Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-08-01 19:06:06 -04:00
Code Issues Projects Releases Packages Wiki Activity

fix notrace.how footnotes

Browse source
This commit is contained in:
anarsec 2024-04-15 21:38:33 +00:00
parent cba3b08223
commit 3c2946baac
No known key found for this signature in database
8 changed files with 27 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

10
content/posts/qubes/index.md
View file

@ -21,9 +21,9 @@ Qubes OS can be configured to force all Internet connections through the [Tor ne
# Who is Qubes OS For?
Given that anarchists are [regularly targeted](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance/malware.html) for hacking in repressive investigations, Qubes OS is an excellent choice for us. AnarSec [recommends](/recommendations) Qubes OS for everyday use, and [below](/posts/qubes/#when-to-use-tails-vs-qubes-os) we compare when it is appropriate to use Tails vs. Qubes OS — both have unique strengths. While Tails is so easy to use that you don't even need to know anything about Linux, Qubes OS is a bit more involved, but still designed to be accessible to users with limited technical know-how, like journalists. This guide is labelled as "intermediate", though if you need to extensively customize your set up or troubleshoot something, it is more likely to be "advanced".
Given that anarchists are [regularly targeted](https://notrace.how/threat-library/techniques/targeted-digital-surveillance/malware.html) for hacking in repressive investigations, Qubes OS is an excellent choice for us. AnarSec [recommends](/recommendations) Qubes OS for everyday use, and [below](/posts/qubes/#when-to-use-tails-vs-qubes-os) we compare when it is appropriate to use Tails vs. Qubes OS — both have unique strengths. While Tails is so easy to use that you don't even need to know anything about Linux, Qubes OS is a bit more involved, but still designed to be accessible to users with limited technical know-how, like journalists. This guide is labelled as "intermediate", though if you need to extensively customize your set up or troubleshoot something, it is more likely to be "advanced".
Even if you don't do anything directly incriminating on the computer you use every day, if it were compromised, this would still give investigators a field day for [network mapping](https://www.notrace.how/threat-library/techniques/network-mapping.html) — knowing who you talk to and what you talk to them about, what projects you are involved in, what websites you read, etc. Most anarchists use everyday computers for some anarchist projects and to communicate with other comrades, so making our personal computers difficult to hack is an important baseline for all anarchists. That said, the time investment to learn Qubes OS isn't for everyone. For those with limited energy to put towards increased anonymity and security, Tails is much more straightforward.
Even if you don't do anything directly incriminating on the computer you use every day, if it were compromised, this would still give investigators a field day for [network mapping](https://notrace.how/threat-library/techniques/network-mapping.html) — knowing who you talk to and what you talk to them about, what projects you are involved in, what websites you read, etc. Most anarchists use everyday computers for some anarchist projects and to communicate with other comrades, so making our personal computers difficult to hack is an important baseline for all anarchists. That said, the time investment to learn Qubes OS isn't for everyone. For those with limited energy to put towards increased anonymity and security, Tails is much more straightforward.
# How Does Qubes OS Work?
@ -77,7 +77,7 @@ Qubes OS includes Whonix by default (Qubes-Whonix) for when you want to force al
For more information on how Whonix compares to Tails against different types of deanonymization attacks, see the [Whonix documentation](https://www.whonix.org/wiki/Comparison_with_Others#Circumventing_Proxy_Obedience_Design).
In order to recover data from a Qubes OS system when it is turned off, an adversary would still need to successfully [bypass](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html) the [Full Disk Encryption](/glossary#full-disk-encryption-fde) (e.g. by seizing the computer when it is turned on, or cracking a weak password). In order to recover data from a Tails system when it is turned off, **the situation is the same if any data is saved to Persistent Storage or an encrypted USB** — this saved data is no longer protected by anti-forensic features but by Full Disk Encryption.
In order to recover data from a Qubes OS system when it is turned off, an adversary would still need to successfully [bypass](https://notrace.how/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html) the [Full Disk Encryption](/glossary#full-disk-encryption-fde) (e.g. by seizing the computer when it is turned on, or cracking a weak password). In order to recover data from a Tails system when it is turned off, **the situation is the same if any data is saved to Persistent Storage or an encrypted USB** — this saved data is no longer protected by anti-forensic features but by Full Disk Encryption.
Our recommendation is to use Tails:
@ -299,7 +299,7 @@ You don't always need to attach a USB drive to another qube with the Qubes Devic
# How to Backup
Once your qubes are organized the way you want them, you should back up your system. Depending on your needs, we recommend a weekly backup. We also recommend making a redundant backup that you store off-site and synchronize monthly (to protect against data loss in a [house raid](https://www.notrace.how/threat-library/techniques/house-raid.html)).
Once your qubes are organized the way you want them, you should back up your system. Depending on your needs, we recommend a weekly backup. We also recommend making a redundant backup that you store off-site and synchronize monthly (to protect against data loss in a [house raid](https://notrace.how/threat-library/techniques/house-raid.html)).
Adapted from the [docs](https://www.qubes-os.org/doc/how-to-back-up-restore-and-migrate/#creating-a-backup):
@ -355,7 +355,7 @@ Configuring Qubes OS is much more flexible than configuring Tails, but most of t
* Compartmentalization is baked into Qubes OS; instead of restarting Tails, use a dedicated qube.
* Limitations of the Tor network
* For sensitive activities, don't use Internet connections that could deanonymize you, and prioritize .onion links when available. BusKill is also [available for Qubes OS](https://www.buskill.in/qubes-os/) (and we recommend not obtaining it through the mail).
* If you might be a target for physical surveillance, consider doing [surveillance detection](https://www.notrace.how/threat-library/mitigations/surveillance-detection.html) and [anti-surveillance](https://www.notrace.how/threat-library/mitigations/anti-surveillance.html) before going to a cafe to use the Internet. Alternatively, use a Wi-Fi antenna from indoors. See the Tails article for further discussion of deciding what Internet to use.
* If you might be a target for physical surveillance, consider doing [surveillance detection](https://notrace.how/threat-library/mitigations/surveillance-detection.html) and [anti-surveillance](https://notrace.how/threat-library/mitigations/anti-surveillance.html) before going to a cafe to use the Internet. Alternatively, use a Wi-Fi antenna from indoors. See the Tails article for further discussion of deciding what Internet to use.
* Reducing risks when using untrusted computers
* The [verification stage](https://www.qubes-os.org/security/verifying-signatures/) of the Qubes OS installation is equivalent to the [GnuPG verification of Tails](https://tails.net/install/expert/index.en.html).
* Only attach USBs and external drives to a qube that is disposable and offline.