diff --git a/Privacy-and-Anonymity.md b/Privacy-and-Anonymity.md
index 5401aa9..703e982 100644
--- a/Privacy-and-Anonymity.md
+++ b/Privacy-and-Anonymity.md
@@ -23,7 +23,7 @@ Your current local username. This is sent and read by the server to set your dis
# Problematic Features in the OpenSSH Client
Some features that are likely to be enabled by by default in the OpenSSH client used by linux distributions:
### ssh-agent:
-ssh-agent will try all of your ssh identity keypairs found in $HOME/.ssh/ and any other directory that you configured to store ssh identities. A malicious server can log the identities sent by ssh-agent to uniquely profile a user.
+ssh-agent will try all of your ssh identity keypairs found in $HOME/.ssh/ and any other directory that you configured to store ssh identities. A malicious server can log the identities sent by the ssh client to uniquely profile a user.
### PKCS11Provider:
Same issue as ssh-agent, but with PKCS11 Identities.
### ForwardAgent:
@@ -32,10 +32,34 @@ Forwards your local connection to your authentication agent over the ssh tunnel.
Redirects X11 connections over the ssh tunnel. THIS IS DANGEROUS as any remote user that can bypass file restrictions can access your local X11 display! A malicious server or any server operating in a hostile environment can attack your local machine!
# Mitigations
-TODO
+### OpenSSH:
+To disable your OpenSSH client from sending all avaiable pubkeys on your computer and other problematic features, do the following:
+1: Copy and paste the following codeblock at the end of your ssh_config file:
+```
+Host *
+ IdentitiesOnly yes
+ ForwardX11 no
+ ForwardAgent no
+ GSSAPIAUthentication no
+```
+2: Avoid creating the following keys or rename existing ones on the following list:
+```
+$HOME/.ssh/identity
+$HOME/.ssh/id_rsa
+$HOME/.ssh/id_dsa
+$HOME/.ssh/id_ecdsa
+$HOME/.ssh/id_ed25519
+$HOME/.ssh/id_xmss
+```
+
+Explaination:
+TODO
+
+# Sources Referenced:
+
# Page TODO:
-- Explain Thread modeling
+- Explain Threat modeling
- Link to opsec resources
- Investigate and finish mitigations section
- Investigate other ssh clients