faraday@localhost:~$ 

FARADAY

LINUX

// Privacy-first NixOS. Tails meets modern Hyprland.

Tor Mullvad VPN LUKS2 linux-hardened Hyprland Wayland NixOS
view source
100%Tor routed
LUKS2Full-disk enc
0DNS leaks
IPv6 exposed
MACRandomized
// 01

Built to disappear.

Every layer hardened. Nothing leaks.

01

Tor — Always On

All traffic transparently proxied through Tor at the system level. No app can bypass it. DNS through Tor's DNSPort — zero leaks.

transparent-proxyDNS-over-TorIPv6-disabled
02

Encryption Enforced

Calamares pre-selects full-disk LUKS2 with Argon2id KDF. You can't skip it. Encrypted swap — no plaintext pages on disk.

LUKS2Argon2idenc-swap
03

Hardened Kernel

Ships with linux-hardened and the full patch set. ASLR maximized, ptrace restricted, ICMP blocked, SYN cookies on.

linux-hardenedAppArmorUSBGuard
04

Network Isolation

MAC randomized per-connection. Firewall blocks all inbound by default. Mullvad preinstalled. You're invisible on the network.

MAC-randnftablesMullvad
05

Hyprland Desktop

Wayland-only. No X11 side-channels. Modern tiling WM with Waybar Tor indicator, Wofi, Dunst, Hyprlock.

WaylandHyprlandWaybar
06

Hardware Hardening

Webcam and mic disabled at kernel level — modules blacklisted. USBGuard blocks unknown devices. Re-enable with one command.

uvcvideo-offsnd-offUSBGuard
// 01.5

Double layer. Zero trust.

Mullvad VPN preinstalled — stack it on top of Tor.

YOU
encrypted
TOR
anonymized
MULLVAD
tunneled
INTERNET

Preinstalled & ready

Mullvad ships in the ISO. Log in with your account number — no email, no personal info required. That's kind of the point.

Tor → Mullvad stack

Your traffic goes through Tor first, then Mullvad. The VPN sees a Tor exit node, not you. Tor sees Mullvad, not your destination.

No-logs, audited

Mullvad has been independently audited multiple times. They literally can't log you — they don't know who you are.

mullvad setup
$ mullvad account login YOUR_ACCOUNT_NUMBER
Logged in to account.
$ mullvad connect
Connected. Route: Tor → Mullvad → Internet
// 03

Verify your setup.

Confirm everything is locked down.

faraday@faraday:~$
$ faraday-status # live security dashboard
$ torify curl https://check.torproject.org/api/ip
{"IsTor":true,"IP":"185.220.101.x"}
$ torify curl https://api.ipify.org # should be Tor exit
185.220.101.x
$ ip link show # verify MAC randomization
// 04

Maximum anonymity.

Designed to keep you safe. Every default is hardened — no tweaking required.

BUILT FOR THIS
  • Journalists and activists on hostile networks
  • Maximum anonymity browsing sessions
  • Security researchers who need a hardened baseline
  • Anyone who wants privacy on by default — no setup
  • Whistleblowers and people in surveillance states
STILL WATCH OUT FOR
  • Physical access — a strong passphrase is on you
  • Correlation attacks (controlling both Tor exit + destination)
  • Browser exploits executing before traffic reaches Tor
  • Tor Browser gives more anonymity than Firefox — use it when it matters

// open source · MIT · fork freely

The cage is open.
Step inside.

View on GitHub