diff --git a/opsec/anonsensitive/index.html b/opsec/anonsensitive/index.html index 83836f1..699044f 100644 --- a/opsec/anonsensitive/index.html +++ b/opsec/anonsensitive/index.html @@ -8,7 +8,7 @@ -
Let’s say that Bob is using a popular online forum to leak information about a government agency’s unethical behavior. To stay anonymous, he makes sure to connect to the forum using Tor at the very minimum. He uses a burner email address to sign up to the forum and upload the sensitive files. His Anonymity during this sensitive action remains intact.
However, there are only 10 people who could have originally had access to the leaked information, and Bob is one of those 10 potential suspects.
-The adversary makes use of the key disclosure legislation to issue search warrants to all 10 people, and to get to know the contents of their personal drives. Essentially, they don’t have anything solid against Bob, as the anonymity of the perpetrating party is intact, but they are doing some guess work to try and find something incriminating anyway.
+The adversary makes use of key disclosure legislation to issue search warrants to all 10 people, and to get to know the contents of their personal drives. Essentially, the adversary doesn’t have anything solid against any of them, since the perpetrator’s anonymity is intact, but some guess work is being done to try and find something incriminating anyway.
+ -Here’s the problem: the adversary busts down Bob’s door and forces him to unlock his laptop, including every encrypted volume. What happens then?
+Here’s the problem: the adversary can just bust down Bob’s door and force him to unlock his laptop, including every encrypted volume. What happens then?
-Since Bob has no other choice but to comply when the adversary forces him to unlock his hard drives, and since e didn’t implement Deniable Encryption, he has to show all the incriminating evidence, and therefore he can no longer deny implications with the sensitive activity.
+Since Bob has no other choice but to comply when the adversary forces him to unlock his hard drives, and since he didn’t implement Deniable Encryption, he has to show all the incriminating evidence, and therefore he can no longer deny implications with the sensitive activity.
Bob’s setup, although suitable for Anonymous Use, is not suitable for Sensitive Use due to the lack of Deniable Encryption
For instance, if Bob had implemented VeraCrypt’s deniable encryption to store the sensitive data, he could’ve given password A to open the decoy volume for the adversary, and could’ve claimed that there was no hidden volume. The adversary wouldn have no way to prove otherwise.
diff --git a/opsec/anonuse/index.html b/opsec/anonuse/index.html index 1a89a37..f5daa5e 100644 --- a/opsec/anonuse/index.html +++ b/opsec/anonuse/index.html @@ -8,7 +8,7 @@ -
Because after all, how can you expect people to write good tutorials without being shown how to write them in the first place ?
+Because after all, how can you expect people to write good tutorials without showing them how to write tutorials in the first place ?
Context: Suppose you are discovering OPSEC, Technology and all their abstract concepts, you are amazed at what you are finding, and you are now feeling very enthusiastic about sharing it to other people, but you don't know how to do it.
Situation: You go into that matrix chatroom you find that random dude called nihilist and you start to explain into great detail how you managed to implement QubesOS with that whonix Xen VM, and that he should also force a VPN through the SOCKS Tor proxy and you proclaim that this is the ultimate setup, and everyone should implement it. But before you can finish your ramblings the guy already ran away scared, he thought you were threatening him and his family.
-Are you OK with how badly you just communicated ? Are you fine with being throwing your message out there and Noone is even properly recieving it ?
+Are you OK with how badly you just communicated ? Are you fine with shouting your message out there without firmly grabbing anyone's attention?
@@ -94,6 +94,7 @@What ? If they care, What are the tools at their disposal to solve that problem ?
How ? How, step by step, can they use those tools to solve the problem ?
Don't mix up the order. First the Why, then the What, then the How.
@@ -108,7 +109,7 @@Now that you are aware that there is a way to write good quality tutorials, let's look at how to write them, step by step.
-First, ALWAYS start with the WHY, why the hell should all those mortals even care about your message. To do that, you need to tell them a story that highlights the problem. Most people are not even aware that there is a problem in the first place, so you must tell them.
+First, ALWAYS start with the WHY, why the hell should all those mortals even care about your message. To do that, you need to tell them a story that highlights a problem. Most people may not even aware that there is a problem in the first place, so you must tell them, to make them aware of it.
So you first contextualize your story, then you explain the situation, and then you ask them if they are ok with it.