Virtual numbers provide a layer of privacy by allowing you to make and receive calls and messages without revealing your real phone number. Static residential proxies offer a stable IP address that appears as a legitimate residential connection, making it harder for websites to track your online activities. Firefox, known for its focus on privacy and security, offers numerous features and extensions to enhance anonymity. Together, these tools create a powerful strategy for maintaining anonymity while setting up and managing PayPal accounts.

Tool 1: Mac Address Changer

​
https://preview.redd.it/ejab0lwtbn1d1.png?width=621&format=png&auto=webp&s=983d69fa64b2e76061a1856eafa14e089699c9cb
The primary purpose of a MAC address changer is to provide anonymity and security. By changing the MAC address, users can prevent their original hardware address from being tracked.
Steps to use the Software:

1. Open the MAC address changer software: Upon launching the application, it will display a list of all the network adapters available on your device.
2. Choose the desired network adapter: Select the network adapter whose MAC address you wish to change. The application will then display the details of the selected adapter.
3. Navigate to the Information tab: Look for the section labeled “Change MAC Address.”
4. Enter the new MAC address: Type the new MAC address into the provided field. Then, click on the “Change Now!” button to apply the new address.
5. Generate a random MAC address (optional): If you prefer, you can click on the “Random MAC Address” button to automatically generate a random MAC address from the available vendor list.

Tool 2: Static Residential Proxy (SOCKS5)

A static residential proxy (SOCKS5) is a type of proxy server that provides users with a static, or fixed, IP address sourced from a residential internet service provider (ISP). Unlike data center proxies, which use IP addresses assigned to data centers, residential proxies use IP addresses that are assigned to real residential locations. This makes them appear more legitimate and less likely to be blocked or flagged by websites and services.
One of the key advantages of using a static residential SOCKS5 proxy is enhanced anonymity and security. Since the IP address appears as a legitimate residential address, it is less likely to be detected and blocked by websites and services. This is crucial for activities that require a high level of privacy and security as Paypal creation account.
IPBurger is a provider of residential proxies known for reliability and high-quality services for create multiple PayPal accounts. Ideal for maintaining anonymity. While IPBurger is excellent for these purposes, there are also other reputable alternatives available like BrightData (Expensive).
If you live in the United States, you can avoid using proxies by simply using your smartphone as a hotspot. To change the IP and create a new account, just switch your phone to airplane mode and then turn it off.
However, if you already have a proxy and wish to use it, it is recommended that you first check its quality with services like ipinfo.io or iphub.info

How can i know if i’m using a Residential Proxy?

​
BAD IP
​
GOOD IP
​
BAD IP
​
GOOD IP

How to configure the proxy?

To configure a proxy with Proxifier, follow these steps:

1. Open Proxifier and go to “Profile” > “Proxy Servers”.
2. Click “Add” to enter your proxy details (address, port, protocol).
3. Test the connection and click “OK”.
4. Set rules under “Profile” > “Proxification Rules” to apply the proxy to specific applications.

Tutorial in Video:
https://www.youtube.com/watch?v=57RlHRF-oAE&ab_channel=Smartproxy

Tool 3: Firefox + Addons

Using Firefox for anonymity is ideal due to its strong privacy features, such as Enhanced Tracking Protection and extensive customization options. It supports numerous privacy-focused extensions, like NoScript and Canva Defender, and does not track user activity by default, unlike some other browsers.
Important: Use the US version of Firefox
Strict Security: To set privacy to strict in Firefox, follow these steps

1. Open Firefox and click the three-line menu in the top right corner.
2. Select “Settings” (or “Preferences”).
3. Go to the “Privacy & Security” section in the left menu.
4. Under “Enhanced Tracking Protection,” select “Strict.”

This will configure your privacy settings to strict mode.
​
https://preview.redd.it/ppdpn652cn1d1.png?width=800&format=png&auto=webp&s=a6b3cb3cd6ecb452bf2c90184586710887bd4b77
​
Media.peerconnection: To disable media.peerconnection.enabled in Firefox, follow these steps:

1. Open Firefox and type about:config in the address bar, then press Enter.
2. Click the “Accept the Risk and Continue” button.
3. In the search bar at the top, type media.peerconnection.enabled.
4. Double-click the media.peerconnection.enabled entry to set its value to false.

​
https://preview.redd.it/838rix93cn1d1.png?width=800&format=png&auto=webp&s=19775dd2e12987c444608ff3853cffb768b8eb62
Canvas Defender: Canvas Defender is a privacy-focused extension designed to protect against canvas fingerprinting. Canvas fingerprinting is a technique used by websites to track users by generating a unique digital fingerprint based on their browser and device’s canvas rendering capabilities. Canvas Defender works by adding subtle, random noise to the canvas data, making it more difficult for trackers to create a consistent and unique fingerprint of your device, thus enhancing your online privacy.
Click here to download the extension.

Tool 4: CCleaner

CCleaner enhances anonymity by clearing browser history, cookies, and cache, which can track your online activities. It also removes temporary files and unused data from your system, reducing traces of your browsing habits and improving privacy. This helps maintain anonymity and can reduce the risk of being detected by PayPal algorithm.
CCleaner oficial Website

Tool 5: SMS Provider

A temporary non-VOIP number is a valuable tool for creating multiple PayPal accounts. These numbers allow you to receive verification messages without using traditional phone lines, protecting your privacy. They are ideal for managing multiple accounts, maintaining anonymity, and avoiding duplication blocks.
Among the most recommended sites is Major Phones due to the quality of the services they offer.

1. Middle and Long-term numbers: These features allow you to purchase non-VOIP numbers and receive multiple text messages on the same number at a low cost.
   
2. Short-term numbers: If you are looking to receive a single text message, they also offer this feature for less than a dollar. The best part is that they indicate the probability of successfully receiving the text message.
   

Short-term numbers
Moreover, you can check an article of how to bypass PayPal SMS verification proccess in this article

Once we have all the tools, we just need to follow these steps:

1. Change the MAC address of your PC.
2. Configure your residential proxy (SOCKS5) with Proxifier and check your IP address in ipinfo/iphub
3. Configure Firefox with strict security and disable media.peerconnection
4. Install Canva Defender addons + WebRTC block
5. Register a new Gmail account (you can use a non voip number for bypass Gmail sms verification).
6. Get a non voip number from Major Phones (Short/Middle/Long) depends of your needs.
7. Go to PayPal and proccess to register your account.

Article Cover Showing List of Principles and Names of Researchers
Thanks to the good work of academic researchers across the globe, we have a data-driven way to evaluate the quality of whistleblower software. The papers we’ve looked to for this article include:

• Anonymous Javasript Cryptography and Cover Traffic in Whistleblowing Applications by Joakim Uddholm from the KTH Royal Institute of Technology
• A Simple and Robust End-to-End Encryption Architecture for Anonymous and Secure Whistleblowing published by Hariharan Jayakrishnan and Murali Ritwik from the Amrita School of Engineering
• CoverDrop: Blowing the Whistle Through A News App, Mansoor Ahmed-Rengers, Diana A. Vasile, Daniel Hugenroth, Alastair R. Beresford, and Ross Anderson

The authors lists the characteristics of a whistleblower submission system. They include:

1. Usability of the Software
2. Authenticity of the Receiver
3. Plausible Deniability of the Whistleblower
4. Availability of the System
5. Anonymity of the Whistleblower
6. Confidentiality and Integrity of the Disclosures

1. Usability of the Software

Managed Service
Usability is the linchpin of any good software system. No matter what your value proposition is — the most private, secure, or whatever — if your targeted audience cannot use the software, no amount of engineering genius will make a difference. As researcher Joakim Uddholm puts it:
“The system must be usable for both whistleblowers and journalists. Whistleblowers must be able to use the system without the protection features getting too much in the way, and journalists must be able to use the system without it interfering too much with their work routines.”
A key differentiator for Hush Line is that we’re a managed service, meaning you don’t have to host core infrastructure, operate dedicated networks, or hire specialists to start using the service. All a user needs to do to have an anonymous tip line is register an account.
UI for Hush Line Registration page
By providing a centralized service, we significantly reduce the risk of user error, making the service more consistent, predictable, and trustworthy.

Email Delivery

Hush Line can deliver messages directly to your email inbox. Users may enter their preferred SMTP information from Gmail or Riseup, for example, and any message submitted to their tip line will be delivered to their email account. Enabling users to set it and forget it makes using Hush Line effortless and integrates into the systems they’re already using.
SMTP Hush Line Settings

Clearnet and Tor Addresses

Hush Line is also available on both Clearnet and Tor Onion addresses. This approach is critical for users where Tor might be blocked or having anonymizing software on their device could be incriminating, like in the case of Ola Bini in Ecuador.
Screenshot of Ola Bini’s tweet about his conviction.
Since Hush Line can be accessed over a Clearnet address with the default browser already on your phone, your fingerprint will be the same as everyone else who just bought a new phone.

Making PGP Easy

Before, using PGP meant adopting cumbersome workflows that even stumped journalists at the heart of the Snowden disclosures. Journalist Glenn Greenwald didn’t have PGP set up, and didn’t have the time to learn how to do it, resulting in Snowden not being able to securely contact him. Even Snowden forgot to send his PGP key to journalists when initially contacting them.
Inbox view with Mailvelope browser extension.
Hush Line attempts to solve this problem through our integration of Mailvelope, a powerful open-source browser extension for Chrome and Firefox that enables users to create keys, decrypt and encrypt message directly in their browser, and export their public PGP key. For tip line owners, once adding their PGP key to Hush Line, all messages are end-to-end encrypted by default and when a tip comes in, they can read it within the Hush Line app. For whistleblowers, this means they don’t need to do anything to send a secure, anonymous message.

2. Authenticity of the Receiver

Verification System

Hush Line has a verification system for journalists, organizations, activists, or other public figures. Verified accounts receive a special badge on their message submission page so that people submitting messages know they’re contacting the right person. To be verified, users must submit proper information to prove their identity or approval to represent a company.
Submit Message page with a “Verified Account” badge.

Opt-In User Directory

Users may opt-in to a public directory where others can find their address. The default tab is prioritized to make it easy to find verified users. The directory is searchable, and a whistleblower can have confidence of the validity of an address.
Hush Line User Directory page

Account Reporting

The verification system and user directories are two ways to help ensure the authenticity of the receiver, but to help ensure the platform’s health, we enable users who have logged in to report spam or abuse accounts. We will address reported accounts immediately to determine the best next steps, whether deleting the account, sending a warning message, or other appropriate methods.

3. Plausible Deniability of the Whistleblower

No Downloads

Hush Line is accessible over a Clearnet address, so a user doesn’t have to download any new software to send an anonymous message. If someone wants to use a Tor-only tip line service on their mobile device, they must sign in to the Apple App Store or Google Play Store. To download Tor Browser, you need to provide a valid email address or phone number and possibly payment information, all considered personally identifiable information. Now that you’ve downloaded new software on your phone, your “fingerprint” has become unique to who you are. If you only have Robinhood, Tor Browser, Mastodon, Chrome, and Slack on your phone, the likelihood of someone else having only those same apps becomes less likely. If you have even 50 apps, your fingerprint will be more associated with you, possibly entirely unique. The more unique your fingerprint is, the less realistic a plausible deniability claim is.

One-Way Messaging

Most people fail to report information because they fear retaliation and the significant risks of whistleblowing. Hush Line is a one-way messenger explicitly designed to protect the individual submitting the message. If the person submitting a message feels comfortable enough to leave a contact method, they may or can submit a message without any further involvement.

Account-Free for Whistleblowers

Someone submitting a message does not need to create an account to use the app. This crucial feature allows a whistleblower to reduce the trail of information they leave behind. No credentials can be found if you have no username or password to save. And since Hush Line requires no special software, a message can be submitted from any phone or computer, from a pubic library or internet cafe, for example.
Success message after sending a message without an account.

4. Availability of the System

Centralized Services

By providing a centralized service, Hush Line is more reliably available by only requiring a single system to be maintained and secured. Centralizing our services protects users by removing the responsibility of managing specialized infrastructure and following complex workflows, which, if done incorrectly, could have real-world implications.
Decentralized systems help with censorship resistance (and Hush Line can also be self-hosted), but when there are tens, hundreds, or thousands of separate instances all disconnected from each other, there is no way to ensure the quality of those systems. What other software is on the server? Is it updated? Are any ports open? Who currently has or has had access? What hardware are they using? It’s impossible and foolhardy to assume that everyone will follow best practices consistently.
An analogous example of the inherent risks of decentralization is from the Mastodon network — a decentralized version of Twitter where anyone can run an instance. The database for Kolektiva.social, a service tailored to anarchist users, was compromised. In 2023, the home of its admin was raided for an unrelated event, and the FBI seized an unencrypted database backup.
Snippet from the Kolektiva admin account’s post after the raid.

5. Anonymity of the Whistleblower

Leaking IP Addresses

To make Hush Line accessible to as many people as possible, the app is available on a publicly accessible URL, which is what you might expect from any web service. However, when using a Clearnet URL, leaking a user’s IP address is a real possibility.
To help defend against this, we scrub IP addresses from our access logs to minimize the risk of this happening when you use our app. To remove the possibility of IP leaks in high-threat scenarios, we deploy Hush Line as a Tor Onion service.

Tor Support

Tor is a network that anonymizes your internet browsing activity. It acts as a proxy by randomly routing your request through its network of relays, hiding who is making the request. Tor also has a feature called Onion Services. An Onion service makes a website or application accessible through a special .onion address that is only available through the Tor Browser.
Message submission onion site.
When using a regular browser like Chrome or Firefox, when you enter an address like hushline.app the browser needs to know the server address for that URL. A long chain of services helps make it possible, from your ISP to DNS services, the server running the app, and more to make it possible to type something memorable like hushline.app instead of remembering and entering 64.23.155.36. Just as the browser needs to know the IP address of the target web server, your IP address is also necessary to know where to send the information.
Your IP address is essentially your customer ID for your internet service provider. All someone with the necessary authority needs to do is request the information of the owner of that IP, and your real identity is exposed.
Onion services defeat this kind of threat because they don’t operate using the same DNS and IP protocols. Tor Browser is connected to the Tor anonymizing network, and so are the Onion services that exist within it. When someone uses a .onion address, the request from the browser to the server and back never leaves the Tor network, completely sidestepping IP leakage.
To access Hush Line’s information site using our Onion address, enter `http://w25rxxn62dgix7qdbw4ot37m2y4ty7kxfrinspw4ce7jzse7pb6rhaqd.onion/\`, or to access the app’s Onion site, enter `http://ghj4vviaoccj4tj2r3ss52arbnchkfvs7uft4sgtrkuvdha5zjgo6yqd.onion\` in Tor Browser.

Timing Correlation

To know that two people are talking to each other, you don’t need to know the contents of their messages if you have enough metadata about the conversation. One such way to reveal important context about who might be talking to each other is to learn when the messages were sent. If there’s a flurry of activity from two accounts — one after the other, repeatedly, pausing at similar times, being active at similar times— someone analyzing the logs might assume those accounts are talking to each other.
To address this, we do not timestamp messages or relate accounts in any way. An attacker with access to the server cannot relate two messages on the platform, which is largely irrelevant as Hush Line is designed as a one-way messenger.

6. Confidentiality and Integrity of the Disclosures

Message Encryption

Hush Line uses PGP for message encryption, making the key owner the only one technically able to read the decrypted messages. Messages are end-to-end encrypted using OpenPGP.js, meaning our server will never see the decrypted contents.
Hush Line Inbox with an encrypted message.
We’re proactive about communicating with senders and receivers about the importance of the tip line owner adding their public PGP key, and we discourage sharing sensitive information if the receiver doesn’t encrypt their messages.
Unencrypted warning on a message submission page.

HTTPS

We use Let’s Encrypt for HTTPS certificates. When a site uses HTTPS, requests use the TLS protocol to encrypt data in transit from the browser to the server and back. This protects your activity from being monitored or tampered with while using the app.
For an attacker who can monitor network connections, instead of seeing which page you’re on or who you’re submitting a message to, the primary URL is only visible. So if a message submitter is on https://hushline.app/submit_message/artvandelay the recipient remains unobservable, and the only thing visible to a network snoop is https://hushline.app/.

Conclusion

There are many tip-line solutions on the market, and it can be intimidating to choose the right one for you. We hope this article gives you a data-driven way to evaluate the software that fits your needs.

Additional Research

• A Secure Submission System for Online Whistleblowing Platforms. Volker Roth, Benjamin Gu ̈ldenring, Eleanor Rieffel, Sven Dietrich, Lars Ries Freie Universit at Berlin, FX Palo Alto Laboratory, Stevens Institute of Technology
• Anonymous Whistleblowing over Authenticated Channels. Thomas Agrikola, Geoffroy Couteau, and Sven Maier. CNRS, IRIF, Université de Paris, France, Karlsruhe Institute of Technology, Karlsruhe, Germany
• Artifice: A Deniable Steganographic File System. Austen Barker Staunton Sample Yash Gupta Anastasia McTaggart Ethan L. Miller Darrell D. E. Long*,* University of California, Santa Cruz
• Anatomy of a whistleblowing system, SecureDrop

Do you have any questions, comments, or feedback? Follow us on Mastodon at @scidsg@fosstodon.org.
Originally posted on Medium: https://medium.com/p/51beb8b05eb1

https://preview.redd.it/8bqk5aswc51d1.jpg?width=1009&format=pjpg&auto=webp&s=f7a12074fa1a1bc50182518ad158a40a605e7890
being told to type "https" for web addresses, humble me types:
https://www.cybercrime.admin.ch
and I get:
unable to connect
only http works - duh!
http://www.cybercrime.admin.ch
guess me blindly following IT security adivces w/o having proper knowledge makes me a future cyber crime victime!
EDIT: strange, on some smartphones the web address "www.cybercrime.admin.ch" does not redirect to https://www.ncsc.admin.ch/ncsc/de/home.html

https://preview.redd.it/75t2ud79uu0d1.png?width=180&format=png&auto=webp&s=c42f5f0aa4e7301130659aaeb528981a8f41ae16
could anyone help me achieve this rounded toolbar effect?
pictured on the left is google chrome which has the look i would like to achieve, and pictured on the right is my firefox.
sorry if this is a stupid question, i am not very experienced with CSS.