Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-07-26 16:15:42 -04:00
Code Issues Projects Releases Packages Wiki Activity

improve install instructions

Browse source
This commit is contained in:
anarsec 2024-04-11 16:31:59 +00:00
parent 9a06111d64
commit 4abe74a188
No known key found for this signature in database
12 changed files with 24 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

30
content/posts/e2ee/index.md
View file

@ -4,7 +4,7 @@ date=2023-04-02
[taxonomies]
categories = ["Defensive"]
tags = ["intro", "e2ee", "easy"]
tags = ["intro", "e2ee", "beginner"]
[extra]
blogimage="/images/BASE_2.png"
@ -124,20 +124,12 @@ Cwtch support for Tails is very new and not thoroughly tested.
* Start Tails with an Adminstration Password.
* Download [Cwtch for Linux](https://cwtch.im/download/#linux) with Tor Browser
* Verify your download
* Open the folder using the Tor Browser's download icon
* Right-click in the file manager and select "Open a Terminal Here"
* Run `sha512sum cwtch-VERSION-NUMBER.tar.gz` (fill in the version number)
* Compare the hash of the file to what is listed on the download page
* According to our [Tails Best Practices](/posts/tails-best/#using-a-write-protect-switch), personal data should be stored on a second LUKS USB and Persistent Storage should not be enabled. Extract the file with the file manager (right click, select "Extract Here"), then copy the `cwtch` folder to such a personal data LUKS USB.
* OPTIONAL - If you enable Persistent Storage: with Persistent Storage unlocked, in Terminal run `sudo sed -i '$ a /home/amnesia/.cwtch source=cwtch' /live/persistence/TailsData_unlocked/persistence.conf && sudo sed -i '$ a /home/amnesia/.local source=cwtch_install' /live/persistence/TailsData_unlocked/persistence.conf` then restart Tails for the changes to take effect, again with an Adminstration Password.
* Run the install script
* In the File Manager, browse to the directory you just created, `cwtch`. Right click in the File Manager and select "Open a Terminal Here"
* Run `install-tails.sh` and enter the Administration Password when prompted.
* As the [documentation](https://docs.cwtch.im/docs/platforms/tails) states, "When launching, Cwtch on Tails should be passed the CWTCH_TAILS=true environment variable". In the Terminal, run:
* `exec env CWTCH_TAILS=true LD_LIBRARY_PATH=~/.local/lib/cwtch/:~/.local/lib/cwtch/Tor ~/.local/lib/cwtch/cwtch`
* With Persistent Storage disabled, configuration and profile data must be restored from backup every session you need to install Cwtch. Backup `/home/amnesia/.cwtch/` to the personal data LUKS USB, and copy it back to `/home/amnesia/` the next time you install Cwtch.
* Updates to new versions must be done manually - back up your profile before updating.
* In the File Manager, enter the `cwtch` directory you just created, so that you can see a file named "install-tails.sh". Right click in the File Manager and select "Open a Terminal Here"
* Run `./install-tails.sh` and enter the Administration Password when prompted.
* You can now launch Cwtch from the "Activities" overview.
* With Persistent Storage disabled, profile data must be restored from backup every session you need to install Cwtch. Export your profile, copy it to the personal data LUKS USB, and import it again the next time you install Cwtch.
<br>
</details>
@ -150,7 +142,7 @@ Cwtch support for Tails is very new and not thoroughly tested.
</summary>
<br>
Cwtch on Whonix currently has an [issue](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/550) - support is forthcoming.
Cwtch on Whonix does not guarantee Tor [Stream Isolation](/posts/qubes/#whonix-and-tor) from other applications in the same qube, so we will install it in a dedicated qube. Cwtch is installed in an App qube, follow the [installation instructions](https://docs.cwtch.im/docs/platforms/whonix/).
<br>
</details>
@ -177,7 +169,7 @@ If SimpleX is served with a warrant, their [privacy policy](https://github.com/s
SimpleX Chat will work with Tor if used on an operating system that forces it to, such as Whonix or Tails. However, voice and video calls generally don't work very well over Tor regardless of which application you use.
You can learn more about how to use SimpleX Chat with their [guide](https://simplex.chat/docs/guide/readme.html).
You can learn more about how to use SimpleX Chat with their [guide](https://simplex.chat/docs/guide/readme.html). Make sure to set a [database passphrase](https://simplex.chat/docs/guide/privacy-security.html#database-passphrase).
## For Anonymous Public-facing Projects
@ -224,10 +216,8 @@ Install SimpleX Chat the same way you would install any [app that doesn't requir
* Download the [AppImage](https://simplex.chat/downloads/#desktop-app) with Tor Browser
* According to our [Tails Best Practices](/posts/tails-best/#using-a-write-protect-switch), personal data should be stored on a second LUKS USB and Persistent Storage should not be enabled. Copy the .AppImage file to such a personal data LUKS USB.
* Make the AppImage executable
* In the File Manager, browse to the directory with the file. Right click in the File Manager and select "Open a Terminal Here"
* Run `chmod +x simplex-desktop-x86_64.AppImage` and enter the Administration Password when prompted.
* To launch run the following command in the Terminal:
* `./simplex-desktop-x86_64.AppImage`
* In the File Manager, right-click "Properties". Under "Permissions", enable "Allow this file to run as a program".
* You can now launch SimpleX Chat from the "Activities" overview.
* With Persistent Storage disabled, configuration and profile data must be restored from backup every session. Backup `/home/amnesia/.local/share/simplex` to the personal data LUKS USB, and copy it back to `/home/amnesia/.local/share` in your next session.
<br>
@ -279,7 +269,7 @@ These barriers to anonymous registration mean that Signal is rarely used anonymo
In a recent [repressive operation in France against a riotous demonstration](https://www.notrace.how/resources/read/lafarge-case-the-investigation-methods-used.html#header-access-to-phone-contents-during-and-after-police-custody), the police did exactly that. Police seized suspects' phones during arrests and house raids, as well as targeting them through spyware, and then identified Signal contacts and group members. These identities were added to the list of suspects who were subsequently investigated.
The risk of a compromised device aiding the police in network mapping is partly mitigated by the [username feature](https://community.signalusers.org/t/public-username-testing-staging-environment/56866) - use it to prevent a Signal contact from being able to learn your phone number. In **Settings → Privacy → Phone Number**, set both **Who can see my number** and **Who can find me by number** to **Nobody**. For voice and video calls, Signal reveals the IP address of both parties by default, which could also be used to identify Signal contacts. If you aren't using Signal from behind a VPN or Tor, then in **Settings → Privacy → Advanced**, enable **Always relay calls** to prevent this.
The risk of a compromised device aiding the police in network mapping is partly mitigated by the [username feature](https://signal.org/blog/phone-number-privacy-usernames/) - use it to prevent a Signal contact from being able to learn your phone number. In **Settings → Privacy → Phone Number**, set both **Who can see my number** and **Who can find me by number** to **Nobody**. For voice and video calls, Signal reveals the IP address of both parties by default, which could also be used to identify Signal contacts. If you aren't using Signal from behind a VPN or Tor, then in **Settings → Privacy → Advanced**, enable **Always relay calls** to prevent this.
A private company that sells spyware to governments has a product called JASMINE that is [marketed to deanonymize Signal users](https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products), based on the analysis of metadata.