What Is BlackOps OS?

Documentation Index

Fetch the complete documentation index at: https://docs.blackops.army/llms.txt

Use this file to discover all available pages before exploring further.

BlackOps OS is an operating system whose privacy guarantees are enforced below the application layer. Apps cannot opt out of routing, cannot persist identity across sessions, and cannot reach state owned by other apps. The enforcement lives in the OS itself, not in user discipline or per-app configuration. This page is the orientation. It states what BlackOps OS is, why an OS-level approach is the necessary one, what the four enforcement layers do, and what BlackOps OS does not claim. For the implementation, follow the links.

​

Why an OS

Every privacy tool that ships above the OS covers one surface and leaks around the others. A VPN client routes only what binds to its tunnel. A misconfigured app reading from the default route bypasses it silently, and the kernel has no opinion about that. A browser’s incognito mode resets cookies and storage but cannot prevent reuse of the same MAC address, hostname, NTP server, DNS resolver, font set, and clock skew across “private” sessions. Fingerprinting moves below the browser; the browser does not see it. Encrypted messengers protect message bodies. They do not hide the IP, the timing, the contact graph reconstructable from peer apps’ caches, or the device identifier underneath. Anyone able to correlate those still wins. Each of these tools does its own job. They cannot enforce each other, and the OS underneath them is not enforcing anything at all. That is the gap BlackOps OS closes.

​

What enforcement at the OS level means

Four properties hold for every process running on the system. None is opt-in.

​

Network egress is mediated

All outbound traffic transits the routing layer. There is no off switch surfaced to userspace, and no escape via raw sockets, alternate interfaces, or the default route. If the routing layer is unhealthy, traffic fails closed instead of falling back to clear. See BlackOps Route.

​

Identity is per-session

Cookies, fingerprints, MAC, hostname, timezone, locale, accept-language, and any other client-distinguishable surface are scoped to the active session. Session end wipes them. There is no cross-session identifier reachable by a process. See session identity isolation.

​

Execution is sandboxed

Apps run in confined environments with explicit IPC boundaries and per-app storage roots. State written by one app is not readable by another by default. State written in one session is not carried into the next. See secure execution.

​

Value transfer is in-session

The wallet operates inside the same session lifecycle as everything else. Sending or receiving does not produce identifiers that outlive the session, and the wallet is not a separate identity surface that escapes routing or isolation. These are properties of the system, not features of an app. Removing or disabling them is not a setting.

​

What BlackOps OS does not claim

It does not make compromised endpoints private. If a peer or service you connect to logs your traffic, the routing layer cannot help with what happens at the other end. It does not defeat traffic analysis by a global passive adversary. Practical mitigations exist (covered under Route), but the threat model is “ISP, app vendor, ad network, casual correlator”, not “nation-state with full link visibility”. It does not anonymize voluntary disclosures. Logging into an account links the session to that account for the duration of the session. The OS does not retroactively unlink them. It does not prevent side channels at the user-behavior level. Reusing the same writing style across two pseudonymous sessions, or accessing the same niche resource from both, can be linked by an observer with no access to the OS at all. These boundaries are explicit and load-bearing. The threat model page goes into them in detail.

​

Continue from here