mirror of
https://0xacab.org/anarsec/anarsec.guide.git
synced 2025-06-29 00:37:25 -04:00
VPN overhaul
This commit is contained in:
anarsec
parent
f95c4b0a6a
commit
15b23bb7b9
4 changed files with 69 additions and 15 deletions
|
|
@ -142,7 +142,7 @@ Phishing is a technique of [social engineering](/glossary/#social-engineering).
|
|||
|
||||
A physical attack is a situation where an adversary first gains physical access to your device through loss, theft, or confiscation. For example, your phone may be confiscated when you cross a border or are arrested. This is in contrast to a [remote attack](/glossary/#remote-attacks).
|
||||
|
||||
For more information, see [Making Your Electronics Tamper-Evident](/posts/tamper), the [Threat Library](https://notrace.how/threat-library/techniques/targeted-digital-surveillance/physical-access.html), and [Defend Dissent: Protecting Your Devices](https://open.oregonstate.education/defenddissent/chapter/protecting-your-devices/).
|
||||
For more information, see [Making Your Electronics Tamper-Evident](/posts/tamper), the [Threat Library](https://notrace.how/threat-library/techniques/targeted-digital-surveillance/physical-access.html), the [KickSecure documentation](https://www.kicksecure.com/wiki/Protection_Against_Physical_Attacks), and [Defend Dissent: Protecting Your Devices](https://open.oregonstate.education/defenddissent/chapter/protecting-your-devices/).
|
||||
|
||||
### Plausible deniability
|
||||
|
||||
|
|
|
|||
|
|
@ -136,7 +136,7 @@ To install and configure Sandboxed Google Play:
|
|||
|
||||
### Installing a VPN
|
||||
|
||||
You are now ready to install applications from the Google Play Store. The first application we are going to install is a [VPN](/glossary/#vpn-virtual-private-network). If you can afford to pay for a VPN, we recommend both [Mullvad](https://www.privacyguides.org/en/vpn/#mullvad) and [IVPN](https://www.privacyguides.org/en/vpn/#ivpn). Otherwise, you can use RiseupVPN, although it has far fewer users to blend in with, and it doesn't meet several important [security criteria for VPN providers](https://www.privacyguides.org/en/vpn/#criteria), such as published security audits of its code and infrastructure. A VPN subscription should be purchased anonymously — vouchers are available from [Mullvad](https://mullvad.net/en/blog/2022/9/16/mullvads-physical-voucher-cards-are-now-available-in-11-countries-on-amazon/) and [IVPN](https://www.ivpn.net/knowledgebase/billing/voucher-cards-faq/) to purchase the subscription anonymously without cryptocurrency.
|
||||
You are now ready to install applications from the Google Play Store. The first application we are going to install is a [VPN](/glossary/#vpn-virtual-private-network). If you can afford to pay for a VPN, we recommend both [Mullvad](https://www.privacyguides.org/en/vpn/#mullvad) and [IVPN](https://www.privacyguides.org/en/vpn/#ivpn). Otherwise, you can use RiseupVPN, although it has far fewer users to blend in with, and it doesn't meet several important [security criteria for VPN providers](https://www.privacyguides.org/en/vpn/#criteria), such as published security audits of its code and infrastructure. A VPN subscription should be purchased anonymously — vouchers are available from [Mullvad](https://mullvad.net/en/blog/2022/9/16/mullvads-physical-voucher-cards-are-now-available-in-11-countries-on-amazon/) and [IVPN](https://www.ivpn.net/knowledgebase/billing/voucher-cards-faq/) to purchase the subscription anonymously without [Monero](https://www.privacyguides.org/en/cryptocurrency/#monero). If you already use a VPN with [Tails](/posts/tails-best/#appendix-setting-up-a-vpn-on-a-router) or [Qubes OS](/posts/qubes/#create-a-vpn-qube), you can use the same subscription.
|
||||
|
||||
VPNs must be installed in each user profile separately. All standard GrapheneOS connections will be forced through the VPN (except for [connectivity checks](https://grapheneos.org/faq#default-connections), which can be optionally [disabled](https://privsec.dev/posts/android/android-tips/#connectivity-check)). We recommended using a VPN in every profile, for reasons that are well-summarized by the [Security Lab](https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/):
|
||||
|
||||
|
|
|
|||
|
|
@ -298,17 +298,25 @@ Like any software, the Tor Browser has vulnerabilities that can be exploited —
|
|||
|
||||
Occasionally, Tor Browser will notify you that a new version is available before it can be updated by using the Qubes Update tool. When this happens, you can [run **Tor Browser Downloader**](https://www.whonix.org/wiki/Tor_Browser#Installation_Process) from the Whonix-Workstation Template (`whonix-workstation-17`). As noted in the [docs](https://www.whonix.org/wiki/Tor_Browser#Summary), do **not** run this tool from a disposable Template — the disposable Template will be updated automatically.
|
||||
|
||||
# Create a VPN Qube
|
||||
# Force All Network Traffic Through a VPN
|
||||
|
||||
You should create a [VPN](/glossary/#vpn-virtual-private-network) qube, for reasons that are well-summarized by the [Security Lab](https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/):
|
||||
When using the Internet from home, it is best to use a [VPN](/glossary/#vpn-virtual-private-network) for all network traffic — this puts your trust in your VPN instead of an inherently untrustworthy Internet Service Provider. As the [Security Lab](https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/) notes:
|
||||
|
||||
>Using a reputable VPN provider can provide more privacy against surveillance from your ISP or government and prevent network injection attacks from those entities. A VPN will also make traffic correlation attacks — especially those targeting messaging apps — more difficult to perform and less effective.
|
||||
|
||||
We recommend both [Mullvad](https://www.privacyguides.org/en/vpn/#mullvad) and [IVPN](https://www.privacyguides.org/en/vpn/#ivpn). A VPN subscription should be purchased anonymously — vouchers are available from [Mullvad](https://mullvad.net/en/blog/2022/9/16/mullvads-physical-voucher-cards-are-now-available-in-11-countries-on-amazon/) and [IVPN](https://www.ivpn.net/knowledgebase/billing/voucher-cards-faq/) to purchase the subscription anonymously without cryptocurrency.
|
||||
For your VPN provider, we recommend either [Mullvad](https://www.privacyguides.org/en/vpn/#mullvad) or [IVPN](https://www.privacyguides.org/en/vpn/#ivpn). A VPN subscription should be purchased anonymously — vouchers are available from [Mullvad](https://mullvad.net/en/blog/2022/9/16/mullvads-physical-voucher-cards-are-now-available-in-11-countries-on-amazon/) and [IVPN](https://www.ivpn.net/knowledgebase/billing/voucher-cards-faq/) to purchase the subscription anonymously without [Monero](https://www.privacyguides.org/en/cryptocurrency/#monero).
|
||||
|
||||
We're going to name the new VPN qube `sys-vpn`. Follow the guide for [the Mullvad app](https://privsec.dev/posts/qubes/using-mullvad-vpn-on-qubes-os/) or the [the IVPN app](https://forum.qubes-os.org/t/ivpn-app-4-2-setup-guide/23804). Now `sys-vpn` will force all network traffic through the VPN before it reaches `sys-firewall`.
|
||||
There are two ways you can run a VPN: from your laptop or from your router. You don't want to "double up" a VPN so if its running on your router, it shouldn't be running on your laptop, and vice-versa.
|
||||
|
||||
## Change the default net qube
|
||||
**Running a VPN from your router**: If you mostly use Qubes OS from home, we recommend [running the VPN from your router](/posts/tails-best/#appendix-setting-up-a-vpn-on-a-router), which requires no configuration of Qubes OS. If this is the approach you choose, you can [skip ahead to the next topic](/posts/qubes/#how-to-use-devices-like-usbs).
|
||||
|
||||
**Running a VPN from your laptop**: If you regularly use Qubes OS away from home, we recommend creating a VPN qube that runs the VPN client app. If you configure Qubes OS to force all networking through the VPN qube, the laptop should connect to a VLAN of the router which is **not** running a VPN.
|
||||
|
||||
## Creating a VPN qube
|
||||
|
||||
To create a VPN qube, follow the guide for [the Mullvad app](https://privsec.dev/posts/qubes/using-mullvad-vpn-on-qubes-os/) or the [the IVPN app](https://forum.qubes-os.org/t/ivpn-app-4-2-setup-guide/23804). We'll assume that you named the new VPN qube `sys-vpn`. It will force all network traffic through the VPN before it reaches `sys-firewall`.
|
||||
|
||||
### Configure qubes that were using sys-firewall
|
||||
|
||||
* Go to **Applications menu → Qubes Tools → Qubes Global Settings**. Switch the default net qube from `sys-firewall` to `sys-vpn`.
|
||||
* Then, go to debian-12-dvm's **Settings → Basic** tab and change the net qube to `sys-vpn`.
|
||||
|
|
@ -323,12 +331,12 @@ To understand this configuration, it may help to visualize the qubes involved in
|
|||
| `sys-vpn` | The VPN qube you created | sys-firewall |
|
||||
| debian-12-dvm | Your disposable Debian qube | `sys-vpn` |
|
||||
|
||||
## Configure connecting to the VPN before Tor
|
||||
### Configure Whonix-Gateway
|
||||
|
||||
We recommend connecting to a VPN *before* connecting to Tor (i.e. [You → VPN → Tor → Internet](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN#you-vpnssh-tor)) when you are using an Internet connection tied to your identity.
|
||||
|
||||
* To configure connecting to a VPN *before* connecting to Tor, go to sys-whonix's **Settings → Basic** tab and change the net qube to `sys-vpn`.
|
||||
* When using the Internet from home, it is best to use a VPN for all network traffic — this puts your trust in your VPN instead of an inherently untrustworthy Internet Service Provider. But if you are intentionally using an [Internet connection not tied to your identity](/posts/tails-best/#an-internet-connection-not-tied-to-your-identity), such as Wi-Fi at a random cafe, the VPN ties you to any other computer activity you've used it for (via your subscription). In this scenario, you can change sys-whonix's net qube back to `sys-firewall` (connect to Tor directly), or change sys-whonix's net qube to another VPN qube (`sys-vpn-2`) that uses a compartmentalized VPN subscription.
|
||||
* To configure connecting to a VPN before connecting to Tor, go to sys-whonix's **Settings → Basic** tab and change the net qube to `sys-vpn`.
|
||||
* If you are intentionally using an [Internet connection not tied to your identity](/posts/tails-best/#an-internet-connection-not-tied-to-your-identity), such as Wi-Fi at a random cafe, a VPN ties you to any other computer activity you've used it for (via your subscription). In this scenario, change sys-whonix's net qube back to `sys-firewall` (connect to Tor directly), or change sys-whonix's net qube to another VPN qube (`sys-vpn-2`) that uses a compartmentalized VPN subscription.
|
||||
* As a last step, we will verify that only `sys-vpn` has its net qube set to `sys-firewall`. Go to **Applications menu → Qubes Tools → Qube Manager** and sort the entries by "Net qube" to make this easier.
|
||||
|
||||
For more information on the rationale of this configuration, see [Privacy Guides](https://privacyguides.org/en/advanced/tor-overview/#safely-connecting-to-tor). Note that you should not connect to a VPN *after* Tor because this [breaks Stream Isolation](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN#you-tor-x).
|
||||
|
|
|
|||
|
|
@ -98,11 +98,11 @@ When using Wi-Fi in a public space, keep the following operational security cons
|
|||
|
||||
If you need to regularly use the Internet for projects like moderating a website or hacking, going to a new Wi-Fi location after doing surveillance countermeasures might not be realistic on a daily basis. Additionally, a main police priority will be to seize the computer while it is unencrypted, and this is much easier for them to achieve in a public space, especially if you are alone. In this scenario, the ideal mitigation is to **use a Wi-Fi antenna positioned behind a window in a private space to access from a few hundred metres away** — a physical surveillance effort won't observe you entering a cafe or be able to easily seize your powered-on laptop, and a digital surveillance effort won't observe anything on your home Internet. To protect against [hidden cameras](https://www.notrace.how/earsandeyes), you should still be careful about where you position your screen.
|
||||
|
||||
If a Wi-Fi antenna is too technical for you, you may even want to **use your home internet** for some projects that require frequent internet access. This contradicts the previous advice to not use an Internet connection that is tied to your identity. It's a trade-off: using Tor from home avoids creating a physical footprint that is so easy to observe, at the expense of creating a digital footprint which is more technical to observe, and may be harder to draw meaningful conclusions from (especially if you connect to a VPN *before* connecting to Tor, see the [appendix](/posts/tails-best#appendix-vpns-and-tails)). There are two main deanonymization risks to consider when using your home internet: that the adversary deanonymizes you through a Tor correlation attack, or that they deanonymize you by hacking your system (such as through [phishing](/posts/tails-best/#phishing-awareness)) which [enables them to bypass Tor](/posts/qubes/#when-to-use-tails-vs-qubes-os).
|
||||
If a Wi-Fi antenna is too technical for you, you may even want to **use your home internet** for some projects that require frequent internet access. This contradicts the previous advice to not use an Internet connection that is tied to your identity. It's a trade-off: using Tor from home avoids creating a physical footprint that is so easy to observe, at the expense of creating a digital footprint which is more technical to observe, and may be harder to draw meaningful conclusions from. There are two main deanonymization risks to consider when using your home internet: that the adversary deanonymizes you through a Tor correlation attack, or that they deanonymize you by hacking your system (such as through [phishing](/posts/tails-best/#phishing-awareness)) which [enables them to bypass Tor](/posts/qubes/#when-to-use-tails-vs-qubes-os). To make both of these attacks more difficult, we recommend connecting to a VPN *before* connecting to Tor when using Tails from home — see the [appendix](/posts/tails-best/#appendix-setting-up-a-vpn-on-a-router).
|
||||
|
||||
#### To summarize
|
||||
|
||||
For sensitive and irregular Internet activities, use an Internet connection from a random cafe, preceeded by surveillance detection and anti-surveillance. For activities that require daily Internet access such that taking surveillance countermeasures and finding a new cafe isn't realistic, it's best to use a Wi-Fi antenna. If this is too technical for you, using your home Wi-Fi is an option, but this requires trusting Tor's resilience to correlation attacks and the measures you take against being hacked.
|
||||
For sensitive and irregular Internet activities, use an Internet connection from a random cafe, preceeded by surveillance detection and anti-surveillance. For activities that require daily Internet access such that taking surveillance countermeasures and finding a new cafe isn't realistic, it's best to use a Wi-Fi antenna. If this is too technical for you, using your home Wi-Fi is an option, but this requires trusting Tor's resilience to correlation attacks, the measures you take against being hacked, and your VPN provider.
|
||||
|
||||
# Reducing risks when using untrusted computers
|
||||
|
||||
|
|
@ -203,7 +203,7 @@ The Persistent Storage feature is not possible with the DVD or `toram` boot opti
|
|||
|
||||
Where can we store personal data for use between Tails sessions if the write-protect switch prevents us from using Persistent Storage? We recommend storing personal data on a second LUKS USB. This "personal data" USB should not look identical to your Tails USB to avoid confusion. To create this separate USB, see [How to create an encrypted USB](/posts/tails/#how-to-create-an-encrypted-usb). If you are reading this from a country like the UK where not providing encryption passwords can land you in jail, this second drive should be an HDD containing a [Veracrypt Hidden Volume](https://www.veracrypt.fr/en/Hidden%20Volume.html) (SSD and USB drives are [not suitable for Hidden Volumes](https://www.veracrypt.fr/en/Trim%20Operation.html)).
|
||||
|
||||
The compartmentalization approach [discussed above](/posts/tails-best#2-using-tails-for-more-than-one-purpose-at-a-time) neatly separates different identities by using separate Tails sessions for separate activities — for example, in Tails session #1 you do website moderation activities, and in Tails session #2 you do action research activities. This approach has implications for how you organize your "personal data" USBs. If the files you save could be used to link your activities together, use a different "personal data" USB for each activity.
|
||||
The compartmentalization approach [discussed above](/posts/tails-best/#2-using-tails-for-more-than-one-purpose-at-a-time) neatly separates different identities by using separate Tails sessions for separate activities — for example, in Tails session #1 you do website moderation activities, and in Tails session #2 you do action research activities. This approach has implications for how you organize your "personal data" USBs. If the files you save could be used to link your activities together, use a different "personal data" USB for each activity.
|
||||
|
||||
|
||||
|
||||
|
|
@ -300,7 +300,7 @@ If you are using Persistent Storage, this is another passphrase that you will ha
|
|||
|
||||
### Installing SiriKali
|
||||
|
||||
SiriKali is an encrypted volume program that uses [gocryptfs](https://nuetzlich.net/gocryptfs/) behind the scenes. It is [available in the Debian repository](https://packages.debian.org/bookworm/sirikali) and can be easily installed as [additional software](/posts/tails#installing-additional-software). In Synaptic, install both sirikali and gocryptfs (if you are comfortable on the [command line](/glossary/#command-line-interface-cli), you can use gocryptfs directly and you don't actually need sirikali). If you don't want to reinstall SiriKali every session, you will need to [configure Additional Software in Persistent Storage](/posts/tails-best#unlocking-the-switch).
|
||||
SiriKali is an encrypted volume program that uses [gocryptfs](https://nuetzlich.net/gocryptfs/) behind the scenes. It is [available in the Debian repository](https://packages.debian.org/bookworm/sirikali) and can be easily installed as [additional software](/posts/tails#installing-additional-software). In Synaptic, install both sirikali and gocryptfs (if you are comfortable on the [command line](/glossary/#command-line-interface-cli), you can use gocryptfs directly and you don't actually need sirikali). If you don't want to reinstall SiriKali every session, you will need to [configure Additional Software in Persistent Storage](/posts/tails-best/#unlocking-the-switch).
|
||||
|
||||
### Creating an encrypted volume
|
||||
|
||||
|
|
@ -374,6 +374,52 @@ Now we know that we have a genuine version of the Tails public key. `gpg` also
|
|||
|
||||
Now that we know that we have a genuine version of the Tails .img file, we can proceed to install it on a USB.
|
||||
|
||||
# Appendix: VPNs and Tails
|
||||
# Appendix: Setting up a VPN on a Router
|
||||
|
||||
When using the Internet from home, it is best to use a [VPN](/glossary/#vpn-virtual-private-network) for all network traffic — this puts your trust in your VPN instead of an inherently untrustworthy Internet Service Provider. We recommend connecting to a VPN *before* connecting to Tor (i.e. [You → VPN → Tor → Internet](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN#you-vpnssh-tor)) when you are using Tor from your home Internet connection. For more information on the rationale, see [Privacy Guides](https://privacyguides.org/en/advanced/tor-overview/#safely-connecting-to-tor).
|
||||
|
||||
For your VPN provider, we recommend either [Mullvad](https://www.privacyguides.org/en/vpn/#mullvad) or [IVPN](https://www.privacyguides.org/en/vpn/#ivpn). A VPN subscription should be purchased anonymously — vouchers are available from [Mullvad](https://mullvad.net/en/blog/2022/9/16/mullvads-physical-voucher-cards-are-now-available-in-11-countries-on-amazon/) and [IVPN](https://www.ivpn.net/knowledgebase/billing/voucher-cards-faq/) to purchase the subscription anonymously without [Monero](https://www.privacyguides.org/en/cryptocurrency/#monero).
|
||||
|
||||
There are two ways you can run a VPN: from your laptop or from your router. You don't want to "double up" a VPN so if its running on your router, it shouldn't be running on your laptop, and vice-versa.
|
||||
|
||||
On Tails, it is only possible to connect to a VPN before Tor by configuring a VPN on your router (or for more technical users, on your [hardware firewall](https://www.privacyguides.org/en/router/#opnsense)).
|
||||
|
||||
## Configure the router
|
||||
|
||||
We recommend using a router that runs the [OpenWrt](https://www.privacyguides.org/en/router/#openwrt) operating system. [GL-iNet](https://www.gl-inet.com/) sells affordable OpenWrt routers that are easy to use — the 'Travel' models are sufficient for an apartment sized residence. This guide will assume that you're using a GL-iNet router, and that you're using Tails to set it up, but you could also set it up with Qubes OS.
|
||||
|
||||
### First time setup
|
||||
|
||||
Start a Tails session, then follow the documentation for [first time setup](https://docs.gl-inet.com/router/en/4/faq/first_time_setup/):
|
||||
|
||||
* Use the Unsafe Browser to access the web Admin Panel (Tor Browser blocks connections to the local network).
|
||||
* From Qubes OS, use any web browser other than Tor Browser.
|
||||
* When prompted to create a new password for the web Admin Panel, use [KeePassXC](/posts/tails/#password-manager-keepassxc) to set a [strong password](/posts/tails-best/#passwords).
|
||||
* Connect the router to the Internet [via an ethernet cable](https://docs.gl-inet.com/router/en/4/interface_guide/internet_ethernet/) from the WAN port of the GL-iNet router to the modem. You'll need to remove the router that you were previously using.
|
||||
* [Enable the 5GHz Wi-Fi](https://docs.gl-inet.com/router/en/4/interface_guide/wireless/), change the SSID to something that doesn't leak router information (for our purposes, "Geologic-5G"), and set a strong Wi-Fi password. 5G is faster than 2.4G and it travels a shorter distance, so it will be harder to monitor from a van parked outside of your house.
|
||||
* [Enable the 5GHz Guest Wi-Fi](https://docs.gl-inet.com/router/en/4/interface_guide/wireless/), change the SSID to something that doesn't leak router information (for our purposes, "Geologic-5G-GUEST"), and set a strong Wi-Fi password.
|
||||
|
||||
### Obtain VPN configuration files
|
||||
|
||||
* From Tails, connect to the Wi-Fi you just set up, then use the Tor Browser to get the configuration files from [IVPN](https://docs.gl-inet.com/router/en/4/interface_guide/wireguard_client/#ivpn) or [Mullvad](https://docs.gl-inet.com/router/en/4/interface_guide/wireguard_client/#mullvad).
|
||||
|
||||
### Set up the VPN on the router
|
||||
|
||||
* Use the Unsafe Browser to login to the web Admin Panel of your router. Navigate to the VPN Dashboard.
|
||||
* Under VPN Client, click **Set Up Now** beside WireGuard, then follow [the guide](https://docs.gl-inet.com/router/en/4/interface_guide/wireguard_client/#setup-wireguard-client).
|
||||
* In [VPN Client Options](https://docs.gl-inet.com/router/en/4/interface_guide/vpn_dashboard/#vpn-client-options) enable **IP Masquerading**.
|
||||
* Click "Global Proxy" and change the [proxy mode](https://docs.gl-inet.com/router/en/4/interface_guide/vpn_dashboard/#proxy-mode) to **Policy Mode: Based on the VLAN**. Enable the VPN on "Private", disable the VPN on "Guest". This means that "Geologic-5G" forces all network traffic through the VPN, and "Geologic-5G-GUEST" doesn't. This way, devices running a VPN can connect to the Guest Wi-Fi to avoid a "doubled up" VPN.
|
||||
* Click [Global Options](https://docs.gl-inet.com/router/en/4/interface_guide/vpn_dashboard/#global-options-of-vpn-client) and enable **Block Non-VPN Traffic**. This feature is also known as a VPN Kill Switch, and it is especially effective when the VPN runs on a router.
|
||||
* Test that the VPN is configured properly with the [Mullvad connection check](https://mullvad.net/en/check) or [IVPN status](https://www.ivpn.net/) using the Unsafe Browser.
|
||||
* Verify that the router [firmware is set to automatically update](https://docs.gl-inet.com/router/en/4/interface_guide/firmware_upgrade/).
|
||||
|
||||
### Using the router
|
||||
|
||||
* On Tails, connect to "Geologic-5G". The network traffic from your Tails laptop now connects to a VPN *before* connecting to Tor.
|
||||
* On other devices, connect to "Geologic-5G" if there is no VPN client app running on the device, and "Geologic-5G-GUEST" if there is.
|
||||
|
||||
## Generating traffic when you're not home
|
||||
|
||||
At this point, an adversary looking at the network traffic leaving your house will only see VPN traffic. However, they will still be able to see when you are *not* using the Internet, which could be a valuable metric. For example, let's say that you are the moderator for a website that has activity on a daily basis — in a given year, only 28 days had no activity. If these periods of inactivity happen to correlate with when there was also no activity on your home Internet connection, that's not good.
|
||||
|
||||
If this type of traffic analysis would be relevant to the projects you do from home, you can generate Tor traffic when you're out of the house. We recommend running [Noisy](https://0xacab.org/anarsec/noisy) from a Raspberry Pi or mini-PC that stays permanently powered on, although it requires some Linux knowledge to set up.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue