diff --git a/content/glossary/_index.md b/content/glossary/_index.md index c746e34..b9ac85a 100644 --- a/content/glossary/_index.md +++ b/content/glossary/_index.md @@ -27,7 +27,7 @@ Checksums are digital fingerprints: small-sized blocks of data derived from anot The 'command line' is an all-text alternative to using the graphical 'point and click' tool that most of us are more familiar with; the Command Line Interface (CLI) allows us to do some things that a Graphical User Interface (GUI) does not. Oftentimes, either a GUI or CLI would work and which you use is a matter of preference. For example, in [Tails](/glossary/#tails), you can verify the [checksum](/glossary/#checksums-fingerprints) of a file with a GUI (the GtkHash program) or a CLI command (`sha256sum`). -[Tech Learning Collective's "Foundations: Command Line Basics" course](https://techlearningcollective.com/foundations/#foundations-command-line-basics) is our recommended introduction to CLI/terminal use. +Tech Learning Collective's "Foundations: Linux Journey" course on [command line](https://techlearningcollective.com/foundations/linux-journey/the-shell) is our recommended introduction to CLI/terminal use. ### CVE @@ -93,7 +93,7 @@ Linux is an [open-source](/glossary/#open-source) 'kernel' upon which operating ### LUKS -The [Linux Unified Key Setup (LUKS)](https://gitlab.com/cryptsetup/cryptsetup) is a platform-independent specification for hard disk encryption. It is the standard used in [Tails](/glossary/#tails), [Qubes OS](/glossary/#qubes-os), Ubuntu, etc. +The [Linux Unified Key Setup (LUKS)](https://gitlab.com/cryptsetup/cryptsetup) is a platform-independent specification for hard disk encryption. It is the standard used in [Tails](/glossary/#tails), [Qubes OS](/glossary/#qubes-os), Ubuntu, etc. LUKS encryption is only effective when the device is powered down. LUKS should be using [Argon2id](/posts/tails-best/#passwords) to make it less vulnerable to brute-force attacks. ### Malware @@ -137,7 +137,7 @@ Phishing is a [social engineering](/glossary/#social-engineering) technique. Att By a physical attack, we mean a situation in which an adversary first gains physical access to your device through loss, theft, or confiscation. For example, your phone may be confiscated while crossing a border or during an arrest. This is in contrast to a [remote attack](/glossary/#remote-attacks). -For a more detailed look, check out [Defend Dissent: Protecting Your Devices](https://open.oregonstate.education/defenddissent/chapter/protecting-your-devices/) +For a more detailed look, check out [Making Your Electronics Tamper-Evident](/posts/tamper) and [Defend Dissent: Protecting Your Devices](https://open.oregonstate.education/defenddissent/chapter/protecting-your-devices/) ### Plausible deniability diff --git a/content/posts/e2ee/cwtch.png b/content/posts/e2ee/cwtch.png new file mode 100644 index 0000000..8dde183 Binary files /dev/null and b/content/posts/e2ee/cwtch.png differ diff --git a/content/posts/e2ee/index.md b/content/posts/e2ee/index.md index 6b51eb2..1a721f8 100644 --- a/content/posts/e2ee/index.md +++ b/content/posts/e2ee/index.md @@ -34,17 +34,19 @@ The following options for encrypted messaging are listed from most metadata prot # Cwtch +![](cwtch.png) + * **Mediums**: Text * **Metadata protection**: Yes (strong) -* **Encryption protocol**: Tor Onion Services (v3) + [Tapir](https://docs.openprivacy.ca/cwtch-security-handbook/cwtch-overview.html) +* **Encryption protocol**: Tor Onion Services (v3) + [Tapir](https://docs.cwtch.im/security/components/tapir/authentication_protocol) * **Peer-to-peer**: Yes * **Tor**: Yes -Cwtch is our preference, by a long shot. It is currently in transition from [beta to stable versions](https://docs.cwtch.im/blog/path-to-cwtch-stable). For an overview of how Cwtch works, watch the video above. The [Cwtch Handbook](https://docs.cwtch.im/) will tell you everything you need to know for using it. Cwtch is designed with metadata protection in mind; it is peer-to-peer, uses the Tor network as a shield and stores everything locally on-device, encrypted. +Cwtch is our preference, by a long shot. It is currently in transition from [beta to stable versions](https://docs.cwtch.im/blog/cwtch-stable-roadmap-update-june). For an overview of how Cwtch works, watch the video above. The [Cwtch Handbook](https://docs.cwtch.im/) will tell you everything you need to know for using it. Cwtch is designed with metadata protection in mind; it is peer-to-peer, uses the Tor network as a shield and stores everything locally on-device, encrypted. Like all peer-to-peer communication, Cwtch requires *synchronous* communication, meaning that both peers are online simultaneously. However, their server feature allows *asynchronous* communication as well by providing offline delivery: ->"Cwtch contact to contact chat is fully peer to peer, which means if one peer is offline, you cannot chat, and there is no mechanism for multiple people to chat. To support group chat (and offline delivery) we have created untrusted Cwtch [servers](https://docs.cwtch.im/docs/servers/introduction) which can host messages for a group. [...] the server has no way to know what messages for what groups it might be holding, or who is accessing it." +>"Cwtch contact to contact chat is fully peer to peer, which means if one peer is offline, you cannot chat, and there is no mechanism for multiple people to chat. To support group chat (and offline delivery) we have created untrusted Cwtch [servers](https://docs.cwtch.im/security/components/cwtch/server) which can host messages for a group. [...] the server has no way to know what messages for what groups it might be holding, or who is accessing it." Any Cwtch user can turn the app on their phone or computer into an untrusted server to host a group chat, though this is best for temporary needs like an event or short-term coordination, because the device needs to stay powered on for it to work. Medium-term untrusted servers can be set up on a spare Android device that can stay on, and longer-term servers can be self-hosted on a VPS if you know Linux system administration. Once the server exists, contacts can be invited to use it. You can create a group chat with only two people, which enables asynchronous direct messages. @@ -108,10 +110,10 @@ Cwtch on Whonix currently has an [issue](https://git.openprivacy.ca/cwtch.im/cwt
-![](onionshare.png) - # OnionShare +![](onionshare.png) + * **Mediums**: Text * **Metadata protection**: Yes (strong) * **Encryption protocol**: Tor Onion Services (v3) @@ -122,17 +124,17 @@ OnionShare has a [chat feature](https://docs.onionshare.org/2.6/en/features.html
-![](signal.jpg) - # Signal +![](signal.jpg) + * **Mediums**: Video call, voice call, text * **Metadata protection**: Yes (Moderate) * **Encryption protocol**: Signal Protocol, audited ([2017](https://en.wikipedia.org/wiki/Signal_Protocol)) * **Peer-to-peer**: No * **Tor**: Not default -The Signal Protocol has some metadata protection; [sealed sender](https://signal.org/blog/sealed-sender/), [private contact discovery](https://signal.org/blog/private-contact-discovery/), and the [private group system](https://signal.org/blog/signal-private-group-system/). Message recipient identifiers are only kept on the Signal servers as long as necessary in order to transmit each message. As a result, when Signal is served with a warrant, they [can only provide](https://signal.org/bigbrother/) the time of account creation and the date of the account's last connection to Signal servers, when provided with a phone number. Nonetheless, Signal is [reliant on the Google Services Framework](https://web.archive.org/web/20210728141938/https://serpentsec.1337.cx/signal-sucks-heres-why) (though it's possible to use without it) and the metadata protection of sealed sender [only applies to contacts (by default)](https://web.archive.org/web/20210728141938/https://serpentsec.1337.cx/signal-sucks-heres-why). +The Signal Protocol has some metadata protection; [sealed sender](https://signal.org/blog/sealed-sender/), [private contact discovery](https://signal.org/blog/private-contact-discovery/), and the [private group system](https://signal.org/blog/signal-private-group-system/). Message recipient identifiers are only kept on the Signal servers as long as necessary in order to transmit each message. As a result, when Signal is served with a warrant, they [can only provide](https://signal.org/bigbrother/) the time of account creation and the date of the account's last connection to Signal servers, when provided with a phone number. Nonetheless, Signal is reliant on the Google Services Framework (though it's possible to use without it) and the metadata protection of sealed sender only applies to contacts (by default). Signal [is not peer-to-peer](https://www.csrc.link/#the-guide-to-peer-to-peer-encryption-and-tor); it operates centralized servers that we have to trust. Signal will work with Tor if it is used on an operating system that forces it; such as Whonix or Tails. @@ -140,7 +142,7 @@ However, registration for a Signal account is difficult to achieve anonymously. Another barrier to anonymous registration is that Signal Desktop only works if Signal is first registered from a smartphone. For users comfortable with the [command line](/glossary/#command-line-interface-cli), it is possible to register an account from a computer with [Signal-cli](http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/about.privacy/messengers-on-tails-os/-/wikis/HowTo#signal). The [VoIP](/glossary#voip-voice-over-internet-protocol) account used for the registration would need to be obtained anonymously. -As a result, Signal is rarely used anonymously which has a significant impact if the State gets [physical](/glossary/#physical-attacks) or [remote](/glossary/#remote-attacks) access to the device. One of the primary goals of State surveillance of anarchists is [network mapping](https://www.csrc.link/threat-library/techniques/network-mapping.html), and it's not uncommon that they get physical access to devices through [house raids](https://www.csrc.link/threat-library/techniques/house-raid.html). For example, if device [authentication is bypassed](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), it would then be possible to identify every Signal contact simply via their phone numbers (in addition to reading message history, etc.). +As a result, Signal is rarely used anonymously which has a significant impact if the State gets [physical](/glossary/#physical-attacks) or [remote](/glossary/#remote-attacks) access to the device. One of the primary goals of State surveillance of anarchists is [network mapping](https://www.csrc.link/threat-library/techniques/network-mapping.html), and it's not uncommon that they get physical access to devices through [house raids](https://www.csrc.link/threat-library/techniques/house-raid.html) or even just simple arrests. For example, if device [authentication is bypassed](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), it would then be possible to identify every Signal contact simply via their phone numbers (in addition to reading message history, etc.). Due to the near impossibility of using Signal anonymously as well as our [recommendation to not use phones](/posts/nophones/), we don't currently recommend anarchists use Signal. We nonetheless provide installation instructions because it has become the norm in the anarchist space in many countries, and it might be hard to get in touch with somebody without it. @@ -185,6 +187,8 @@ Some of [Signal Configuration and Hardening Guide](https://blog.privacyguides.or Signal Desktop on Whonix is not guaranteed to have Tor Stream Isolation from other applications in the same qube, so we will install it in a dedicated qube. Signal Desktop is installed in a Template, not an App qube (because it is available as a .deb from a third party repository). +Some of [Signal Configuration and Hardening Guide](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/) also applies to Signal Desktop. + * Go to **Applications menu → Qubes Tools → Qube Manager** * Clone whonix-ws-16, and call it something like whonix-ws-16-signal. * We do this to not add attack surface to the base Whonix Workstation template. If you also install other messaging applications like Element Desktop, they could share a cloned template with a name like whonix-ws-16-e2ee @@ -197,7 +201,7 @@ use_proxy = on http_proxy = 127.0.0.1:8082 https_proxy = 127.0.0.1:8082 ``` -* [Create an App qube](/posts/qubes/#how-to-organize-your-qubes) with the Template `whonix-ws-16-signal` and networking `sys-whonix`. +* [Create an App qube](/posts/qubes/#creating-qubes) with the Template `whonix-ws-16-signal` and networking `sys-whonix`. * In the new App qube's **Settings → Applications** tab, bring Signal into the Selected column, and press **OK**. * Updates will be handled by **Qubes Update** as you would expect. @@ -211,10 +215,10 @@ https_proxy = 127.0.0.1:8082

-![](element.png) - # Element / Matrix +![](element.png) + * **Mediums**: Video call, voice call, text * **Metadata protection**: Poor * **Encryption protocol**: vodozemac, audited ([2022](https://matrix.org/blog/2022/05/16/independent-public-audit-of-vodozemac-a-native-rust-reference-implementation-of-matrix-end-to-end-encryption)) @@ -225,7 +229,7 @@ Element is the name of the application (the client), and Matrix is the name of t Element will work with Tor if it is used on an operating system that forces it; such as Whonix or Tails. -What homeserver you use is important— do not use the default homeserver matrix.org. [Systemli](https://www.systemli.org/en/service/matrix/) and [Anarchy Planet](https://anarchyplanet.org/chat.html) are reputable radical hosts. Systemli's instance has a default message retention time of [30 days](https://wiki.systemli.org/en/howto/matrix/max_lifetime), and IP addresses are not stored. +What homeserver you use is important— do not use the default homeserver matrix.org. [Systemli](https://www.systemli.org/en/service/matrix/) and [Anarchy Planet](https://anarchyplanet.org/chat.html) are reputable radical hosts. Both instances have a default message retention time of [30 days](https://wiki.systemli.org/en/howto/matrix/max_lifetime), and IP addresses are not stored. Matrix can either be used through a web client (using Element Web on Tor Browser) or though a desktop client (using Element Desktop). The web clients for Systemli and Anarchy Planet are `element.systemli.org` and `anarchy.chat`, respectively. When using a desktop client, before trying to log in change the homeserver address to `https://matrix.systemli.org` or `https://riot.anarchyplanet.org`, respectively. It is easy to create an account anonymously, and does not require a phone. Systemli requires having an email account with them (which you need an invite to obtain), whereas anyone can sign up to Anarchy Planet with the registration code `aplanet`. @@ -242,7 +246,7 @@ As soon as you have logged in, go to **Setting → Security & Privacy**. * "Disappearing messages" is not yet a feature, but it is forthcoming. Message retention time can be set by the homeserver administrator, as mentioned above, and it is indeed set on both of our recommended homeservers. * One to one audio/video calls [are encrypted](https://matrix.org/faq/#are-voip-calls-encrypted%3F) and you can use them. Group audio/video calls are not encrypted, so don't use them. This will be resolved when [Element-call](https://github.com/vector-im/element-call) is stable. -* The Matrix protocol itself [theoretically](/glossary#forward-secrecy) supports [Forward Secrecy](/glossary#forward-secrecy), however this is [not currently supported in Element](https://github.com/vector-im/element-meta/issues/1296) due to it breaking some aspects of the user experience such as key backups and shared message history. +* The Matrix protocol itself theoretically supports [Forward Secrecy](/glossary#forward-secrecy), however this is [not currently supported in Element](https://github.com/vector-im/element-meta/issues/1296) due to it breaking some aspects of the user experience such as key backups and shared message history. * Profile pictures, reactions, and nicknames are not encrypted. >**Note** @@ -300,7 +304,7 @@ use_proxy = on http_proxy = 127.0.0.1:8082 https_proxy = 127.0.0.1:8082 ``` -* [Create an App qube](/posts/qubes/#how-to-organize-your-qubes) with the Template `whonix-ws-16-element` and networking `sys-whonix`. +* [Create an App qube](/posts/qubes/#creating-qubes) with the Template `whonix-ws-16-element` and networking `sys-whonix`. * In the new App qube's **Settings → Applications** tab, bring Element Desktop into the Selected column, and press **OK**. * Updates will be handled by **Qubes Update** as you would expect. * Avoid pressing "Sign Out", simply shutdown the qube when finished. @@ -315,15 +319,15 @@ https_proxy = 127.0.0.1:8082

-![](pgp.webp) - # PGP Email +![](pgp.webp) + * **Mediums**: Text * **Metadata protection**: No * **Encryption protocol**: [RSA](https://blog.trailofbits.com/2019/07/08/fuck-rsa/) or ed25519, no forward secrecy * **Peer-to-peer**: No -* **Tor**: Depends +* **Tor**: Not default PGP (Pretty Good Privacy) isn't so much a messaging platform as it is a way of encrypting messages on top of existing messaging platforms (in this case, email). PGP email does not have the encryption property of [*forward secrecy*](/glossary/#forward-secrecy). The goal of forward secrecy is to protect past sessions against future compromises of keys or passwords. It maintains the secrecy of past communications even if the current one is compromised. This means that an adversary could decrypt all PGP messages in the future in one fell swoop. Once you also take into account the metadata exposure inherent in email, PGP should be disqualified from inclusion in this list. It simply doesn't meet the standards of a modern cryptography. However, given that it is already widely used within the anarchist space, we include it here as a warning that it is not recommended. For a more technical criticism, see [The PGP Problem](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) and [Stop Using Encrypted Email](https://latacora.micro.blog/2020/02/19/stop-using-encrypted.html). [Privacy Guides](https://www.privacyguides.org/en/basics/email-security/) agrees that "email is best used for receiving transactional emails [...], not for communicating with others." diff --git a/content/posts/grapheneos/index.md b/content/posts/grapheneos/index.md index fc050e3..7c944bc 100644 --- a/content/posts/grapheneos/index.md +++ b/content/posts/grapheneos/index.md @@ -8,7 +8,7 @@ tags = ["intro", "mobile", "easy"] [extra] toc = true -blogimage="/images/graphene.avif" +blogimage="/images/graphene.png" dateedit=2023-05-10 a4="grapheneos-a4.pdf" letter="grapheneos-letter.pdf" @@ -127,7 +127,7 @@ Using the example of RiseupVPN, once it is installed, accept the 'Connection req Now we will delegate apps to their needed profiles: -* In the Owner profile, disable all applications other than the VPN: **Settings → Apps → [Example] → Disable**. +* In the Owner profile, disable all applications downloaded through the Play Store other than the VPN: **Settings → Apps → [Example] → Disable**. * To install Riseup VPN (or any other app) in the Default user profile: **Settings → System → Multiple users → Default → Install available apps**, then select Riseup VPN. ## Software That Isn't On the Play Store @@ -158,16 +158,15 @@ Applications like Cwtch and Briar have Tor built in, and should not be used thro # Recommended Settings and Habits -* **Settings → Security → Auto reboot:** 8 hours [Owner user profile] +* [Owner user profile] **Settings → Security → Auto reboot:** 8 hours * Auto reboot when no profile has been unlocked for several hours will put the device fully at rest again, where [Full Disk Encryption](/glossary/#full-disk-encryption-fde) is most effective. It will at minimum reboot overnight if you forget to turn it off. In the event of [malware](/glossary/#malware) compromise of the device, [Verified Boot](https://www.privacyguides.org/en/os/android-overview/#verified-boot) will prevent and revert changes to the operating system files upon rebooting the device. If police ever manage to obtain your phone when it is in a lock-screen state, this setting will return it to effective encryption even if they keep it powered on. -* Keep the Global Toggles for Bluetooth, location services, the camera, and the microphone disabled when not in use. Apps cannot use disabled features (even if granted individual permission) until re-enabled. - * **Settings → Connected devices → Bluetooth timeout:** 2 minutes +* Keep the Global Toggles for Bluetooth, location services, the camera, and the microphone disabled when not in use. Apps cannot use disabled features (even if granted individual permission) until re-enabled. Also set a Bluetooth timeout: **Settings → Connected devices → Bluetooth timeout:** 2 minutes * Quite a few applications allow you to "share" a file with them for media upload. For example, if you want to send a picture on Signal, do not grant Signal access to "photos and videos", because it will have access to all of your pictures then. Instead, in the Files app, long-press to select the picture, then share it with Signal. -* Once you have all the applications you need installed in a given user profile, disable app installation within it [Owner user profile]. - * **Settings → System → Multiple users → [Username]:** Disallow installing apps (enabled) +* Once you have all the applications you need installed in a given user profile, disable app installation within it - updates will still happen to apps installed in a secondary user profile which have been delegated from the Owner profile. + * [Owner user profile] **Settings → System → Multiple users → [Username]:** Disallow installing apps (enabled) * If an app asks for storage permissions, choose Storage Scopes. This makes the app assume that is has all of the storage permissions that were requested by it, despite not actually having any of them. -* It is convenient to be able to receive notifications from any user profile. Within the Owner user profile: - * **Settings → System → Multiple users:** Send notifications to current user (enabled) +* It is convenient to be able to receive notifications from any user profile. + * [Owner user profile] **Settings → System → Multiple users:** Send notifications to current user (enabled) # How to Backup diff --git a/content/posts/linux/cli.png b/content/posts/linux/cli.png new file mode 100644 index 0000000..650e9f8 Binary files /dev/null and b/content/posts/linux/cli.png differ diff --git a/content/posts/linux/index.md b/content/posts/linux/index.md index a83aeba..42a9099 100644 --- a/content/posts/linux/index.md +++ b/content/posts/linux/index.md @@ -24,20 +24,22 @@ If you are reading this, you probably use either Windows or macOS on your comput Linux is a set of operating systems which are [open-source](/glossary#open-source), which means that the *source* code can be analyzed by anyone. Linux is the name for the core (**kernel**) of the operating system, and many different **distributions** (or 'distros') are based on it. Simply put, *Linux is the only type of computer that anarchists can put any trust in*. -Linux distributions that anarchists are likely to have heard of are Debian, Ubuntu and Tails. Each different Linux distribution makes different choices about how to manage software, what kernel version to use, etc. In fact, both Ubuntu and Tails are adaptations of Debian for the specific use cases of being user-friendly (Ubuntu) and providing default anonymity (Tails). +Linux distributions that anarchists are likely to have heard of are Debian, Ubuntu and [Tails](/tags/tails/). Each different Linux distribution makes different choices about how to manage software, what kernel version to use, etc. In fact, both Ubuntu and Tails are adaptations of Debian for the specific use cases of being user-friendly (Ubuntu) and providing default anonymity (Tails). # How Software Works In Linux, the term for an application is a **package**. Rather than downloading applications from various websites on the Internet (like in Windows and macOS), a Linux distribution will have a centralized **repository** where the software lives. This has the benefit that the integrity of the software is verified by the distribution, and it is guaranteed to work with that Linux distribution. It is still possible to install software from outside of a distro's repository, but it is generally considered to be riskier and verifying the integrity is your responsibility. Installing a package requires knowing its name, and all packages in a repository can be browsed through a web browser for [Debian](https://www.debian.org/distrib/packages#search_packages) as well as [Fedora](https://packages.fedoraproject.org/). -How do you actually install from the software repository? Each distribution also has a **package manager**, which is an application which installs software from a software repository. Debian, and distributions based on it, use the `apt` package manager. In some distributions, it is possible to install software with a Graphical User Interface (GUI) that is using the package manager in the background, like the [Synaptic Package Manager](https://tails.boum.org/doc/persistent_storage/additional_software/index.en.html#index3h1) in Tails. +How do you actually install from the software repository? Each distribution also has a **package manager**, which is an application which installs software from a software repository. Debian, and distributions based on it, use the `apt` package manager. In some distributions, it is possible to install software with a Graphical User Interface (GUI) that is using the package manager in the background, like the [Synaptic Package Manager](/posts/tails/#installing-additional-software) in Tails. # Software Alternatives -Part of the learning curve to Linux is figuring out what open-source software to use, instead of the closed-source options you will be familiar with from Windows and macOS. For example, instead of using Microsoft Word, you can use LibreOffice. An application being open-source is an essential criteria, but is insufficient to be considered secure. For example, Telegram advertises itself as being open-source, but the servers are not open-source and the cryptography is [trash](https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/). The list of [included software for Tails](https://tails.boum.org/doc/about/features/index.en.html#index1h1) will cover many of your needs with reputable choices. +Part of the learning curve to Linux is figuring out what open-source software to use, instead of the closed-source options you will be familiar with from Windows and macOS. For example, instead of using Microsoft Word, you can use LibreOffice. An application being open-source is an essential criteria, but is insufficient to be considered secure. For example, Telegram advertises itself as being open-source, but the servers are not open-source and the cryptography is [trash](https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/). The list of [included software for Tails](/posts/tails/#included-software) will cover many of your needs with reputable choices. # The Command Line Interface +![](cli.png) + The dreaded [command line](/glossary/#command-line-interface-cli)! What even is it? You are used to interacting with applications through a **Graphical User Interface (GUI)**, which means through pointing and clicking buttons with your mouse. Some applications can also be interacted with through a **Command Line Interface (CLI)**, which is textual. Many applications will be available in both CLI and GUI versions. For example, navigating the contents of your computer with the File Manager GUI is pretty standard - you click on a folder (called a *directory* in Linux), and it opens. The same navigation around the file system is also possible from the CLI. @@ -48,7 +50,7 @@ The best way to learn command line basics is to interact with it. We recommend t Some commands will require elevated permissions, equivalent to 'Open as Administrator' in Windows. For example, installing software typically requires this. Prepending `sudo` to a command will run it as the administrative user, named root (note: the root user is not the same as the root directory, and the two should not be confused). A root prompt will display `#` rather than `$`. Be especially careful with any command you run while using these elevated permissions, as you'll have the permissions necessary to wipe your entire disk or modify important files. It is helpful to know that text in the Terminal is pasted with Ctrl+Shift+V (i.e. the Shift key must also be pressed). -Most Linux users will rarely need to use the CLI. For using [Tails](/tags/tails/), it shouldn't be required at all, although you will need the following commands for the [more secure installation](https://tails.boum.org/install/expert/index.en.html): +Most Linux users will rarely need to use the CLI. For using Tails, it shouldn't be required at all, although you will need the following commands for the [more secure installation](https://tails.boum.org/install/expert/index.en.html): * `wget`: this downloads files from the Internet over the Command Line (rather than through a web browser) * `gpg`: this handles [GPG encryption](/glossary#gnupg-openpgp) operations. It is how the integrity and authenticity of the Tails download is verified. @@ -66,13 +68,15 @@ If you ever don't understand what a command is meant to do, try searching [expla Using `gpg` during the installation of Tails or Qubes OS will be less confusing if you understand how it works. -First, some points of clarification. PGP and GPG are terms that can be used interchangeably; PGP (Pretty Good Privacy) is the encryption standard, and GPG (GNU Privacy Guard) is a program that implements it. PGP/GPG is also used for encrypted email communication ([though we don't recommend it](/posts/e2ee/#pgp-email)), but we are using it here exclusively to verify the integrity and authenticity of files. +First, some points of clarification. [PGP and GPG](/glossary/#gnupg-openpgp) are terms that can be used interchangeably; PGP (Pretty Good Privacy) is the encryption standard, and GPG (GNU Privacy Guard) is a program that implements it. PGP/GPG is also used for encrypted email communication ([though we don't recommend it](/posts/e2ee/#pgp-email)), but we are using it here exclusively to verify the integrity and authenticity of files. GPG is a classic example of [public-key cryptography](/glossary/#public-key-cryptography). GPG provides cryptographic functions to [encrypt](/glossary/#encryption), decrypt, and sign files; our concern here is digitally signing files. The Qubes and Tails teams both generate a [digital signature](/glossary/#digital-signatures) on their .img releases. GPG gives us a way to verify that the file is truly 'signed' by the developers, which enables us to trust that it hasn't been tampered with. -Now you need to understand the very basics of public-key cryptography. [This Computerphile video](https://invidious.sethforprivacy.com/watch?v=GSIDS_lvRv4&listen=false) has a great overview with visual aids. To summarize it, a **secret/private** key is used to **sign** messages, and only the user possessing this key can do so. Each **private** key has a corresponding **public** key - this is termed a **key pair**. The public key is shared with everyone, and this is used to verify the signature. Confused? Watch the video! +Now you need to understand the very basics of public-key cryptography. [This Computerphile video](https://invidious.sethforprivacy.com/watch?v=GSIDS_lvRv4) has a great overview with visual aids. To summarize it, a **secret/private** key is used to **sign** messages, and only the user possessing this key can do so. Each **private** key has a corresponding **public** key - this is termed a **key pair**. The public key is shared with everyone, and this is used to verify the signature. Confused? Watch the video! -Tails and Qubes OS sign their releases, and only they can do this because only they possess their private key. However, I can verify that this signature is valid by having a copy of their public key. Now let's walk through the [Tails verification instructions](https://tails.boum.org/install/expert/index.en.html), which is less convoluted than the [Qubes OS equivalent](https://www.qubes-os.org/security/verifying-signatures/). +![](signature.png) + +Tails and Qubes OS sign their releases, and only they can do this because only they possess their private key. However, I can verify that this signature is valid by having a copy of their public key. Now let's walk through the [Tails verification instructions](https://tails.boum.org/install/expert/index.en.html), which are less convoluted than the [Qubes OS equivalent](https://www.qubes-os.org/security/verifying-signatures/). ### Step: Create a Key-Pair diff --git a/content/posts/linux/signature.png b/content/posts/linux/signature.png new file mode 100644 index 0000000..90c2b7c Binary files /dev/null and b/content/posts/linux/signature.png differ diff --git a/content/posts/metadata/index.md b/content/posts/metadata/index.md index ab6bf3f..ae51384 100644 --- a/content/posts/metadata/index.md +++ b/content/posts/metadata/index.md @@ -38,6 +38,7 @@ Keep in mind the limitations of Metadata Cleaner: "mat2 only removes metadata fr # Photo and Video Forensics Even though it is possible to clean all metadata from an image or video, forensic examination may nonetheless determine which device was used to capture it. As the Whonix [docs](https://www.whonix.org/wiki/Surfing_Posting_Blogging#Photographs) note: + > Every camera's sensor has a unique noise signature because of subtle hardware differences. The sensor noise is detectable in the pixels of every image and video shot with the camera and could be fingerprinted. In the same way ballistics forensics can trace a bullet to the barrel it came from, the same can be accomplished with adversarial digital forensics for all images and videos. Note this effect is different from file metadata. Multiple photos or videos from the same camera can be tied together in this way, and if the camera is recovered it can be confirmed to be where the files came from. Cheap cameras can be acquired from a refurbished store and used only once for images or videos that require high security. diff --git a/content/posts/nophones/index.md b/content/posts/nophones/index.md index 5593256..eb02680 100644 --- a/content/posts/nophones/index.md +++ b/content/posts/nophones/index.md @@ -36,11 +36,11 @@ Our connections to the infrastructures of domination must remain sporadic and un Whether or not you need a phone comes down to whether you need *synchronous* communication every moment of your life. [*Synchronous*](/glossary/#synchronous-communication) means when two or more parties communicate in real time, versus something [*asynchronous*](/glossary/#asynchronous-communication) like email, where messages are sent at different times. This 'need' has become normalized, but it is worth pushing back against within the anarchist space. [Anarchy can only be anti-industrial](https://theanarchistlibrary.org/library/bismuto-beyond-the-moment#toc1), and this requires that we learn to live without the conveniences sold to us by telecom companies: we ought to be able to live without being connected to the Internet at all times, without algorithmic real-time directions, and without an infinite flexibility that enables us to change plans at the last minute. -If you absolutely must use a phone, it should be as difficult as possible for an adversary to geotrack, intercept messages, or hack, which means using [GrapheneOS](/posts/graphene/). This is because *exclusively* using [encrypted communication](/posts/e2ee/) to communicate with other anarchists rules out flip phones and landlines, and GrapheneOS is the only smartphone option that has reasonable privacy and security. To avoid your movements being tracked, you must treat the smartphone like a landline and leave it at home when you are out of the house. Even if you use an anonymously acquired SIM, if this is linked to your identity in the future, the service provider can be retroactively queried for all geolocation data. If you use the phone as we recommend as a [Wi-Fi-only device](/posts/grapheneos/#what-is-grapheneos), and if you keep airplane mode enabled at all times, cell towers can't connect to the phone. Nevertheless, [malware](/glossary/#malware) compromise could still turn it into a audio recording device or log GPS history. Additionally, it's insufficient to only leave it at home when you are going to a demo or action because this pattern of behaviour then stands out as an outlier, serving as a hint that there is criminal activity happening in that time window. +If you absolutely must use a phone, it should be as difficult as possible for an adversary to geotrack, intercept messages, or hack, which means using [GrapheneOS](/posts/grapheneos/). This is because *exclusively* using [encrypted communication](/posts/e2ee/) to communicate with other anarchists rules out flip phones and landlines, and GrapheneOS is the only smartphone option that has reasonable privacy and security. To avoid your movements being tracked, you must treat the smartphone like a landline and leave it at home when you are out of the house. Even if you use an anonymously acquired SIM, if this is linked to your identity in the future, the service provider can be retroactively queried for all geolocation data. If you use the phone as we recommend as a [Wi-Fi-only device](/posts/grapheneos/#what-is-grapheneos), and if you keep airplane mode enabled at all times, cell towers can't connect to the phone. Nevertheless, [malware](/glossary/#malware) compromise could still turn it into a audio recording device or log GPS history. Additionally, it's insufficient to only leave it at home when you are going to a demo or action because this pattern of behaviour then stands out as an outlier, serving as a hint that there is criminal activity happening in that time window. However, it's best to avoid using phones altogether. If it's only the comrades who are taking the biggest risks who are enacting these measures, they will stand out. Identical in principle to the black bloc tactic, the simple act of donning a mask will provide cover for anyone to act anonymously. Therefore, our proposal is that the parts of the anarchist space which have been swept up by dominant society's relationship to technology take several steps back to re-establish less intrusive baselines around phones. The strategies we will explain in the remainder of this article to live without phones rely on computers, where synchronous communication is possible but more limited, as your computer generally stays at home. -# Bureaucracy +## Bureaucracy Many bureaucratic organizations make it difficult to not have a phone: healthcare, the post office, banking, etc. Since these communications do not need to be encrypted, you can use a [Voice over Internet Protocol (VoIP)](/glossary#voip-voice-over-internet-protocol) application (which allows you to make phone calls over the Internet rather than through cell towers). @@ -50,7 +50,7 @@ Although typically more expensive then VoIP, a flip phone or landline also works A flip phone can be used for any [Two-Factor Authentication](/glossary/#two-factor-authentication-2fa) (2FA) that you require (when a service makes you receive a text message to log in), which do not always work with VoIP providers. If you only need a flip phone for 2FA, [online phone numbers](https://anonymousplanet.org/guide.html#online-phone-number) are another option. -# Communication +## Communication Not having a phone will require changing how you socialize if you are [already caught in the net](https://theanarchistlibrary.org/library/return-fire-vol-4-supplement-caught-in-the-net). Being intentional about minimizing the mediation of screens in our relationships is a valuable goal in and of itself. @@ -58,15 +58,15 @@ Except in cases where it cannot be avoided (as in the case of a publication whos That said, encrypted communication is useful for setting up real-life meet-ups where life and organizing actually takes place, or for projects that are shared with comrades across distances. See [Encrypted Messaging for Anarchists](/posts/e2ee/) for different options that are appropriate for an anarchist [threat model](/glossary/#threat-model). -# Emergency Calls +## Emergency Calls A passer-by on the street will often let you borrow their phone to make an urgent call. If the need arises in remote regions such as during a hiking trip, this is where using a flip phones would be a good fit. For receiving emergency calls, if you are not reachable from a computer as outlined above, we can drop by one another's houses or arrange for encrypted messaging check-ins ahead of time. What scenarios actually require being able to receive a call at any moment? If these actually exist in your life, you can organize to accommodate for them without projecting this urgency onto all areas and moments of your life. -# Directions +## Directions Buy a paper map of your region and bring it with you. For trips that are longer or where you will need directions, use [OpenStreetMap](https://www.openstreetmap.org/) to note them ahead of time. Wear a watch to be able to get where you are going on time. -# Music and Podcasts +## Music and Podcasts They still make MP3 players! For a way cheaper price, you can play music and podcasts, but the device has neither GPS nor radio hardware. This does not mean they can't be used for geolocation. If your Wi-Fi is on, the approximate location of your MP3 player can be determined from the IP address. diff --git a/content/posts/qubes/diagram.png b/content/posts/qubes/diagram.png new file mode 100644 index 0000000..a4d37d5 Binary files /dev/null and b/content/posts/qubes/diagram.png differ diff --git a/content/posts/qubes/diagram.svg b/content/posts/qubes/diagram.svg deleted file mode 100644 index 32e7d2a..0000000 --- a/content/posts/qubes/diagram.svg +++ /dev/null @@ -1,4 +0,0 @@ - - - -
Internet
Internet
vault
Files, passwords
vaultFiles, passwords
debian-11-offline-dvm
Open untrusted files
debian-11-offline-dv...
debian-11-dvm
debian-11-dvm
whonix-ws-dvm
Open links
whonix-ws-dvm...
Project-monero
Project-monero
Offline
Offline
Online
Online
LEGEND:
LEGEND:
Tor
Tor
Tor
Tor
Persistent
Persistent
Disposable
Disposable
Internet connection
Internet connection
Inter-qube communication
Inter-qube communicationText is not SVG - cannot display \ No newline at end of file diff --git a/content/posts/qubes/index.md b/content/posts/qubes/index.md index 87dbd61..907d8d2 100644 --- a/content/posts/qubes/index.md +++ b/content/posts/qubes/index.md @@ -17,7 +17,7 @@ Qubes OS is a security-oriented [operating system](/glossary#operating-system-os -Qubes OS can be made to force all Internet connections through the [Tor network](/glossary/#tor-network) (like Tails) by using [Whonix](https://www.whonix.org/wiki/Qubes), which is included by default. Devices (USBs, network devices, microphone and camera) are all strongly isolated and only allowed access when it is explicitly granted. "Disposables" are one-off qubes that self-destruct when shut down. +Qubes OS can be made to force all Internet connections through the [Tor network](/glossary/#tor-network) (like Tails) by using [Whonix](https://www.whonix.org/), which is included by default. Devices (USBs, network devices, microphone and camera) are all strongly isolated and only allowed access when it is explicitly granted. "Disposables" are one-off qubes that self-destruct when shut down. # Who is Qubes OS For? @@ -91,7 +91,7 @@ And to use Tails: # Getting Started -Qubes OS runs ideally on a laptop with a solid-state drive (SSD, which is faster than a hard disk drive, or HDD) and 16GB of RAM. A [hardware compatibility list](https://www.qubes-os.org/hcl/) is maintained where you can see if a specific laptop model will work. If you want to [install HEADS open-source firmware](/posts/qubes-best/#heads-open-source-firmware) it has [limited compatibility](https://osresearch.net/Prerequisites#supported-devices), so keep this in mind when you're buying your laptop—we recommend the ThinkPad X230 because the install is less involved than for other models. The X230 is also the only laptop model that is developer-tested, and is easily found in refurbished computer stores for around $200 USD. See the [community-recommended computers](https://forum.qubes-os.org/t/5560) list for several other options, and [Best Practices](#hardware-security) for further discussion of hardware security. +Qubes OS runs ideally on a laptop with a solid-state drive (SSD, which is faster than a hard disk drive, or HDD) and 16GB of RAM. A [hardware compatibility list](https://www.qubes-os.org/hcl/) is maintained where you can see if a specific laptop model will work. If you want to [install HEADS open-source firmware](/posts/tails-best/#to-mitigate-against-remote-attacks) it has [limited compatibility](https://osresearch.net/Prerequisites#supported-devices), so keep this in mind when you're buying your laptop—we recommend the ThinkPad X230 because the install is less involved than for other models. The X230 is also the only laptop model that is developer-tested, and is easily found in refurbished computer stores for around $200 USD. See the [community-recommended computers](https://forum.qubes-os.org/t/5560) list for several other options, and [Best Practices](#hardware-security) for further discussion of hardware security. The [installation guide](https://www.qubes-os.org/doc/installation-guide/) will get you up and running. Do not set up dual boot - an other OS could be used to compromise Qubes OS. If using the [command line](/glossary/#command-line-interface-cli) is above your head, ask a friend to walk you though it, or first learn command line basics and GPG (required during the [verification stage](https://www.qubes-os.org/security/verifying-signatures/)) with [Linux Essentials](/posts/linux/). @@ -136,7 +136,7 @@ From the [docs](https://www.qubes-os.org/doc/how-to-copy-and-move-files/): ![](dom0.png) >3. If the target qube is not already running, it will be started automatically, and the file will be copied there. It will show up in this directory (which will automatically be created if it does not already exist): `/home/user/QubesIncoming//`. If you selected Move rather than Copy, the original file in the source qube will be deleted. (Moving a file is equivalent to copying the file, then deleting the original.) > ->4. If you wish, you may now move the file in the target qube to a different directory and delete the /home/user/QubesIncoming/ directory when no longer needed. +>4. If you wish, you may now move the file in the target qube to a different directory and delete the `/home/user/QubesIncoming/` directory when no longer needed. # How to Shutdown Qubes @@ -176,7 +176,7 @@ Remember, you should not be running `apt update` or `dnf update`. To return to the example above, I would start a terminal in the `debian-11-documents` Template which I had just cloned, and run `sudo apt install libreoffice-writer mat2 bookletimposer gimp gocryptfs`. Once the install completes, I shut down the Template. I could then create or assign a qube to use this Template, and use LibreOffice, etc. Installing software should be the only time that most users *need* to use the command line with Qubes OS. -You may want to use software that is not present in the Debian/Fedora repositories, which makes matters a bit more complicated and also poses a security risk - you must independently assess whether the source is trustworthy, instead of relying on Debian or Fedora. Linux software can be packaged in several ways: deb files (Debian), rpm files (Fedora), AppImages, Snaps and Flatpaks. A [forum post](https://forum.qubes-os.org/t/installing-software-in-qubes-all-methods/9991) lays out your options. If the software is available at [Flathub](https://flathub.org/home) but not in the Debian/Fedora repositories (such as Signal Desktop), we recommend [Qube Apps](https://micahflee.com/2021/11/introducing-qube-apps/). +You may want to use software that is not present in the Debian/Fedora repositories, which makes matters a bit more complicated and also poses a security risk - you must independently assess whether the source is trustworthy, instead of relying on Debian or Fedora. Linux software can be packaged in several ways: deb files (Debian), rpm files (Fedora), AppImages, Snaps and Flatpaks. A [forum post](https://forum.qubes-os.org/t/installing-software-in-qubes-all-methods/9991) lays out your options, and several examples are present in [Encrypted Messaging for Anarchists](/posts/e2ee/). If the software is available at [Flathub](https://flathub.org/home) but not in the Debian/Fedora repositories, you can use [Qube Apps](https://micahflee.com/2021/11/introducing-qube-apps/) - if the Flathub software is community maintained, this is a [security consideration](https://www.kicksecure.com/wiki/Install_Software#Flathub_Package_Sources_Security). # How to Organize Your Qubes @@ -186,7 +186,7 @@ After installation, a number of qubes already exist. Click on the Applications M How the App qubes will be organized, without displaying service qubes or Templates: -![](diagram.svg) +![](diagram.png) * **A vault qube**. This will be used for all data storage, because a qube that doesn't need networking shouldn't have it. This qube can be reassigned to the `debian-11-documents` Template so that trusted files can be opened there. @@ -257,14 +257,7 @@ To learn how to attach devices, we will format the empty USB or hard drive you w 1. Go to **Applications menu → Disposable: debian-11-offline-dvm → Disks**. The disposable will have a name with a random number like disp4653. If Disks is not present, make the change on the **Settings → Applications** tab. -

-widget -
-The Qubes Devices widget icon -

-
- -2. The Qubes Devices widget is used to attach a USB drive (or just its partitions) to any qube easily. Simply click on the widget and plug in your USB drive. The new entry will be under "Data (Block) Devices", typically `sys-usb:sda` is the one you want (`sda1` is a partition and would need to be mounted manually). Hover over the entry, and attach it to the disposable you just started (in the case of the example I gave above, disp4653). +2. The Qubes Devices widget is used to attach a USB drive (or just its partitions) to any qube easily. Simply click on the widget and plug in your USB drive (see the screenshot [above](#how-to-shutdown-qubes)). The new entry will be under "Data (Block) Devices", typically `sys-usb:sda` is the one you want (`sda1` is a partition and would need to be mounted manually). Hover over the entry, and attach it to the disposable you just started (in the case of the example I gave above, disp4653). 3. The empty USB or hard drive should now be displayed in the Disks application. Format the empty device and then create a new encrypted partition, [like you would in Tails](/posts/tails/#how-to-create-an-encrypted-usb). You can use the same LUKS password as is used for your Qubes OS LUKS, because you will need to memorize it to restore from backup, and it will contain the same data. @@ -286,7 +279,7 @@ Adapted from the [docs](https://www.qubes-os.org/doc/how-to-back-up-restore-and- > >2. Move the VMs that you want to back up to the right-hand Selected column. VMs in the left-hand Available column will not be backed up. You may choose whether to compress backups by checking or unchecking the Compress the backup box. Compressed backups will be smaller but take more time to create. Once you have selected all desired VMs, click Next. > ->3. Go to **Applications menu → Disposable: debian-11-offline-dvm → Files** to start a file manager in an offline disposable. Plug in the LUKS USB or hard drive you will be backing up to and attach it ([see above for instructions on creating and attaching this drive](#how-to-use-devices-like-usbs)). The drive should now be displayed at **+ Other Locations** in the file manager. Mount the LUKS partition by entering your password. Create a new directory in it called `backups`. +>3. Go to **Applications menu → Disposable: debian-11-offline-dvm → Files** to start a file manager in an offline disposable. Plug in the LUKS USB or hard drive you will be backing up to and attach it ([see above for instructions on creating and attaching this drive](#how-to-use-devices-like-usbs)). The drive should now be displayed at **Other Locations** in the file manager. Mount the LUKS partition by entering your password. Create a new directory in it called `backups`. > >4. In Backup Qubes, select the destination for the backup: >* **Target qube**: select the disposable, named something like disp1217. @@ -297,11 +290,12 @@ Adapted from the [docs](https://www.qubes-os.org/doc/how-to-back-up-restore-and- # Whonix and Tor -The Whonix project has their own [extensive documentation](https://www.whonix.org/wiki/Documentation), as does [Kicksecure](https://www.kicksecure.com/wiki/Documentation), upon which it is based. When Whonix is used in Qubes OS it is sometimes referred to as Qubes-Whonix. Whonix can be used on other operating systems as well, but it's preferable to use it on Qubes OS due to the superior isolation it provides. +The Whonix project has their own [extensive documentation](https://www.whonix.org/wiki/Documentation). So does [Kicksecure](https://www.kicksecure.com/wiki/Documentation), which Whonix is based upon. When Whonix is used in Qubes OS it is sometimes referred to as Qubes-Whonix. Whonix can be used on other operating systems as well, but it's preferable to use it on Qubes OS due to the superior isolation it provides. Different applications on a Whonix App qube are configured to use unique circuits of the [Tor network](/glossary#tor-network) so that their activity cannot be correlated - this is called [Stream Isolation](https://www.whonix.org/wiki/Stream_Isolation). Note that [multiple Whonix App qubes](https://www.whonix.org/wiki/Multiple_Whonix-Workstation#Safety_Precautions) should not be used simultaneously: + > It is safest to only use one Whonix-Workstation at a time and for a single activity. New risks are introduced by running multiple Whonix-Workstation at the same time. For instance, if a single Whonix-Workstation was compromised, it could potentially perform various side channel attacks to learn about running processes in other VMs, and not all of these can be defeated. Depending on user activities, a skilled adversary might be able to correlate multiple Whonix-Workstations to the same pseudonym. Also worth noting is that "for those who regularly download Internet files, Tor Browser's default download folder is inconvenient." Follow the [docs](https://www.whonix.org/wiki/Tor_Browser#Navigating_Tor_Browser_Downloads) to change the default in the `whonix-ws` (workstation) Template. diff --git a/content/posts/tails-best/index.md b/content/posts/tails-best/index.md index 2722966..de49cdc 100644 --- a/content/posts/tails-best/index.md +++ b/content/posts/tails-best/index.md @@ -74,7 +74,7 @@ This second issue is mitigated by **not using an Internet connection that could * Do not make a routine by using the same cafes repeatedly, if it can be avoided. * If you need to buy a coffee to get the Wi-Fi password, pay in cash! * Position yourself with your back against a wall so that nobody can 'shoulder surf' you to see your screen, and ideally install a privacy screen on the laptop. - * Maintain situational awareness, and be ready to pull out the Tails USB and power down the computer at a moment's notice. An individual responsible for a darknet marketplace had his Tails computer seized while distracted by a fake fight beside him - if his Tails USB had been attached to a bracelet by short length of fishing line, the feds would have very likely lost all evidence when the Tails USB was yanked out - the Tails screen will freeze on whatever was up last, and any LUKS USBs will now be encrypted. If maintaining situational awareness feels unrealistic, have a trusted friend hanging out who can dedicate themselves to this. + * Maintain situational awareness, and be ready to pull out the Tails USB and power down the computer at a moment's notice. An individual responsible for a darknet marketplace had his Tails computer seized while distracted by a fake fight beside him. Similar tactics have been employed [in other police operations](https://dys2p.com/en/2023-05-luks-security.html#attacks). If his Tails USB had been attached to a belt by a short length of fishing line, the feds would have very likely lost all evidence when the Tails USB was yanked out - a more technical equivalent is [BusKill](https://docs.buskill.in/buskill-app/en/stable/introduction/what.html) (we don't recommend buying it through mail, which can be intercepted to make hardware [malicious](https://en.wikipedia.org/wiki/BadUSB)). You can also remove the laptop battery so that if the power cable is removed, the laptop immediately powers off. The Tails USB being removed will cause the screen to freeze on whatever was up last, and powering down the laptop will cause any LUKS USBs to be encrypted once [the RAM dissipates](https://www.kicksecure.com/wiki/Cold_Boot_Attack_Defense). If maintaining situational awareness feels unrealistic, consider asking a trusted friend to hang out who can dedicate themselves to this. * If cafes without CCTV cameras are few and far between, you can try to access the Wi-Fi of a cafe from outdoors, outside of the view of their cameras. Some external Wi-Fi adapters will be able to catch signals that are further away, as discussed in [Appendix 2](#appendix-2-location-location-location). * If a determined adversary breaks Tor through a [correlation attack](https://anonymousplanet.org/guide.html#your-anonymized-torvpn-traffic), the Internet address you had used in a cafe without CCTV cameras will only lead to your general area (for example, your city) because it is not associated with you, provided that you don't use it routinely. A correlation attack being used to deanonymize a Tor user is unprecedented in current evidence that has been used in court, though [it has been used](https://medium.com/beyond-install-tor-signal/case-file-jeremy-hammond-514facc780b8) as supporting evidence once a suspect was already identified to correlate with. Correlation attacks are even less feasible against connections to an .onion address, because you never exit the Tor network, so there is no 'end' to correlate with. * However, a more likely low-tech 'correlation attack' is possible by local law enforcement, starting from your identity rather than starting from your anonymous Internet activity, if you are already in their sights and a target of [physical surveillance](https://www.csrc.link/threat-library/techniques/physical-surveillance/covert.html). For example, if a surveillance operation notices that you go to a cafe regularly, and an anarchist website is always updated in those time windows, this pattern can indicate that you are moderating that website. Perhaps an undercover can even get a glance at your screen. @@ -170,7 +170,7 @@ Another reason to not use Persistent Storage features is that many of them persi >In the terminology used by KeePassXC, a [*password*](/glossary/#password) is a randomized sequence of characters (letters, numbers and other symbols), whereas a [*passphrase*](/glossary/#passphrase) is a random series of words. -Never reuse a password/passphrase for multiple things ("password recycling") - KeePassXC makes it easy to save unique ones that are dedicated to one purpose. [LUKS](/glossary/#luks) encryption **is only effective when the device is powered down** - when the device is on, the password can be retrieved from memory. Any encryption can be [brute-force attacked](/glossary#brute-force-attack) with [massive amounts of cloud computing](https://blog.elcomsoft.com/2020/08/breaking-luks-encryption/). The newer version of LUKS (LUKS2 using Argon2id) is [less vulnerable to brute-force attacks](https://mjg59.dreamwidth.org/66429.html); this is the default from Tails 6.0 ([forthcoming](https://gitlab.tails.boum.org/tails/tails/-/issues/19733)) onwards, and Qubes OS 4.1 onwards. If you'd like to learn more about this change, we recommend [Systemli's overview](https://www.systemli.org/en/2023/04/30/is-linux-hard-disk-encryption-hacked/). +Never reuse a password/passphrase for multiple things ("password recycling") - KeePassXC makes it easy to save unique ones that are dedicated to one purpose. [LUKS](/glossary/#luks) encryption **is only effective when the device is powered down** - when the device is on, the password can be retrieved from memory. Any encryption can be [brute-force attacked](/glossary#brute-force-attack) with [massive amounts of cloud computing](https://blog.elcomsoft.com/2020/08/breaking-luks-encryption/). The newer version of LUKS (LUKS2 using Argon2id) is [less vulnerable to brute-force attacks](https://mjg59.dreamwidth.org/66429.html); this is the default from Tails 6.0 ([forthcoming](https://gitlab.tails.boum.org/tails/tails/-/issues/19733)) onwards, and Qubes OS 4.1 onwards. If you'd like to learn more about this change, we recommend the overview by [Systemli](https://www.systemli.org/en/2023/04/30/is-linux-hard-disk-encryption-hacked/) or [dys2p](https://dys2p.com/en/2023-05-luks-security.html). Password strength is measured in "[bits of entropy](https://en.wikipedia.org/wiki/Password_strength#Entropy_as_a_measure_of_password_strength)". Your passwords/passphrases should ideally have an entropy of around 128 bits (diceware passphrases of approximately **ten words**, or passwords of **21 random characters**, including uppercase, lowercase, numbers and symbols) and shouldn't have less than 90 bits of entropy (approximately seven words). diff --git a/content/posts/tails/index.md b/content/posts/tails/index.md index 574f6ea..aa1b6e8 100644 --- a/content/posts/tails/index.md +++ b/content/posts/tails/index.md @@ -39,10 +39,6 @@ Other operating systems exist. Perhaps you have already heard of Linux or Ubuntu * Tails is also a system that allows you to be incognito, meaning anonymous. It hides the elements that could reveal your identity, your location, etc. Tails makes use of the [Tor anonymity network](/glossary#tor-network) to protect your anonymity online: the Tor Browser and all other default software are configured to connect to the Internet through Tor. If an application tries to connect to the Internet directly, the connection is automatically blocked. Tails also changes the so-called "MAC address" of your network hardware, which can be used to uniquely identify your laptop. ![](tor-features.png) -
-

Tor Browser features

-
-
***Security*** @@ -62,7 +58,7 @@ Tails is not magic and has plenty of limitations. The Internet and computers are Building a threat model is simply a matter of asking yourself certain questions. Who am I defending against? What are their capacities? What are the consequences if they have access to such data? How can I protect myself? -It makes no sense to say "such and such a tool is secure". Security always depends on the threat model and which level (network, hardware, software, etc.) is being discussed. For more detailed information on this topic, see the [Threat Library](csrc.link/threat-library). +It makes no sense to say "such and such a tool is secure". Security always depends on the threat model and which level (network, hardware, software, etc.) is being discussed. For more detailed information on this topic, see the [Threat Library](https://www.csrc.link/threat-library/). # I) The Basics of Using Tails @@ -93,7 +89,7 @@ Concerning the "source", there are two solutions. ### Solution 2: Installation by download (Preferred) -* You have to follow the [Tails installation guide](https://tails.boum.org/install/index.en.html). The Tails website will guide you step by step; it is important to follow the entire tutorial. It is possible for an attacker to [intercept and modify the data](/glossary#man-in-the-middle-attack) on its way to you, so do not skip the verification steps. As discussed in [Tails Best Practices](/posts/tails-best/#reducing-risks-when-using-untrusted-computers), the install method [using GnuPG](https://tails.boum.org/install/expert/index.en.html) is preferred, because it checks the integrity of the download more thoroughly. +* You have to follow the [Tails installation guide](https://tails.boum.org/install/index.en.html). The Tails website will guide you step by step; it is important to follow the entire tutorial. It is possible for an attacker to intercept and modify the data ([man-in-the-middle attack](/glossary#man-in-the-middle-attack)) on its way to you, so do not skip the verification steps. As discussed in [Tails Best Practices](/posts/tails-best/#reducing-risks-when-using-untrusted-computers), the install method [using GnuPG](https://tails.boum.org/install/expert/index.en.html) is preferred, because it checks the integrity of the download more thoroughly. ## Booting from your Tails USB @@ -206,7 +202,7 @@ Every time you start Tails, the Tails Upgrader checks if you are using the lates Internet traffic, including the IP address of the final destination, is encrypted in different layers like an onion. With each hop along the three relays, an encryption layer is removed. Each relay only knows the step before it, and after it (relay #3 knows that it comes from relay #2 and that it goes to such and such a website after, but does not know relay #1). -![See anarsec.guide for the animation.](anonymous-browsing.gif) +![See *anarsec.guide* for the animation.](anonymous-browsing.gif) This means that any intermediaries between you and relay #1 know you're using Tor but they don't know what site you're going to. Any intermediaries after relay #3 know that someone in the world is going to this site. The web server of the site sees you coming from the IP address of relay #3. @@ -214,7 +210,7 @@ Tor has multiple limitations. For example, an entity with the appropriate techni ### What is HTTPS? -Virtually all websites today use [HTTPS](/glossary/#https); the S stands for "secure" (for example, https://www.anarsec.guide). If you try to visit a website without `http://` on Tor Browser, there is a warning message before continuing. If you see `http://` instead of `https://` before the address of a website, it means that all intermediaries after relay #3 of the Tor network know what you are exchanging with the website (including your log-in information). HTTPS means that the digital records of what you do on the site you are visiting is protected with an encryption key that belongs to the site. Intermediaries after relay #3 will know that you are going to riseup.net, for example, but they will not have access to your emails and passwords nor will they know if you are consulting your emails or if you are reading a random page on the site. A little padlock appears to the left of the site address when you use HTTPS. +Virtually all websites today use [HTTPS](/glossary/#https); the S stands for "secure" (for example, `https://www.anarsec.guide`). If you try to visit a website without `http://` on Tor Browser, there is a warning message before continuing. If you see `http://` instead of `https://` before the address of a website, it means that all intermediaries after relay #3 of the Tor network know what you are exchanging with the website (including your log-in information). HTTPS means that the digital records of what you do on the site you are visiting is protected with an encryption key that belongs to the site. Intermediaries after relay #3 will know that you are going to riseup.net, for example, but they will not have access to your emails and passwords nor will they know if you are consulting your emails or if you are reading a random page on the site. A little padlock appears to the left of the site address when you use HTTPS. If there is a yellow warning on the padlock, it means that, in the page you're browsing, some elements are not encrypted (they use HTTP), which can reveal the exact page you're browsing or allow intermediaries to partially modify the page. By default, Tor Browser uses HTTPS-Only Mode to prevent visiting HTTP websites. @@ -246,7 +242,7 @@ The Tor network is blocked and otherwise rendered more inconvenient to use in ma Perhaps only certain Tor relays are blocked. In this case, you can change the Tor exit nodes for this site: click on the **≣ → "New Tor circuit for this site"**. The Tor circuit (path) will only change for the one tab. You may have to do this several times in a row if you're unlucky enough to run into several relays that have been banned. -It is also possible that the entire Tor network is blocked, because all Tor relays are public. In this case you can try to use a proxy to get to the site, such as https://hide.me/en/proxy (but only if you don't have to enter any personal data or do anything sensitive like login information). You can also check whether the page you want to access has been saved to the Wayback Machine: web.archive.org. +It is also possible that the entire Tor network is blocked, because all Tor relays are public. In this case you can try to use a proxy to get to the site, such as `https://hide.me/en/proxy` (but only if you don't have to enter any personal data or do anything sensitive like login information). You can also check whether the page you want to access has been saved to the Wayback Machine: `web.archive.org`. ### Separate Anonymous Identities Cleanly @@ -300,7 +296,9 @@ Tails includes [many applications](https://tails.boum.org/doc/about/features/ind ## Password Manager (KeePassXC) -If you're going to need to know a lot of passwords, it can be nice to have a secure way to store them (i.e. not a piece of paper next to your computer). KeePassXC is a password manager included in Tails (**Application → Favorites → KeePassXC**) which allows you to store your passwords in a file and protect them with a single master password. In the terminology used by KeePassXC, a *password* is a randomized sequence of characters (letters, numbers, and other symbols), whereas a *passphrase* is a random series of words. +If you're going to need to know a lot of passwords, it can be nice to have a secure way to store them (i.e. not a piece of paper next to your computer). KeePassXC is a password manager included in Tails (**Application → Favorites → KeePassXC**) which allows you to store your passwords in a file and protect them with a single master password. We recommend compartmentalizing your passwords - have a different KeePassXC file for each separate project. + +>In the terminology used by KeePassXC, a *password* is a randomized sequence of characters (letters, numbers, and other symbols), whereas a *passphrase* is a random series of words. ![](seconds.png) @@ -373,7 +371,7 @@ To set an administration password, you must choose an administration password at ## Installing additional software -If you install new software, it's up to you to make sure it is secure. Tails forces all software to connect to the internet through Tor, so you make need to use a program called `torsocks` from Terminal to start additional software that requires an Internet connection (for example, `torsocks --isolate mumble`). The software used in Tails is audited for security, but this may not be the case for what you install. Before installing new software, it's best to make sure there isn't already software in Tails that does the job you want to do. If you want additional software to persist beyond a single session, you have to enable "Additional Software" in Persistent Storage [configuration](https://tails.boum.org/doc/persistent_storage/configure/index.en.html). +If you install new software, it's up to you to make sure it is secure. Tails forces all software to connect to the internet through Tor, so you may need to use a program called `torsocks` from Terminal to start additional software that requires an Internet connection (for example, `torsocks --isolate mumble`). The software used in Tails is audited for security, but this may not be the case for what you install. Before installing new software, it's best to make sure there isn't already software in Tails that does the job you want to do. If you want additional software to persist beyond a single session, you have to enable "Additional Software" in Persistent Storage [configuration](https://tails.boum.org/doc/persistent_storage/configure/index.en.html). To install software from the Debian software repository: diff --git a/content/posts/tamper/index.md b/content/posts/tamper/index.md index d730b10..7e50fa8 100644 --- a/content/posts/tamper/index.md +++ b/content/posts/tamper/index.md @@ -7,7 +7,7 @@ categories = ["Defensive"] tags = ["opsec", "easy"] [extra] -blogimage="/images/X230.jpg" +blogimage="/images/beads.jpg" toc=true dateedit=2023-05-10 a4="tamper-a4.pdf" diff --git a/layout/anarsec_article.typ b/layout/anarsec_article.typ index b23da0a..94d8317 100644 --- a/layout/anarsec_article.typ +++ b/layout/anarsec_article.typ @@ -4,14 +4,15 @@ backimage: none, lastediteddate: none, description: none, + subtitle: none, content ) = { // format links show link: it => { it.body if type(it.dest) == "string" { - if it.dest.starts-with("https://") { - footnote[#it.dest.trim("https://", at: start)] + if it.dest.starts-with("https://") or it.dest.starts-with("http://") { + footnote[#it.dest.trim("https://", at: start).trim("http://", at: start)] } else if it.dest.starts-with("/glossary#") or it.dest.starts-with("/glossary/#") { locate(location => { @@ -41,6 +42,12 @@ #image(frontimage) #text(25pt, title) + +#{ + if subtitle != "None" { + text(18pt, subtitle) + } +} ] // inside cover @@ -49,7 +56,7 @@ #text()[This version of the zine was last edited on #lastediteddate. Visit anarsec.guide to see whether it has been updated since.] - #text()[This dagger symbol #super[†] on a word means that there is a glossary entry for it. Ai ferri corti.] + #text()[The dagger symbol #super[†] on a word means that there is a glossary entry for it. Ai ferri corti.] ] // table of contents diff --git a/layout/python/anarsec_article_to_pdf.py b/layout/python/anarsec_article_to_pdf.py index f806104..521c90e 100644 --- a/layout/python/anarsec_article_to_pdf.py +++ b/layout/python/anarsec_article_to_pdf.py @@ -90,6 +90,9 @@ class Converter: # Grab the description description = re.search(r'^(.*?)\<\!\-\- more \-\-\>', markdown_content, re.DOTALL | re.MULTILINE).group(1).strip("\n ") + # Add the intro heading + markdown_content = f"# Introduction\n\n{markdown_content}" + # Parse the description description_md_path = pathlib.Path(workingDirectory) / "description.md" description_txt_path = pathlib.Path(workingDirectory) / "description.txt" @@ -156,6 +159,7 @@ class Converter: backimage: "{back_image.name}", lastediteddate: "{toml_front_matter["extra"]["dateedit"]}", description: "{description}", + subtitle: "{toml_front_matter.get("description")}", content ) {typst_path.open().read()} diff --git a/static/images/X230.jpg b/static/images/X230.jpg deleted file mode 100644 index 7c1c0c6..0000000 Binary files a/static/images/X230.jpg and /dev/null differ diff --git a/static/images/beads.jpg b/static/images/beads.jpg new file mode 100644 index 0000000..3f90a45 Binary files /dev/null and b/static/images/beads.jpg differ diff --git a/static/images/graphene.avif b/static/images/graphene.avif deleted file mode 100644 index 0be60df..0000000 Binary files a/static/images/graphene.avif and /dev/null differ diff --git a/static/images/graphene.png b/static/images/graphene.png new file mode 100644 index 0000000..4502f22 Binary files /dev/null and b/static/images/graphene.png differ