more md formatting

content/posts/tails-best/index.md

@@ -30,11 +30,15 @@ Let's start by looking at the [Tails Warnings page](https://tails.boum.org/doc/a
 > 1. Sharing files with [metadata](/glossary#metadata), such as date, time, location, and device information
 > 2. Using Tails for more than one purpose at a time
 
-The first issue can be mitigated by **cleaning metadata from files before sharing them**:
+### Sharing files with metadata
+
+This first issue can be mitigated by **cleaning metadata from files before sharing them**:
 
 * To learn how, see [Removing Identifying Metadata From Files](/posts/metadata/). 
 
-The second issue can be mitigated by what's called **'compartmentalization'**:
+### Using Tails for more than one purpose at a time
+
+This second issue can be mitigated by what's called **'compartmentalization'**:
 
 * [Compartmentalization](https://www.csrc.link/threat-library/mitigations/compartmentalization.html) means keeping different activities or projects separated from each other. If you use Tails sessions for more than one purpose at a time, an adversary could link your different activities together. For example, if you log into different accounts on the same website in a single Tails session, the website could determine that the accounts are used by the same person. This is because websites can tell when two accounts are using the same Tor circuit.
 * To prevent an adversary from linking your activities together while using Tails, restart Tails between different activities. For example, restart Tails between checking different project emails.
@@ -48,13 +52,17 @@ The second issue can be mitigated by what's called **'compartmentalization'**:
 > 1. Hiding that you are using Tor and Tails
 > 2. Protecting your online communications from determined, skilled attackers
 
-The first issue is mitigated by [**Tor bridges**](https://tails.boum.org/doc/anonymous_internet/tor/index.en.html#bridges):
+### Hiding that you are using Tor and Tails
+
+This first issue is mitigated by [**Tor bridges**](https://tails.boum.org/doc/anonymous_internet/tor/index.en.html#bridges):
 
 * Tor Bridges are secret Tor relays that keep your connection to the Tor network hidden. However, this is only necessary where connections to Tor are blocked, for example in some countries with heavy censorship, by some public networks, or by some parental controls. This is because Tor and Tails don't protect you by making you look like any random Internet user, but by making all Tor and Tails users look the same. It becomes impossible to know who is who among them.
 
 > A powerful adversary, who could analyze the timing and shape of the traffic entering and exiting the Tor network, might be able to deanonymize Tor users. These attacks are called *end-to-end correlation* attacks, because the attacker has to observe both ends of a Tor circuit at the same time. [...] End-to-end correlation attacks have been studied in research papers, but we don't know of any actual use to deanonymize Tor users.
 
-The second issue is mitigated by **not using an Internet connection that could deanonymize you** and by **prioritizing .onion links when available**:
+### Protecting your online communications from determined, skilled attackers
+
+This second issue is mitigated by **not using an Internet connection that could deanonymize you** and by **prioritizing .onion links when available**:
 
 * Wi-Fi adapters that work through SIM cards are not a good idea. The unique identification number of your SIM card (IMSI) and the unique serial number of your adapter (IMEI) are also transmitted to the mobile network provider every time you connect, allowing identification as well as geographical localization. The adapter works like a cell phone! If you do not want different research sessions to be associated with each other, do not use such an adapter or the SIM card more than once!
 * There are several opsec considerations to keep in mind if using Wi-Fi at a cafe without CCTV cameras. 
@@ -78,13 +86,17 @@ The second issue is mitigated by **not using an Internet connection that could d
 > 1. Installing from an infected computer
 > 2. Running Tails on a computer with a compromised BIOS, firmware, or hardware
 
-The first issue is mitigated by **using a computer that you trust to install Tails**:
+### Installing from an infected computer
+
+This first issue is mitigated by **using a computer that you trust to install Tails**:
 
 * As per our [recommendations](/recommendations/#computers-daily-use), this would ideally be from [Qubes OS](/posts/qubes/) which is much more difficult to infect than a normal Linux computer. If you have a trusted friend with a Tails USB stick which was installed with Qubes OS (and who uses these best practices), you could [clone it](https://tails.boum.org/upgrade/clone/index.en.html) instead of installing it yourself. 
 * Use the install method ["Terminal: Debian or Ubuntu using the command line and GnuPG"](https://tails.boum.org/install/expert/index.en.html), because it checks the integrity of the download more thoroughly using [GPG](/glossary/#gnupg-openpgp). If using the [command line](/glossary/#command-line-interface-cli) is above your head, ask a friend to walk you through it, or first learn command line basics and GnuPG with [Linux Essentials](/posts/linux/).
 * Once installed, do not plug your Tails USB stick (or any [LUKS](/glossary/#luks) USBs that are used in Tails sessions) into a computer while another operating system is running on it; if the computer is infected, the infection can then [spread to the USB](https://en.wikipedia.org/wiki/BadUSB). 
 
-The second issue requires several mitigations. Let's start with some definitions. 
+### Running Tails on a computer with a compromised BIOS, firmware, or hardware
+
+This second issue requires several mitigations. Let's start with some definitions. 
 
 * *Hardware* means the physical computer that you use. 
 * *Firmware* means software that's embedded in a piece of hardware; you can think of it simply as "software for hardware". It can be found in several different locations (hard drives, USB drives, graphics processor, etc). 
@@ -92,7 +104,7 @@ The second issue requires several mitigations. Let's start with some definitions
 
 Our adversaries have two attack vectors to compromise BIOS, firmware, hardware, or the Tails software; [remote attacks](/glossary#remote-attacks) (through the Internet) and [physical attacks](/glossary/#physical-attacks) (through physical access). Not everyone will need to apply all of the advice below. For example, if Tails is only being used for anonymous Internet browsing and writen correspondence, some of this may be overkill. However, if Tails is being used to take responsibility for actions that are highly criminalized, a more thorough approach is likely relevant. 
 
-**To mitigate against physical attacks:**
+#### To mitigate against physical attacks:
 
 > Your computer might be compromised if its physical components have been altered. For example, if a keylogger has been physically installed on your computer, your passwords, personal information, and other data typed on your keyboard could be stored and accessed by someone else, even if you are using Tails.
 
@@ -102,7 +114,7 @@ Our adversaries have two attack vectors to compromise BIOS, firmware, hardware,
 
 * **Make the laptop screws tamper-evident, store it in a tamper-evident way, and monitor for intrusions**. With these precautions, if physical attacks happen in the future, you'll be able to notice. See the tutorial [Making Your Electronics Tamper-Evident](/posts/tamper/) to adapt the laptop chassis screws, use the app Haven for intrusion detection, as well as how to store it so that you'll be able to notice if it's been physically accessed. Store any external devices you’ll be using with the laptop in the same way (USB, external hard drive, mouse, keyboard). Once physical attack vectors are mitigated, an adversary will need to rely on remote attacks. 
 
-**To mitigate against remote attacks:**
+#### To mitigate against remote attacks:
 
 * **Anonymous Wi-Fi**. Using anonymous Wi-Fi is not only recommended to mitigate against deanonymization, but also against remote hacking. It is best to never use the dedicated Tails laptop from your home Wi-Fi. This makes the laptop much less accessible to a remote attacker than a laptop that you constantly have connected to your home Wi-Fi. If an attacker is targeting you specifically, they need a starting point, and your home Wi-Fi is a pretty good one. 
 * **Remove the hard drive**—it's easier than it sounds. You can ask the store where you buy it to do this and potentially save some money. If you look on youtube for 'remove hard drive' for your laptop model, there will likely be an instructional video. Make sure that you remove the laptop battery first and unplug the power cord. We remove the hard drive to completely eliminate the hard drive firmware, which has been known to be [compromised in order to install malware that is persistent](https://www.wired.com/2015/02/nsa-firmware-hacking/). This is part of the attack surface, and is unnecessary with a live system like Tails which runs from a USB. 
@@ -246,9 +258,11 @@ Finally, if you click on any link from an email, and are asked to log in, be awa
 You may want to open untrusted links in a dedicated Tails session, with no Persistent Storage unlocked or Personal Data USBs mounted. 
 
 # To Conclude
+
 Using Tails without any of this advice is still a huge improvement over many other options. Given that anarchists regularly entrust their freedom to Tails, such as for submitting communiques, taking these extra precautions can further strengthen your trust in this operating system. 
 
 # Appendix: Deanonymization of your WLAN (Wi-Fi) adapter despite Tails?
+
 ***Capulcu*** *(from [Autonomes Blättchen No. 49](https://autonomesblaettchen.noblogs.org/files/2022/06/nr49web.pdf), 2022)*
 
 The two main techniques for anonymizing network traffic while using Tails are using Tor to obfuscate IP addresses and using a MAC address changer to obfuscate the MAC address. In theory, this does the trick. However, security cannot always be guaranteed and attacks aimed at deanonymization occur against both techniques. The compromise of one technique does not entail the compromise of the other. Nevertheless, *for particularly sensitive publications*, it is important to thwart all possibilities of successful identification.
@@ -265,7 +279,7 @@ In September 2019, our collective published a short statement ("[Security warnin
 
 **Recommendation**: Until there is a (stable) solution for the "WLAN fingerprinting" problem, you should remove the internal WLAN adapter for particularly sensitive research and publications and use a (cheap) external USB WLAN adapter and **dispose of it after use**. We also advise you to use WLAN adapters that can be controlled by the Tails operating system without manufacturer-specific firmware (e.g. WLAN adapters with Qualcomm's Atheros chip that use the ath9k driver).
 
-**Description of the problem and technical details**
+## Description of the problem and technical details
 
 If you have not explicitly deactivated the WLAN on the Tails welcome screen (via Offline Mode) or, if available, via a hardware switch, the Tails operating system will automatically search for existing WLAN access provided by access points (Wi-Fi routers). It does this by sending a radio signal (*probe request*) at regular intervals to all access points in the vicinity. The regularly sent request contains the unique MAC address of your WLAN adapter. However, Tails protects your anonymity by not sending the real address, but a randomly generated MAC address. If there are access points in the vicinity, they also respond with a radio signal (*probe response*). This response contains information about the network name (SSID), authentication and encryption. The information contained in these radio signals makes it possible to connect to an access point and exchange data packets.
 
@@ -284,11 +298,11 @@ Further publications on possible deanonymization attacks (which do not explicitl
 - "[Fingerprinting 802.11 Implementations via Statistical Analysis of the Duration Field](http://www.uninformed.org/?v=5&a=1&t=pdf)
 - "[Device Fingerprinting in Wireless Networks: Challenges and Opportunities](https://arxiv.org/pdf/1501.01367v1.pdf)" 
 
-**Probe Request Fingerprinting**
+## Probe Request Fingerprinting
 
 The probe requests sent at short intervals by all WLAN adapters (whether internal or external) contain WLAN adapter-specific information elements (IEs) in the management frame. The values of the [IEs](http://download.aircrack-ng.org/wiki-files/other/managementframes.pdf) are partly manufacturer-specific (in terms of content and sequence). This makes them particularly suitable for deanonymizing fingerprinting, which was used in the previously mentioned papers. Among the various implementations of proprietary [WLAN firmware](https://en.wikipedia.org/wiki/Proprietary_software), there are so many different ways to arrange them that tracking can therefore be successful. In addition, WLAN adapters can often be distinguished by sequence number[^4], data throughput rate, and other radio signal-specific parameters[^5].
 
-**Reduce the digital footprint**
+## Reduce the digital footprint
 
 The packet sizes of probe requests differ according to the information they contain. In most cases, this depends heavily on the firmware implementations of the manufacturers. However, there are also free driver implementations for WLAN adapters that do not require proprietary firmware and can be controlled via the operating system[^6]:
 
@@ -302,6 +316,7 @@ After our warning in summer 2019, we summarized our ideas for avoiding probe req
 
 
 # Appendix 2: Location, Location, Location
+
 *From **How to Hack like a Ghost** by Sparc Flow, available on [Library Genesis](https://en.wikipedia.org/wiki/Library_Genesis)*
 
 One way to increase your anonymity is to be careful of your physical location when hacking. Don’t get me wrong: Tor is amazing. [...] But when you do rely on these services, always assume that your IP address—and hence, your geographical location and/or browser fingerprint—is known to these intermediaries and can be discovered by your final target or anyone investigating on their behalf. Once you accept this premise, the conclusion naturally presents itself: to be truly anonymous on the internet, you need to pay as much attention to your physical trail as you do to your internet fingerprint.