§No trust required. Just math.

by Alien Investor

#Tor #Orbot #Privacy #OpSec #Android #GrapheneOS #Anonymity #Bitcoin

────────────────

“Anonymity is not a state. It is a behavior.”

────────────────

Your ISP sees everything. Every domain. Every connection. Every timestamp.

A VPN just shifts the problem — now you trust the VPN provider instead of your ISP. You’ve traded one surveillance relationship for another.

Tor solves the problem differently.

With Tor, trust is removed from the equation. The network itself is designed so that no single point knows both who you are and where you’re going. Not because someone promises — because the math prevents it.

────────────────

§How Onion Routing Works

Tor stands for The Onion Routing. Your data is wrapped in multiple layers of encryption — like an onion — and routed through exactly three volunteer-operated servers:

Guard Node (Entry) — Knows your real IP. Has no idea where you’re going.

Middle Relay — Knows only the previous and next hop. Nothing else.

Exit Node — Knows the destination website. Has no idea who sent the request.

Each node peels off exactly one layer of encryption. That’s it. No node ever sees the full picture. No single point can link sender and recipient.

This is not trust. This is architecture.

────────────────

§Tor Browser: The Browser That Makes You Disappear

Tor Browser is not a regular browser with a Tor plugin. It’s a hardened Firefox fork built to work with the network — optimized for one goal: make all Tor users look identical.

No spoofing. No masking. Crowd blending.

Every Tor Browser instance shares the same user agent, the same window size, the same settings. The individual vanishes into the crowd. No fingerprint to track.

What it includes:

• Automatic Tor routing — start and browse, zero setup
• NoScript: JavaScript control per security level
• Session isolation: cookies and history wiped after every session
• New Identity: fresh circuit at the click of a button
• Access to .onion hidden services

The three security levels:

Standard — everyday anonymous browsing, full Tor protection. Safer — unknown sites, censored networks. Safest — journalists, activists, .onion access. Most modern sites will break.

Mistakes that destroy anonymity:

• Logging into personal accounts → immediately de-anonymized
• Full-screen mode → window dimensions become fingerprint data
• Installing extensions → makes your browser unique
• Opening downloaded files → can phone home and leak your real IP
• Torrents → almost always leak your real IP

────────────────

§Orbot: Tor for Every Android App

Orbot is not a browser. It’s a system-level proxy for Android — built by the Guardian Project together with the Tor Project.

It does one thing: route other apps’ traffic through Tor. Not just browsing. Any app you choose.

Two modes:

VPN Mode — Orbot creates a local VPN using Android’s VpnService API. Traffic from selected apps is intercepted at the system level and routed through Tor. No app configuration needed. Use “Choose Apps” in Orbot to pick which apps go through Tor.

Proxy Mode (Power User) — Orbot provides a local SOCKS5 proxy instead. The VPN slot stays free, which means you can run Orbot simultaneously with Mullvad or ProtonVPN. The result: Tor over VPN. Your ISP only sees the VPN connection. The VPN provider only sees Tor traffic. No single point knows both.

────────────────

§Setup on GrapheneOS

Install Orbot from F-Droid — enable the Guardian Project Official Releases repository in F-Droid settings first. Alternatively, download the APK directly from guardianproject.info.

After installation:

1. Enable VPN mode
2. “Choose Apps” → select only the apps you want through Tor (wallet, messenger, browser)
3. For maximum leak protection: Android Settings → VPN → Orbot → “Block connections without VPN” (Note: this disables split-tunneling — everything then goes through Tor)
4. Enable Bridges if Tor is blocked on your network

────────────────

§Routing Your Bitcoin Wallet Through Tor

With Orbot VPN Mode + Split-Tunneling:

Start Orbot → VPN mode → “Choose Apps” → select your wallet app (e.g. BitBox, Blue Wallet, or any other). Done.

All network traffic from that app now routes through Tor automatically. Your wallet communicates with nodes without your ISP being able to trace the connection back to you. No IP address pointing to you. Just anonymous Tor traffic.

No configuration inside the app required.

────────────────

§Bridges & Pluggable Transports

If Tor is blocked on your network (ISP, corporate firewall, censored country), use bridges.

Bridges = secret, unlisted Tor entry nodes the censor doesn’t know about.

Pluggable Transports = disguise Tor traffic as something else:

obfs4 — makes traffic look like random noise. Standard choice. Protects against active probing.

Snowflake — traffic looks like a WebRTC video call. Extremely hard to block without breaking video calls entirely.

meek — routes through Azure/Google infrastructure. Censors can’t block it without blocking major cloud providers. Slow, but a last resort that works.

WebTunnel — newest transport. Looks like a normal HTTPS website connection.

In Tor Browser: Settings → Connection → Bridges → select built-in bridge In Orbot: Main screen → “Use Bridges”

Only use bridges when Tor is actually blocked. In open networks, direct connections are faster and preserve bridge resources for users who actually need them.

────────────────

§Tor Browser vs. Orbot: When to Use Which

The critical difference:

Orbot hides your IP. Tor Browser hides your IP and standardizes your browser fingerprint.

Routing Vanadium through Orbot = anonymous at the network layer, not at the browser layer. Your fingerprint still differs from Tor Browser users.

For real anonymity while browsing: use Tor Browser directly. For apps that are not browsers: Orbot is the right tool.

────────────────

§What Tor Cannot Do

Exit node sees HTTP traffic — the last encryption layer is removed at the exit node. Always use HTTPS. On non-HTTPS sites, the exit node operator can read your traffic.

Your ISP sees you use Tor — not what, but that you do. In countries where this is risky: use bridges.

Traffic correlation — a sufficiently powerful adversary monitoring both ends of the connection can theoretically link traffic. This is a nation-state threat model.

User mistakes — no network protects against logging into your real accounts, opening malicious files, or ignoring operational security. The technology is only as strong as the behavior.

────────────────

“The network can only protect what you give it. What you give away yourself, no one can protect.”

────────────────

Affiliate block:

📖 GrapheneOS: Android in the Age of Surveillance — Setup, Apps & Digital Sovereignty. The complete handbook for your Google-free Android. DRM-free, €4.99. 👉 https://alien-investor.org/buecher.html · also on Amazon KDP

🛡️ Privacy & Mail — Email, VPN, Cloud without Big Tech. I use Proton. 👉 https://alien-investor.org/proton

₿ Bitcoin in self-custody — Hardware wallet instead of exchange account. Code ALIENINVESTOR = 5% discount on the BitBox. 👉 https://alien-investor.org/bitbox

₿ Bitcoin DCA (Europe) — Bitcoin-only, no shitcoin noise. Code ALIENINVESTOR = permanent −0.2% fee reduction. 👉 https://alien-investor.org/21bitcoin

Disclaimer: Some links are affiliate links. Using them supports this channel at no extra cost to you.

────────────────

Money, power, Bitcoin — and OPSEC. I write about financial sovereignty, privacy, and cybersecurity in a world built on control. More at alien-investor.org 👽