more md formatting

content/posts/tails/index.md

@@ -66,12 +66,12 @@ It makes no sense to say "such and such a tool is secure". Security always depen
 
 ## Prerequisites
 
-***Selecting a USB/DVD:***
+### Selecting a USB/DVD:
 
 * Tails only works on USBs of more than 8 GB or on DVDs (where it is not possible to use the Persistent Storage feature described below). The data on the USB will be completely erased at installation, so save your data elsewhere beforehand, and if you don't want any trace of what was there before, use a new USB. 
 * The article [Tails Best Practices](/posts/tails-best/#using-a-write-protect-switch) recommends using a USB with a write-protect switch (an unchangeable data medium) to make sure that nothing is left behind when doing sensitive work, and that the laptop cannot compromise your Tails system. The article details how to adapt to this. The write-protect switch will need to be disabled during installation. If you are unable to obtain such a USB, you can use Tails from a DVD-R/DVD+R, or always boot it with the `toram` option (described at more length in the article).
 
-***Selecting a laptop:***
+### Selecting a laptop:
 
 * Although it is possible to use Tails on a desktop computer, this is not advised because it is only possible to [detect physical tampering](/posts/tamper/#tamper-evident-laptop-screws) on a laptop. Additionally, it would be harder to tell if someone had opened your desktop case and installed a physical keylogger. See [Tails Best Practices](/posts/tails-best/#reducing-risks-when-using-untrusted-computers) for more on obtaining a laptop. 
 
@@ -85,15 +85,16 @@ To install Tails on a USB, you need a "source" and a USB (that is 8 GB or larger
 
 Concerning the "source", there are two solutions.
 
-***Solution 1: Installation from another Tails USB***
+### Solution 1: Installation from another Tails USB
 
 * This requires knowing a Tails user you trust. A very straightforward software called the Tails Installer allows you to "clone" a new Tails USB in a few minutes; see the documentation for cloning from a [PC](https://tails.boum.org/install/clone/pc/index.en.html) or [Mac](https://tails.boum.org/install/clone/mac/index.en.html). Any Persistent Storage data isn't transferred. The disadvantage of this method is that it can spread a compromised installation.
 
-***Solution 2: Installation by download (Preferred)***
+### Solution 2: Installation by download (Preferred)
 
 * You have to follow the [Tails installation guide](https://tails.boum.org/install/index.en.html). The Tails website will guide you step by step; it is important to follow the entire tutorial. It is possible for an attacker to [intercept and modify the data](/glossary#man-in-the-middle-attack) on its way to you, so do not skip the verification steps. As discussed in [Tails Best Practices](/posts/tails-best/#reducing-risks-when-using-untrusted-computers), the install method [using GnuPG](https://tails.boum.org/install/expert/index.en.html) is preferred, because it checks the integrity of the download more thoroughly.
 
 ## Booting from your Tails USB 
+
 Once you have a Tails USB, follow the Tails guides to [start Tails on a Mac or PC computer](https://tails.boum.org/doc/first_steps/start/index.en.html). The Tails USB must be inserted before turning on the laptop. The "Boot Loader" screen will appear and Tails starts automatically after 4 seconds. 
 
 ![](grub.png)
@@ -181,11 +182,11 @@ Every time you start Tails, the Tails Upgrader checks if you are using the lates
 
 ![](upgrader_automatic.png)
 
-***The [automatic upgrade](https://tails.boum.org/doc/upgrade/index.en.html)***
+### The [automatic upgrade](https://tails.boum.org/doc/upgrade/index.en.html)
 
 * A window will appear with information about the upgrade, and you have to click **Upgrade now**. You have to wait a little while for it to complete, and for a moment it will cut your Internet. Do not shut down before you see the Restart Tails window. If the upgrade fails (for instance, because it shut down before it was finished), your Persistent Storage is not affected, but you may not be able to restart your Tails USB. If you are using a USB with a write-protect switch, you will have to set it to "writable" for the single session in which you are performing the upgrade.
 
-***The [manual upgrade](https://tails.boum.org/upgrade/tails/index.en.html)***
+### The [manual upgrade](https://tails.boum.org/upgrade/tails/index.en.html)
 
 * Sometimes the upgrade window will tell you that you need to do a manual upgrade. This type of upgrade is only done for major upgrades or in case of an issue. 
 * If you already have a second Tails USB with the latest version, you start on that one, and navigate to **Applications → Tails → Tails Installer**. Instead of the button reading "install", you'll be asked "upgrade". The difference is that it won't format the whole USB, it will just replace the Tails partition with an updated version. 
@@ -194,7 +195,8 @@ Every time you start Tails, the Tails Upgrader checks if you are using the lates
 # II) Going Further: Several Tips and Explanations
 
 ##  Tor 
-***What is Tor?***
+
+### What is Tor?
 
 [Tor](/glossary/#tor-network) stands for The Onion Router, and is the best way to be anonymous on the Internet. Tor is an open-source software associated with a public network of several thousand relays (servers). Instead of connecting directly to a location on the Internet, Tor will take a detour via three intermediate relays. Tor Browser uses Tor, but other applications can too if they are properly configured. All applications included by default in Tails that connect to the Internet use Tor. 
 
@@ -208,7 +210,7 @@ This means that any intermediaries between you and relay #1 know you're using To
 
 Tor has multiple limitations. For example, an entity with the appropriate technical and legal means can, if it assumes you're connecting from a specific Wi-Fi connection to post to a specific site, try to match what comes out of your connection to what goes into the site (a "correlation attack"). However, this type of attack has never been used to incriminate someone in court by itself, to our knowledge. For sensitive activities, use Internet connections that are not tied to your identity in order to protect yourself in the scenario that Tor is not perfect.  
 
-***What is HTTPS?***
+### What is HTTPS?
 
 Virtually all websites today use [HTTPS](/glossary/#https); the S stands for "secure" (for example, https://www.anarsec.guide). If you try to visit a website without `http://` on Tor Browser, there is a warning message before continuing. If you see `http://` instead of `https://` before the address of a website, it means that all intermediaries after relay #3 of the Tor network know what you are exchanging with the website (including your log-in information). HTTPS means that the digital records of what you do on the site you are visiting is protected with an encryption key that belongs to the site. Intermediaries after relay #3 will know that you are going to riseup.net, for example, but they will not have access to your emails and passwords nor will they know if you are consulting your emails or if you are reading a random page on the site. A little padlock appears to the left of the site address when you use HTTPS. 
 
@@ -220,7 +222,7 @@ HTTPS is essential both to limit your web fingerprint, but also to prevent an in
 
 In short, don't visit websites that don't use HTTPS. 
 
-***Onion Services: what is .onion?***
+### Onion Services: what is .onion?
 
 Perhaps you have seen a strange site address containing 56 random characters, ending in .onion? This is called an onion service, and the only way to visit a website that uses such an address is to use the Tor Browser. The "deepweb" and "darkweb" are terms popularized in news media in recent years to describe these onion services. 
 
@@ -234,7 +236,7 @@ The .onion site address is so long because it includes the site's certificate. H
 
 Some sites offer both a classic URL as well as an .onion address. In this case, if the site has been configured for it, an indication ".onion available" should appear. If not, sometimes the site indicates the .onion address somewhere on its page. To find out the addresses of sites which are only available as .onion, you have to either get them by word of mouth, or through websites that list other .onion sites, such as this [GitHub page](https://github.com/alecmuffett/real-world-onion-sites).
 
-***Sites that block Tor***
+### Sites that block Tor
 
 The Tor network is blocked and otherwise rendered more inconvenient to use in many ways. You may be confronted with CAPTCHA images (a kind of game that verifies you “are not a robot”) or obliged to provide additional personal data (ID card, phone number…) before proceeding, or Tor may be completely blocked. 
 
@@ -244,7 +246,7 @@ Perhaps only certain Tor relays are blocked. In this case, you can change the To
 
 It is also possible that the entire Tor network is blocked, because all Tor relays are public. In this case you can try to use a proxy to get to the site, such as https://hide.me/en/proxy (but only if you don't have to enter any personal data or do anything sensitive like login information). You can also check whether the page you want to access has been saved to the Wayback Machine: web.archive.org.  
 
-***Separate Anonymous Identities Cleanly***
+### Separate Anonymous Identities Cleanly
 
 It is not recommended to perform different tasks on the Internet that should not be associated with each other during the same Tails session. You have to separate different (contextual) identities carefully! For example, it is dangerous to check your personal emails via Tor Browser and to publish an anonymous text during the same session. That is, you should not be identifiable and anonymous on the Tor network at the same time. You also shouldn't use the Tor network under pseudonym A and pseudonym B in the same session, because these pseudonyms could be connected to each other on a monitored or compromised Tor exit relay. Shut down and restart Tails between Internet activities of different identities!
 
@@ -254,7 +256,7 @@ The 'New Identity' feature of Tor Browser is not sufficient to completely separa
 
 The Onion Circuits application shows which Tor circuit a connection to a server uses (website or otherwise). Sometimes, it can be useful to make sure that the exit relay is not located in a certain country, to be further away from the easiest access of investigating authorities. In the example above, the connection to check.torproject.org goes through the relays tor7kryptonit, Casper03, and the exit node blackfish. If you click on a circuit, technical details about the relays of the circuit appear in the right pane. The 'New Identity' feature of Tor Browser is useful for changing this exit relay without needing to reboot the Tails session, which can be repeated until you have an exit relay you are happy with. We are not suggesting to use 'New Identity' when switching between identities, but simply when you want to change the exit node within a single identity's activity. 
 
-***Tor Browser security settings***
+### Tor Browser security settings
 
 ![](safest.png)
 
@@ -262,31 +264,31 @@ Like any software, Tor Browser has vulnerabilities that can be exploited. To lim
 
 The layout of some sites may be modified, and some types of content will be disabled (SVG images, videos are click-to-play, etc.). For example, this website has two things which will be blocked on Safest mode because they rely on Javascript: dark mode, and the Table of Contents. Some sites will not work at all with these restrictions; if you have reason to trust them, you can view them on a less restrictive setting on a site by site basis. Note that both of the less restrictive setting allow scripts to function, which can [break your anonymity](https://arstechnica.com/information-technology/2013/08/attackers-wield-firefox-exploit-to-uncloak-anonymous-tor-users/) in a worst-case scenario.
 
-***Downloading/uploading and the Tor Browser folder***
+### Downloading/uploading and the Tor Browser folder
 
 The Tor Browser on Tails is kept in a ["sandbox"](/glossary/#sandboxing) to prevent it from being able to snoop on all your files, just in case it is comprised by a malicious website. This means there are special considerations for uploading or downloading files with the Tor Browser.
 
-*Downloads*
+#### Downloads
 
 When you download something using the Tor Browser it will be saved in the Tor Browser folder (`/home/amnesia/Tor Browser/`), which is inside the "sandbox". If you want to do anything with this file, you should then move it out of the Tor Browser folder. You can use the file manager (**Applications → Accessories → Files**) to do this. 
 
 ![](nautilus.png)
 
-*Uploads*
+#### Uploads
 
 Similarly, if you want to upload something using the Tor Browser (for example attaching a file to a blog post or email you have open in the browser), you will first have to move or copy that file into the Tor Browser folder. Then it will be available to you when you go to select an upload in the Tor Browser.
 
-*RAM*
+#### RAM
 
 Be aware that, because all of your Tails session is running in RAM (unless you have set up Persistent Storage), if you are downloading or otherwise working with very large files, your RAM may fill up. This will cause Tails to slow down or glitch. You can mitigate this by closing unneeded applications and deleting other files you have downloaded. In the worst case, you may need to enable Persistent Storage and move large files to the persistent Tor Browser folder so they will no longer use up RAM.
 
-***Share Files with Onionshare***
+### Share Files with Onionshare
 
 ![](onionshare.png)
 
 It is possible to send a document through an .onion link thanks to [OnionShare](https://tails.boum.org/doc/anonymous_internet/onionshare/index.en.html) (**Applications → Internet → OnionShare**). Normally, OnionShare stops the hidden service after the files have been downloaded once. If you want to offer the files for multiple downloads, you need to go to Settings and unselect "Stop sharing after first download". As soon as you close OnionShare, cut the Internet connection, or shut down Tails, the files can no longer be accessed. This is a great way of sharing files because it doesn't require plugging a USB into someone else's computer, which is [not recommended](/posts/tails-best/#reducing-risks-when-using-untrusted-computers). The long .onion address can be shared via another channel (like a [Riseup Pad](https://pad.riseup.net/) you create that is easier to type). 
 
-***Make Correlation Attacks More Difficult***
+### Make Correlation Attacks More Difficult
 
 When you request a web page through a web browser, it is transmitted to you in small "packets" characterized by a specific size and timing (alongside other characteristics). When using Tor Browser, the sequence of transmitted packets can also be analyzed and assigned certain patterns. The patterns here can be matched with those of monitored websites on the Internet. To make this "correlation attack" more difficult, before connecting to a sensitive website you can open various other pages that require loading (such as streaming videos on a privacy-friendly website like kolektiva.media) in additional tabs of your browser. This is officiallly recommended by Tor - see [Do multiple things at once with your Tor client](https://blog.torproject.org/new-low-cost-traffic-analysis-attacks-mitigations/). This will generate a lot of additional traffic, which will make the analysis of your pattern more difficult.  
 
@@ -295,6 +297,7 @@ When you request a web page through a web browser, it is transmitted to you in s
 Tails includes [many applications](https://tails.boum.org/doc/about/features/index.en.html) by default. The documentation gives an overview of [Internet applications](https://tails.boum.org/doc/anonymous_internet/index.en.html), applications for [encryption and privacy](https://tails.boum.org/doc/encryption_and_privacy/index.en.html), as well as applications for [working on sensitive documents](https://tails.boum.org/doc/sensitive_documents/index.en.html). In the rest of this section, we will just highlight common use cases relevant to anarchists, but read the documentation for further information. 
 
 ## Password Manager (KeePassXC)
+
 If you're going to need to know a lot of passwords, it can be nice to have a secure way to store them (i.e. not a piece of paper next to your computer). KeePassXC is a password manager included in Tails (**Application → Favorites → KeePassXC**) which allows you to store your passwords in a file and protect them with a single master password. In the terminology used by KeePassXC, a *password* is a randomized sequence of characters (letters, numbers, and other symbols), whereas a *passphrase* is a random series of words.
 
 ![](seconds.png)
@@ -381,6 +384,7 @@ To install software from the Debian software repository:
 For more information, see the documentation on [Installing additional software](https://tails.boum.org/doc/persistent_storage/additional_software/index.en.html).  
 
 ## Remember to make backups!
+
 A Tails USB is easily lost and USBs have a much shorter life span than a hard drive (especially the cheap ones). If you put important data on it, think about making regular backups. If you use a second LUKS-encrypted USB, this is as simple as using the File Manager to copy files to a backup LUKS-encrypted USB. 
 
 If you use Persistent Storage, see the [documentation on backing it up](https://tails.boum.org/doc/persistent_storage/backup/index.en.html).