Advice from Whonix’s guide to preserving internet anonymity via web opsec:
“Someone sent you an pdf by mail or gave you a link to a pdf? That sender/mailbox/account/key could be compromised and the pdf could be prepared to infect your system. Don’t open it with the default tool you were expected use […] by the creator. For example, don’t open a pdf with a pdf viewer.”
I’m less interested in this specific suggestion than the principle behind it. The bolded sentence hits on a key insight — when you can, subvert your enemy’s expectations. How would their perfect target behave? Adopt the opposite practices. Of course, this adds a lot of inconvenience to your life, so keep in mind whether your situation warrants elaborate identity-protection.
I also read through some of the Hacker News comments on Whonix’s how-to, and this one by user nikcub stood out as being particular savvy: “Your personas [should be] isolated and segregated. They share no information, hobbies, interests and at a tech level they don’t share connections, machines, browsers, apps.”
When you’re trying to stay anonymous, having access to high-tech tools is very helpful — donate to TOR! — but being careful and thinking through every step is even more crucial.
nikcub’s comment also recommended Underground Tradecraft (thegrugq’s Tumblr) so I fell into an opsec rabbit hole. Expect more on this topic soon.