Merge pull request 'main' (#1) from nihilist/blog-contributions:main into main

Reviewed-on: https://git.datura.network/Robert/blog-contributions/pulls/1
This commit is contained in:
Robert 2024-08-09 15:49:47 +02:00
commit 478e9c519f
41 changed files with 572 additions and 30 deletions

View File

@ -69,14 +69,17 @@ Send me on chat your blogpost idea, and tell me where exactly it's supposed to f
Below is listed the upcoming blogposts, assigned to each contributors: Below is listed the upcoming blogposts, assigned to each contributors:
``` ```
pippin:
1) How to protect against fingerprinting (persona, text, files) : 50 euros
2) How to run a local LLM to change your writing style (and it's use in whonix VM): 40 euros
securitybrahh: securitybrahh:
1) Monero Inheritance setup (as part of the decentralized finances category) : 50 euros 1) Monero Inheritance setup (as part of the decentralized finances category) : 50 euros
2) how to get a remote phone number anonymously (SaaS SMSes) : 30 euros 2) how to get a remote phone number anonymously (SaaS SMSes) : 30 euros
3) how to get a remote credit card anonymously : 30 euros 3) how to get a remote credit card anonymously : 30 euros
robert: robert:
1) Why privacy is not enough for anonymouse use : 20 euros 1) Why privacy is not enough for anonymous use : 20 euros
2) Why Anonymity is not enough for sensitive use : 30 euros
mcneb10: mcneb10:
1) General How to mine Monero tutorial (xmrrig, p2pool, gupaxx?, xmrrig-proxy) : 50 euros 1) General How to mine Monero tutorial (xmrrig, p2pool, gupaxx?, xmrrig-proxy) : 50 euros

View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
sudo git pull git pull
#git config --global credential.helper 'cache --timeout=2628000' #git config --global credential.helper 'cache --timeout=2628000'
#sudo chown -R nothing. /home/nothing/Documents/Github/blog/ #sudo chown -R nothing. /home/nothing/Documents/Github/blog/
# my cool commentary # my cool commentary

5
pushtoprod.sh Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
#rsync -razP /home/nihilist/Nextcloud/blog-contributions/servers /home/nihilist/Nextcloud/blog/ --delete
rsync -razP /home/nihilist/Nextcloud/blog-contributions/servers /home/nihilist/Nextcloud/blog/

View File

@ -122,7 +122,7 @@
<li><a href="compilation/index.html">✅ How to compile open source software + How to verify software integrity </a></li> <li><a href="compilation/index.html">✅ How to compile open source software + How to verify software integrity </a></li>
<li><a href="hypervisorsetup/index.html">✅ How to Virtualize Machines (QEMU/KVM Hypervisor)</a></li> <li><a href="hypervisorsetup/index.html">✅ How to Virtualize Machines (QEMU/KVM Hypervisor)</a></li>
<li><a href="vpn/index.html">✅ How to get privacy from your ISP using a VPN</a></li> <li><a href="vpn/index.html">✅ How to get privacy from your ISP using a VPN</a></li>
<li><a href="vpn/index.html">❌ Route QEMU VMs network through a VPN (from the Host OS)</a></li> <li><a href="vpnqemu/index.html">✅ Route QEMU VMs through a Host OS VPN</a></li>
<li><a href="passwordmanagement/index.html">✅ Password Management 101 (How to use Keepass)</a></li> <li><a href="passwordmanagement/index.html">✅ Password Management 101 (How to use Keepass)</a></li>
<li><a href="serversideencryption/index.html">✅ Serverside: Should I trust serverside encryption? Should I use PGP?</a></li> <li><a href="serversideencryption/index.html">✅ Serverside: Should I trust serverside encryption? Should I use PGP?</a></li>
<li><a href="pgp/index.html">✅ Private Messaging (PGP encryption)</a></li> <li><a href="pgp/index.html">✅ Private Messaging (PGP encryption)</a></li>
@ -156,7 +156,7 @@
<p>📝 Explaining Anonymity</p> <p>📝 Explaining Anonymity</p>
<ol> <ol>
<li><a href="anonymityexplained/index.html">✅ What is Anonymity ? Why is it Important ? </a></li> <li><a href="anonymityexplained/index.html">✅ What is Anonymity ? Why is it Important ? </a></li>
<li><a href="anon.html">❌ Why isn't Privacy Enough ? </a></li> <li><a href="anon.html">❌ Why isn't Privacy enough for Anonymous use ? </a></li>
<li><a href="torvsvpns/index.html">✅ The main source of Anonymity: The Tor Network</a></li> <li><a href="torvsvpns/index.html">✅ The main source of Anonymity: The Tor Network</a></li>
<li><a href="torthroughvpn/index.html">✅ Using Tor Safely: Tor through VPN or VPN through Tor ? </a></li> <li><a href="torthroughvpn/index.html">✅ Using Tor Safely: Tor through VPN or VPN through Tor ? </a></li>
<li><a href="anonpersona/index.html">🟠 Shifting from a public to an Anonymous online persona</a></li> <li><a href="anonpersona/index.html">🟠 Shifting from a public to an Anonymous online persona</a></li>
@ -166,8 +166,8 @@
<p>💻 Clientside - Getting Started (<a href="torthroughvpn/index.html">⚠️ Check if your ISP allows Tor or Not!</a>)</p> <p>💻 Clientside - Getting Started (<a href="torthroughvpn/index.html">⚠️ Check if your ISP allows Tor or Not!</a>)</p>
<ol> <ol>
<li><a href="torbrowsing/index.html">✅ Tor Web Browser setup</a></li> <li><a href="torbrowsing/index.html">✅ Tor Web Browser setup</a></li>
<li><a href="tailsqemuvm/index.html">🟠 Tails OS QEMU VM for Temporary Anonymity</a></li> <li><a href="tailsqemuvm/index.html"> Tails OS QEMU VM for Temporary Anonymity</a></li>
<li><a href="whonixqemuvms/index.html">🟠 VMs for Long-term Anonymity (Whonix QEMU VMs)</a></li> <li><a href="whonixqemuvms/index.html"> VMs for Long-term Anonymity (Whonix QEMU VMs)</a></li>
</ol></br> </ol></br>
@ -187,10 +187,12 @@
<p>💻 Clientside - Making use of Anonymity (<a href="https://kycnot.me/?t=service">Non-KYC Providers</a>)</p> <p>💻 Clientside - Making use of Anonymity (<a href="https://kycnot.me/?t=service">Non-KYC Providers</a>)</p>
<ol> <ol>
<li><a href="anon.html">❌ How to get a mail account anonymously (Mails as a service)</a></li> <li><a href="anon.html">❌ How to get a mail account anonymously (Mails as a service)</a></li>
<li><a href="anon.html">❌ How to get a phone number anonymously (Remote SMSes as a service)</a></li> <li><a href="anon.html">❌ How to get a phone number anonymously (Remote SMSes as a service)</a></li>
<li><a href="anon.html">❌ How to get a credit card anonymously (Credit cards as a service)</a></li> <li><a href="anon.html">❌ How to get a credit card anonymously (Credit cards as a service)</a></li>
<li><a href="anon.html">❌ How to get a residential proxies anonymously</a></li> <li><a href="anon.html">❌ How to get a residential proxies anonymously</a></li>
<li><a href="anonymousremoteserver/index.html">✅ How to rent remote servers anonymously (Cloud resellers) ⭐</a></li>
<li><a href="anon.html">❌ How to rent remote domains anonymously (Registrar resellers) ⭐</a></li>
</ol></br> </ol></br>
</div> </div>
@ -209,9 +211,10 @@
<li><a href="anon.html">❌ Haveno DEX Network </a></li> <li><a href="anon.html">❌ Haveno DEX Network </a></li>
</ol></br> </ol></br>
<p>🧅 Serverside - Self-Hosting Hidden Services (⚠️ <a href="sensitiveremotevshome/index.html">Self-Hosting = Non-Sensitive!</a>)</p> <p>🧅 Serverside - Anonymous Hidden Services </p>
<ol> <ol>
<li><a href="hiddenservices/index.html">✅ Introduction to Self-Hosting Hidden Services</a></li> <!--<li><a href="hiddenservices/index.html">✅ Introduction to Hosting Hidden Services</a></li>-->
<li><a href="hiddenservice/index.html">✅ Where to host Anonymous Hidden Services ?</a></li>
<li><a href="torwebsite/index.html">✅ Hidden Service with custom .onion Vanity V3 address</a></li> <li><a href="torwebsite/index.html">✅ Hidden Service with custom .onion Vanity V3 address</a></li>
<li><a href="anon.html">❌ Basic Webserver setup (NGINX / PHP / MYSQL)</a></li> <li><a href="anon.html">❌ Basic Webserver setup (NGINX / PHP / MYSQL)</a></li>
<li><a href="anon.html">❌ Minimalistic MoneroSSO .onion setup</a></li> <li><a href="anon.html">❌ Minimalistic MoneroSSO .onion setup</a></li>
@ -222,15 +225,13 @@
<li><a href="anon.html">❌ Discourse .onion setup (Forums)</a></li> <li><a href="anon.html">❌ Discourse .onion setup (Forums)</a></li>
</br> </br>
</ol></br> </ol></br>
<p>🧅 Serverside - Remote Clearnet Services (⚠️ <a href="sensitiveremotevshome/index.html">Remote Hosting = Safer!</a>)</p> <p>🧅 Serverside - Anonymous Clearnet Services </p>
<ol> <ol>
<li><a href="anonymousremoteserver/index.html">✅ How to rent remote servers anonymously (Cloud resellers) ⭐</a></li> <li><a href="anonclearnetservices/index.html">✅ Where to host Anonymous Clearnet Services ?</a></li>
<li><a href="anonaccess/index.html">✅ Remote anonymous access setup (cockpit + ssh through tor)</a></li> <li><a href="anonaccess/index.html">✅ Remote anonymous access setup (cockpit + ssh through tor)</a></li>
<li><a href="anon.html">❌ How to rent remote domains anonymously (Registrar resellers) ⭐</a></li>
<li><a href="dns/index.html">✅ Clearnet Bind9 DNS server setup (with DNSSEC)</a></li> <li><a href="dns/index.html">✅ Clearnet Bind9 DNS server setup (with DNSSEC)</a></li>
<li><a href="matrixnew/index.html">✅ Clearnet Matrix server (federated clearnet chatting)</a></li> <li><a href="matrixnew/index.html">✅ Clearnet Matrix server (federated clearnet chatting)</a></li>
<li><a href="mailprivate/index.html">✅ Anonymous (remote or self-hosted) clearnet Mail Server ⭐</a></li> <li><a href="mailprivate/index.html">✅ Anonymous (remote or self-hosted) clearnet Mail Server ⭐</a></li>
<li><a href="xmpp/index.html">🟠 XMPP server (Gajim, OMEO encryption, ejabberd .onion setup)</a></li>
</br> </br>
</ol></br> </ol></br>
@ -254,7 +255,7 @@
<p>📝 Explaining Plausible Deniability</p> <p>📝 Explaining Plausible Deniability</p>
<ol> <ol>
<li><a href="encryption/index.html">✅ What is Plausible Deniability ? Why is it Important ?</a></li> <li><a href="encryption/index.html">✅ What is Plausible Deniability ? Why is it Important ?</a></li>
<li><a href="anon.html">❌ Why isn't Anonymity Enough ? </a></li> <li><a href="anonsensitive/index.html">✅ Why Anonymity isnt enough for Sensitive use ? </a></li>
<li><a href="anon.html">❌ The main source of Plausible Deniability: Veracrypt Hidden Partitions</a></li> <li><a href="anon.html">❌ The main source of Plausible Deniability: Veracrypt Hidden Partitions</a></li>
<li><a href="anon.html">❌ Other sources of Plausible Deniability: Steganography</a></li> <li><a href="anon.html">❌ Other sources of Plausible Deniability: Steganography</a></li>
<li><a href="sensitiveremotevshome/index.html">🟠 Sensitive Services: Self-Host or Host Remotely ?</a></li> <li><a href="sensitiveremotevshome/index.html">🟠 Sensitive Services: Self-Host or Host Remotely ?</a></li>

Binary file not shown.

After

Width:  |  Height:  |  Size: 146 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 83 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 128 KiB

View File

@ -0,0 +1,144 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>Where to host Anonymous Clearnet Services ?</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
<link href="../../assets/css/xt256.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="../../assets/css/main.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-inverse-anon navbar-static-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand-anon" href="\index.html">nihilist`s Blog</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
<li><a href="https://blog.nihilism.network/donate.html">Donate</a></li>
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<a href="../anon.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-08-06</ba></p>
<h1>Where to host Anonymous Clearnet Services ? </h1>
<img src="0.png" class="imgRz">
<p>In this tutorial we're going explain how you can have anonymous clearnet services, which can either remotely or self-hosted. </p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<div id="anon3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Hosting an Anonymous Remote Clearnet Service </b></h2>
<p>The first way to have an Anonymous clearnet service, is Remotely, where you go through a non-KYC cloud provider, and a non-KYC domain provider, in order to obtain a remote VPS and Domain anonymously (using Tor and Monero).</p>
<img src="1.png" class="imgRz">
<p>The idea here is that you always keep Tor between you and the services, so that it remains impossible to prove that you are the owner of said service, from the acquisition of the services, to their actual use (forcing SSH to go through Tor).</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Self-Hosting an Anonymous Clearnet Service</b></h2> </br> </br>
<p>The second way to have an Anonymous clearnet service is by self-hosting it, like above, you also need to get yourself a VPS and a domain anonymously, using non-KYC providers/resellers. The VPS must have openvpn installed on it.</p>
<p>Then you need to have a home server, running a local service (let's say with ports 80 and 443),</p>
<p>That same local homeserver must connect to the OpenVPN server, but you must force the VPN connection to go through Tor, to avoid revealing your Home IP to the cloud provider.</p>
<p>And from there, you will be able to port-forward the ports from your local service, to the VPS, while maintaining your Anonymity. </p>
<p>And of course, if your ISP doesn't allow Tor traffic, we can always hide it using a Trusted VPN, like MullvadVPN.</p>
<img src="2.png" class="imgRz">
<p>Note that such a setup is to be done only when you want to have your server data at home (for exmaple, <a href="../mailprivate/index.html">self-hosting a mail server, while maintaining Anonymity</a>), if this is not a concern, then you should just host the service remotely as seen above.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Footer Section +++++ -->
<div id="anonb">
<div class="container">
<div class="row">
<div class="col-lg-4">
<h4>Nihilism</h4>
<p>
Until there is Nothing left.
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>My Links</h4>
<p>
<a target="_blank" rel="noopener noreferrer" href="http://blog.nihilism.network/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nihilism:m.datura.network">Matrix Chat</a><br/>
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About nihilist</h4>
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@nihilism.network (<a href="https://nihilism.network/nihilist.pubkey">PGP</a>)</p>
</div><!-- /col-lg-4 -->
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
</body>
</html>

View File

@ -8,7 +8,7 @@
<meta name="author" content=""> <meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png"> <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>Why anonymity isnt enough for sensitive use</title> <title>Why Anonymity isnt enough for Sensitive use ?</title>
<!-- Bootstrap core CSS --> <!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet"> <link href="../../assets/css/bootstrap.css" rel="stylesheet">
@ -53,9 +53,9 @@
<div class="container"> <div class="container">
<div class="row"> <div class="row">
<div class="col-lg-8 col-lg-offset-2"> <div class="col-lg-8 col-lg-offset-2">
<a href="../anon.html">Previous Page</a></br></br><p><img src="../../assets/img/robert.png" width="50px" height="50px"> <ba>Robert - 6/8/24</ba></p> <a href="../anon.html">Previous Page</a></br></br><p><img src="../../assets/img/robert.png" width="50px" height="50px"> <ba>Robert - 06 / 08 / 24</ba></p>
<h1>Why anonymity isnt enough for sensitive use</h1> <h1>Why Anonymity isnt enough for sensitive use ?</h1>
<p>In this post we are going to see why anonymity is not enough for sensitive use, and what can be done about it.</p> <p>In this post we are going to see why Anonymity is not enough for Sensitive use, and what can be done about it.</p>
</div> </div>
</div><!-- /row --> </div><!-- /row -->
@ -67,13 +67,18 @@
<div class="container"> <div class="container">
<div class="row"> <div class="row">
<div class="col-lg-8 col-lg-offset-2"> <div class="col-lg-8 col-lg-offset-2">
<h2><b>Why anonymity is not enough for sensitive use</b></h2> <h2><b>What happens when you are forced to give out your password ?</b></h2>
<p>Lets say Charlie is using a popular online forum to leak information about a government agencys unethical behavior. To stay anonymous, he makes sure to connect to the forum only through Tor & VPN, and uses a burner email address to sign up.</p> <p>Let's say that Bob is using a popular online forum to leak information about a government agencys unethical behavior. To stay anonymous, he makes sure to connect to the forum using at least Tor to connect there. He uses a burner email address to sign up there, to upload the sensitive files. His Anonymity while doing this sensitive action remains solid.</p>
<img src="1.png" class="imgRz"> <img src="1.png" class="imgRz">
<p>This anonymity was essential, but not a complete savior. Only 10 people originally had access to the leaked information, so <b>the government uses its key disclosure legislation to issue search warrants for all of their personal hard drives.</b></p> <p>However, there are only 10 people who could have originally had access to the leaked information, and Bob is one of those 10 potential suspects. </p>
<p>The adversary makes use of the key disclosure legislation to issue search warrants to all 10 people, to get to know the contents of their personal drives. Essentially, they don't have anything solid against Bob, as the anonymity of the perpetrating party is solid, <b>but they are doing some guess work to try and find anything incriminating against him anyway, to make sure.</b> </p>
<img src="6.png" class="imgRz"> <img src="6.png" class="imgRz">
<p>Thankfully, Charlie neednt worry: he has set up VeraCrypts deniable encryption to separate his personal life from his leaks. <b>He gives the authorities the key to the main volume; they find nothing related to the leaks. The government does not know which of the 10 people was the leaker.</b></p> <p>Problem is, the adversary now busts down Bob's door, and <b>forces him to unlock his laptop, and unlock every encrypted volume on his laptop.</b> What then ?</p>
<img src="../encryption/4.png" class="imgRz">
<p><img src="../de2.png"> <b>Bob didn't implement Deniable Encryption</b>, therefore the adversary forces Bob to unlock his harddrives, and he has no other choice but to comply. He shows all the incriminating evidence contained in there, where he isn't able to deny implications with said Sensitive activity.</p>
<img src="5.png" class="imgRz"> <img src="5.png" class="imgRz">
<p> Bob's setup, although suitable for Anonymous Use, is not suitable for Sensitive use, <b>due to the lack of Deniable encryption</b></p>
<p><img src="../de0.png">For instance, if Bob had implemented <a href="../veracrypt/index.html">VeraCrypts deniable encryption</a> to store all that sensitive data, <b>he could've given the password A to open the decoy volume to the adversary, and claimed that there was no hidden volume, and the adversary wouldn't have a way to prove otherwise.</b></p>
</div> </div>
</div><!-- /row --> </div><!-- /row -->
</div> <!-- /container --> </div> <!-- /container -->

BIN
servers/hiddenservice/0.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 252 KiB

BIN
servers/hiddenservice/1.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 71 KiB

BIN
servers/hiddenservice/2.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 81 KiB

View File

@ -0,0 +1,148 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>Where to host Anonymous Hidden Services ?</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
<link href="../../assets/css/xt256.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="../../assets/css/main.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-inverse-anon navbar-static-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand-anon" href="\index.html">nihilist`s Blog</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
<li><a href="https://blog.nihilism.network/donate.html">Donate</a></li>
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<a href="../anon.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-08-06</ba></p>
<h1>Where to host Anonymous Hidden Services ? </h1>
<p> In this tutorial we're going to look at how to host Anonymous Hidden Services.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<div id="anon3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Hosting a Hidden Service Remotely </b></h2>
<p>One way to host a Hidden Service is remotely. You anonymously rent a VPS to a non-KYC cloud provider (using Tor and Monero), and use it anonymously (using SSH through Tor), to host a Tor Hidden Service. </p>
<img src="1.png" class="imgRz">
<p>The main advantage here is that if anything goes wrong (if you try to run a sensitive service there), you are safe from any repercussions, as the cloud provider can't know that it was you who bought and used the VPS.</p>
<p>The strategy here is that whatever service you try to run, you run it as far away from your home as possible. So that if one day the location of the hidden service gets found out (as tor traffic sometimess get deanonymized, when the tor circuits go through nodes that all belong to the adversary), your home IP address doesn't get revealed.</p>
<p><u>Sidenote:</u> know that if you try to run a sensitive service, you are literally abusing the goodwill of non-KYC cloud providers, that are willing to go the extra mile to provide anonymity for you. So please don't bite the hand that feeds you, don't run sensitive services on VPSes, as the non-KYC cloud resellers are the ones that will have to deal with the consequences afterward.</p>
<p>The main drawback however, is that you are not in physical control of the server that you are using, therefore if the cloud provider has implemented extensive spying mechanisms, they will immediately find out that it is this VPS that is running said hidden service.</p>
<p><u>TLDR:</u> it's safer in case if anything goes wrong, but you don't have physical control over the service.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Self-Hosting a Hidden Service</b></h2> </br> </br>
<p>Another way to host a Hidden Service is locally, you Self-host it. You are running a server at home (which could be your previous PC), to run the hidden service. And if the ISP doesn't allow Tor traffic, you use a VPN to hide the Tor traffic.</p>
<img src="2.png" class="imgRz">
<p>The main advantage here is that you have complete control over the server, if an adversary has to get his hands on the server, he has to bust down your door and find it.</p>
<p>The strategy here is "I use secure technology, come at me!", Which brings us to the main disadvantage however: if the technology fails you along the way for example the adversary uses a Tor 0day on you, and finds out that the hidden service is at your home IP address, then there is no way you can deny that you are the administrator of said service. In that case, using a trusted VPN that regularly deletes logs like mullvadVPN, to hide the Tor traffic, might be a lifesaver. </p>
<img src="0.png" class="imgRz">
<p>There may be other attacks to figure out if you are the owner of said hidden service, like temporarily shutting down the power, or the internet connection, to see if the hidden service goes down or not.</p>
<p><u>TLDR:</u> you have physical control over the server, but if anything goes wrong, the service is at your house. No possibility to deny that you are the administrator!</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Footer Section +++++ -->
<div id="anonb">
<div class="container">
<div class="row">
<div class="col-lg-4">
<h4>Nihilism</h4>
<p>
Until there is Nothing left.
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>My Links</h4>
<p>
<a target="_blank" rel="noopener noreferrer" href="http://blog.nihilism.network/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nihilism:m.datura.network">Matrix Chat</a><br/>
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About nihilist</h4>
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@nihilism.network (<a href="https://nihilism.network/nihilist.pubkey">PGP</a>)</p>
</div><!-- /col-lg-4 -->
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
</body>
</html>

View File

Before

Width:  |  Height:  |  Size: 4.7 KiB

After

Width:  |  Height:  |  Size: 4.7 KiB

View File

Before

Width:  |  Height:  |  Size: 191 KiB

After

Width:  |  Height:  |  Size: 191 KiB

View File

Before

Width:  |  Height:  |  Size: 255 KiB

After

Width:  |  Height:  |  Size: 255 KiB

View File

Before

Width:  |  Height:  |  Size: 161 KiB

After

Width:  |  Height:  |  Size: 161 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 111 KiB

View File

@ -140,6 +140,7 @@
<li><p><u>Anonymous use</u>: you can use Whonix VMs, (can also have a with a Tor -> VPN setup) </p></li> <li><p><u>Anonymous use</u>: you can use Whonix VMs, (can also have a with a Tor -> VPN setup) </p></li>
<li><p><u>Sensitive use</u>: You can use Whonix VMs, but they need to be inside a <a href="../anonymity/index.html">veracrypt hidden volume</a></p></li> <li><p><u>Sensitive use</u>: You can use Whonix VMs, but they need to be inside a <a href="../anonymity/index.html">veracrypt hidden volume</a></p></li>
</ol> </ol>
<p><u>Sidenote:</u> <a href="https://www.qubes-os.org/">QubesOS</a> is based off the same segmentation principle, that every use must remain isolated (or compartmentalized) into VMs, for specific uses. It also uses Linux and Whonix VMs, while using the Xen hypervisor instead of libvirtd QEMU/KVM, but the concept remains the same. </p>
</div> </div>
</div><!-- /row --> </div><!-- /row -->

View File

@ -78,6 +78,7 @@
<img src="../aps/privacy.png" class="imgRz"> <img src="../aps/privacy.png" class="imgRz">
<p>In short, <b>Privacy means that you are not under surveillance.</b> In this example, Bob wants to talk to Alice privately, so he shuts the door on the prying eyes of Jack. So that he can't hear their conversation.</p> <p>In short, <b>Privacy means that you are not under surveillance.</b> In this example, Bob wants to talk to Alice privately, so he shuts the door on the prying eyes of Jack. So that he can't hear their conversation.</p>
<p>Privacy is Bob and Alice's ability to seclude themselves from the awareness of others. It is the ability that Bob has, to close the door on Jack, so that he cannot see his actions anymore.</p> <p>Privacy is Bob and Alice's ability to seclude themselves from the awareness of others. It is the ability that Bob has, to close the door on Jack, so that he cannot see his actions anymore.</p>
<p>When you are looking for Privacy, always ask yourself : <b>Privacy from what ? Privacy from whom ?</b> in other words, <b>Whom do i want to close the curtain on ?</b></p>
</div> </div>
</div><!-- /row --> </div><!-- /row -->
</div> <!-- /container --> </div> <!-- /container -->

View File

@ -73,7 +73,7 @@
<li><p>Application: <a href="../anon.html">Host-based VPN</a> (if your ISP doesn't allow Tor traffic) </p></li> <li><p>Application: <a href="../anon.html">Host-based VPN</a> (if your ISP doesn't allow Tor traffic) </p></li>
</ol> </ol>
<p>I recommend using this setup into one of the above mentionned VMs, for <a href="../anonymityexplained/index.html">Anonymous use</a>, as per the <a href="../opsec4levels/index.html">4 basic OPSEC levels</a>.</p> <p>I recommend using this setup into one of the above mentionned VMs, for <a href="../anonymityexplained/index.html">Anonymous use</a>, as per the <a href="../opsec4levels/index.html">4 basic OPSEC levels</a>.</p>
<p>TODO: force a VPN through Tor</p> <p><u>Sidenote:</u> If your ISP does not allow Tor traffic, make sure that you <a href="../vpnqemu/index.html">route the QEMU VMs traffic through a VPN</a>, to hide the tor traffic from your ISP (You -> VPN -> Tor) Setup</p>
</div> </div>

BIN
servers/vpn/11.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 110 KiB

BIN
servers/vpn/12.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 72 KiB

BIN
servers/vpn/13.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 21 KiB

BIN
servers/vpn/14.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 99 KiB

View File

@ -140,7 +140,32 @@ curl ifconfig.me
<p>And he can see that his IP got changed accordingly to the location he picked: </p> <p>And he can see that his IP got changed accordingly to the location he picked: </p>
<img src="9.png" class="imgRz"> <img src="9.png" class="imgRz">
<p>The VPN is also protecting against DNS and WebRTC leaks, according to <a href="https://mullvad.net/en/check">https://mullvad.net/en/check</a></p> <p>The VPN is also protecting against DNS and WebRTC leaks, according to <a href="https://mullvad.net/en/check">https://mullvad.net/en/check</a></p>
<p>Now that you are using Mullvad as a VPN, you can also use their Mullvad Browser, which is basically a Hardened Firefox based off the Tor Browser:</p>
<pre><code class="nim">
[ mainpc ] [ /dev/pts/3 ] [~/Nextcloud/blog]
→ apt search mullvad
Sorting... Done
Full Text Search... Done
mullvad-browser/unknown,now 13.5.1-1 amd64
Mullvad Browser
mullvad-vpn/unknown,now 2024.4 amd64 [installed]
Mullvad VPN client
[ mainpc ] [ /dev/pts/3 ] [~/Nextcloud/blog]
→ apt install mullvad-browser -y
[ mainpc ] [ /dev/pts/3 ] [~/Nextcloud/blog]
→ mullvad-browser
</pre></code>
<p>And from there you can browse the web using the same VPN connection:</p>
<img src="11.png" class="imgRz">
<img src="12.png" class="imgRz">
<p>From there, just like on the Tor Browser, you can protect against fingerprinting by setting the security level here:</p>
<img src="13.png" class="imgRz">
<p>If you want to reduce your fingerprinting attack surface as much as possible, you can choose to disable javascript by selecting the "Safest" security level, but it may break some websites functionnality.</p>
<img src="14.png" class="imgRz">
</div> </div>
</div><!-- /row --> </div><!-- /row -->
</div> <!-- /container --> </div> <!-- /container -->

BIN
servers/vpnqemu/0.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 44 KiB

BIN
servers/vpnqemu/1.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 32 KiB

BIN
servers/vpnqemu/10.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 60 KiB

BIN
servers/vpnqemu/2.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 20 KiB

BIN
servers/vpnqemu/3.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 22 KiB

BIN
servers/vpnqemu/4.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 117 KiB

BIN
servers/vpnqemu/5.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 141 KiB

BIN
servers/vpnqemu/6.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 245 KiB

BIN
servers/vpnqemu/7.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 73 KiB

BIN
servers/vpnqemu/8.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 72 KiB

BIN
servers/vpnqemu/9.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 143 KiB

208
servers/vpnqemu/index.html Normal file
View File

@ -0,0 +1,208 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>Route QEMU VMs through a Host OS VPN</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
<link href="../../assets/css/xt256.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="../../assets/css/main.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-inverse-anon navbar-static-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand-anon" href="\index.html">nihilist`s Blog</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
<li><a href="https://blog.nihilism.network/donate.html">Donate</a></li>
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<a href="../anon.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-08-08</ba></p>
<h1>Route QEMU VMs through a Host OS VPN </h1>
<p> </p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<div id="anon3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Initial Setup </b></h2>
<p>First, install the VPN like we saw previously <a href="../vpn/index.html">here</a>, but the only difference being that we now install it on the Host OS, rather than inside the VM.</p>
<pre><code class="nim">
# Download the Mullvad signing key
sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc
# Add the Mullvad repository server to apt
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
# Or add the Mullvad BETA repository server to apt
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/beta $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
# Install the package
sudo apt update
sudo apt install mullvad-vpn
# Connect to Mullvad VPN
mullvad account login
Enter an account number: 91320912809328832
Mullvad account "91320912809328832" set
# Connect to the VPN:
mullvad lockdown-mode set on
mullvad connect
curl ifconfig.me
194.127.199.92
</code></pre>
<p>Then, configure mullvad as follows:</p>
<img src="0.png" >
<img src="1.png" >
<img src="2.png" >
<p>From there you'll have the tun0 network interface available, which we can use in the QEMU VM XML configuration: </p>
<img src="3.png" class="imgRz">
<p>As you can see here, we have the tun0 interface, with the 10.5.0.0/16 subnet, so we'll use a smaller subnet within that same subnet to create our VPN NAT configuration:</p>
<img src="4.png" class="imgRz">
<p>Then use it on your VM configuration like so:</p>
<img src="5.png" class="imgRz">
<p>And then once applied, you can check if it works as intended from inside the VM, by going to <a href="https://mullvad.net/en/check">https://mullvad.net/en/check</a></p>
<img src="6.png" class="imgRz">
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Whonix VPN -> Tor Setup </b></h2> </br> </br>
<p>As we explained previously <a href="../torthroughvpn/index.html">here</a>, if your ISP does not allow Tor traffic, you need to hide it behind a VPN. And when you want to use Anonymity on the VM itself. One simple way to do it is to route the network traffic (via NAT) through a Host-based VPN like we showcased above. </p>
<p>The existing Whonix-External network looks like so by default:</p>
<pre><code class="nim">
<<b></b>network>
<<b></b>name>Whonix-External<<b></b>/name>
<<b></b>uuid>1775d1fe-1606-4962-a3a6-b7b451b9442e<<b></b>/uuid>
<<b></b>forward mode="nat">
<<b></b>nat>
<<b></b>port start="1024" end="65535"/>
<<b></b>/nat>
<<b></b>/forward>
<<b></b>bridge name="virbr1" stp="on" delay="0"/>
<<b></b>mac address="52:54:00:66:89:bb"/>
<<b></b>ip address="10.0.2.2" netmask="255.255.255.0">
<<b></b>/ip>
<<b></b>/network>
</code></pre>
<p>And it needs to be changed to the following:</p>
<pre><code class="nim">
<<b></b>network>
<<b></b>name>Whonix-External<<b></b>/name>
<<b></b>forward dev='tun0' mode='nat'/>
<<b></b>bridge name='virbr1' stp='on' delay='0'/>
<<b></b>ip address='10.0.2.2' netmask='255.255.255.0'>
<<b></b>/ip>
<<b></b>/network>
</code></pre>
<p>So do the following:</p>
<img src="7.png" class="imgRz">
<img src="8.png" class="imgRz">
<img src="9.png" class="imgRz">
<img src="10.png" class="imgRz">
<p>And that's it! We now have a (VPN -> Tor) setup, in case if your ISP doesn't allow Tor traffic, concealing it behind the VPN.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Footer Section +++++ -->
<div id="anonb">
<div class="container">
<div class="row">
<div class="col-lg-4">
<h4>Nihilism</h4>
<p>
Until there is Nothing left.
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>My Links</h4>
<p>
<a target="_blank" rel="noopener noreferrer" href="http://blog.nihilism.network/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nihilism:m.datura.network">Matrix Chat</a><br/>
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About nihilist</h4>
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@nihilism.network (<a href="https://nihilism.network/nihilist.pubkey">PGP</a>)</p>
</div><!-- /col-lg-4 -->
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
</body>
</html>

View File

@ -8,7 +8,7 @@
<meta name="author" content=""> <meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png"> <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>whonixqemuvms Setup</title> <title>Whonix QEMU VMs Setup</title>
<!-- Bootstrap core CSS --> <!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet"> <link href="../../assets/css/bootstrap.css" rel="stylesheet">
@ -73,7 +73,8 @@
<li><p>Application: <a href="../anon.html">Host-based VPN</a> (if your ISP doesn't allow Tor traffic) </p></li> <li><p>Application: <a href="../anon.html">Host-based VPN</a> (if your ISP doesn't allow Tor traffic) </p></li>
</ol> </ol>
<p>I recommend using this setup into one of the above mentionned VMs, for <a href="../anonymityexplained/index.html">Anonymous use</a>, as per the <a href="../opsec4levels/index.html">4 basic OPSEC levels</a>.</p> <p>I recommend using this setup into one of the above mentionned VMs, for <a href="../anonymityexplained/index.html">Anonymous use</a>, as per the <a href="../opsec4levels/index.html">4 basic OPSEC levels</a>.</p>
<p>TODO: force a VPN through Tor</p> <p><u>Sidenote:</u> If your ISP does not allow Tor traffic, make sure that you <a href="../vpnqemu/index.html">route the QEMU VMs traffic through a VPN</a>, to hide the tor traffic from your ISP (You -> VPN -> Tor) Setup</p>
</div> </div>

View File

@ -75,7 +75,7 @@
<div class="row"> <div class="row">
<div class="col-lg-8 col-lg-offset-2"> <div class="col-lg-8 col-lg-offset-2">
<h2><b>XMPP Server Setup </b></h2> <h2><b>XMPP Server Setup </b></h2>
<p>Before starting, check out <a href="../">this</a> tutorial on how to create your first hidden service.</p> <p>Before starting, check out <a href="../torwebsite/index.html">this</a> tutorial on how to create your first hidden service.</p>
<pre><code class="nim"> <pre><code class="nim">
root@ANON-home:~# apt install prosody prosody-modules -y root@ANON-home:~# apt install prosody prosody-modules -y