diff --git a/README.md b/README.md
index b0301e0..ed75ddb 100644
--- a/README.md
+++ b/README.md
@@ -67,28 +67,7 @@ Send me on chat your blogpost idea, and tell me where exactly it's supposed to f
### Contributor todolist ###
Below is listed the upcoming blogposts, assigned to each contributors:
+**NOTE: If your assigned tutorial is past the deadline, the tutorial won't be assigned to you anymore, it must be completed by that time. If you want to move the deadline, contact me directly explaining why.**
-```
-meduzzza:
-1) how to obtain a domain anonymously : 10 euros
+**2024/09/18: to see the list of assigned tutorials, check out the project board [here](https://git.nowhere.moe/nihilist/blog-contributions/projects/1)**
-hlorin:
-1) how to obtain an anonymous mail account: 10 euros
-
-nileglorifier:
-1) how to setup and navigate Qubes OS : 50 euros
-
-willjager:
-2) How to setup Nerostr (Nostr blogging): 40 euros
-
-pippin:
-1) How to protect against fingerprinting (persona, text, files) : 50 euros
-2) How to run a local LLM to change your writing style (and it's use in whonix VM): 40 euros
-
-securitybrahh:
-1) Monero Inheritance setup (as part of the decentralized finances category) : 50 euros
-
-mcneb10:
-1) General How to mine Monero tutorial (xmrrig, p2pool, gupaxx?, xmrrig-proxy) : 50 euros
-
-```
diff --git a/assets/img/mcneb10.jpg b/assets/img/mcneb10.jpg
new file mode 100644
index 0000000..447f752
Binary files /dev/null and b/assets/img/mcneb10.jpg differ
diff --git a/opsec/0.html b/opsec/0.html
index 70fd2f8..445cd86 100644
--- a/opsec/0.html
+++ b/opsec/0.html
@@ -130,7 +130,7 @@
How to rent remote domains anonymously (Registrar resellers)
+
+
Not many people know that it is possible to operate a clearnet website, anonymously. That can be done using a non-KYC registrar reseller, that allows you to purchase a domain using Monero. It is crucial to maintain Anonymity when you are purchasing the domain, and when you are using it, to do so you'll need to at least keep Tor in between you and the service, as we have explained previously.
In this tutorial we're going to try out nicevps.net, and as we are operating from within a Whonix VM, we'll use their onion mirror. So first we register an account there:
+
+
Then we order a domain of our choice:
+
+
+
+
For example we order the domain meduzzza.com for a yearly 15 euros, that we will obviously pay in monero as we want to maintain Anonymity:
+
+
+
Then once paid you can access your services from the dashboard:
+
+
+
And from inside the control panel, you can set the Registered Glue Name Servers as follows, that way your domain's primary and secondary domain name servers are the ones of your choice. I recommend having an Anonymously-acquired remote VPS with a bind9 service on it.
+
+
Then once set, you can check the status of the NS record propagation dnschecker.org, be warned that the DNS propagation can take up to 48 hours to propagate.
+
+
Once the NS dns record propagated, your domain should resolve anywhere in the world:
+
+[ mainpc ] [ /dev/pts/10 ] [~/Nextcloud/blog-contributions]
+→ ping ns1.nihilism.network
+PING ns1.nihilism.network (23.137.250.140) 56(84) bytes of data.
+64 bytes from mail.nihilism.network (23.137.250.140): icmp_seq=1 ttl=56 time=58.9 ms
+64 bytes from mail.nihilism.network (23.137.250.140): icmp_seq=2 ttl=56 time=55.8 ms
+64 bytes from mail.nihilism.network (23.137.250.140): icmp_seq=3 ttl=56 time=56.3 ms
+
+
+
And that's it you can now have a public website using a domain that you acquired anonymously!
+
+
+
+
+
+
+
diff --git a/opsec/anonpersona/index.html b/opsec/anonpersona/index.html
index a9e7b74..3829f49 100644
--- a/opsec/anonpersona/index.html
+++ b/opsec/anonpersona/index.html
@@ -204,7 +204,7 @@ A: done, and added to the public page as an announcement, thanks.
Anonymity Management (DISCLAIMER: i need to redo that tutorial!)
In this tutorial we're going to take a look at how to manage your online Anonymity.
DISCLAIMER: we're using only harddrives (HDDs) here, because using SSDs are not a secure way to have Plausible Deniability, that is due to hidden Volumes being detectable on devices that utilize wear-leveling
@@ -910,7 +910,7 @@ root@workstation:~# systemctl daemon-reload ; systemctl enable --now vpn.service
diff --git a/opsec/anonymity/old.html b/opsec/anonymity/old.html
index 58c6950..e3e7e5c 100644
--- a/opsec/anonymity/old.html
+++ b/opsec/anonymity/old.html
@@ -292,7 +292,7 @@ That way, the only traffic that can escape from the anon subnet, will only be th
diff --git a/opsec/anonymityexplained/index.html b/opsec/anonymityexplained/index.html
index d7ad374..bb2bbb2 100644
--- a/opsec/anonymityexplained/index.html
+++ b/opsec/anonymityexplained/index.html
@@ -195,7 +195,7 @@ All of it because the government intends to destroy Bob's right to remain Anonym
Why can't I trust Centralised Exchanges, and random Monero nodes ?
+
As of September 5, 2024 sech1 posted on monero.town the following post, which was a repost of the following reddit post talking about a leaked Chainalysis meeting video about what was their progress on tracing monero transactions back in August 2023. This is a great opportunity to highlight the opsec weaknesses they are targeting so let's dive into it.
+
+
+
+
+
+
+
+
+
+
+
+
Chainalysis are running malicious monero nodes
+
The main attack vector of Chainalysis is their honeypot monero nodes. Meaning there are monero nodes out there (even though their IPs didnt get mentionned in the meeting), that ARE malicious.
+
+
So the first thing to be aware of is that you can't just trust random remote nodes. Chainalysis IS running an unknown amount of malicious monero nodes out there, to spy on users that decide to trust them. Therefore, I strongly suggest that you run your own monero node, and use only that node. Run it from home, or from a remote server, but run your own!
+
+
+
+
+
+
+
+
+
+
Chainalysis targets IP addresses and behavior anomalies (such as non-default fees)
+
+
Now, if you decide to trust a random remote node that is not yours, and let's say you decide to trust one of their malicious nodes, you need to be aware that they can see:
+
+
The timestamp of each transaction
+
The transaction behavioral characteristics (the number of inputs, outputs, the fee structure (1x, 10x, 100x, etc)
+
Which IP address is connecting there (clear attack on dandelion++), and it's latency.
+
+
Therefore, if you decide to trust a remote monero node, at least keep Tor in between you and the malicious node to maintain your anonymity, use the .onion monero nodes preferably!, And I also recommend that you leave the default fee option when you want to send monero somewhere.
+
But so far they cannot tell how much you are sending or recieving, because you are not touching centralised exchanges (assuming you are using Haveno DEX to buy or sell Monero)).
+
+
+
+
+
+
+
+
+
+
+
+
+
Chainalysis targets centralised exchanges that have KYC procedures
+
As I have mentionned many times previously, Businesses can all be governmental proxies to do their bidding. Centralised exchanges are businesses too, they also comply with their requests. Or in their own words, they are "Subphoenable entities". But guess what, these very Centralised Exchanges are forced to use Chainalysis' malicious monero nodes too!
+
+
Therefore if you decide to trust one of those popular Centralised Exchanges to buy / sell monero, the implications are way, way worse than what we previously explained;
+
Those centralised exchanges all comply with the requests of governmental entities such as FBI, LA, Robinhood, IRS-CI, UNK and of course Chainalysis, and due to that fact alone you cannot trust them.
+
If you decide to trust a popular centralised exchange, you'll first see that it'll run you through KYC procedures (and if it doesn't, rest assured that they will eventually be forced to do so). That is to deanonymize you, and to know who to blame if ever asked by the authorities. NEVER KYC IF YOU WANT TO REMAIN ANONYMOUS!
+
This meeting of theirs has been preety revealing, not only do these centralised exchanges give out everything they have about their users to Chainalysis (as "Transactions of interest", mentionning the amount transacted, the transaction ID, and who transacted) But it's also naming a few of THOSE very centralised exchanges that are now confirmed to actually comply with their requests:
The info of whatever you did so far, and will ever do on those centralised exchanges, be warned, is being handed over directly to the authorities. (Timestamp 26:02 to 26:47) in the video. This list is most likely (as of a year later, in september 2024) way bigger, they are eventually going to force every centralised exchange out there to implement KYC procedures and comply to their deanonymization requests.
+
My recommendation, once again is the same as i have mentionned previously: If you want to use a centralised exchange, you are shooting yourself in the foot. Stop using centralised exchanges and use decentralised exchanges, such as Haveno DEX.
+
If you want to use a centralised exchange anyway, remain anonymous when doing so (at least keep Tor in between you and the service, and never KYC yourself there), but remain aware that you will eventually have to move to decentralised exchanges sooner or later, because they are not going to stop until every centralised exchange out there complies with their demands.
diff --git a/opsec/encryption/index.html b/opsec/encryption/index.html
index d167d76..02ab58b 100644
--- a/opsec/encryption/index.html
+++ b/opsec/encryption/index.html
@@ -157,7 +157,7 @@ The door is closed, the conversation remains between Alice and Bob, their conver
diff --git a/opsec/failovers/index.html b/opsec/failovers/index.html
index ea57161..fb4955a 100644
--- a/opsec/failovers/index.html
+++ b/opsec/failovers/index.html
@@ -372,7 +372,7 @@ To activate the new configuration, you need to run:
diff --git a/opsec/governments/index.html b/opsec/governments/index.html
index d1ea347..a1bdd69 100644
--- a/opsec/governments/index.html
+++ b/opsec/governments/index.html
@@ -170,7 +170,7 @@ Law enforcement is the activity of some members of government who act in an orga
diff --git a/opsec/haveno-cashbymail/index.html b/opsec/haveno-cashbymail/index.html
index 2a856ed..cdde5ae 100644
--- a/opsec/haveno-cashbymail/index.html
+++ b/opsec/haveno-cashbymail/index.html
@@ -213,6 +213,7 @@ This will help you distinguish packages coming from different buyers and avoid c
Check out my other tutorials on Decentralised Finances below:
diff --git a/opsec/haveno-client-f2f/index.html b/opsec/haveno-client-f2f/index.html
index f6e6101..4b78c63 100644
--- a/opsec/haveno-client-f2f/index.html
+++ b/opsec/haveno-client-f2f/index.html
@@ -397,6 +397,8 @@ Arbitrators are inherited from Bisq’s 2/3 protocol. They are a trusted role an
Check out my other tutorials on Decentralised Finances below:
diff --git a/opsec/haveno-sepa/index.html b/opsec/haveno-sepa/index.html
index 540fe51..eada0a2 100644
--- a/opsec/haveno-sepa/index.html
+++ b/opsec/haveno-sepa/index.html
@@ -179,6 +179,8 @@ If you get banned from a physical bank, they may put your name on a fraud regist
Check out my other tutorials on Decentralised Finances below:
diff --git a/opsec/index.html b/opsec/index.html
index 9abdafb..3999dc3 100644
--- a/opsec/index.html
+++ b/opsec/index.html
@@ -53,7 +53,7 @@
⚠️ This Blog is open to contributions:
-
If you want to contribute, check out the gitea repository for contributions here. (i'm rewarding 10 to 50 euros in monero per new complete blogpost), if the blogpost you want to contribute is not listed below, validate your blogpost idea with me beforehand.
+
If you want to contribute, check out the gitea repository for contributions (along with the guidelines) here, check out the project board here to know the status of which tutorial being assigned to whom. (i'm rewarding 10 to 50 euros in monero per new complete blogpost, as advertised on Xmrbazaar). if the blogpost you want to contribute is not listed below, contact me directly so that I can validate your blogpost idea beforehand.
diff --git a/opsec/mail/index.html b/opsec/mail/index.html
index bce1449..59c0c6e 100644
--- a/opsec/mail/index.html
+++ b/opsec/mail/index.html
@@ -241,7 +241,7 @@ If anyone knows a particular hosting service that ALLOWS port 25 and other mail-
diff --git a/opsec/mastodon/index.html b/opsec/mastodon/index.html
index 88907b7..93864c3 100644
--- a/opsec/mastodon/index.html
+++ b/opsec/mastodon/index.html
@@ -1052,7 +1052,7 @@ You can change your password once you login.
+ In this tutorial, I'll outline how to mine Monero using p2pool. Monero mining uses the RandomX algorithm
+ and is CPU bound to prevent ASICs from centralizing the network.
+
+
+ As with almost all other cryptocurrencies, Monero is best mined in pools.
+ Most pools are centralized, meaning one entity controls the operation of the pool.
+ This is an issue, because if the pool gains at least 51% of the total hashing power of the
+ network, the network's security
+ can be compromised.
+ To prevent this, p2pool was written.
+
+
+ p2pool is a open source Monero mining pool that provides the best rewards and helps prevent
+ centralization of mining power.
+ The pool is decentralized and is not controlled by any one entity.
+
+
+ Before you begin, it is important to know that due to the peer to peer nature of p2pool, all
+ nodes connect to each other via forwarded ports and your IP will be visible by the network.
+ There is currently no way to hide your IP, except maybe via VPN which is beyond the scope of
+ this tutorial.
+ This tutorial explains how to
+ set one up.
+
+
+
+
+
+
+
+
+
+
+
Monero Node
+
+ Before you begin mining, you must first find a node to source block data from. This node must
+ have zmq enabled for p2pool to function.
+
+
+ I recommend running your own node to reduce strain on the network and to increase your own
+ privacy.
+ You can follow this tutorial to set one up.
+ If you cannot run a Monero node for some reason, pick the fastest node from the list here and write down the hostname,
+ RPC_Port, and ZMQ_Port.
+
+
+
+
+
+
+
+
+
+
+
+
+
p2pool Node Setup
+
+ When using p2pool, you must run your own p2pool node to which the xmrig mining clients will
+ connect.
+
+ You'll need to make various changes to this config for your specific configuration:
+
+
+
+
+ Change the path of p2pool in ExecStart to the path outputted by realpath on your machine.
+
+
+ Replace the x in --wallet x with your own wallet address
+
+
This is the wallet address that will represent your mining power on p2pool. It MUST be a primary address.
+
I recommend creating a new wallet specifically for mining to protect your privacy, as mining payout transactions are partially transparent to allow auditing of the total Monero supply.
+
DO NOT share this address with anyone, as it can be used to obtain the IP address of your p2pool node.
+
+
+
+ Change the hostname after the --host option and the ports after the --zmq-port and --rpc-port options to the hostname and ports specific to the Monero node you run (or the one wrote down earlier if you are using another node).
+
+
+ Make sure the stratum interface is configured how you want it
+
+
The --stratum option sets the address and port p2pool will bind to for accepting stratum connections. These stratum connections are for p2pool to communicate with the computers you will be mining on.
+
The default is fine, but will expose on all interfaces. If you don't want this, change the 0.0.0.0 to a different address.
+
+
+
+ Remove the --mini option if you are running a larger scale mining operation (around 100kH/s or higher)
+
+ Please note that the source code and precompiled xmrig binaries will donate 1% of your hashrate to the developer.
+ You can change the code to prevent this or block the developer's server as it can compromise your privacy.
+ The donation can be blocked by amending your hosts file like so:
+
+ Be careful mining in apartments, dorms, shared living spaces, public spaces, etc. as many have explicit policies against mining that may result in your punishment.
+
+
+ With that out of the way, we can setup a systemd service like so:
+
+ Again, you'll have to make some changes to the service config for your configuration:
+
+
Change the path of xmrig in ExecStart to the path outputted by the realpath command
+
Replace the 127.0.0.1:3333 with the hostname:port of your p2pool stratum server we just set up relative to your mining rig
+
+
+ Some optimization info:
+
+
xmrig relies on bare metal control of a CPU as root for optimization, so if you run it in a VM or as a regular user it will get a very bad hash rate.
+
+ xmrig also has options to control the amount of threads and resources it uses on your machine.
+ By default it won't use all resources to prevent the computer from becoming unusable.
+ You can force xmrig to use as much computing power as possible by adding the option --cpu-no-yield to the command line.
+
+
+ You can also set the number of preferred CPU threads for xmrig to use by adding -t N, where N is the number of threads.
+ I don't recommend changing this, as xmrig will chose the optimal settings for you.
+ Cutting down threads will reduce cpu + power usage.
+
+
+ See the full list of optimization options here.
+
+ Repeat the process for all of your mining rigs.
+
+
+
+
+
+
+
+
+
+
+
+
Maintenance
+
+ Make sure to periodically check for updates on p2pool, as there may be breaking changes that affect mining profitability and security.
+
+
+ To update the binaries for either p2pool or xmrig, simply download them and overwrite the old version.
+ You can use commands in the installation instructions to overwrite the old one.
+ The systemd services should continue to work fine.
+
Simply paste your mining wallet address in the search bar to view. Keep in mind the information will not populate until you get your first share, which might take a few hours.
+
+
+
+ Registering for the xmrvsbeast hash rate raffle can give you even more profitability as a miner. The site explains the rules in depth.
+
diff --git a/opsec/pf_captive/index.html b/opsec/pf_captive/index.html
index 2bb25f5..6398a21 100644
--- a/opsec/pf_captive/index.html
+++ b/opsec/pf_captive/index.html
@@ -142,7 +142,7 @@ the bind user is in the pfsense-admin group:
diff --git a/opsec/pgp/index.html b/opsec/pgp/index.html
index ee7dd8c..e82c4fe 100644
--- a/opsec/pgp/index.html
+++ b/opsec/pgp/index.html
@@ -356,7 +356,7 @@ Encode input into binary or ASCII-armored output with an integrated signature
To sign the message while also remaining in plaintext, we use the second option --clearsign (also, if you have multiple private keys like me, choose it with the -u flag to specify who is sending the message):
The signed message is saved as "message.txt.asc", now let's encrypt it using alice's public key, and also don't forget to encrypt it with the private key you want with the -u flag again:
In this tutorial we're going to look at how you can backup your critical data (Keepass accesses, pgp key, ssh key, etc) while still maintaining the plausible deniability.
+DISCLAIMER: we're using only harddrives (HDDs) here, because using SSDs are not a secure way to have Plausible Deniability, that is due to hidden Volumes being detectable on devices that utilize wear-leveling
+
+source: https://anonymousplanet.org/guide.html#understanding-hdd-vs-ssd
+
+regarding wear leveling:
+"Also as mentioned earlier, disabling Trim will reduce the lifetime of your SSD drive and will significantly impact its performance over time (your laptop will become slower and slower over several months of use until it becomes almost unusable, you will then have to clean the drive and re-install everything). But you must do it to prevent data leaks that could allow forensics to defeat your plausible deniability. The only way around this at the moment is to have a laptop with a classic HDD drive instead."
+
+
+
+
@@ -76,15 +86,8 @@
Initial Setup
-DISCLAIMER: we're using only harddrives (HDDs) here, because using SSDs are not a secure way to have Plausible Deniability, that is due to hidden Volumes being detectable on devices that utilize wear-leveling
-
-source: https://anonymousplanet.org/guide.html#understanding-hdd-vs-ssd
-
-regarding wear leveling:
-"Also as mentioned earlier, disabling Trim will reduce the lifetime of your SSD drive and will significantly impact its performance over time (your laptop will become slower and slower over several months of use until it becomes almost unusable, you will then have to clean the drive and re-install everything). But you must do it to prevent data leaks that could allow forensics to defeat your plausible deniability. The only way around this at the moment is to have a laptop with a classic HDD drive instead."
-
-
-
+
Before starting, make sure that your Whonix VM you need to make sure the USB controller is set to USB 2:
+
First install veracrypt in the plausibly deniable whonix VM (for more details on how to set that environment up in this previous tutorial), go there to download the latest .deb package:
@@ -151,12 +154,76 @@ ONLY THEN the veracrypt volume is completed, and can be backed up somewhere else
write something in there such as your week in a small text file, name it with today's date. (don't reveal the presence of a hidden file in the text content). This is just an example as to what content you could put there. Goal is that the content must make sense in case if you're forced to type in your password there. Second goal is that for each veracrypt hidden volume changes that occur, the content of the decoy partition must also change because otherwise it will reveal the existance of the hidden volume if the remote server keeps the previous versions of each file.
-
Once you have closed the decoy volume, the Veracrypt volume is ready to be backed up:
-
-
copy it to a server (wherever you want online), and then copy the file on your mainpc, your laptop and then you can also put it on a usb key to be hidden somewhere.
+
Once you have closed the decoy volume, the Veracrypt volume is ready to be backed up, there you need to add the USB keys to the Whonix Workstation VM like so:
+
+
And you need to copy the "diary" file to a server (wherever you want online), and then copy the file on your mainpc, your laptop and then you can also put it on a usb key to be hidden somewhere.
-
Like so you're covered in case if you are forced to give away your password, and in case if an adversary fills the decoy partitions of your veracrypt volumes in an attempt to destroy the hidden partitions.
-
You can get creative as to how you choose to hide the veracrypt volume aswell, such as replacing a random linux binary in the /bin/ folder, or a library in /lib, or a file in /etc/, burying the usb key somewhere underground, etc
+
If you want to automate the backup process, place the following backup.sh bashscript inside the whonix VM:
+
+[ Whonix ] [ /dev/pts/2 ] [~]
+→ cat backup.sh
+
+#!/bin/bash
+
+#QEMU setting:
+#whonix workstation configuration > Controller USB 0 > USB 2
+# add each USB as host usb passthrough
+
+#mount all 3 usb sticks:
+sudo mkdir /mnt/usb1
+sudo mkdir /mnt/usb2
+sudo mkdir /mnt/usb3
+
+sudo mount /dev/sda1 /mnt/usb1
+sudo mount /dev/sdb1 /mnt/usb2
+sudo mount /dev/sdc1 /mnt/usb3
+
+#mount the veracrypt volume to add new diary:
+echo "[+] Mount DECOY volume, to add new diary:"
+veracrypt --mount /home/user/diary
+vim /media/veracrypt1/$(date --iso-8601).txt
+echo '[+] DIARY COMPLETE:'
+ls -lash /media/veracrypt1
+
+#mount the veracrypt volume to add new diary:
+echo "Mount remounting volume, to backup critical data:"
+veracrypt --dismount /home/user/diary
+veracrypt --mount /home/user/diary
+
+#backup whats critical in the veracrypt volume:
+cp -r /home/user/.gnupg /media/veracrypt1/
+cp -r /home/user/.ssh /media/veracrypt1/
+cp -r /home/user/backup.sh /media/veracrypt1/
+cp -r /home/user/Passwords.kdbx /media/veracrypt1/
+
+ls -lash /media/veracrypt1
+echo '[+] CRITICAL DATA ADDED TO VERACRYPT, BACKING IT UP TO USB STICKS:'
+veracrypt --dismount /home/user/diary
+
+sudo cp -r /home/user/diary /mnt/usb1/diary
+sudo cp -r /home/user/diary /mnt/usb2/diary
+
+ls -lash /mnt/usb*
+
+echo '[+] CRITICAL DATA BACKUP ON the 3 USB STICKS COMPLETE, UNMOUNTING...'
+sudo umount /mnt/usb1
+sudo umount /mnt/usb2
+#sudo umount /mnt/usb3
+
+echo '[+] REMOTE BACKUP'
+rsync /home/user/diary remoteserver:/root/diary -razP
+
+echo '[+] REMOVING LOGS'
+echo '' > ~/.histfile
+sudo rm /var/log/*.log /var/log/*/*.log
+sudo dmesg -c
+
+echo '[+] SENSITIVE BACKUP COMPLETED, NOW HIDE ALL 3 IN HIDDEN LOCATIONS, UNMOUNTING...'
+
+
+
For instance, you can backup your critical files in places that you own (your apartment, your car, on your keyring), but these places can be found easily. If you want to actually hide (and be able to claim that there are no more copies of your USB keys), get the USB keys in places totally unrelated to you, get creative such as burying the usb key somewhere you can remember, far away from your home, or hiding the file in a remote server, in a location that you remember.
+
Like so you're covered in case if you are forced to give away your password, and in case if an adversary takes your harddrives, USB keys (minus the ones you managed to hide elsewhere), and if the adversary fills the decoy partitions of your veracrypt volumes in an attempt to destroy the hidden partitions, even in that case, you can still recover your data from the remaining places you successfully managed to hide your data to.
+
Get creative as to how you choose to hide the veracrypt volume aswell, such as replacing a random linux binary in the /bin/ folder, or a library in /lib, or a file in /etc/, burying the usb key somewhere underground, etc
@@ -187,7 +254,7 @@ ONLY THEN the veracrypt volume is completed, and can be backed up somewhere else
diff --git a/opsec/privacyvsanonymity/index.html b/opsec/privacyvsanonymity/index.html
index a1147dc..dce0a02 100644
--- a/opsec/privacyvsanonymity/index.html
+++ b/opsec/privacyvsanonymity/index.html
@@ -184,7 +184,7 @@ Alice is talking to Bob, behind closed doors. Jack can't hear their conversation
diff --git a/opsec/torthroughvpn/index.html b/opsec/torthroughvpn/index.html
index 50857ad..7516426 100644
--- a/opsec/torthroughvpn/index.html
+++ b/opsec/torthroughvpn/index.html
@@ -228,7 +228,7 @@ Several countries, including China and Iran, have found ways to detect and block
diff --git a/opsec/torvsvpns/index.html b/opsec/torvsvpns/index.html
index 677f54c..96cdcc7 100644
--- a/opsec/torvsvpns/index.html
+++ b/opsec/torvsvpns/index.html
@@ -150,7 +150,7 @@ Until Jack can figure out who that Someone is, that someone is Anonymous.
diff --git a/opsec/tutorial/index.html b/opsec/tutorial/index.html
index a9f6d7b..06b9f6c 100644
--- a/opsec/tutorial/index.html
+++ b/opsec/tutorial/index.html
@@ -174,7 +174,7 @@ Congratulations, you just managed to gain privacy at your own house / apartment
diff --git a/opsec/vpnqemu/0.png b/opsec/vpnqemu/0.png
index 6491060..8e6e5ce 100644
Binary files a/opsec/vpnqemu/0.png and b/opsec/vpnqemu/0.png differ
diff --git a/opsec/vpnqemu/1.png b/opsec/vpnqemu/1.png
index 8cecbf4..08611d2 100644
Binary files a/opsec/vpnqemu/1.png and b/opsec/vpnqemu/1.png differ
diff --git a/opsec/vpnqemu/11.png b/opsec/vpnqemu/11.png
new file mode 100644
index 0000000..bfc00c2
Binary files /dev/null and b/opsec/vpnqemu/11.png differ
diff --git a/opsec/vpnqemu/12.png b/opsec/vpnqemu/12.png
new file mode 100644
index 0000000..fd64fe9
Binary files /dev/null and b/opsec/vpnqemu/12.png differ
diff --git a/opsec/vpnqemu/2.png b/opsec/vpnqemu/2.png
index 5e23c4d..2ba72a5 100644
Binary files a/opsec/vpnqemu/2.png and b/opsec/vpnqemu/2.png differ
diff --git a/opsec/vpnqemu/index.html b/opsec/vpnqemu/index.html
index 114b174..2d19c3e 100644
--- a/opsec/vpnqemu/index.html
+++ b/opsec/vpnqemu/index.html
@@ -107,20 +107,24 @@ curl ifconfig.me
-
From there you'll have the tun0 network interface available, which we can use in the QEMU VM XML configuration:
+
From there you can check from the host OS that you have a access to the internet via the VPN:
+
+
+
From there, you need to make sure that your VM has it's network interface set as "NAT" as it is by default (be aware that if the VM network interface is configured as macvtap or bridge, the traffic won't go through the VPN!):
+
+
And then once applied, you can check if it works as intended from inside the VM (all that's required is for the VM to have a NAT connection), by going to https://mullvad.net/en/check from inside the VM:
XMPP Chat Server Setup (Clearnet + Onion + OMEMO E2EE)
-
In this tutorial, we're going to check out how to setup a XMPP chat server, that is accessible over Tor, as a hidden service, using Prosody and Pidgin.
+
In this tutorial, we're going to check out how to setup a XMPP chat server, that is accessible over Tor, as a hidden service, using Prosody. We'll also cover how to have a Clearnet XMPP server, and how to have OMEMO End to End encryption using the Gajim XMPP client.
@@ -74,7 +74,7 @@
-
XMPP Server Setup
+
XMPP Onion Server Setup
Before starting, check out this tutorial on how to create your first hidden service.
Then you can just connect to the XMPP server over clearnet aswell, but one thing to note is that pidgin is limited when it comes to encrypting chats, so let's use Gajim instead as it comes with OMEMO encryption out of the box:
+
+user@laptop: apt install gajim -y
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
XMPP OMEMO End to End Encryption (E2EE)
+
+
+
+
+
+
+
+
Now here, you need to tell the other peer (if they don't have OMEMO enabled) to install a XMPP client like gajim, just like you, to use OMEMO encryption just like you, to have end to end encryption.
+
+
+
+
+
+
+
+
And that's it! you now have a XMPP server working over both Clearnet, and Tor, with end to end encryption.
-
TODO: showcase a multi-user chat with 3 users
-
TODO: showcase XMPP onion federation between server A <-> and B
+
+
+
+
+
+
+
+
+
+
+
+
@@ -216,7 +216,7 @@ root@cockbox:~# apt update -y ; apt upgrade -y ; apt autoremove -y
+
+ 
+ 
-
-
+
-
+
+
+
+
+
+
+ 
+
+
+
+
+
+
+
+
+