From d1bc9cefbedc01c4f1d41076a628fe61893839ba Mon Sep 17 00:00:00 2001 From: nihilist Date: Fri, 15 Nov 2024 08:55:54 +0100 Subject: [PATCH] updated --- opsec/anonymityexplained/index.html | 11 ++++++----- opsec/runtheblog/index.html | 8 ++++++++ 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/opsec/anonymityexplained/index.html b/opsec/anonymityexplained/index.html index a9aad47..2bba950 100644 --- a/opsec/anonymityexplained/index.html +++ b/opsec/anonymityexplained/index.html @@ -102,19 +102,20 @@

Now let's say the adversary knows that you live in France what are the odds now ?

-

Now let's say that the adversary knows you live in France, the odds have been significantly reduced from 1 out of 8 billion to 1 out of 65 million, but still that's not enough to accurately pinpoint you, the probability of the adversary figuring out who you are is still very low.

+

If the adversary knows you live in France, the odds have been significantly reduced from 1 out of 8 billion to 1 out of 65 million, but still that's not enough to accurately pinpoint you, the probability of the adversary figuring out who you are is still very low.

- Pseudonymity

But now let's say that the adversary knows more than that, let's suppose that the adversary knows that you have a masters in cybersecurity, and that you work a general IT job in France, for a software company. Now the odds have shrinked further, especially if the adversary is able to combine multiple sources of data to try and profile you.

Let's say you are trying to chat on SimpleX while the adversary is in the chat with you, and he sees that you have a gorillaz profile picture, call yourself Nihilist, and talk about Opsec all the time. If the adversary is good at profiling you over time, he could have already shrinked down the odds to 1 out of 10 thousand people. Here we're talking about a drastically reduced anonymity, which we can consider to be pseudonymity. but that is still not enough to know who you are IRL.

- Onymity

-

But you need to be aware that even the tiniest opsec mistake thing can reduce the odds of your anonymity to 1 out of 1, where you are effectively deanonymized. For instance let's say you are in this SimpleX chatroom , and let's say you are sending a picture of your own limited edition monerochan:

+

But you need to be aware that even the tiniest opsec mistake can reduce the odds of your anonymity to 1 out of 1, where you are effectively deanonymized. For instance let's say you are in this SimpleX chatroom , and let's say you are sending a picture of your own limited edition MoneroChan fumo plushie:

-

Now the thing is, there are only 100 monerochan plushies out there, if the adversary is the seller of those monerochan plushies, he knows where he sent all of the 100 plushies, therefore your anonymity has been reduced to 1 out of 100 But thing is, upon closer exception it is worse than you may think:

+

Now the thing is, there are only 100 of those plushies out there, if the adversary is the seller of those monerochan plushies, your anonymity odds has been reduced to 1 out of 100, that's because he knows to whom he sent those 100 plushies, meaning he now only has a group of 100 people to guess who you are from. But upon closer exception it is worse than you may think:

-

If you look closer at the image the "Certificate of authenticity" says that it is the 41th monerochan out of the 100 plushies that exist. Therefore if the adversary is the plushie seller, your anonymity odds have been reduced 1 out of 1 As he now knows to whom he sent the 41th plushie. Meaning that you just deanonymized yourself for that particular adversary.

-

You get the idea, if you want to remain Anonymous, you need to always ask yourself "how many people could send that?", if you were to send that picture i sent above, you'd realize that this is a bad idea, same as in saying your real IRL name, your phone number, your home address, your home public IP address, etc.

+

If you look closer at the image the "Certificate of authenticity" says that it is the 41st plushie amongst the 100 that exist. Therefore if the adversary is the plushie seller, your anonymity odds have been reduced 1 out of 1 as he knows to whom he sent the 41st plushie. Meaning that you just deanonymized yourself for that particular adversary.

+

You get the idea, if you want to remain Anonymous, you need to always ask yourself "how many people could send that?", if you were to send that picture i sent above, you'd realize that this is a bad idea. The same concept applies as if you were to say what is your real IRL name, your phone number, your home address, your home public IP address, etc. Do not give bullets to an adversary, as he will use everything you give him to shoot you.

+

The least info you send about yourself, what you like, what you dislike, where you live, where you work, what's your past, the better, as otherwise it will be exponentially easier for an adversary to narrow down the possibilities of who you could be, amongst a given group of people.

diff --git a/opsec/runtheblog/index.html b/opsec/runtheblog/index.html index a8eaead..9525b41 100644 --- a/opsec/runtheblog/index.html +++ b/opsec/runtheblog/index.html @@ -366,10 +366,14 @@ server {

Setting up the collaboration



Now in order to make sure you can welcome external contributions, you need at least to be able to have a gitea instance:

+

Once setup, you can clone the blog-contributions repository in your gitea instance:

+

And then, you can recreate the kanban board like so:

+

And then adding issues into it like so:

+ @@ -384,9 +388,13 @@ server {

Setting up a Mirror List



Now in order to give people a list of all the backup blog mirrors in one go, i list them manually on an uptimekuma instance:

+

First, the mirror (clearnet and .onion) gets added into the "testing" category:

+

Then, if the mirror is still reachable after 1 month, i move it into the "stable" category:

+

And there the mirror stays until i see it is no longer reachable.

+