Some of my many opsec mistakes:
- Buying domains with a credit card
- Using AWS with my name and credit card
- Doing KYC with CloudFlare
- Showing my face at conferences and podcasts
- Antagonizing KYC Bitcoin companies
- Not being careful about nostr posts, which cannot be deleted
Login to reply
Replies (90)
π€
And these contributed to having nodeless taken down, I suppose?
You live in a commie state, doesnβt matter how good your opsec is
Thank you for your unintended sacrifice. By sharing all this, it serves as a reminder to the community 1) We are firmly in the "they fight you" stage. 2) stay vigilant and 3) continue to practice good opsec.
View quoted note β
Thanks for sharing so we may learn.
Just a helpful list in general, this entire thing has convicted me to be way more anxy
View quoted note β
ππ½
Iβm so sorry this happened.
Thanks for sharing your wisdoms
Your face and name is safe with me π« I have amnesia π
I honestly wonder at least a couple times a week if I should stop using my real name and profile pic.
View quoted note β
my lineage is well dressed skeletons
thank you for posting this
Anon is almost impossible in this day/age.
Great post.
Wait, so you were investigated, not because you are a registered company, but because you were an anon hobbyist that technically self doxxed?
Thank you for the insights. Good lessons for those fortunate enough to learn by observation this time around. Make sure you have a normie profile separate from your OpSec profile as well for all of the everyday items youβll be doing.
That's my thinking. That if they get me they get me. What can I do. I cannot do anything useful, effective or important to fight the dark side. Just a few notes and comments here and there. What's the point of taking all the precaution?
Or it's my lazyness.
So this is a checklist for anyone who wants to reboot the project.
Do it. Do it.
Yah I am having to reevaluate what I am putting out there on the internet. I did find that some of the hosting platforms actually accept bitcoin.
Another option is buy prepaid CCs with cash in stores with basic or no camera coverage. Then use Tor to visit domain registery.
I worry a bit too , try not to loose any sleep though , whatβs done is done π«βοΈ
I doubt it. The timing of his note is likely coincidence.
Well, it would help the authorities know who they had to strong arm. If he was completely undoxxed it would be harder, right? Assuming nodeless was hosted on AWS etc
Rationale behind the second last point?
Not completely sure. Iβd speculate authorities could just work backwards through the webhost to shut down services if he did not comply. Maybe all they needed was ip addresses or numeric identifiers from the vendor account. Maybe real name wasnβt needed to shut all his stuff down.
Thanks for sharing so we may learn.
Sad that privacy isn't the default in our world.
Too few normies value privacy, and won't until it's gone. π₯
I think about this, too, but also know itβs easier to trust social media when you see βrealβ people.
I think it depends on how you want the world to see you and how that affects your ability to interact with it.
Thanks for sharing so people can learn. The inability to delete messages is both a truly excellent feature, while also a little problematic; such as in the instance you described, but also problematic for people who might get unknowingly entangled or snared into copyright/trademark issues/lawsuits for posting an image/text/document without legitimate authorization from copyright/trademark owners or trolls. Without the ability to take the note/post down permanently and comply with the cease/desist orders, this can become a living nightmare for some.
These are fair points and I believe the success of Nostr Plebs and my travels speaking about Nostr at various conferences has benefited from being doxxed. I could be wrong.
Split online personalities is highly recommended nowadays, when we're living through the privacy apocalypse, we probably can't make it through but at least we have to try.
Befriend the shadows.
View quoted note β
At this point, consider yourself observed also on Nostr. Consider to completely stop sharing until you've spoken to a lawyer about the situation. They try to put as much dirt on you as possible, don't give them any (more).
Best of luck π
I think the not being able to delete posts is one of the strongest reasons to use a nym. Weβre constantly seeing peopleβs old tweets being dug up from 10+ years ago when the tweeting culture was completely different from what it is now. So imagine 10 years from now, if nostr has a super strong search function and has become big enough where people dig up old postsβ¦will the culture thatβs the norm here currently still hold up then? Hard to say.
Please don't regret posting honesty on nostr. Honest is a brave way to be sometimes.
How is Wikileaks even online in spite of state attacks?
More trouble than I feel it's worth taking. Until I figure out how to truly unplug from the matrix I'll just keep shit posting. And letting the government know how much I hate their guts.
Even if nots could could be deleted - internet doesnt forget.
Most Bitcoiners can add to that:
Not utilising #Monero when it is literally made for an adversarial environment.
View quoted note β
Who in their right mind would be thinking of trying such a thing???
Itβs similar to people preferring to meet up in person with someone using Facebook rather than Craigslist.
Those who live in a less communist jurisdiction than Canada
Yea man with all that being said, ur still being shafted wrongly.
π«‘
Thanks for the honesty and postmortem (mid-mortem?). So, what can we learn from this?
0) If you want to make a difference, regardless of how right or moral you are, you should probably be more paranoid and careful than you are now. Things could get more authoritarian than they seem now.
1) Hosting: some options
2) Use a reseller or see #1
3) I can understand the legitimate reasons why people use cloud flare, but they are an anathema to privacy and are taking over the web. We need better ways to combat problematic users without the CF goblin.
4) Either go @UNCLE ROCKSTAR and cover face (though voice matching is trivial these days) or disassociate your developer self from your legal/official self (though this might preclude invites to conferencesβa paradox?)
5) I dunno what to say here. They suck and probably deserve antagonism
6) Think before you post. Always use a VPN/Tor. Carefully screen images for unintended content and strip metadata for what you post
β‘οΈπ«‘πͺ thanks for being open. You are on the front lines currently but we are in this together

PrivacyTools.io
Best Private Web Hosting & Domain Providers in 2026
Web hosts and domain registrars chosen for privacy-respecting practices and strong jurisdictions. The best private hosting and domains, vetted sinc...
The prison is not designed for you to escape it.
View quoted note β
I regret leaking that I am a cat. Now everyone thinks Iβm a pussy.
Here puss puss π
I regret leaking Iβm a wolf. Now everyone thinks I sniff asses.
But you actually do π
Only wet assess
I regret leaking Iβm a frog. Now everyone thinks Iβm a French Canadian
But now everyone knows
ππ
Youβre not?
I said too much already π€π€£π€£
π Iβve got my suspicions π€π
π€£π€£
Watch this mf be straight outta Montreal.

Big if true.

Not getting voice synthesizer is one of my biggest regret, hoping tech gets better for the future.
Itβs probably too late at this point.
Doxbook
Just cloned all 15 repositories off of GitHub. You never know what they will censor next
Time for a new identity
I'm afraid our dog did some similar mistakes... Maybe I should stop abusing his accounts, but not quite yet!
ask @will to nuke if needs
View quoted note β
Let's be honest for a second here. Sure, not doing any of that would have delayed the detection, but can one otherwise truly hide their identity while being relatively active on social networks, developing a project, or providing an online service?
I'm not talking to you, Satoshi. You might have actually made it, but that is an exception.
View quoted note β
Nice actionable stuffs. <3
All good points. I guess it also depends on the conference, which ones were they?
I think if one is seriously concerned about opsec, they should pull the plug on everything and start all over.
Then, as a genral rule, treat everything as if itβs compromised.
This is also coming from someone with bad opsec. My paranoia can only go so far.
Nostr is the worst platform for privacy ;)
Fuck me.
I typed them all out and almost hit send.
Just pay the tax and get back to your roots. BTC needs your voice today more than ever.
Uvita, Costa Rica
Miami, Florida
Toronto, Canada
Riga, Latvia
π
I wonder what those conferences were all aboutβ¦ π€
I'm heading to Uvita for Xmas, I'll do some scouting if you like.
π€£π
Snort lets you delete posts, but it's not perfect. Honestly, even if it was perfect, screenshots last forever. 

Snort
Snort - Nostr
Snort is a feature-packed, decentralized social media client built on Nostr protocol. Fast, censorship-resistant, and open source.
Dog, but same. I'd neeeeeeever do that...
maybe comes handy to someone else in this scenario
Massive list of Bitcoin-friendly VPS hosting providers
Regularly updated list of Bitcoin-friendly VPS, dedicated server, VDS, VPN, email, and domain hosting providers.
I hate the credit card/ internet transaction opsec issues. Lots of inconveniences
BTCco prepaid Visa cards
Thank you for this list of missteps...
I am so sorry about your current consequent struggles... No one deserves the state boot heel.π π‘π€¬
Anyone know what happened to @utxo the webmaster π§βπ» ?
View quoted note β

