Merge pull request 'Fixed typos and broken link' (#7) from Zesc/blog-contributions:main into main
Reviewed-on: nihilist/blog-contributions#7 fixing typos
This commit is contained in:
commit
5343f9ed35
@ -96,7 +96,7 @@
|
||||
<p>And from there, you will be able to port-forward the ports from your local service, to the VPS, while maintaining your Anonymity. </p>
|
||||
<p>And of course, if your ISP doesn't allow Tor traffic, we can always hide it using a Trusted VPN, like MullvadVPN.</p>
|
||||
<img src="2.png" class="imgRz">
|
||||
<p>Note that such a setup is to be done only when you want to have your server data at home (for exmaple, <a href="../mailprivate/index.html">self-hosting a mail server, while maintaining Anonymity</a>), if this is not a concern, then you should just host the service remotely as seen above.</p>
|
||||
<p>Note that such a setup is to be done only when you want to have your server data at home (for example, <a href="../mailprivate/index.html">self-hosting a mail server, while maintaining Anonymity</a>), if this is not a concern, then you should just host the service remotely as seen above.</p>
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
|
@ -77,7 +77,7 @@
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Self-Auditing</b></h2>
|
||||
<p>Let's first assume that you have a public internet presence online, you have a domain name registered to your name, and you host some services online. </p>
|
||||
<p>Let's also assume that you have followed the previous tutorials, meaning you now have whonix VMs in a veracrypt hidden partition that you can deny the existance of <b>(reminder: do NOT use SSDs, use HDDs otherwise devices that use wear-leveling can reveal the existance of a hidden partition)</b>.</p>
|
||||
<p>Let's also assume that you have followed the previous tutorials, meaning you now have whonix VMs in a veracrypt hidden partition that you can deny the existence of <b>(reminder: do NOT use SSDs, use HDDs otherwise devices that use wear-leveling can reveal the existence of a hidden partition)</b>.</p>
|
||||
<p>So from now on your publicly you're going to PGP sign a message for everyone to see that you wish to sell the domain and all of it's subdomain services to someone else, and to message you over email/ or a chatrom for the price. The message can look as follows: </p>
|
||||
<pre><code class="nim">
|
||||
Hi all, planning to stop all of my services soon due to lack of interest / or X Y Z.
|
||||
@ -86,7 +86,7 @@ Contact me at email@example.com to discuss this offer if you're interested.
|
||||
|
||||
</pre></code>
|
||||
<img src="1.png" class="imgRz">
|
||||
<p>Basically here you're going to want someone anonymous to buy your services, officially. Secretely you will simply have moved to an anonymous way of operating.</p>
|
||||
<p>Basically here you're going to want someone anonymous to buy your services, officially. Secretly you will simply have moved to an anonymous way of operating.</p>
|
||||
<img src="2.png" class="imgRz">
|
||||
<p>Unless if you're hosting something incredible, Most likely noone will answer, but in the meantime you're going to audit your infrastructure on the following points:</p>
|
||||
<pre><code class="nim">
|
||||
@ -159,12 +159,12 @@ A: Hey i want to buy your services, i can pay 2 XMR
|
||||
you: sure, here's my XMR address:
|
||||
A:payment sent, awaiting accesses
|
||||
you: ok payment recieved, here is the domain transfer code for domainexample.com: mkmkkljnnuju, i made sure it was unlocked
|
||||
A: ok i've created the transfer request on nicevps.net, it will get transfered in a few days (can take 2 weeks for example). Please send me the accesses to your public servers.
|
||||
A: ok i've created the transfer request on nicevps.net, it will get transferred in a few days (can take 2 weeks for example). Please send me the accesses to your public servers.
|
||||
you: here is SSH root access for server A, B, and C (typically the 2 dns servers, and the main public server)
|
||||
A: ok i changed all of the accesses, please send me the files for the X Y Z services that you host at home. i've created a temporary user you can SSH with to copy the files in /tmp/
|
||||
you: ok i just SCP'd (sent via SSH) the files in /tmp/
|
||||
A: recieved, thanks.
|
||||
you: Please publicly state, and PGP-sign that the domain, and all of it's servers have been bought by you, by mentionning the new name, email and the plan moving forward.
|
||||
you: Please publicly state, and PGP-sign that the domain, and all of it's servers have been bought by you, by mentioning the new name, email and the plan moving forward.
|
||||
A: Domain has been successfully transfered to nicevps.net, all good thanks.
|
||||
A: done, and added to the public page as an announcement, thanks.
|
||||
|
||||
|
@ -79,7 +79,7 @@
|
||||
<p><img src="../de2.png"> <b>Since Bob has no other choice but to comply when the adversary forces him to unlock his hard drives, and since he didn’t implement Deniable Encryption</b>, he has to show all the incriminating evidence, and therefore he can no longer deny implications with the sensitive activity.</p>
|
||||
<img src="5.png" class="imgRz">
|
||||
<p> Bob’s setup, although suitable for Anonymous Use, is not suitable for Sensitive Use <b>due to the lack of Deniable Encryption</b></p>
|
||||
<p><img src="../de0.png">For instance, if Bob had implemented <a href="../veracrypt/index.html">VeraCrypt’s deniable encryption</a> to store the sensitive data, <b>he could’ve given password A to open the decoy volume for the adversary, and could’ve claimed that there was no hidden volume. The adversary wouldn have no way to prove otherwise.</b></p>
|
||||
<p><img src="../de0.png">For instance, if Bob had implemented <a href="../veracrypt/index.html">VeraCrypt’s deniable encryption</a> to store the sensitive data, <b>he could’ve given password A to open the decoy volume for the adversary, and could’ve claimed that there was no hidden volume. The adversary would have no way to prove otherwise.</b></p>
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
|
@ -71,7 +71,7 @@
|
||||
<p>Bob is using an open-source browser and a VPN to access a website (in our example youtube), but then he starts thinking that it's enough to start to use that website anonymously, even though they don't allow it. <b>He starts to sign up and mentions a false name and address when creating an account. which infuriates the Youtube employee:</b></p>
|
||||
<img src="3.png" class="imgRz">
|
||||
<p>Bob's current setup is suitable for Private use as he is using <a href="../closedsource/index.html">open source software</a>, and a <a href="../vpn/index.html">VPN</a>, <b>But is it suitable for Anonymous use too ?</b></p>
|
||||
<p>When you think about it, currently He is anonymous, as he hides his real IP from the destination website, and he didnt deanonymize himself through his actions while on the website. <b>The problem is how expensive is it to deanonymize Bob ?</b></p>
|
||||
<p>When you think about it, currently He is anonymous, as he hides his real IP from the destination website, and he didn't deanonymize himself through his actions while on the website. <b>The problem is how expensive is it to deanonymize Bob ?</b></p>
|
||||
<p>To answer that, let's take the example of a Youtube employee being infuriated that Bob dared to lie about his personal information, and the employee decides to call some corrupt police agents (yes they have very close ties to the authorities) to do their bidding in order <b>to scare the VPN provider into revealing the real IP of whoever connected as Charlie Chaplin on youtube.com</b>, around the time where Bob signed up, in order to deanonymize Bob.</p>
|
||||
<img src="2.png" class="imgRz">
|
||||
<p>The end result is that the VPN provider has to give the data they have to the authorities, (<a href="https://www.pcmag.com/news/mullvad-vpn-hit-with-search-warrant-in-attempted-police-raid">which only works if they keep logs!</a>) and reveal Bob's Identity, and that only cost a few pennies to the adversary (here the youtube employee) to deanonymize Bob. </p>
|
||||
|
@ -84,7 +84,7 @@
|
||||
<img src="2.png" class="imgRz">
|
||||
<img src="3.png" class="imgRz">
|
||||
<img src="4.png" class="imgRz">
|
||||
<p>Now that the account is created, we can also validate if we can recieve mails:</p>
|
||||
<p>Now that the account is created, we can also validate if we can receive mails:</p>
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
|
@ -85,7 +85,7 @@ zuluCrypt-gui
|
||||
|
||||
<p>Now that zuluCrypt is fully functional, it's time to find a video file to use as your container.
|
||||
In this tutorial we'll be using an mp4 file as our video container, so if you have an mp4 video file you'd like to use then follow the next steps with your own mp4 video file.
|
||||
If you need an mp4 video file, the following sites are excellent resources for free public domain movies that are ideal containers as they're copywright free:<br>
|
||||
If you need an mp4 video file, the following sites are excellent resources for free public domain movies that are ideal containers as they're copyright free:<br>
|
||||
<a href="https://www.publicdomaintorrents.info/index.html">https://www.publicdomaintorrents.info/index.html</a><br>
|
||||
<a href="https://archive.org/details/feature_films">https://archive.org/details/feature_films</a><br>
|
||||
<a href="https://publicdomainmovie.net/">https://publicdomainmovie.net/</a><br>
|
||||
|
@ -80,7 +80,7 @@
|
||||
<img src="1.png" class="imgRz">
|
||||
<p>The catch here is that when you try to reverse-engineer binary files, it's going to be very hard to figure out what the original source code was. This practice is called <a href="https://blog.nowhere.moe/binexp.html">Reverse Engineering</a>, a niche in cybersecurity, where someone tries to figure out what the original sourcecode was intended to be, with only the binary to work with.</p>
|
||||
<p>One thing is for sure: you can't arrive at the original sourcecode from just the binary. It's mostly guess work.</p>
|
||||
<p>Most software companies (which can be corporations) out there are greedy, they work hard to produce software, and they hate to have any competition. Hence they want keep their software sourcecode private, to make it as hard as possible to others to arrive at the same level of functionnality. That is exactly why closed source software is used by most people. </p>
|
||||
<p>Most software companies (which can be corporations) out there are greedy, they work hard to produce software, and they hate to have any competition. Hence they want keep their software sourcecode private, to make it as hard as possible to others to arrive at the same level of functionality. That is exactly why closed source software is used by most people. </p>
|
||||
|
||||
<p>The most popular example out there is Windows, they would definitely not like their sourcecode to be leaked/reversed like it with <a href="https://www.theverge.com/2018/2/8/16992626/apple-github-dmca-request-ios-iboot-source-code">Apple's IOS</a>.</p>
|
||||
</div>
|
||||
@ -125,7 +125,7 @@
|
||||
<li><p>It should not contain any telemetry, or any spyware.</p></li>
|
||||
<li><p>It should ONLY do what it was originally meant to do.</p></li>
|
||||
</ol>
|
||||
<p>By that standard, you can already discard software like Windows, Discord, Whatsapp, Instagram, iOS, pre-installed phone host OSes, Word, Excel, etc, as none of them are open source, and you can be damn sure that they are spying on everything you do, willfully or not. (ever since the US government passed the <a href="https://www.dni.gov/files/icotr/Section702-Basics-Infographic.pdf">FISA section 702</a>.)</p>
|
||||
<p>By that standard, you can already discard software like Windows, Discord, Whatsapp, Instagram, iOS, pre-installed phone host OSes, Word, Excel, etc, as none of them are open source, and you can be damn sure that they are spying on everything you do, wilfully or not. (ever since the US government passed the <a href="https://www.dni.gov/files/icotr/Section702-Basics-Infographic.pdf">FISA section 702</a>.)</p>
|
||||
|
||||
<p><b>YOU CAN NEVER TRUST PEOPLE.</b></p>
|
||||
<p><b>SO YOU CAN'T TRUST THEIR CLOSED SOURCE SOFTWARE.</b></p>
|
||||
|
@ -120,12 +120,12 @@ The door is closed, the conversation remains between Alice and Bob, their conver
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Why is Plausible Deniability is Vital?</b></h2> </br> </br>
|
||||
<p>From a legal standpoint, the only way to be protected against that scenario where you're forced to decrypt your harddrive <b>is to be able to deny the existance of said encrypted volume (Plausible Deniability)</b> . If the encrypted volume does not exist, there is no password to be given for it.</p>
|
||||
<p>From a legal standpoint, the only way to be protected against that scenario where you're forced to decrypt your harddrive <b>is to be able to deny the existence of said encrypted volume (Plausible Deniability)</b> . If the encrypted volume does not exist, there is no password to be given for it.</p>
|
||||
<p>So here we need a technology that can provide us Plausible Deniability. <b>That is what Veracrypt can do for us</b>.</p>
|
||||
<img src="5.png" class="imgRz">
|
||||
<p>In short, Veracrypt allows you to encrypt volumes, just like LUKS encryption does. <b>However it gives you the choice to hide another encrypted volume inside the same volume</b>, that is exactly what you can deny the existance of.</p>
|
||||
<p>In short, Veracrypt allows you to encrypt volumes, just like LUKS encryption does. <b>However it gives you the choice to hide another encrypted volume inside the same volume</b>, that is exactly what you can deny the existence of.</p>
|
||||
<p>So you can hide some random meaningless data inside the decoy volume, while the real data that needs protection sits inside the hidden volume.</p>
|
||||
<p>This means, when Jack forces Bob to open the vercrypt volume, Bob types Password A to open the decoy volume, Then, when asked by Jack, <b>Bob declares that there is no Hidden volume, and Jack has no way to prove the existance the Hidden Volume</b>.</p>
|
||||
<p>This means, when Jack forces Bob to open the vercrypt volume, Bob types Password A to open the decoy volume, Then, when asked by Jack, <b>Bob declares that there is no Hidden volume, and Jack has no way to prove the existence the Hidden Volume</b>.</p>
|
||||
<p>To see how to implement Plausible Deniability protection with Veracrypt, check out this <a href="../veracrypt/index.html">tutorial</a>.</p>
|
||||
|
||||
</div>
|
||||
|
@ -63,7 +63,7 @@
|
||||
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-04-13</ba></p>
|
||||
<h1>EndGame V3 Setup </h1>
|
||||
<img src="0.png" class="imgRz">
|
||||
<p>In this tutorial we're going to setup the EndGameV3 Anti DDOS / Load Balancer / WAF service popularized by Dread, it was originally built to block off the incessant <a href="https://blog.torproject.org/tor-network-ddos-attack/">DDOS attacks</a> that onion services were facing. Because of that, EndGame was developped, along with the <a href="https://blog.torproject.org/introducing-proof-of-work-defense-for-onion-services/">Proof of Work (POW) Defense released by TorProject</a> for more details you can click <a href="https://community.torproject.org/onion-services/ecosystem/technology/pow/">here</a>. </p>
|
||||
<p>In this tutorial we're going to setup the EndGameV3 Anti DDOS / Load Balancer / WAF service popularized by Dread, it was originally built to block off the incessant <a href="https://blog.torproject.org/tor-network-ddos-attack/">DDOS attacks</a> that onion services were facing. Because of that, EndGame was developed, along with the <a href="https://blog.torproject.org/introducing-proof-of-work-defense-for-onion-services/">Proof of Work (POW) Defense released by TorProject</a> for more details you can click <a href="https://community.torproject.org/onion-services/ecosystem/technology/pow/">here</a>. </p>
|
||||
<pre><code class="nim">
|
||||
Endgame should be on a separate server to your backend server. It only proxies content from your backend to the user. You will still need to configure your backend to handle requests from the Endgame Front.
|
||||
|
||||
|
@ -96,7 +96,7 @@
|
||||
<img src="7.png" class="imgRz">
|
||||
<p>However that's not enough as when you enable USB tethering the USB device ID changes, so we enable USB tethering like so (ex: in Graphene OS you go to: <b>Settings > Network and Internet > Hotspot & Tethering > Toggle USB Tethering ON</b>) before adding it in the pfsense VM:</p>
|
||||
<img src="8.png" class="imgRz">
|
||||
<p>Now that the device is added, enable USB tethering from your phone , then let's make sure that it is proprely configured as a second WAN interface in pfsense:</p>
|
||||
<p>Now that the device is added, enable USB tethering from your phone , then let's make sure that it is properly configured as a second WAN interface in pfsense:</p>
|
||||
<img src="9.png" class="imgRz">
|
||||
<p>Here you see the pfsense VM detecting the usb device from console, however to make the setup simpler we'll set it up from the pfsense dashboard, from the VM inside the LAN network:</p>
|
||||
<img src="10.png" class="imgRz">
|
||||
|
@ -123,7 +123,7 @@
|
||||
<b>Monero: the Privacy Standard for transactions</b>
|
||||
<p>Out of that situation emerged privacy coins, with Monero still at the top to this day (<a href="https://iv.nowhere.moe/watch?v=YTTac2XjyFY">also known as the only cryptocurrency that's used</a>) is basically a cryptocurrency just like bitcoin, except that it does everything to obscure every info regarding transactions. Basically, it's a nightmare for financial regulators.</p>
|
||||
<img src="1.png" class="imgRz">
|
||||
<p>To make it short, it obscures the amount transacted, the ip addresses, who recieves the transaction and who sends the transaction, To this day not a single monero transaction has been successfully traced. For more details on Monero, check the infodump <a href="https://moneroinfodump.neocities.org/#MoneroIsUntraceable">here</a>.</p>
|
||||
<p>To make it short, it obscures the amount transacted, the ip addresses, who receives the transaction and who sends the transaction, To this day not a single monero transaction has been successfully traced. For more details on Monero, check the infodump <a href="https://moneroinfodump.neocities.org/#MoneroIsUntraceable">here</a>.</p>
|
||||
<p>Monero's goals differ from what bitcoin has become. It's not to get rich, the goal is to provide transactional privacy, anonymity, and ultimately to be USED as a currency. That is a fundamental difference to the whole bitcoin-fan ecosystem of pump and dump schemes, monero is not meant to be a speculative asset.</p>
|
||||
<p>More to the point, given the alarming increase of surveillance worldwide, and incoming regulations forced onto everyone, do you seriously think that people will keep trying to use random coins just to get taxed ? <b>No, eventually only the coins that take privacy and anonymity of it's users as their first priority will remain.</b> Mark my words; hop on the orange boat, and watch every other currency lose value.</p>
|
||||
<p>Governments so far have been unable to do anything to stop monero from being transacted. The only thing they can successfully do is to force centralised exchanges to delist it (<a href="https://www.binance.com/en/square/post/3817825785186">example: Binance Delists monero</a>), but <b>decentralised currencies don't require centralised exchanges to exist.</b></p>
|
||||
@ -135,7 +135,7 @@
|
||||
<img src="3.png" class="imgRz">
|
||||
<p>In short, <b>Cut out the troublesome middle man, and transact with the end user directly</b>. You can also use semi-centralised platforms such as <a href="https://localmonero.co">https://localmonero.co</a> that are platforms who incite crypto owners to exchange amongst themselves, a good alternative to use until Decentralised Exchanges (DEXs) are popularized. If you want to check out how to acquire monero on localmonero check out <a href="../monero2024/index.html">this tutorial</a>. (edit: localmonero is no longer in business as of april 2024, moving to haveno DEX is your current only option for direct FIAT -> XMR transactions)</p>
|
||||
<img src="4.png" class="imgRz">
|
||||
<p>The next big Decentralized Exchange that's coming soon is <a href="https://haveno.exchange">Haveno DEX</a> It will combine Monero and Tor to bring complete decentralisation of your finances. When it will be ready for public use, it will only be a matter of time until everyone shifts to a completely decentralised way of transacting. Check out <a href="../haveno-client-f2f/index.html">this tutorial</a> i made to find out how to use it for Fiat -> XMR transcations.</p>
|
||||
<p>The next big Decentralized Exchange that's coming soon is <a href="https://haveno.exchange">Haveno DEX</a> It will combine Monero and Tor to bring complete decentralisation of your finances. When it will be ready for public use, it will only be a matter of time until everyone shifts to a completely decentralised way of transacting. Check out <a href="../haveno-client-f2f/index.html">this tutorial</a> i made to find out how to use it for Fiat -> XMR transactions.</p>
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
|
@ -129,7 +129,7 @@ Law enforcement is the activity of some members of government who act in an orga
|
||||
</br>
|
||||
<img src="3.png" class="imgRz">
|
||||
<p>Of course, the law must not be ignored by anyone, and to make sure that everyone is kept in line, they need to show everyone that the law is effectively enforced onto those that behaved badly, very often they brag about catching criminals to let everyone know that they are the good guys protecting everyone from the bad guys.</p>
|
||||
<p>That is the basis of this whole Privacy and Anonymity talk. In short, For the law to be enforceable, they need to know both what happened, and who perpretated the act to be able to apply sanctions on the individual / group of individuals that commited the crime.</p>
|
||||
<p>That is the basis of this whole Privacy and Anonymity talk. In short, For the law to be enforceable, they need to know both what happened, and who perpetrated the act to be able to apply sanctions on the individual / group of individuals that committed the crime.</p>
|
||||
<p>Modern governments know this very well, and some go to extreme lengths to make sure that every citizen is under surveillance.</p>
|
||||
<ol>
|
||||
<li>USA: <a href="https://iv.nowhere.moe/watch?v=9g_sqKH2z4I">Edward Snowden's Revelations</a></p>
|
||||
|
@ -63,7 +63,7 @@
|
||||
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-07-10</ba></p>
|
||||
<h1>How to install GrapheneOS on a Pixel Phone </h1>
|
||||
<img src="1.png" class="imgRz">
|
||||
<p>In this tutorial we're going to setup graphene OS, an open source android operating system for google pixel phones. (Yes google phones, if you don't like it then you'll have to wait for functionnal <a href="../openhardware/index.html">open hardware</a> alternatives to arrive on the market.) Currently GrapheneOS is one of the most privacy-focused mobile operating systems given that it's fully <a href="https://grapheneos.org/source">open source</a>. and that they refuse to implement google services by default, unlike their competitors like LineageOS.</p>
|
||||
<p>In this tutorial we're going to setup graphene OS, an open source android operating system for google pixel phones. (Yes google phones, if you don't like it then you'll have to wait for functional <a href="../openhardware/index.html">open hardware</a> alternatives to arrive on the market.) Currently GrapheneOS is one of the most privacy-focused mobile operating systems given that it's fully <a href="https://grapheneos.org/source">open source</a>. and that they refuse to implement google services by default, unlike their competitors like LineageOS.</p>
|
||||
|
||||
<p><u>DISCLAIMER:</u> yes the quality of the photos taken are garbage :)</p>
|
||||
|
||||
@ -275,7 +275,7 @@ Finished. Total time: 0.276s
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Setting up package manageers</b></h2> </br> </br>
|
||||
<h2><b>Setting up package managers</b></h2> </br> </br>
|
||||
<p>Now that's done, we use the private usage profile to install f-droid, in order to install FOSS applications</p>
|
||||
<img src="25.png" class="imgRz">
|
||||
<img src="32.png" class="imgRz">
|
||||
|
@ -136,7 +136,7 @@
|
||||
<p>Then click confirm to take the offer to buy Monero:</p>
|
||||
<img src="19.png" class="imgRz">
|
||||
<img src="alice.png">
|
||||
<p>Back to Alice's perspective, the trade will intiate and can be viewed when going to the portfolio tab:</p>
|
||||
<p>Back to Alice's perspective, the trade will initiate and can be viewed when going to the portfolio tab:</p>
|
||||
<img src="20.png" class="imgRz">
|
||||
<p>When opening the trade window, Alice sees that <b>Bob not only does not respect the trade protocol of sending the gift card by mail by just sending the code over chat, but the code is also invalid!</b></p>
|
||||
<img src="21.png" class="imgRz">
|
||||
@ -152,7 +152,7 @@
|
||||
<p>Back to Alice's perspective, Now the ball is in her park, what does she do ? </p>
|
||||
<img src="27.png" class="imgRz">
|
||||
<img src="28.png" class="imgRz">
|
||||
<p>Since she never recieved payment,<b> she does not confirm that she recieved it, and waits until the trade expires</b></p>
|
||||
<p>Since she never received payment,<b> she does not confirm that she received it, and waits until the trade expires</b></p>
|
||||
<img src="29.png" class="imgRz">
|
||||
<img src="30.png" class="imgRz">
|
||||
<p>In this case, the trade should not take more than 24 hours, so she waits until the next day, and when it expires, she'll be able to open up a dispute.</p>
|
||||
|
@ -88,7 +88,7 @@
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Initiating the trade </b></h2>
|
||||
<img src="bob.png">
|
||||
<p>Here, we're Bob, we create our account on Haveno for Pay by Mail transactions, mentionning our real name, postal address, city and country.</p>
|
||||
<p>Here, we're Bob, we create our account on Haveno for Pay by Mail transactions, mentioning our real name, postal address, city and country.</p>
|
||||
<img src="1.png" class="imgRz">
|
||||
<p>Then we hit "save new account":</p>
|
||||
<img src="2.png" class="imgRz">
|
||||
@ -203,7 +203,7 @@ This will help you distinguish packages coming from different buyers and avoid c
|
||||
<img src="alice.png">
|
||||
<p>Back to Alice's side, we get the following notification:</p>
|
||||
<img src="22.png" class="imgRz">
|
||||
<p>There, the delay depends on the postal service. But she recieves the envelope 5 days later, she records herself from the point of retrieving, to the unpacking of the cash inside. and then if all is ok on her side, she confirms that she has recieved payment to release the monero funds to Bob:</p>
|
||||
<p>There, the delay depends on the postal service. But she receives the envelope 5 days later, she records herself from the point of retrieving, to the unpacking of the cash inside. and then if all is ok on her side, she confirms that she has received payment to release the monero funds to Bob:</p>
|
||||
<img src="23.png" class="imgRz">
|
||||
<img src="24.png" class="imgRz">
|
||||
<img src="bob.png">
|
||||
|
@ -145,13 +145,13 @@ If you get banned from a physical bank, they may put your name on a fraud regist
|
||||
<p><u>Sidenote:</u> Tying back to my <a href="../finances/index.html">explanation</a> on why Decentralised exchanges are going to be very costly to an adversary that wants to deanonymize users, <b>the adversary would have to massively fund offers in monero, and loose their side of the security deposit each time, in an attempt to try and regulate the end user directly</b>, that's way harder than just knocking on a centralised exchange owner's door to ask him to / force him to deanonymize his entire userbase for the adversary. This is where the Haveno DEX multiplies potential adversaries' efforts manyfold compared to centralised exchanges.</p>
|
||||
<p>So here Bob can follow <a href="https://iv.nowhere.moe/watch?v=77uw4rkcRsY">this procedure to do the sepa instant transfer</a>; he goes on his banking application to add Alice Liddell as a third-party account using <b>her IBAN</b> (see example IBANs per country in the EU <a href="https://developer.readyremit.com/docs/ibans">here</a>), and then he sends her the 13 euros as a transaction between private individuals, using the instant transaction feature provided by his Bank.</p>
|
||||
<img src="13.png" class="imgRz">
|
||||
<p>Once completed, Bob declares that he has sent payment. and in case if Alice tries to deny that she recieved payment, Bob can take a screenshot to prove that he has sent the payment, from his bank account by clicking on viewing more details on his transaction (checking the receipt). That way, in case if there is a <a href="../haveno-arbitrator/index.html">dispute</a>, (meaning if Alice tries to scam Bob), he will be on the right side of arbitration, and the Arbitrator will favor him.</p>
|
||||
<p>Once completed, Bob declares that he has sent payment. and in case if Alice tries to deny that she received payment, Bob can take a screenshot to prove that he has sent the payment, from his bank account by clicking on viewing more details on his transaction (checking the receipt). That way, in case if there is a <a href="../haveno-arbitrator/index.html">dispute</a>, (meaning if Alice tries to scam Bob), he will be on the right side of arbitration, and the Arbitrator will favor him.</p>
|
||||
<img src="alice.png">
|
||||
<p>Back to Alice's side, we see that the trade has been initiated:</p>
|
||||
<img src="14.png" class="imgRz">
|
||||
<p>So here Alice checks if she recieved payment on her account from the bank account of Bob (whose name just got revealed as "Bob Marley" with a specific IBAN) <b>As a Buyer (like Bob), don't try to use a fake IBAN and name because the infos you use are going to be required by the XMR seller (Alice) to verify from whom the payment came from. The Arbitrators are likely to favor Alice if you use false banking information.</b></p>
|
||||
<p>So here Alice checks if she received payment on her account from the bank account of Bob (whose name just got revealed as "Bob Marley" with a specific IBAN) <b>As a Buyer (like Bob), don't try to use a fake IBAN and name because the infos you use are going to be required by the XMR seller (Alice) to verify from whom the payment came from. The Arbitrators are likely to favor Alice if you use false banking information.</b></p>
|
||||
<img src="14.1.png" class="imgRz">
|
||||
<p>Alice just checked her banking application, she recieved payment from Bob Marley, and she clicks "Confirm payment Receipt" to complete the trade.</p>
|
||||
<p>Alice just checked her banking application, she received payment from Bob Marley, and she clicks "Confirm payment Receipt" to complete the trade.</p>
|
||||
<img src="15.png" class="imgRz">
|
||||
<img src="bob.png">
|
||||
<p>And lastly, Bob gets his Monero without any issue (he needs to wait 20 minutes for the monero to be spendable from his haveno monero wallet):</p>
|
||||
|
@ -78,7 +78,7 @@
|
||||
<p>One way to host a Hidden Service is remotely. You anonymously rent a VPS to a non-KYC cloud provider (using Tor and Monero), and use it anonymously (using SSH through Tor), to host a Tor Hidden Service. </p>
|
||||
<img src="1.png" class="imgRz">
|
||||
<p>The main advantage here is that if anything goes wrong (if you try to run a sensitive service there), you are safe from any repercussions, as the cloud provider can't know that it was you who bought and used the VPS.</p>
|
||||
<p>The strategy here is that whatever service you try to run, you run it as far away from your home as possible. So that if one day the location of the hidden service gets found out (as tor traffic sometimess get deanonymized, when the tor circuits go through nodes that all belong to the adversary), your home IP address doesn't get revealed.</p>
|
||||
<p>The strategy here is that whatever service you try to run, you run it as far away from your home as possible. So that if one day the location of the hidden service gets found out (as tor traffic sometimes get deanonymized, when the tor circuits go through nodes that all belong to the adversary), your home IP address doesn't get revealed.</p>
|
||||
<p><u>Sidenote:</u> know that if you try to run a sensitive service, you are literally abusing the goodwill of non-KYC cloud providers, that are willing to go the extra mile to provide anonymity for you. So please don't bite the hand that feeds you, don't run sensitive services on VPSes, as the non-KYC cloud resellers are the ones that will have to deal with the consequences afterward.</p>
|
||||
<p>The main drawback however, is that you are not in physical control of the server that you are using, therefore if the cloud provider has implemented extensive spying mechanisms, they will immediately find out that it is this VPS that is running said hidden service.</p>
|
||||
<p><u>TLDR:</u> it's safer in case if anything goes wrong, but you don't have physical control over the service.</p>
|
||||
|
@ -172,7 +172,7 @@ sh emailwiz.sh
|
||||
<img src="9.png" class="imgRz">
|
||||
<p>Then hit enter, and wait for the script to install postfix and dovecot.
|
||||
Luke intended this script to be run and to configure postfix and dovecot together. The main feature here is that once you create an user
|
||||
added to the <b>mail</b> group, it's going make them able to recieve and send mail.
|
||||
added to the <b>mail</b> group, it's going make them able to receive and send mail.
|
||||
|
||||
</p>
|
||||
|
||||
@ -206,7 +206,7 @@ passwd someone
|
||||
they are blocking port 25 (SMTP) which, in general indicates that they do not allow any mail hosting on their VPS, so for once i am not going to recommend DO
|
||||
</p>
|
||||
<img src="21.png" class="imgRz">
|
||||
<p>TLDR i am incredibly suprised at how difficult it is to setup your own email server. In france, most ISPs simply do not allow port 25 apart from OVH.
|
||||
<p>TLDR i am incredibly surprised at how difficult it is to setup your own email server. In france, most ISPs simply do not allow port 25 apart from OVH.
|
||||
Online, both DigitalOcean and Vultr block port 25 to avoid mail spam which makes me wonder where exactly do you even host your mail server.
|
||||
If anyone knows a particular hosting service that ALLOWS port 25 and other mail-specific ports (993 587 etc) please let me know.</p>
|
||||
|
||||
|
@ -789,7 +789,7 @@ MAC Address: EE:B5:C9:3A:C3:FE (Unknown)
|
||||
<p>As you can see, by default you don't have the destination's PGP key, so for this first mail we won't encrypt it and see how it looks like on the receiver's end:</p>
|
||||
<img src="37.png" class="imgRz">
|
||||
<img src="38.png" class="imgRz">
|
||||
<p>Now we see that the receiver got the unencrypted message, with our PGP signature as an attachement. The recipient can now save it, and use it to encrypt his messages with us.</p>
|
||||
<p>Now we see that the receiver got the unencrypted message, with our PGP signature as an attachment. The recipient can now save it, and use it to encrypt his messages with us.</p>
|
||||
<pre><code class="nim">
|
||||
[ 10.8.0.3/24 ] [ nowhere ] [~]
|
||||
→ gpg --gen-key
|
||||
|
@ -77,7 +77,7 @@
|
||||
<p>At first, this blog started out as a hacking writeup blog, to show everyone how i hacked half of HackTheBox back in 2022, it was my way of showing that i understood how systems worked from the adversarial point of view. Then once i learned the pentesting methodology i realized that i was doing the same thing over and over again with different technologies, got bored with it, and decided to move on to Sysadmin topics.</p>
|
||||
<p>At that point, i dabbled heavily into the self-hosting community, running a servers at home, running every possible service from home, open source only, remaining the only one in control of my data, etc.</p>
|
||||
<p>But something was missing. I realized that Decentralisation and Privacy were not enough when reading the news, i realized that the very same governments that were supposed to be at the head of democracies were starting to turn into dictatorships. When that is the case, you have no choice but to fit into their view of a perfect law abiding citizen because any reason is a good reason to put you behind bars. </p>
|
||||
<p>That's why i decided to move on to Anonymity topics specifically, because that is the key to remain in control of your freedom, is to make sure your sensitive actions remain secret, while portraying yourself as the perfect citizen. Wether you see this as right or wrong, it does not matter to me. </p>
|
||||
<p>That's why i decided to move on to Anonymity topics specifically, because that is the key to remain in control of your freedom, is to make sure your sensitive actions remain secret, while portraying yourself as the perfect citizen. Whether you see this as right or wrong, it does not matter to me. </p>
|
||||
<p><b>What truly matters here, is exploring how you can use technology to protect your abilities, and enhance them.</b></p>
|
||||
|
||||
</div>
|
||||
@ -115,7 +115,7 @@ Honorable reasons:
|
||||
|
||||
</pre></code>
|
||||
<p>I am motivated by my will to purify, refine and enhance my abilities using tools and technology, and <b>I want anyone that also shares that same drive, to be able to explore the full scope of what they can do as well.</b> </p>
|
||||
<p>I am also motivated by my will to clear out any misconceptions and help everyone percieve technology for what it truly is, regardless of any morality or any political view. My blog aims to bring to light that <b>any usage of any technology is to be justified with a clear reason, to be described, and showcased in great detail</b>.</p>
|
||||
<p>I am also motivated by my will to clear out any misconceptions and help everyone perceive technology for what it truly is, regardless of any morality or any political view. My blog aims to bring to light that <b>any usage of any technology is to be justified with a clear reason, to be described, and showcased in great detail</b>.</p>
|
||||
<p>Yes, anyone that tries to mix politics and ideologies into technology, is merely trying to preserve what they are currently identified with. Such people cannot pretend to have an objective view when talking about anything.</p>
|
||||
<p>Transcending limitations is what i consider the most honorable way behind any action. <b>Ultimately, this blog aims to showcase that Technology, when used correctly, can allow one to transcend any limitation.</b> Be it to transcend surveillance, centralisation, deanonymization, lack of security. <b>Any ability that we have as Humans</b>, such as Privacy, Decentralisation, Anonymity, Security, Plausible Deniability <b>can be protected and enhanced by using the correct Technology.</b></p>
|
||||
<p>TLDR: You want to know the most effective technologies that can enhance your life ? It's right there. Just read it up, understand what they are, understand why they are used, understand how they are used, and use them yourself. </p>
|
||||
|
@ -132,7 +132,7 @@ networks:
|
||||
docker-compose run --rm -e SYNAPSE_SERVER_NAME=m.nowhere.moe -e SYNAPSE_REPORT_STATS=yes synapse generate
|
||||
|
||||
</code></pre>
|
||||
<p>My matrix server will have the "m.nowhere.moe" domain name. The coturn config mentionned here is used for the VOIP support. Now let's generate the initial keys of the matrix server like so:</p>
|
||||
<p>My matrix server will have the "m.nowhere.moe" domain name. The coturn config mentioned here is used for the VOIP support. Now let's generate the initial keys of the matrix server like so:</p>
|
||||
<pre><code class="nim">
|
||||
[ nowhere.moe ] [ /dev/pts/1 ] [/srv/matrix]
|
||||
→ ./generateconfig.sh
|
||||
|
@ -63,7 +63,7 @@
|
||||
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-04-28</ba></p>
|
||||
<h1>How to acquire and use Monero </h1>
|
||||
<img src="0.png" style="width:250px">
|
||||
<p>In this tutorial we're going to take a look at how to setup a monero wallet locally, how to recieve some monero there, and how to send monero to someone else.</p>
|
||||
<p>In this tutorial we're going to take a look at how to setup a monero wallet locally, how to receive some monero there, and how to send monero to someone else.</p>
|
||||
<p><h2><u>OPSEC Recommendations:</u></h2></p>
|
||||
<ol>
|
||||
<li><p>Hardware : (Personal Computer / Laptop)</p></li>
|
||||
@ -71,7 +71,7 @@
|
||||
<li><p>Hypervisor: <a href="../hypervisorsetup/index.html">libvirtd QEMU/KVM</a></p></li>
|
||||
<li><p>Virtual Machine: <a href="../hypervisorsetup/index.html">Linux</a> or <a href="../whonixqemuvms/index.html">Whonix</a> or <a href="../tailsqemuvm/index.html">Tails</a> </p></li>
|
||||
</ol>
|
||||
<p>I recommend using this setup into one of the above mentionned VMs, either for <a href="../privacy/index.html">Private use</a>, or <a href="../anonymityexplained/index.html">Anonymous use</a>, as per the <a href="../opsec4levels/index.html">4 basic OPSEC levels</a>.</p>
|
||||
<p>I recommend using this setup into one of the above mentioned VMs, either for <a href="../privacy/index.html">Private use</a>, or <a href="../anonymityexplained/index.html">Anonymous use</a>, as per the <a href="../opsec4levels/index.html">4 basic OPSEC levels</a>.</p>
|
||||
|
||||
|
||||
</div>
|
||||
@ -87,7 +87,7 @@
|
||||
<h2><b>Wallet Setup</b></h2> </br> </br>
|
||||
<b>GUI Wallet Setup</b>
|
||||
<p>Now on whonix there can be some issues with syncing to the monero nodes over the CLI monero wallet, due to the slow tor network and connection timeouts, So we'll first cover how to install the GUI monero wallet:</p>
|
||||
<p>First let's download the monero GUI wallet from <a href="https://getmonero.org/downlaods/index.html">https://getmonero.org</a>: (.onion address: <a href="http://monerotoruzizulg5ttgat2emf4d6fbmiea25detrmmy7erypseyteyd.onion/downloads/index.html">http://monerotoruzizulg5ttgat2emf4d6fbmiea25detrmmy7erypseyteyd.onion </a>)</p>
|
||||
<p>First let's download the monero GUI wallet from <a href="https://getmonero.org/downloads/index.html">https://getmonero.org</a>: (.onion address: <a href="http://monerotoruzizulg5ttgat2emf4d6fbmiea25detrmmy7erypseyteyd.onion/downloads/index.html">http://monerotoruzizulg5ttgat2emf4d6fbmiea25detrmmy7erypseyteyd.onion </a>)</p>
|
||||
<img src="8.png" class="imgRz">
|
||||
<p>Then we unpack it on the desktop and run the appimage:</p>
|
||||
<pre><code class="nim">
|
||||
@ -140,7 +140,7 @@ LICENSE extras monero-gui-wallet-guide.pdf monero-wallet-gui monero-wallet-g
|
||||
<img src="17.png" class="imgRz">
|
||||
<img src="18.png" class="imgRz">
|
||||
<img src="19.png" class="imgRz">
|
||||
<p>Here we pick a clearnet monero node (if you dont want to, scroll down to know how to setup a .onion monero node)</p>
|
||||
<p>Here we pick a clearnet monero node (if you don't want to, scroll down to know how to setup a .onion monero node)</p>
|
||||
<img src="20.png" class="imgRz">
|
||||
<img src="21.png" class="imgRz">
|
||||
<img src="22.png" class="imgRz">
|
||||
@ -152,7 +152,7 @@ LICENSE extras monero-gui-wallet-guide.pdf monero-wallet-gui monero-wallet-g
|
||||
<img src="26.png" class="imgRz">
|
||||
<p>Now with this setup we can use .onion monero nodes as follows (pick one you trust from <a href="https://monero.fail/?chain=monero&network=mainnet&onion=on">https://monero.fail/</a> for example my .onion monero node at this URL: http://daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion:18081</p>
|
||||
<img src="27.png" class="imgRz">
|
||||
<p>Here again, wait for the monero wallet to finish synchronizing to be able to recieve and send monero:</p>
|
||||
<p>Here again, wait for the monero wallet to finish synchronizing to be able to receive and send monero:</p>
|
||||
<img src="28.png" class="imgRz">
|
||||
|
||||
<img src="../haveno-client-f2f/xmrbazaar_logo_beta.png" style="width:200px">
|
||||
@ -165,7 +165,7 @@ LICENSE extras monero-gui-wallet-guide.pdf monero-wallet-gui monero-wallet-g
|
||||
<img src="3.png" class="imgRz">
|
||||
<img src="4.png" class="imgRz">
|
||||
<img src="5.png" class="imgRz">
|
||||
<p>Now we want to buy monero for euros, for speed i recommend just buying some using <b>SEPA instant transfer</b> if your bank accepts it. However if you don't mind waiting weeks, the preferred method on localmonero.co is <b>cash-by-mail, as cash can't be traced</b>. But still, it shoudln't matter even if you buy monero with your credit card to a random vendor, your bank will see that you sent money to someone, and if the vendor is malicious they may log that you bought some monero, but still they will be unable to know what you do with your monero. it's like retrieving cash from the bank, the bank knows you bought some cash but they can't know what you do with it.</p>
|
||||
<p>Now we want to buy monero for euros, for speed i recommend just buying some using <b>SEPA instant transfer</b> if your bank accepts it. However if you don't mind waiting weeks, the preferred method on localmonero.co is <b>cash-by-mail, as cash can't be traced</b>. But still, it shouldn't matter even if you buy monero with your credit card to a random vendor, your bank will see that you sent money to someone, and if the vendor is malicious they may log that you bought some monero, but still they will be unable to know what you do with your monero. it's like retrieving cash from the bank, the bank knows you bought some cash but they can't know what you do with it.</p>
|
||||
<p>So here we want to find a vendor that offers monero for SEPA instant transfers, <b>preferably someone who doesn't do KYC.</b></p>
|
||||
<img src="6.png" class="imgRz">
|
||||
<p>The trade should go like this: </p>
|
||||
@ -174,11 +174,11 @@ LICENSE extras monero-gui-wallet-guide.pdf monero-wallet-gui monero-wallet-g
|
||||
<li>1) they send you the IBAN to send the bank transfer to, </li>
|
||||
<li>2) you send them the money, </li>
|
||||
<li>3) and then you declare that you have paid on monero, </li>
|
||||
<li>4) and then you wait 30 minutes approximately to recieve the monero.</li>
|
||||
<li>4) and then you wait 30 minutes approximately to receive the monero.</li>
|
||||
</ul>
|
||||
<img src="7.png" class="imgRz">
|
||||
<p>if trade is completed smoothly, always rate vendors as trustworthy, as this is how localmonero works, always on trust.</p>
|
||||
<p>Now that you recieved some monero, you can send them to whoever has a XMR address like i do:</p>
|
||||
<p>Now that you received some monero, you can send them to whoever has a XMR address like i do:</p>
|
||||
<img src="29.png" class="imgRz">
|
||||
<p>for example if you want to donate a few leftovers moneros like this feel free to do so:</p>
|
||||
<img src="30.png" class="imgRz">
|
||||
@ -264,7 +264,7 @@ Important commands:
|
||||
2 89uyMGJunXfSC375iEptD2WLCb5uidKJSEuUYL3n5fRMg6ccM7L5prSUi9YGgGFPS5T8Z95BJh93HKykUYWECmNfJhNFb9z localmonero
|
||||
|
||||
</pre></code>
|
||||
<p>in this case, we'll use the <b>89uyMGJunXfSC375iEptD2WLCb5uidKJSEuUYL3n5fRMg6ccM7L5prSUi9YGgGFPS5T8Z95BJh93HKykUYWECmNfJhNFb9z</b> address for all trades on haveno DEX. <b>DO NOT USE IT ELSEWHERE! just like passwords, you want to have one per service</b>. If you want to recieve monero from another place, create a new address.</p>
|
||||
<p>in this case, we'll use the <b>89uyMGJunXfSC375iEptD2WLCb5uidKJSEuUYL3n5fRMg6ccM7L5prSUi9YGgGFPS5T8Z95BJh93HKykUYWECmNfJhNFb9z</b> address for all trades on haveno DEX. <b>DO NOT USE IT ELSEWHERE! just like passwords, you want to have one per service</b>. If you want to receive monero from another place, create a new address.</p>
|
||||
|
||||
|
||||
<p>Check out my other tutorials on Decentralised Finances below:</p>
|
||||
|
@ -87,10 +87,10 @@
|
||||
</ol>
|
||||
<p>The problem is, <b>if you have closed-source hardware (such as an Intel or AMD CPU, or a nvidia graphics card, or a msi motherboard)</b>, you can at most have open-source software and protocols all the way down to layer 2, <b>but not further below.</b> That's because you have hardware manufacturers creating products, but they are keeping the method as to how they create them a proprietary secret. Because you can't audit it yourself, you can't tell if there is any spyware baked into it or not. </p>
|
||||
<img src="8.png" class="imgRz">
|
||||
<p>Take for example AMD's <a href="https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor">PSP</a> or Intel's <a href="https://en.wikipedia.org/wiki/Intel_Management_Engine">Management Engine</a>, which are both alleged backdoors implemented directly in consummers' CPUs. In the case of Intel's processor chipsets, <b>all CPUs since 2008 are to be considered backdoored by Intel ME, and there's nothing you can do about it, without knowing intel's secret way to disable it.</b><a href="https://www.intel.com/content/www/us/en/developer/articles/guide/getting-started-with-active-management-technology.html">[1]</a><a href="https://www.intel.com/content/www/us/en/support/articles/000005974/software/chipset-software.html">[2]</a><a href="https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it">[3]</a> It is located in the Platform Controller Hub of modern Intel motherboards. </p>
|
||||
<p>Take for example AMD's <a href="https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor">PSP</a> or Intel's <a href="https://en.wikipedia.org/wiki/Intel_Management_Engine">Management Engine</a>, which are both alleged backdoors implemented directly in consumers' CPUs. In the case of Intel's processor chipsets, <b>all CPUs since 2008 are to be considered backdoored by Intel ME, and there's nothing you can do about it, without knowing intel's secret way to disable it.</b><a href="https://www.intel.com/content/www/us/en/developer/articles/guide/getting-started-with-active-management-technology.html">[1]</a><a href="https://www.intel.com/content/www/us/en/support/articles/000005974/software/chipset-software.html">[2]</a><a href="https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it">[3]</a> It is located in the Platform Controller Hub of modern Intel motherboards. </p>
|
||||
<p>check out <a href="https://iv.nowhere.moe/watch?v=0o8Co1ekemU&listen=false">this video</a> for a deep dive into Intel's Management Engine from 36c3 chaoswest 2019.</p>
|
||||
<p>Regarding non-free firmware, even Debian has been forced to accept this reality in 2022 in their <a href="https://www.debian.org/vote/2022/vote_003">general resolution vote</a>. In short, they now ship non-free firmware by default because 99.999999% of the people out there are running closed-source hardware CPUs, or GPUs, etc.</p>
|
||||
<p><u>TLDR:</u> if you use closed-source hardware, you won't be able to get open source firware for the CPU, GPU or motherboard. <b>You cannot ever be 100% sure that your hardware itself contains a spying mechanism, because you can't check it yourself, be it in your motherboard, CPU, GPU, or network interfaces.</b> </p>
|
||||
<p><u>TLDR:</u> if you use closed-source hardware, you won't be able to get open source firmware for the CPU, GPU or motherboard. <b>You cannot ever be 100% sure that your hardware itself contains a spying mechanism, because you can't check it yourself, be it in your motherboard, CPU, GPU, or network interfaces.</b> </p>
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
|
@ -79,7 +79,7 @@
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Improve your OPSEC using Technology</b></h2>
|
||||
<p>The first and foremost step when you wish to protect your OPSEC, is to use the correct technologies that will let you have Privacy (lack of surveillance), and Anonymity (lack of identification). Be sure of one thing; <b>You will never have privacy, nor anonymity until you use the right techonologies</b>.</p>
|
||||
<p>The first and foremost step when you wish to protect your OPSEC, is to use the correct technologies that will let you have Privacy (lack of surveillance), and Anonymity (lack of identification). Be sure of one thing; <b>You will never have privacy, nor anonymity until you use the right technologies</b>.</p>
|
||||
<p>We're going to cover 6 scenarios into which Bob tries to be anonymous online, as you will see, Bob's level of privacy and anonymity will vary greatly, based on what technologies he uses to access and use his account on nowhere.com</p>
|
||||
</br></br>
|
||||
<p><b>Scenario 1: Closed source software, and no protection</b></p>
|
||||
@ -210,8 +210,8 @@
|
||||
<p>Situation: Bob has an account on nowhere.com</p>
|
||||
<ol>
|
||||
<li><p>Bob registered his account via Tor on nowhere.com</p></li>
|
||||
<li><p>Bob mentionned his real life name into the information of his account</p></li>
|
||||
<li><p>Bob mentionned where he lived on the account information too.</p></li>
|
||||
<li><p>Bob mentioned his real life name into the information of his account</p></li>
|
||||
<li><p>Bob mentioned where he lived on the account information too.</p></li>
|
||||
</ol>
|
||||
<p><u>Summary:</u> Bob deanonymized himself by his actions, despite using the correct technology. He identified himself (or KYC'd himself) on nowhere.com</p>
|
||||
</br></br>
|
||||
@ -223,7 +223,7 @@
|
||||
<li><p>Bob uses a pseudonym into the information of his account</p></li>
|
||||
<li><p>Bob mentionned that his pseudonym lived in wonderland.</p></li>
|
||||
</ol>
|
||||
<p><u>Summary:</u> Bob used the right technology, and then on the website he uses a pseudonym, and mentionned random useless information about his pseudonym. For now his anonymity is preserved.</p>
|
||||
<p><u>Summary:</u> Bob used the right technology, and then on the website he uses a pseudonym, and mentioned random useless information about his pseudonym. For now his anonymity is preserved.</p>
|
||||
</br></br>
|
||||
<p><b>Scenario 3: When pseudonymity goes wrong</b></p>
|
||||
<img src="11.png" class="imgRz">
|
||||
@ -232,7 +232,7 @@
|
||||
<li><p>Bob registered his account via Tor on nowhere.com</p></li>
|
||||
<li><p>Bob uses a pseudonym into the information of his account</p></li>
|
||||
<li><p>Bob used this account to talk into many conversations over the years, and has built up a big reputation.</p></li>
|
||||
<li><p>Bob is drunk one night, and accidentally mentionned his real life name online.</p></li>
|
||||
<li><p>Bob is drunk one night, and accidentally mentioned his real life name online.</p></li>
|
||||
</ol>
|
||||
<p><u>Summary:</u> Bob used the right technology, and then on the website he used a pseudonym successfully for a few years, his anonymity was preserved all this time up until he got drunk and accidentally revealed who he was. From there, Bob can no longer be anonymous using that pseudonym.</p>
|
||||
</br></br>
|
||||
@ -242,7 +242,7 @@
|
||||
<ol>
|
||||
<li><p>Bob regularly registers accounts via Tor on nowhere.com</p></li>
|
||||
<li><p>Bob enters different random names into the information of his accounts</p></li>
|
||||
<li><p>Bob stricly uses those accounts only for specific purposes.</p></li>
|
||||
<li><p>Bob strictly uses those accounts only for specific purposes.</p></li>
|
||||
<li><p>Bob talks into many conversations over the years, but using different accounts every week/month.</p></li>
|
||||
<li><p>Bob is never drunk when in front of the keyboard, and he is always careful to reveal nothing about his real life identity.</p></li>
|
||||
</ol>
|
||||
|
@ -150,7 +150,7 @@
|
||||
<p><img src="../su0.png"><u>Surveillance:</u> Dave has verified that the software he is using, is not surveilling what he's doing</p>
|
||||
<p><img src="../ce0.png"><u>Centralisation:</u> Dave has moved away from centralised services, and is using their decentralised counterpart from the fediverse </p>
|
||||
<p><img src="../on0.png"><u>Onymity:</u> Dave is anonymous online, thanks to it's use of the tor network through Whonix and tor browser</p>
|
||||
<p><img src="../de0.png"><u><b>Deniability:</b></u> Dave can deny that he has commited any anonymous activity, because the VM he uses is inside a veracrypt hidden volume, that he can deny the existance of. </p>
|
||||
<p><img src="../de0.png"><u><b>Deniability:</b></u> Dave can deny that he has committed any anonymous activity, because the VM he uses is inside a veracrypt hidden volume, that he can deny the existance of. </p>
|
||||
<p><u>Conclusion:</u> <b>Dave's setup is suitable for Sensitive use</b>, as he managed to implement plausible deniability on top of anonymity technologies into his setup.</p>
|
||||
|
||||
</div>
|
||||
|
@ -119,7 +119,7 @@ root@debian:~# apt update -y ; apt upgrade -y ; apt autoremove -y
|
||||
|
||||
<p>So now we have the following graph:</p>
|
||||
<img src="10.png" style="width:300px">
|
||||
<p>We now have a server at home, that contains a veracrypt hidden partition (whose existance shouldnt be revealed), that hidden partition contains a VM, which contains a .onion service we want to hide the existance of. So now let's protect it: </p>
|
||||
<p>We now have a server at home, that contains a veracrypt hidden partition (whose existance shouldnt be revealed), that hidden partition contains a VM, which contains a .onion service we want to hide the existence of. So now let's protect it: </p>
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
|
@ -89,7 +89,7 @@
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>The Enemy of Privacy is Surveillance</b></h2> </br> </br>
|
||||
<p>Make no mistake, as we discussed <a href="../govfear/index.html">previously</a>, governments NEED surveillance to be able to fulfill the first condition to be able to enforce their laws: <img src="../su2.png"><b>They need to know what happened.</b> To be able to know what happened, <b>they need surveillance to be implemented wherever they can</b>, and it is definitely easy for them to force large businesses providing large centralised services to act on their behalf. </p>
|
||||
<p>Make no mistake, as we discussed <a href="../govfear/index.html">previously</a>, governments NEED surveillance to be able to fulfil the first condition to be able to enforce their laws: <img src="../su2.png"><b>They need to know what happened.</b> To be able to know what happened, <b>they need surveillance to be implemented wherever they can</b>, and it is definitely easy for them to force large businesses providing large centralised services to act on their behalf. </p>
|
||||
<p>Yes, ANY company can act on any government's behalf. Take for example Microsoft spying on everyone through their <a href="../closedsource/index.html">closed source</a> software Windows 10, or Apple spying on their users through their MacOS closed-source software, The US government is very open about it (see <a href="https://www.dni.gov/files/icotr/Section702-Basics-Infographic.pdf">FISA 702</a>).</p>
|
||||
<p>In this current world we live in, Surveillance is nearly omnipresent, where there is a business involved, and especially closed-source software, Surveillance is right there.</p>
|
||||
<img src="../opsec/4.png" class="imgRz">
|
||||
@ -97,7 +97,7 @@
|
||||
<ol>
|
||||
<li><p>Microsoft (because Bob uses Windows)</p></li>
|
||||
<li><p>Google (because he uses Google and Google Chrome)</p></li>
|
||||
<li><p>Bob's ISP (because he doesnt use a VPN nor Tor)</p></li>
|
||||
<li><p>Bob's ISP (because he doesn't use a VPN nor Tor)</p></li>
|
||||
</ol>
|
||||
<p>If Bob were to do something sketchy using his computer, <b>Law Enforcement would obtain all the information they need to know what Bob did, because he used Windows, Google Chrome, and no VPN/Anonymization network</b>.</p>
|
||||
<p>And it does not stop there, even when LE is not involved, <b>politicians can also request and pay to get private user data</b>, at the discretion of those large companies that specialize on infringing upon users' privacy for their own profit <a href="https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal">(see the cambridge analytica scandal)</a>.</p>
|
||||
|
@ -94,7 +94,7 @@
|
||||
<img src="1.png" class="imgRz">
|
||||
<b>Pros:</b>
|
||||
<p>Everyone has an internet connection, and if you live in a country that does not actively sensor the tor network, it can be interesting to host your own physical server which runs your hidden .onion service</p>
|
||||
<p>If you have your own physical server at home, it means you have complete control over the physical proximity of the server itself. as i detailed in <a href="../physicalsecurity/index.html">my tutorial on physical security</a> there are many things you can do to detect if an adversary is breaking into your home to try and find if you host a hidden service (such as movement detection, unauthorized ssh detection, unauthorized USB interaction detection, etc)</p>
|
||||
<p>If you have your own physical server at home, it means you have complete control over the physical proximity of the server itself. as i detailed in <a href="../physicalsecurity/index.html">my tutorial on physical security</a> there are many things you can do to detect if an adversary is breaking into your home to try and find if you host a hidden service (such as movement detection, unauthorized ssh detection, unauthorized USB interaction detection, etc.)</p>
|
||||
<p>In short, it's ideal if the technology is perfect and never has any flaws, but you can't ever be sure of that, (for example: <a href="https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8">Tor had security flaws in the past</a>)</p>
|
||||
</br>
|
||||
</br>
|
||||
|
@ -78,7 +78,7 @@
|
||||
<img src="1.png" class="imgRz">
|
||||
<p>One way to close the door on Jack, is to use PGP encryption:</p>
|
||||
<img src="2.png" class="imgRz">
|
||||
<p>the logic behind using PGP encryption is for Bob and Alice to encrypt their conversation themselves, because they don't trust anyone else. <b>Bob encrypts his message using PGP</b>, and no matter where he sends it (over mail, over discord, over IRC, XMPP, facebook, etc) <b>only Alice will be able to decrypt the message.</b></p>
|
||||
<p>the logic behind using PGP encryption is for Bob and Alice to encrypt their conversation themselves, because they don't trust anyone else. <b>Bob encrypts his message using PGP</b>, and no matter where he sends it (over mail, over discord, over IRC, XMPP, facebook, etc.) <b>only Alice will be able to decrypt the message.</b></p>
|
||||
<p>In short, Bob uses PGP because he doesn't trust the platform on which you wish to talk to Alice.</p>
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
@ -89,7 +89,7 @@
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Serverside Encryption: a Phallacy</b></h2> </br> </br>
|
||||
<h2><b>Serverside Encryption: a Fallacy</b></h2> </br> </br>
|
||||
<p>When we are talking about Serverside Encryption, Who is Bob, Who is Alice and Who is Jack ?</p>
|
||||
<p>In the case of the <a href="https://iv.nowhere.moe/watch?v=5VEXj09TFNA">Incognito Market</a>, an illegal Darknet Market (DNM), <b>the platform admins told it's users to trust their own encryption</b> </p>
|
||||
<img src="3.png" class="imgRz">
|
||||
|
@ -89,7 +89,7 @@
|
||||
<h2><b>Tails Setup </b></h2>
|
||||
<p>First we download Tails OS as a USB image <a href="https://tails.net/install/download-iso/index.en.html">here</a>:</p>
|
||||
<img src="1.png" class="imgRz">
|
||||
<p>Then we resize the image size to be able to contain persistant storage (in this case, i'll make it 8Gbs):</p>
|
||||
<p>Then we resize the image size to be able to contain persistent storage (in this case, i'll make it 8Gbs):</p>
|
||||
<pre><code class="nim">
|
||||
[ nowhere ] [ /dev/pts/8 ] [nihilist/VAULT/Isos]
|
||||
→ ls tails-amd64-6.3.img -lash
|
||||
@ -110,7 +110,7 @@
|
||||
<img src="8.png" class="imgRz">
|
||||
<p>(wait a few seconds for it to load)</p>
|
||||
<img src="9.png" class="imgRz">
|
||||
<p>Once in there, depending on your use, you can select to have an admin password and a persistant storage if you need it. Otherwise everything you do in the VM will be wiped clean upon shutdown (hence the word amnesic).</p>
|
||||
<p>Once in there, depending on your use, you can select to have an admin password and a persistent storage if you need it. Otherwise everything you do in the VM will be wiped clean upon shutdown (hence the word amnesic).</p>
|
||||
<img src="10.png" class="imgRz">
|
||||
<p>Then we select connect to tor automatically:</p>
|
||||
<img src="11.png" class="imgRz">
|
||||
@ -126,14 +126,14 @@
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-lg-offset-2">
|
||||
<h2><b>Persistant Storage Setup</b></h2> </br> </br>
|
||||
<p>Next, if you want to enable the persistant storage go there:</p>
|
||||
<h2><b>Persistent Storage Setup</b></h2> </br> </br>
|
||||
<p>Next, if you want to enable the persistent storage go there:</p>
|
||||
<img src="13.png" class="imgRz">
|
||||
<p>make sure you enter a strong password that can't be bruteforced easily:</p>
|
||||
<img src="14.png" class="imgRz">
|
||||
<p>then hit "create persistant storage" and wait a bit for the operation to complete:</p>
|
||||
<p>then hit "create persistent storage" and wait a bit for the operation to complete:</p>
|
||||
<img src="15.png" class="imgRz">
|
||||
<p>Then adjust the settings as per your liking, if you want the persistant storage to store more than it does by default:</p>
|
||||
<p>Then adjust the settings as per your liking, if you want the persistent storage to store more than it does by default:</p>
|
||||
<img src="16.png" class="imgRz">
|
||||
<img src="17.png" class="imgRz">
|
||||
<p>Then if you want to install additional software you can launch a terminal:</p>
|
||||
@ -149,7 +149,7 @@ Get:3 tor+https://cdn-fastly.deb.debian.org/debian-security bookworm-security In
|
||||
[...]
|
||||
|
||||
</code></pre>
|
||||
<p>Then once the software installed, you have the possibility to store it in the persistant storage aswell, so that it can be available when you launch tails again:</p>
|
||||
<p>Then once the software installed, you have the possibility to store it in the persistent storage as well, so that it can be available when you launch tails again:</p>
|
||||
<img src="19.png" class="imgRz">
|
||||
|
||||
<pre><code class="nim">
|
||||
@ -176,7 +176,7 @@ Nsyh+-..+y+- yMMMMd :mMM+ DE: GNOME 43.9
|
||||
|
||||
</code></pre>
|
||||
|
||||
<p>And that's it! We managed to run tails OS from a QEMU VM and install some software into the persistant storage.</p>
|
||||
<p>And that's it! We managed to run tails OS from a QEMU VM and install some software into the persistent storage.</p>
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
|
@ -63,7 +63,7 @@
|
||||
<a href="../../index.html">Previous Page</a></br></br> <p><img src="../../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist - 29 / 01 / 2024</ba></p>
|
||||
<h1>TOR Exit Node </h1>
|
||||
<img src="../logo.png" class="imgRz">
|
||||
<p> Before we start, make sure you either rent a VPS anonymously (tor+XMR + ssh via tor) click <a href="https://kycnot.me/search?q=hosting&type=service">here</a> for the list of anonymity-friendly hosting providers or rent a VPS on a cloud provider that <a href="https://community.torproject.org/relay/community-resources/good-bad-isps/">explicitely</a> allows for tor exit nodes to be hosted on their platform.</p>
|
||||
<p> Before we start, make sure you either rent a VPS anonymously (tor+XMR + ssh via tor) click <a href="https://kycnot.me/search?q=hosting&type=service">here</a> for the list of anonymity-friendly hosting providers or rent a VPS on a cloud provider that <a href="https://community.torproject.org/relay/community-resources/good-bad-isps/">explicitly</a> allows for tor exit nodes to be hosted on their platform.</p>
|
||||
|
||||
<img src="2.jpg" class="imgRz">
|
||||
<p>As a disclaimer, you need to know who allows these tor exit nodes, if you're going to pick a random host provider to host an exit node for you,
|
||||
@ -117,7 +117,7 @@ root@exit:~# nyx
|
||||
<img src="5.png" class="imgRz">
|
||||
<p>inside nyx you can use the left and right arrow to navigate the different pages:</p>
|
||||
<img src="6.png" class="imgRz">
|
||||
<p>Above you can see the connections, pressing right again shows how your server is configurated, along with extra details on each setting:</p>
|
||||
<p>Above you can see the connections, pressing right again shows how your server is configured, along with extra details on each setting:</p>
|
||||
<img src="7.png" class="imgRz">
|
||||
<p>Next we make sure it's an exit like so: (be aware that this is where it gets dangerous if you're not doing this on a non-KYC VPS, or on a cloud provider that doesnt accept tor exit nodes.</p>
|
||||
<pre><code class="nim">
|
||||
|
@ -72,7 +72,7 @@
|
||||
<li><p>Virtual Machine: <a href="../hypervisorsetup/index.html">Linux</a> or <a href="../whonixqemuvms/index.html">Whonix</a> or <a href="../tailsqemuvm/index.html">Tails</a> </p></li>
|
||||
<li><p>Application: <a href="../vpn/index.html">VPN</a> (if your ISP doesn't allow Tor traffic) </p></li>
|
||||
</ol>
|
||||
<p>I recommend using this setup into one of the above mentionned VMs, for <a href="../anonymityexplained/index.html">Anonymous use</a>, as per the <a href="../opsec4levels/index.html">4 basic OPSEC levels</a>.</p>
|
||||
<p>I recommend using this setup into one of the above mentioned VMs, for <a href="../anonymityexplained/index.html">Anonymous use</a>, as per the <a href="../opsec4levels/index.html">4 basic OPSEC levels</a>.</p>
|
||||
|
||||
|
||||
</div>
|
||||
@ -207,7 +207,7 @@ extraction percent done: 100 / 100
|
||||
<img src="5.png" class="imgRz">
|
||||
<p>As you can see here, when browsing to the clearnet, your traffic is being encapsulated threefold, meaning that you are entrusting your connection to 3 tor node owners around the globe. And on top of that, they are in 3 different countries.</p>
|
||||
<img src="6.png" class="imgRz">
|
||||
<p>Next, when you browse to a website that can be accessed via a .onion link, you might get the above message that shows up. I prefer to not prioritize onions to avoid unecessary page refreshes. Instead i click on the .onion available button if it appears.</p>
|
||||
<p>Next, when you browse to a website that can be accessed via a .onion link, you might get the above message that shows up. I prefer to not prioritize onions to avoid unnecessary page refreshes. Instead i click on the .onion available button if it appears.</p>
|
||||
<img src="7.png" class="imgRz">
|
||||
<p>Now when you're connected to the .onion hidden service, you can see that your connection goes through more tor nodes, this is the best way to access websites online, you're not leaking any info they don't need to know that way. Plus, since we are on the "safest" setting, we are not loading any javascript that may be used to fingerprint our activity online. </p>
|
||||
</div>
|
||||
|
@ -64,8 +64,8 @@
|
||||
<h1>Using Tor Safely: Tor through VPN or VPN through Tor? </h1>
|
||||
|
||||
</br></br>
|
||||
<h2><b>Tor and VPNs comparaison Recap</b></h2>
|
||||
<p>As we went over this comparaison in the previous blogpost <a href="torvsvpn">here</a> i will briefly recap it here:</p>
|
||||
<h2><b>Tor and VPNs comparison Recap</b></h2>
|
||||
<p>As we went over this comparison in the previous blogpost <a href="torvsvpn">here</a> i will briefly recap it here:</p>
|
||||
<b>VPNS:</b>
|
||||
<p>VPNs can provide Privacy from your ISP <img src="../su0.png">, but by using one you are getting privacy from someone (most likely your ISP), but the VPN provider can see what you're doing with your internet connection.<img src="../su2.png"></p>
|
||||
<p>In other words, you're just shifting the privacy problem from your ISP to your VPN provider. You are moving your trust from one centralized entity <img src="../ce2.png">to another</p>
|
||||
@ -167,7 +167,7 @@ You -> VPN -> Tor -> Destination
|
||||
|
||||
</pre></code>
|
||||
<p><u>WARNING:</u> in this setup you are trusting your VPN provider to not snitch to your ISP that you are using Tor!</p>
|
||||
<p>From your ISP's point of view, using Tor alone definitely stand out from regular traffic, a popular option you can go for is to use a VPN (as this is a much more common occurence), and to use the Tor browser while keeping the VPN connection open.</p>
|
||||
<p>From your ISP's point of view, using Tor alone definitely stand out from regular traffic, a popular option you can go for is to use a VPN (as this is a much more common occurrence), and to use the Tor browser while keeping the VPN connection open.</p>
|
||||
<p>In the unlikely event that you get deanonymized while using Tor, <b>only your VPN IP would get revealed instead of your home IP address</b>. And if the VPN provider has strict no-log policies and <a href="https://www.theverge.com/2023/4/21/23692580/mullvad-vpn-raid-sweden-police">they actually follow through with their promises</a>, <b>it's very unlikely that both your VPN and Tor would be compromised at the same time.</b></p>
|
||||
|
||||
<p><u>DISCLAIMER ON VPNs:</u> Keep in mind that if you choose to use a VPN anyway, you must conduct a strict VPN selection, see <a href="https://www.privacyguides.org/en/vpn/">Privacy Guides' Recommendations</a> on that topic, out of which i recommend <a href="https://kycnot.me/service/Mullvad">Mullvad</a> because they accept Monero without any KYC.</p>
|
||||
|
@ -111,14 +111,14 @@ Until Jack can figure out who that Someone is, that someone is Anonymous.
|
||||
<img src="4.png" class="imgRz">
|
||||
<p>We have the following scenario: you don't want your internet service provider to know what you're doing, <b>but you also don't want the end services like google youtube or duckduckgo to know that you are accessing their service.</b> in other words, you want to remain Anonymous while browsing the web, and Tor provides that for you.</p>
|
||||
<img src="5.png" class="imgRz">
|
||||
<P>Tor is unique as it is the anonymity network that recieved the most donations, studies and patches, but also due to it's popularity there's alot of nodes ran by anyone (individuals, companies, and potentially also governments), the decentralised aspect is vital there, because <b>by using Tor, you are trusting 3 random entities, in 3 different countries</b></p>
|
||||
<P>Tor is unique as it is the anonymity network that received the most donations, studies and patches, but also due to it's popularity there's alot of nodes ran by anyone (individuals, companies, and potentially also governments), the decentralised aspect is vital there, because <b>by using Tor, you are trusting 3 random entities, in 3 different countries</b></p>
|
||||
<p>It takes all 3 nodes used by your tor circuit (<b>in 3 different legislations if they are in 3 different countries</b>) to actually be malicious and to record connections to be able to successfully deanonymize you. While at the same time, the Tor protocol does not log any connection by default.</p>
|
||||
<p>For more details you can see the repartition of tor nodes per <a hrEF="Https://metrics.torproject.org/bubbles.html#country">country</a>, or per <a href="https://metrics.torproject.org/bubbles.html#as">ISP</a> on metrics.torproject.org</p>
|
||||
<img src="6.png" class="imgRz">
|
||||
<p>Keep in mind that it is still possible for you to get deanonymized sometimes if you're unlucky to have all 3 nodes ran by the same entity. So <b>it is not perfect</b>, but it is definitely many times more trustworthy than having to trust a centralised entity providing you with a VPN connection. </p>
|
||||
<p>As we have discussed <a href="../anonymityexplained/index.html">previously</a>, sometimes Anonymity is the difference-maker between Life and Death, especially for Journalism in censorship-heavy countries, Tor's main attraction is that <b>De-anonymization attacks are made to be as expensive as possible</b>, even for state-actors.</p>
|
||||
<p>Some people argue that Tor can't be trusted, but as we have discussed <a href="govfear">previously</a>, Governments need to be able to know what happened (lack of Privacy), and once they know what happened, they need to know who did it (lack of Anonymity), <b>in order to enforce their laws.</b> When that is the case, <a href="https://status.nowhere.moe/status/darknet">how come is there still so many illegal marketplaces with years of uptime on the Tor network</a> ? One thing is for sure, these marketplaces are very high on international authorities' priority list. If they are still there after all this time, It must be because the Tor network is protecting them from being discovered by the authorities isn't it ?</p>
|
||||
<p>Even though i don't recommend to use Tor for any illegal purposes, the fact that these marketplaces have remained in activity for such a long time are a clear testament to the resilliency of the Tor network.</p>
|
||||
<p>Even though i don't recommend to use Tor for any illegal purposes, the fact that these marketplaces have remained in activity for such a long time are a clear testament to the resiliency of the Tor network.</p>
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
</div> <!-- /container -->
|
||||
|
@ -64,7 +64,7 @@
|
||||
<h1>Plausible Deniability Setup </h1>
|
||||
<img src="0.png" style="width:250px">
|
||||
<p>VeraCrypt is a free open source disk encryption software for Windows, Mac OSX and Linux. It is based on Truecrypt, This tool will be used for Plausible Deniability. </p>
|
||||
<p>But why is Plausible Deniability important first of all ? From a legal perspective, depending on jurisdictions, you may be forced to type your password into an encrypted drive if requested. All it takes is for an adversary to be able to prove the existance of an encrypted drive to be able to force you to reveal the password to unlock it. Hence for example the regular LUKS encryption is not enough, <b>because you need to be able to deny the existance of the encrypted volume</b>. If that is the case, we have to use Veracrypt, which is an encryption tool used to provide protection (which is Plausible Deniability) against that scenario where you're forced to provide a password.</p>
|
||||
<p>But why is Plausible Deniability important first of all ? From a legal perspective, depending on jurisdictions, you may be forced to type your password into an encrypted drive if requested. All it takes is for an adversary to be able to prove the existence of an encrypted drive to be able to force you to reveal the password to unlock it. Hence for example the regular LUKS encryption is not enough, <b>because you need to be able to deny the existence of the encrypted volume</b>. If that is the case, we have to use Veracrypt, which is an encryption tool used to provide protection (which is Plausible Deniability) against that scenario where you're forced to provide a password.</p>
|
||||
|
||||
</div>
|
||||
</div><!-- /row -->
|
||||
@ -114,7 +114,7 @@ regarding wear leveling:
|
||||
|
||||
<p>Now from there we can create encrypted volumes (either as files or as entire drives). In this case we'll create an encrypted file: </p>
|
||||
<img src="2.png" class="imgRz">
|
||||
<p>Here we select that we want a Hidden veracrypt volume aswell (which will be able to deny it's existance).</p>
|
||||
<p>Here we select that we want a Hidden veracrypt volume as well (which will be able to deny it's existence).</p>
|
||||
<img src="3.png" class="imgRz">
|
||||
<p>Then we want it to be a simple file in my home directory</p>
|
||||
<img src="4.png" class="imgRz">
|
||||
@ -129,7 +129,7 @@ regarding wear leveling:
|
||||
<p>Then move your mouse to make sure the randomness of the encryption is best, then let it complete the formatting. If you are creating a large encrypted volume, it will take time to overwrite all the data. <b>DO NOT SELECT QUICK FORMAT, or you risk having the hidden volume being discoverable by an adversary.</b> </p>
|
||||
<img src="9.png" class="imgRz">
|
||||
<img src="10.png" class="imgRz">
|
||||
<p>Now that's completed, we then create the Hidden Volume, which we'll open only when we are all alone, <b>the existance of this volume must never be revealed to anyone except you.</b>. then we repeat the previous steps:</p>
|
||||
<p>Now that's completed, we then create the Hidden Volume, which we'll open only when we are all alone, <b>the existence of this volume must never be revealed to anyone except you.</b>. then we repeat the previous steps:</p>
|
||||
<img src="11.png" class="imgRz">
|
||||
<img src="12.png" class="imgRz">
|
||||
<p>Here we select the size we need for the hidden volume. </p>
|
||||
|
@ -254,7 +254,7 @@ Domain 'Whonix-Workstation' defined from Whonix-Workstation-XFCE-16.0.9.0.xml
|
||||
|
||||
<p>You can go through the above setup we saw in the first part to setup the whonix VMs on both partitions.</p>
|
||||
|
||||
<p>Keep in mind that there may be forensics clues on the Host OS (like command history) that may lead to the VMs so you have to replicate the VMs on both partitions. Such a setup will allow you to completely deny the existance of the whonix VMs B and their real usage. Instead when you are forced to reveal the password of your harddrive you can give the password of the Decoy outer volume with password A. NEVER mention password B anywhere, memorize it yourself. So go through the above process to setup the whonix VMs on both partitions after installing the veracrypt hidden volume (do not select "will mount only on linux" otherwise it will give you an error.) Then we will use 2 scripts to ensure a quick setup and trackscleaning:</p>
|
||||
<p>Keep in mind that there may be forensics clues on the Host OS (like command history) that may lead to the VMs so you have to replicate the VMs on both partitions. Such a setup will allow you to completely deny the existence of the whonix VMs B and their real usage. Instead when you are forced to reveal the password of your harddrive you can give the password of the Decoy outer volume with password A. NEVER mention password B anywhere, memorize it yourself. So go through the above process to setup the whonix VMs on both partitions after installing the veracrypt hidden volume (do not select "will mount only on linux" otherwise it will give you an error.) Then we will use 2 scripts to ensure a quick setup and trackscleaning:</p>
|
||||
<pre><code class="nim">
|
||||
[ 10.0.2.2/24 ] [ /dev/pts/34 ] [/mnt/veracrypt1]
|
||||
→ cat cleantraces.sh
|
||||
|
@ -72,7 +72,7 @@
|
||||
<li><p>Hypervisor: <a href="../hypervisorsetup/index.html">libvirtd QEMU/KVM</a></p></li>
|
||||
<li><p>Application: <a href="../index.html">Host-based VPN</a> (if your ISP doesn't allow Tor traffic) </p></li>
|
||||
</ol>
|
||||
<p>I recommend using this setup into one of the above mentionned VMs, for <a href="../anonymityexplained/index.html">Anonymous use</a>, as per the <a href="../opsec4levels/index.html">4 basic OPSEC levels</a>.</p>
|
||||
<p>I recommend using this setup into one of the above mentioned VMs, for <a href="../anonymityexplained/index.html">Anonymous use</a>, as per the <a href="../opsec4levels/index.html">4 basic OPSEC levels</a>.</p>
|
||||
<p><u>Sidenote:</u> If your ISP does not allow Tor traffic, make sure that you <a href="../vpnqemu/index.html">route the QEMU VMs traffic through a VPN</a>, to hide the tor traffic from your ISP (You -> VPN -> Tor) Setup</p>
|
||||
|
||||
|
||||
@ -292,7 +292,7 @@ Domain 'Whonix-Workstation' defined from Whonix-Workstation.xml
|
||||
<img src="3.png" class="imgRz">
|
||||
<p>And inside the Workstation VM you can browse Tor, and use Keepass just like in the <a href="../torbrowsing/index.html">previous tutorial</a>:</p>
|
||||
<img src="4.png" class="imgRz">
|
||||
<p>you can also use monero (take note that the default sudo password in whonix is "changeme", so dont forget to change it):</p>
|
||||
<p>you can also use monero (take note that the default sudo password in whonix is "changeme", so don't forget to change it):</p>
|
||||
<pre><code class="nim">
|
||||
[workstation user ~]% passwd
|
||||
[workstation user ~]% sudo apt install monero -y
|
||||
|
Loading…
Reference in New Issue
Block a user