Five Operational Security Mistakes That Expose You

1. Conflating tool activation with anonymity

Activating Tor is not the same as being anonymous. Anonymity is a property of the entire session — the browser you use, the accounts you log into, the metadata you generate. KillNode routes your traffic through Tor. It does not prevent you from logging into a personal account, leaking your timezone in HTTP headers, or using a browser with a unique fingerprint.

Fix: Use Tor Browser (not a standard browser through a Tor proxy) for anonymity-sensitive sessions. Use KillNode's proxy mesh for application-level traffic routing, not as a replacement for compartmentalization.

2. Forgetting applications that bypass the proxy

KillNode applies a session proxy to Electron's renderer and provides local HTTP and SOCKS5 endpoints for other apps. It does not enforce a system-wide firewall rule that forces all traffic through Tor. Any application that does not respect the system proxy setting — or that opens UDP connections — bypasses Tor entirely.

Fix: Use a firewall rule (iptables, Windows Firewall) to block non-Tor outbound traffic if you need OS-wide isolation. The KillNode killswitch severs the interface entirely as a last resort, not as a continuous filter.

3. Failing to test before relying on the tool

Many people activate Tor and assume it is working. A misconfigured exit policy, a stale circuit, or a proxy that silently falls back to direct connections can expose your real IP.

Fix: Test with a known-good endpoint before relying on the setup: ```bash curl --proxy http://127.0.0.1:9742 https://check.torproject.org/api/ip ``` The response should show a Tor exit node IP, not your real address. Run this test after every Tor activation.

4. Ignoring metadata

IP address concealment is one dimension of operational security. Equally important: timestamps, user-agent strings, language/locale settings, window dimensions (canvas fingerprinting), and the content of what you send. A message that only you could have written, sent from a Tor exit node, is still attributable.

Fix: Strip metadata from documents before sending (ExifTool for images, MAT2 for office docs). Use a consistent browser profile. Do not write in a distinctive style.

5. Not planning for failure

What happens when Tor crashes mid-session? What if the killswitch misfires? What if you lose your network and cannot recover?

Fix: Before a sensitive session: - Document your current network adapter state (ipconfig /all on Windows, ip addr on Linux). - Know the recovery commands for your platform (see TROUBLESHOOTING.md). - Enable KillNode's dead-man timer if automatic severance on Tor failure is acceptable. - Test the killswitch and the restore procedure in a low-stakes environment first.