diff --git a/README.md b/README.md
index 8014cf57..2c3fe9e0 100644
--- a/README.md
+++ b/README.md
@@ -69,14 +69,17 @@ Send me on chat your blogpost idea, and tell me where exactly it's supposed to f
Below is listed the upcoming blogposts, assigned to each contributors:
```
+pippin:
+1) How to protect against fingerprinting (persona, text, files) : 50 euros
+2) How to run a local LLM to change your writing style (and it's use in whonix VM): 40 euros
+
securitybrahh:
1) Monero Inheritance setup (as part of the decentralized finances category) : 50 euros
2) how to get a remote phone number anonymously (SaaS SMSes) : 30 euros
3) how to get a remote credit card anonymously : 30 euros
robert:
-1) Why privacy is not enough for anonymouse use : 20 euros
-2) Why Anonymity is not enough for sensitive use : 30 euros
+1) Why privacy is not enough for anonymous use : 20 euros
mcneb10:
1) General How to mine Monero tutorial (xmrrig, p2pool, gupaxx?, xmrrig-proxy) : 50 euros
diff --git a/pull.sh b/pull.sh
index 9ba06417..7d38fd79 100755
--- a/pull.sh
+++ b/pull.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-sudo git pull
+git pull
#git config --global credential.helper 'cache --timeout=2628000'
#sudo chown -R nothing. /home/nothing/Documents/Github/blog/
# my cool commentary
diff --git a/pushtoprod.sh b/pushtoprod.sh
new file mode 100755
index 00000000..d174bda4
--- /dev/null
+++ b/pushtoprod.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+#rsync -razP /home/nihilist/Nextcloud/blog-contributions/servers /home/nihilist/Nextcloud/blog/ --delete
+rsync -razP /home/nihilist/Nextcloud/blog-contributions/servers /home/nihilist/Nextcloud/blog/
+
diff --git a/servers/anon.html b/servers/anon.html
index d1afb6dc..d377fdb0 100644
--- a/servers/anon.html
+++ b/servers/anon.html
@@ -122,7 +122,7 @@
In this tutorial we're going explain how you can have anonymous clearnet services, which can either remotely or self-hosted.
+
+
+
+
+
+
+
+
+
+
+
+
Hosting an Anonymous Remote Clearnet Service
+
The first way to have an Anonymous clearnet service, is Remotely, where you go through a non-KYC cloud provider, and a non-KYC domain provider, in order to obtain a remote VPS and Domain anonymously (using Tor and Monero).
+
+
The idea here is that you always keep Tor between you and the services, so that it remains impossible to prove that you are the owner of said service, from the acquisition of the services, to their actual use (forcing SSH to go through Tor).
+
+
+
+
+
+
+
+
+
+
+
Self-Hosting an Anonymous Clearnet Service
+
The second way to have an Anonymous clearnet service is by self-hosting it, like above, you also need to get yourself a VPS and a domain anonymously, using non-KYC providers/resellers. The VPS must have openvpn installed on it.
+
Then you need to have a home server, running a local service (let's say with ports 80 and 443),
+
That same local homeserver must connect to the OpenVPN server, but you must force the VPN connection to go through Tor, to avoid revealing your Home IP to the cloud provider.
+
And from there, you will be able to port-forward the ports from your local service, to the VPS, while maintaining your Anonymity.
+
And of course, if your ISP doesn't allow Tor traffic, we can always hide it using a Trusted VPN, like MullvadVPN.
+
+
Note that such a setup is to be done only when you want to have your server data at home (for exmaple, self-hosting a mail server, while maintaining Anonymity), if this is not a concern, then you should just host the service remotely as seen above.
In this post we are going to see why Anonymity is not enough for Sensitive use, and what can be done about it.
@@ -67,13 +67,18 @@
-
Why anonymity is not enough for sensitive use
-
Let’s say Charlie is using a popular online forum to leak information about a government agency’s unethical behavior. To stay anonymous, he makes sure to connect to the forum only through Tor & VPN, and uses a burner email address to sign up.
+
What happens when you are forced to give out your password ?
+
Let's say that Bob is using a popular online forum to leak information about a government agency’s unethical behavior. To stay anonymous, he makes sure to connect to the forum using at least Tor to connect there. He uses a burner email address to sign up there, to upload the sensitive files. His Anonymity while doing this sensitive action remains solid.
-
This anonymity was essential, but not a complete savior. Only 10 people originally had access to the leaked information, so the government uses its key disclosure legislation to issue search warrants for all of their personal hard drives.
+
However, there are only 10 people who could have originally had access to the leaked information, and Bob is one of those 10 potential suspects.
+
The adversary makes use of the key disclosure legislation to issue search warrants to all 10 people, to get to know the contents of their personal drives. Essentially, they don't have anything solid against Bob, as the anonymity of the perpetrating party is solid, but they are doing some guess work to try and find anything incriminating against him anyway, to make sure.
-
Thankfully, Charlie needn’t worry: he has set up VeraCrypt’s deniable encryption to separate his personal life from his leaks. He gives the authorities the key to the main volume; they find nothing related to the leaks. The government does not know which of the 10 people was the leaker.
+
Problem is, the adversary now busts down Bob's door, and forces him to unlock his laptop, and unlock every encrypted volume on his laptop. What then ?
+
+
Bob didn't implement Deniable Encryption, therefore the adversary forces Bob to unlock his harddrives, and he has no other choice but to comply. He shows all the incriminating evidence contained in there, where he isn't able to deny implications with said Sensitive activity.
+
Bob's setup, although suitable for Anonymous Use, is not suitable for Sensitive use, due to the lack of Deniable encryption
+
For instance, if Bob had implemented VeraCrypt’s deniable encryption to store all that sensitive data, he could've given the password A to open the decoy volume to the adversary, and claimed that there was no hidden volume, and the adversary wouldn't have a way to prove otherwise.
diff --git a/servers/hiddenservice/0.png b/servers/hiddenservice/0.png
new file mode 100644
index 00000000..c5acfd94
Binary files /dev/null and b/servers/hiddenservice/0.png differ
diff --git a/servers/hiddenservice/1.png b/servers/hiddenservice/1.png
new file mode 100644
index 00000000..c4c35e29
Binary files /dev/null and b/servers/hiddenservice/1.png differ
diff --git a/servers/hiddenservice/2.png b/servers/hiddenservice/2.png
new file mode 100644
index 00000000..65905629
Binary files /dev/null and b/servers/hiddenservice/2.png differ
diff --git a/servers/hiddenservice/index.html b/servers/hiddenservice/index.html
new file mode 100644
index 00000000..cd54d35e
--- /dev/null
+++ b/servers/hiddenservice/index.html
@@ -0,0 +1,148 @@
+
+
+
+
+
+
+
+
+
+
+ Where to host Anonymous Hidden Services ?
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
In this tutorial we're going to look at how to host Anonymous Hidden Services.
+
+
+
+
+
+
+
+
+
+
+
+
Hosting a Hidden Service Remotely
+
One way to host a Hidden Service is remotely. You anonymously rent a VPS to a non-KYC cloud provider (using Tor and Monero), and use it anonymously (using SSH through Tor), to host a Tor Hidden Service.
+
+
The main advantage here is that if anything goes wrong (if you try to run a sensitive service there), you are safe from any repercussions, as the cloud provider can't know that it was you who bought and used the VPS.
+
The strategy here is that whatever service you try to run, you run it as far away from your home as possible. So that if one day the location of the hidden service gets found out (as tor traffic sometimess get deanonymized, when the tor circuits go through nodes that all belong to the adversary), your home IP address doesn't get revealed.
+
Sidenote: know that if you try to run a sensitive service, you are literally abusing the goodwill of non-KYC cloud providers, that are willing to go the extra mile to provide anonymity for you. So please don't bite the hand that feeds you, don't run sensitive services on VPSes, as the non-KYC cloud resellers are the ones that will have to deal with the consequences afterward.
+
The main drawback however, is that you are not in physical control of the server that you are using, therefore if the cloud provider has implemented extensive spying mechanisms, they will immediately find out that it is this VPS that is running said hidden service.
+
TLDR: it's safer in case if anything goes wrong, but you don't have physical control over the service.
+
+
+
+
+
+
+
+
+
+
+
Self-Hosting a Hidden Service
+
Another way to host a Hidden Service is locally, you Self-host it. You are running a server at home (which could be your previous PC), to run the hidden service. And if the ISP doesn't allow Tor traffic, you use a VPN to hide the Tor traffic.
+
+
The main advantage here is that you have complete control over the server, if an adversary has to get his hands on the server, he has to bust down your door and find it.
+
The strategy here is "I use secure technology, come at me!", Which brings us to the main disadvantage however: if the technology fails you along the way for example the adversary uses a Tor 0day on you, and finds out that the hidden service is at your home IP address, then there is no way you can deny that you are the administrator of said service. In that case, using a trusted VPN that regularly deletes logs like mullvadVPN, to hide the Tor traffic, might be a lifesaver.
+
+
There may be other attacks to figure out if you are the owner of said hidden service, like temporarily shutting down the power, or the internet connection, to see if the hidden service goes down or not.
+
TLDR: you have physical control over the server, but if anything goes wrong, the service is at your house. No possibility to deny that you are the administrator!
Sidenote:QubesOS is based off the same segmentation principle, that every use must remain isolated (or compartmentalized) into VMs, for specific uses. It also uses Linux and Whonix VMs, while using the Xen hypervisor instead of libvirtd QEMU/KVM, but the concept remains the same.
In short, Privacy means that you are not under surveillance. In this example, Bob wants to talk to Alice privately, so he shuts the door on the prying eyes of Jack. So that he can't hear their conversation.
Privacy is Bob and Alice's ability to seclude themselves from the awareness of others. It is the ability that Bob has, to close the door on Jack, so that he cannot see his actions anymore.
+
When you are looking for Privacy, always ask yourself : Privacy from what ? Privacy from whom ? in other words, Whom do i want to close the curtain on ?
Sidenote: If your ISP does not allow Tor traffic, make sure that you route the QEMU VMs traffic through a VPN, to hide the tor traffic from your ISP (You -> VPN -> Tor) Setup
diff --git a/servers/vpn/11.png b/servers/vpn/11.png
new file mode 100644
index 00000000..bed7b3eb
Binary files /dev/null and b/servers/vpn/11.png differ
diff --git a/servers/vpn/12.png b/servers/vpn/12.png
new file mode 100644
index 00000000..7d66d759
Binary files /dev/null and b/servers/vpn/12.png differ
diff --git a/servers/vpn/13.png b/servers/vpn/13.png
new file mode 100644
index 00000000..2a4eb08a
Binary files /dev/null and b/servers/vpn/13.png differ
diff --git a/servers/vpn/14.png b/servers/vpn/14.png
new file mode 100644
index 00000000..baa1e5ab
Binary files /dev/null and b/servers/vpn/14.png differ
diff --git a/servers/vpn/index.html b/servers/vpn/index.html
index 21fb2bc9..8896ea03 100644
--- a/servers/vpn/index.html
+++ b/servers/vpn/index.html
@@ -140,7 +140,32 @@ curl ifconfig.me
And he can see that his IP got changed accordingly to the location he picked:
And from there you can browse the web using the same VPN connection:
+
+
+
From there, just like on the Tor Browser, you can protect against fingerprinting by setting the security level here:
+
+
If you want to reduce your fingerprinting attack surface as much as possible, you can choose to disable javascript by selecting the "Safest" security level, but it may break some websites functionnality.
+
diff --git a/servers/vpnqemu/0.png b/servers/vpnqemu/0.png
new file mode 100644
index 00000000..64910608
Binary files /dev/null and b/servers/vpnqemu/0.png differ
diff --git a/servers/vpnqemu/1.png b/servers/vpnqemu/1.png
new file mode 100644
index 00000000..8cecbf45
Binary files /dev/null and b/servers/vpnqemu/1.png differ
diff --git a/servers/vpnqemu/10.png b/servers/vpnqemu/10.png
new file mode 100644
index 00000000..fc67781e
Binary files /dev/null and b/servers/vpnqemu/10.png differ
diff --git a/servers/vpnqemu/2.png b/servers/vpnqemu/2.png
new file mode 100644
index 00000000..5e23c4d9
Binary files /dev/null and b/servers/vpnqemu/2.png differ
diff --git a/servers/vpnqemu/3.png b/servers/vpnqemu/3.png
new file mode 100644
index 00000000..30b0f06f
Binary files /dev/null and b/servers/vpnqemu/3.png differ
diff --git a/servers/vpnqemu/4.png b/servers/vpnqemu/4.png
new file mode 100644
index 00000000..0059739c
Binary files /dev/null and b/servers/vpnqemu/4.png differ
diff --git a/servers/vpnqemu/5.png b/servers/vpnqemu/5.png
new file mode 100644
index 00000000..8766e7cc
Binary files /dev/null and b/servers/vpnqemu/5.png differ
diff --git a/servers/vpnqemu/6.png b/servers/vpnqemu/6.png
new file mode 100644
index 00000000..2d15cf69
Binary files /dev/null and b/servers/vpnqemu/6.png differ
diff --git a/servers/vpnqemu/7.png b/servers/vpnqemu/7.png
new file mode 100644
index 00000000..cf4ec4b7
Binary files /dev/null and b/servers/vpnqemu/7.png differ
diff --git a/servers/vpnqemu/8.png b/servers/vpnqemu/8.png
new file mode 100644
index 00000000..f2dbe6e8
Binary files /dev/null and b/servers/vpnqemu/8.png differ
diff --git a/servers/vpnqemu/9.png b/servers/vpnqemu/9.png
new file mode 100644
index 00000000..243f467a
Binary files /dev/null and b/servers/vpnqemu/9.png differ
diff --git a/servers/vpnqemu/index.html b/servers/vpnqemu/index.html
new file mode 100644
index 00000000..99522d5b
--- /dev/null
+++ b/servers/vpnqemu/index.html
@@ -0,0 +1,208 @@
+
+
+
+
+
+
+
+
+
+
+ Route QEMU VMs through a Host OS VPN
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
First, install the VPN like we saw previously here, but the only difference being that we now install it on the Host OS, rather than inside the VM.
+
+# Download the Mullvad signing key
+sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc
+
+# Add the Mullvad repository server to apt
+echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
+# Or add the Mullvad BETA repository server to apt
+echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/beta $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
+
+# Install the package
+sudo apt update
+sudo apt install mullvad-vpn
+
+# Connect to Mullvad VPN
+mullvad account login
+Enter an account number: 91320912809328832
+Mullvad account "91320912809328832" set
+
+# Connect to the VPN:
+mullvad lockdown-mode set on
+mullvad connect
+
+curl ifconfig.me
+194.127.199.92
+
+
+
+
Then, configure mullvad as follows:
+
+
+
+
From there you'll have the tun0 network interface available, which we can use in the QEMU VM XML configuration:
+
+
As you can see here, we have the tun0 interface, with the 10.5.0.0/16 subnet, so we'll use a smaller subnet within that same subnet to create our VPN NAT configuration:
+
+
Then use it on your VM configuration like so:
+
+
And then once applied, you can check if it works as intended from inside the VM, by going to https://mullvad.net/en/check
+
+
+
+
+
+
+
+
+
+
+
Whonix VPN -> Tor Setup
+
As we explained previously here, if your ISP does not allow Tor traffic, you need to hide it behind a VPN. And when you want to use Anonymity on the VM itself. One simple way to do it is to route the network traffic (via NAT) through a Host-based VPN like we showcased above.
+
The existing Whonix-External network looks like so by default:
Sidenote: If your ISP does not allow Tor traffic, make sure that you route the QEMU VMs traffic through a VPN, to hide the tor traffic from your ISP (You -> VPN -> Tor) Setup
+
+
+
-
+
Bob didn't implement Deniable Encryption, therefore the adversary forces Bob to unlock his harddrives, and he has no other choice but to comply. He shows all the incriminating evidence contained in there, where he isn't able to deny implications with said Sensitive activity.
+
For instance, if Bob had implemented VeraCrypt’s deniable encryption to store all that sensitive data, he could've given the password A to open the decoy volume to the adversary, and claimed that there was no hidden volume, and the adversary wouldn't have a way to prove otherwise.
+
+
+
diff --git a/servers/vpnqemu/0.png b/servers/vpnqemu/0.png
new file mode 100644
index 00000000..64910608
Binary files /dev/null and b/servers/vpnqemu/0.png differ
diff --git a/servers/vpnqemu/1.png b/servers/vpnqemu/1.png
new file mode 100644
index 00000000..8cecbf45
Binary files /dev/null and b/servers/vpnqemu/1.png differ
diff --git a/servers/vpnqemu/10.png b/servers/vpnqemu/10.png
new file mode 100644
index 00000000..fc67781e
Binary files /dev/null and b/servers/vpnqemu/10.png differ
diff --git a/servers/vpnqemu/2.png b/servers/vpnqemu/2.png
new file mode 100644
index 00000000..5e23c4d9
Binary files /dev/null and b/servers/vpnqemu/2.png differ
diff --git a/servers/vpnqemu/3.png b/servers/vpnqemu/3.png
new file mode 100644
index 00000000..30b0f06f
Binary files /dev/null and b/servers/vpnqemu/3.png differ
diff --git a/servers/vpnqemu/4.png b/servers/vpnqemu/4.png
new file mode 100644
index 00000000..0059739c
Binary files /dev/null and b/servers/vpnqemu/4.png differ
diff --git a/servers/vpnqemu/5.png b/servers/vpnqemu/5.png
new file mode 100644
index 00000000..8766e7cc
Binary files /dev/null and b/servers/vpnqemu/5.png differ
diff --git a/servers/vpnqemu/6.png b/servers/vpnqemu/6.png
new file mode 100644
index 00000000..2d15cf69
Binary files /dev/null and b/servers/vpnqemu/6.png differ
diff --git a/servers/vpnqemu/7.png b/servers/vpnqemu/7.png
new file mode 100644
index 00000000..cf4ec4b7
Binary files /dev/null and b/servers/vpnqemu/7.png differ
diff --git a/servers/vpnqemu/8.png b/servers/vpnqemu/8.png
new file mode 100644
index 00000000..f2dbe6e8
Binary files /dev/null and b/servers/vpnqemu/8.png differ
diff --git a/servers/vpnqemu/9.png b/servers/vpnqemu/9.png
new file mode 100644
index 00000000..243f467a
Binary files /dev/null and b/servers/vpnqemu/9.png differ
diff --git a/servers/vpnqemu/index.html b/servers/vpnqemu/index.html
new file mode 100644
index 00000000..99522d5b
--- /dev/null
+++ b/servers/vpnqemu/index.html
@@ -0,0 +1,208 @@
+
+
+
+
+
+
+
+
+
+
+ 
+
+
+
+
+