casual-to-serious investigators without specialized resources.

this stack does NOT defeat:

  • a global passive adversary watching all internet traffic. Tor’s threat model explicitly excludes this.
  • an adversary who can subpoena Binance for your original ETH purchase and has timing data on every later transaction. if timing and amounts match closely, a competent chain analyst can probabilistically link the shielded transactions back to you. multi-hop and time-delay defeats this. the single-Railgun-hop version above is enough for most threat models, not all.

coming up next

future pieces in this thread:

  • anonymous payment methods (adpaycards, prepaid cards, the rest).
  • using adpaycards to buy AWS servers anonymously.
  • using a browser/desktop wallet inside the vm to receive USDT and other stablecoins. easy, anyone can do it. just pay attention to routing the money through Railway so you dont fuck it up.
  • more, as theyre written.

Footnotes

  1. Railgun documentation, Privacy System, 2025 to 2026.

  2. Mullvad, Mullvad VPN was subject to a search warrant. Customer data not compromised., 2023.

  3. TechCrunch, ProtonMail logged IP address of French activist after order by Swiss authorities, 2021.