Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blackops.army/llms.txt

Use this file to discover all available pages before exploring further.

The session lifecycle

Every privacy guarantee BlackOps OS makes is bounded by a session. This is what actually happens from the moment one starts to the moment it ends.
1

Identity resets

A fresh identity context is generated. Cookies, local storage, MAC address, hostname, locale, timezone, NTP source, DNS resolver the entire client-distinguishable surface is wiped clean. Nothing from prior sessions is reachable from inside this one.
2

Routing comes online

The routing layer is brought up before any process can reach the network. Until it is healthy, all outbound traffic is dropped at the kernel boundary. There is no clear-net fallback. Apps that try to bind to a non-managed interface fail.
3

Apps launch inside sandboxes

Each app starts in its own confined environment with a private filesystem root and explicit IPC boundaries. No app can read state owned by another. The browser, wallet, and messenger are each their own sandbox the session is what ties them together, not shared memory.
4

Everything shares one session

Messenger and the wallet do not have separate identity contexts or routing paths. They run behind the same routing layer, scoped to the same session identity. There is no second privacy surface to configure separately.
5

Session ends everything is wiped

Closing the session triggers a full teardown. Storage areas are unmounted and zeroed. The routing identity is rotated. In-memory secrets are overwritten. The next session starts from a clean state with no carryover.

What an observer sees

Single session

Looks like activity from a fresh, unrelated client. IP, MAC, hostname, fingerprint none of them match anything from a prior session.

Two sessions, same user

Look like activity from two completely unrelated clients. There is no persistent signal connecting them on any surface the OS controls.
This holds only as long as the user does not voluntarily link sessions. Logging into a personal account ties that session to that account for its duration. The OS does not retroactively unlink.

What you do not configure

There is no privacy mode toggle because there is no non-private mode. The enforcement is the system.
  • No per-app privacy settings to remember to enable
  • No “connect” step for routing
  • No “new private window” for identity isolation
Where settings exist, they govern preference which exit region to use, which wallet to default to not whether enforcement is active.

Boundaries

The enforcement layers protect the system from below the application layer. They do not:
  • Police what an app voluntarily discloses over the network
  • Change the privacy posture of services on the other end of a connection
  • Eliminate behavior-level correlation across sessions by the same user

Continue from here

Session model

The formal specification: states, transitions, what persists, and what is wiped.

Threat model

Adversaries the enforcement layer is designed to defeat and those it is not.