mirror of
https://0xacab.org/anarsec/anarsec.guide.git
synced 2025-12-15 08:29:19 -05:00
update most guides
This commit is contained in:
anarsec
parent
be05046783
commit
3ce6491c8f
21 changed files with 86 additions and 79 deletions
|
|
@ -39,10 +39,6 @@ Other operating systems exist. Perhaps you have already heard of Linux or Ubuntu
|
|||
* Tails is also a system that allows you to be incognito, meaning anonymous. It hides the elements that could reveal your identity, your location, etc. Tails makes use of the [Tor anonymity network](/glossary#tor-network) to protect your anonymity online: the Tor Browser and all other default software are configured to connect to the Internet through Tor. If an application tries to connect to the Internet directly, the connection is automatically blocked. Tails also changes the so-called "MAC address" of your network hardware, which can be used to uniquely identify your laptop.
|
||||
|
||||
|
||||
<div class="is-family-monospace is-size-7"><center>
|
||||
<p><em>Tor Browser features</em></p>
|
||||
<br>
|
||||
</div>
|
||||
|
||||
***Security***
|
||||
|
||||
|
|
@ -62,7 +58,7 @@ Tails is not magic and has plenty of limitations. The Internet and computers are
|
|||
|
||||
Building a threat model is simply a matter of asking yourself certain questions. Who am I defending against? What are their capacities? What are the consequences if they have access to such data? How can I protect myself?
|
||||
|
||||
It makes no sense to say "such and such a tool is secure". Security always depends on the threat model and which level (network, hardware, software, etc.) is being discussed. For more detailed information on this topic, see the [Threat Library](csrc.link/threat-library).
|
||||
It makes no sense to say "such and such a tool is secure". Security always depends on the threat model and which level (network, hardware, software, etc.) is being discussed. For more detailed information on this topic, see the [Threat Library](https://www.csrc.link/threat-library/).
|
||||
|
||||
# I) The Basics of Using Tails
|
||||
|
||||
|
|
@ -93,7 +89,7 @@ Concerning the "source", there are two solutions.
|
|||
|
||||
### Solution 2: Installation by download (Preferred)
|
||||
|
||||
* You have to follow the [Tails installation guide](https://tails.boum.org/install/index.en.html). The Tails website will guide you step by step; it is important to follow the entire tutorial. It is possible for an attacker to [intercept and modify the data](/glossary#man-in-the-middle-attack) on its way to you, so do not skip the verification steps. As discussed in [Tails Best Practices](/posts/tails-best/#reducing-risks-when-using-untrusted-computers), the install method [using GnuPG](https://tails.boum.org/install/expert/index.en.html) is preferred, because it checks the integrity of the download more thoroughly.
|
||||
* You have to follow the [Tails installation guide](https://tails.boum.org/install/index.en.html). The Tails website will guide you step by step; it is important to follow the entire tutorial. It is possible for an attacker to intercept and modify the data ([man-in-the-middle attack](/glossary#man-in-the-middle-attack)) on its way to you, so do not skip the verification steps. As discussed in [Tails Best Practices](/posts/tails-best/#reducing-risks-when-using-untrusted-computers), the install method [using GnuPG](https://tails.boum.org/install/expert/index.en.html) is preferred, because it checks the integrity of the download more thoroughly.
|
||||
|
||||
## Booting from your Tails USB
|
||||
|
||||
|
|
@ -206,7 +202,7 @@ Every time you start Tails, the Tails Upgrader checks if you are using the lates
|
|||
|
||||
Internet traffic, including the IP address of the final destination, is encrypted in different layers like an onion. With each hop along the three relays, an encryption layer is removed. Each relay only knows the step before it, and after it (relay #3 knows that it comes from relay #2 and that it goes to such and such a website after, but does not know relay #1).
|
||||
|
||||
|
||||
|
||||
|
||||
This means that any intermediaries between you and relay #1 know you're using Tor but they don't know what site you're going to. Any intermediaries after relay #3 know that someone in the world is going to this site. The web server of the site sees you coming from the IP address of relay #3.
|
||||
|
||||
|
|
@ -214,7 +210,7 @@ Tor has multiple limitations. For example, an entity with the appropriate techni
|
|||
|
||||
### What is HTTPS?
|
||||
|
||||
Virtually all websites today use [HTTPS](/glossary/#https); the S stands for "secure" (for example, https://www.anarsec.guide). If you try to visit a website without `http://` on Tor Browser, there is a warning message before continuing. If you see `http://` instead of `https://` before the address of a website, it means that all intermediaries after relay #3 of the Tor network know what you are exchanging with the website (including your log-in information). HTTPS means that the digital records of what you do on the site you are visiting is protected with an encryption key that belongs to the site. Intermediaries after relay #3 will know that you are going to riseup.net, for example, but they will not have access to your emails and passwords nor will they know if you are consulting your emails or if you are reading a random page on the site. A little padlock appears to the left of the site address when you use HTTPS.
|
||||
Virtually all websites today use [HTTPS](/glossary/#https); the S stands for "secure" (for example, `https://www.anarsec.guide`). If you try to visit a website without `http://` on Tor Browser, there is a warning message before continuing. If you see `http://` instead of `https://` before the address of a website, it means that all intermediaries after relay #3 of the Tor network know what you are exchanging with the website (including your log-in information). HTTPS means that the digital records of what you do on the site you are visiting is protected with an encryption key that belongs to the site. Intermediaries after relay #3 will know that you are going to riseup.net, for example, but they will not have access to your emails and passwords nor will they know if you are consulting your emails or if you are reading a random page on the site. A little padlock appears to the left of the site address when you use HTTPS.
|
||||
|
||||
If there is a yellow warning on the padlock, it means that, in the page you're browsing, some elements are not encrypted (they use HTTP), which can reveal the exact page you're browsing or allow intermediaries to partially modify the page. By default, Tor Browser uses HTTPS-Only Mode to prevent visiting HTTP websites.
|
||||
|
||||
|
|
@ -246,7 +242,7 @@ The Tor network is blocked and otherwise rendered more inconvenient to use in ma
|
|||
|
||||
Perhaps only certain Tor relays are blocked. In this case, you can change the Tor exit nodes for this site: click on the **≣ → "New Tor circuit for this site"**. The Tor circuit (path) will only change for the one tab. You may have to do this several times in a row if you're unlucky enough to run into several relays that have been banned.
|
||||
|
||||
It is also possible that the entire Tor network is blocked, because all Tor relays are public. In this case you can try to use a proxy to get to the site, such as https://hide.me/en/proxy (but only if you don't have to enter any personal data or do anything sensitive like login information). You can also check whether the page you want to access has been saved to the Wayback Machine: web.archive.org.
|
||||
It is also possible that the entire Tor network is blocked, because all Tor relays are public. In this case you can try to use a proxy to get to the site, such as `https://hide.me/en/proxy` (but only if you don't have to enter any personal data or do anything sensitive like login information). You can also check whether the page you want to access has been saved to the Wayback Machine: `web.archive.org`.
|
||||
|
||||
### Separate Anonymous Identities Cleanly
|
||||
|
||||
|
|
@ -300,7 +296,9 @@ Tails includes [many applications](https://tails.boum.org/doc/about/features/ind
|
|||
|
||||
## Password Manager (KeePassXC)
|
||||
|
||||
If you're going to need to know a lot of passwords, it can be nice to have a secure way to store them (i.e. not a piece of paper next to your computer). KeePassXC is a password manager included in Tails (**Application → Favorites → KeePassXC**) which allows you to store your passwords in a file and protect them with a single master password. In the terminology used by KeePassXC, a *password* is a randomized sequence of characters (letters, numbers, and other symbols), whereas a *passphrase* is a random series of words.
|
||||
If you're going to need to know a lot of passwords, it can be nice to have a secure way to store them (i.e. not a piece of paper next to your computer). KeePassXC is a password manager included in Tails (**Application → Favorites → KeePassXC**) which allows you to store your passwords in a file and protect them with a single master password. We recommend compartmentalizing your passwords - have a different KeePassXC file for each separate project.
|
||||
|
||||
>In the terminology used by KeePassXC, a *password* is a randomized sequence of characters (letters, numbers, and other symbols), whereas a *passphrase* is a random series of words.
|
||||
|
||||
|
||||
|
||||
|
|
@ -373,7 +371,7 @@ To set an administration password, you must choose an administration password at
|
|||
|
||||
## Installing additional software
|
||||
|
||||
If you install new software, it's up to you to make sure it is secure. Tails forces all software to connect to the internet through Tor, so you make need to use a program called `torsocks` from Terminal to start additional software that requires an Internet connection (for example, `torsocks --isolate mumble`). The software used in Tails is audited for security, but this may not be the case for what you install. Before installing new software, it's best to make sure there isn't already software in Tails that does the job you want to do. If you want additional software to persist beyond a single session, you have to enable "Additional Software" in Persistent Storage [configuration](https://tails.boum.org/doc/persistent_storage/configure/index.en.html).
|
||||
If you install new software, it's up to you to make sure it is secure. Tails forces all software to connect to the internet through Tor, so you may need to use a program called `torsocks` from Terminal to start additional software that requires an Internet connection (for example, `torsocks --isolate mumble`). The software used in Tails is audited for security, but this may not be the case for what you install. Before installing new software, it's best to make sure there isn't already software in Tails that does the job you want to do. If you want additional software to persist beyond a single session, you have to enable "Additional Software" in Persistent Storage [configuration](https://tails.boum.org/doc/persistent_storage/configure/index.en.html).
|
||||
|
||||
To install software from the Debian software repository:
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue