simplex install instructions and VPN quote

2025-07-01 17:56:59 -04:00 · 2023-11-13 22:36:26 +00:00 · 2023-11-13 22:36:26 +00:00 · 4fbd4e150e
commit 4fbd4e150e
parent 03cb8ced90
4 changed files with 85 additions and 20 deletions
--- a/content/posts/e2ee/index.md
+++ b/content/posts/e2ee/index.md
@ -26,8 +26,8 @@ For a more in-depth look at these various considerations, we recommend [The Guid

 Anonymous public-facing projects have additional needs for encrypted communication, because they will be interacting with unknown (and untrusted) contacts:
 * Anyone can contact the project without requiring a separate channel
-* Resiliency to [correlation attacks](/glossary/#correlation-attack) from untrusted contacts
-* Resiliency to [exploits](/glossary/#exploit) from untrusted contacts
+* Resiliency to [correlation attacks](/glossary/#correlation-attack) 
+* Resiliency to [exploits](/glossary/#exploit) 
 * Multiple project members can access the same messages

 The following options for encrypted messaging are listed from most metadata protection to least. 
@ -78,13 +78,13 @@ You can learn more about how to use Cwtch with the [Cwtch Handbook](https://docs

 Anyone can connect to a public Cwtch account when it is online. In the future, Cwtch bots that are semi-trusted (which are hosted on a Cwtch server) will enable first contact when the public Cwtch account is offline. 

-**Resiliency to correlation attacks from untrusted contacts**
+**Resiliency to correlation attacks**

 Real-time messaging applications are particularly susceptible to end-to-end correlation attacks because of the ability of an adversary, once they know their target's ID on the messaging platform, to trigger incoming network traffic on the target's side by sending them messages on the platform (when the target is online). "Appear Offline Mode" in Cwtch allows a user to selectively connect to trusted contacts and groups, while appearing offline to everyone else. An [issue](https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/712) is open to further address this. 

 [Content padding exists](https://docs.cwtch.im/security/components/tapir/packet_format) to frustrate correlation attacks via message size.

-**Resiliency to exploits from untrusted contacts**
+**Resiliency to exploits**

 A vulnerability in any application can be targeted with exploits - a severe vulnerability can allow an adversary to hack your system, such as by permitting [Remote Code Execution](https://en.wikipedia.org/wiki/Arbitrary_code_execution). Cwtch does [fuzz testing](https://openprivacy.ca/discreet-log/07-fuzzbot/) to find bugs. For public-facing project accounts, we recommend that you do not enable the "file sharing experiment" or the "image previews and profile pictures experiment" in the settings.

@ -106,7 +106,7 @@ If a project has multiple members, all of them should be able to access the same
 </summary>
 <br>

-If you have decided to use a smartphone despite our [recommendation not to use phones](/posts/nophones/), Cwtch is available for Android. Install Cwtch as you would any [app that doesn't require Google Services](/posts/grapheneos/#how-to-install-software) (we don't recommend F-Droid). 
+Install Cwtch as you would any [app that doesn't require Google Services](/posts/grapheneos/#how-to-install-software) (we don't recommend F-Droid). 

 <br>
 </details>
@ -154,6 +154,8 @@ Cwtch on Whonix currently has an [issue](https://git.openprivacy.ca/cwtch.im/cwt
 <br>
 </details>

+<br>
+
 # SimpleX Chat

 ![](network.png) 
@ -180,13 +182,13 @@ You can learn more about how to use SimpleX Chat with their [guide](https://simp

 Unlike the one-time invitation links that are normally used by SimpleX Chat and shared through a separate channel, you also have a [long term address](https://simplex.chat/docs/guide/app-settings.html#your-profile-settings) that can be published online so that anyone can connect to you. We recommend not enabling "Auto-accept". 

-**Resiliency to correlation attacks from untrusted contacts**
+**Resiliency to correlation attacks**

 Real-time messaging applications are particularly susceptible to end-to-end correlation attacks because of the ability of an adversary, once they know their target's ID on the messaging platform, to trigger incoming network traffic on the target's side by sending them messages on the platform (when the target is online). An [issue](https://github.com/simplex-chat/simplex-chat/issues/3197) is open to address this. Message "mixing" is also [planned](https://github.com/simplex-chat/simplex-chat#privacy-and-security-technical-details-and-limitations).

 [Content padding exists](https://github.com/simplex-chat/simplex-chat#privacy-and-security-technical-details-and-limitations) to frustrate correlation attacks via message size.

-**Resiliency to exploits from untrusted contacts**
+**Resiliency to exploits**

 A vulnerability in any application can be targeted with exploits - a severe vulnerability can allow an adversary to hack your system, such as by permitting [Remote Code Execution](https://en.wikipedia.org/wiki/Arbitrary_code_execution). For public-facing project accounts, we recommend that you set SimpleX Chat preferences to only allow text (prohibiting voice messages and attachments).

@ -194,6 +196,64 @@ A vulnerability in any application can be targeted with exploits - a severe vuln

 If a project has multiple members, all of them should be able to access the same messages independently. Currently, this is not possible with SimpleX Chat.  

+<details>
+<summary>
+
+**SimpleX Chat Installation on GrapheneOS**
+
+</summary>
+<br>
+
+Install SimpleX Chat as you would any [app that doesn't require Google Services](/posts/grapheneos/#how-to-install-software) (we don't recommend F-Droid). 
+
+<br>
+</details>
+
+<details>
+<summary>
+
+**SimpleX Chat Installation on Tails**
+
+</summary>
+<br>
+
+* Start Tails with an Adminstration Password.
+* Download the [AppImage](https://simplex.chat/downloads/#desktop-app) with Tor Browser
+* According to our [Tails Best Practices](/posts/tails-best/#using-a-write-protect-switch), personal data should be stored on a second LUKS USB and Persistent Storage should not be enabled. Copy the .AppImage file to such a personal data LUKS USB.
+* Make the AppImage executable
+	* In the File Manager, browse to the directory with the file. Right click in the File Manager and select "Open a Terminal Here"
+	* Run `chmod +x simplex-desktop-x86_64.AppImage` and enter the Administration Password when prompted.
+* To launch, in the Terminal, run:
+	* `./simplex-desktop-x86_64.AppImage`
+* With Persistent Storage disabled, configuration and profile data must be restored from backup every session. Backup `/home/amnesia/.local/share/simplex` to the personal data LUKS USB, and copy it back to `/home/amnesia/.local/share` in your next session.
+
+<br>
+</details>
+
+
+<details>
+<summary>
+
+**SimpleX Chat Installation on Qubes-Whonix**
+
+</summary>
+<br>
+
+SimpleX Chat on Whonix is not guaranteed to have Tor [Stream Isolation](/posts/qubes/#whonix-and-tor) from other applications in the same qube, so we will install it in a dedicated qube. SimpleX Chat is installed in an App qube, not a Template (because it is an AppImage).
+
+* Download the [AppImage](https://simplex.chat/downloads/#desktop-app) using Tor Browser in a disposable Whonix qube.
+* [Create an App qube](/posts/qubes/#how-to-organize-your-qubes) with the Template `whonix-ws-16` and networking `sys-whonix`.
+* Copy the file to your new App qube 
+* Make the AppImage executable
+	* In the File Manager, browse to the directory with the file. Right click in the File Manager and select "Open a Terminal Here"
+	* Run `chmod +x simplex-desktop-x86_64.AppImage` 
+*   Reboot the App qube for SimpleX Chat to show up in the **Settings > Applications** tab
+
+<br>
+</details>
+
+<br>
+
 # Signal

 ![](signal.jpg) 
@ -208,7 +268,7 @@ The Signal Protocol has a moderate amount of metadata protection; [sealed sender

 Signal is not peer-to-peer; it uses centralized servers that we must trust. Signal will work with Tor if used on an operating system that forces it to, such as Whonix or Tails. 

-Signing up for a Signal account is difficult to do anonymously. The account is tied to a phone number that the user must still control - due to [changes in "registration lock"](https://blog.privacyguides.org/2022/11/10/signal-number-registration-update/), it is no longer sufficient to register with a disposable phone number. An anonymous phone number can be obtained [on a burner phone or online](https://anonymousplanet.org/guide.html#getting-an-anonymous-phone-number) and must be maintained - most people will not do this. There have been unfounded rumors that Signal plans to remove the need for a phone number after the release of a username feature - however, [registration will still require a phone number](https://mastodon.world/@Mer__edith/110895045552696836).
+Signing up for a Signal account is difficult to do anonymously. The account is tied to a phone number that the user must still control - due to [changes in "registration lock"](https://blog.privacyguides.org/2022/11/10/signal-number-registration-update/), it is no longer sufficient to register with a disposable phone number. An anonymous phone number can be obtained [on a burner phone or online](https://anonymousplanet.org/guide.html#getting-an-anonymous-phone-number) and must be maintained - most people will not do this. 

 Another barrier to anonymous registration is that Signal Desktop will only work if Signal is first registered from a smartphone. For users familiar with the [command line](/glossary/#command-line-interface-cli), it is possible to register an account from a computer using [Signal-cli](http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/about.privacy/messengers-on-tails-os/-/wikis/HowTo#signal). The [VoIP](/glossary#voip-voice-over-internet-protocol) account used for registration would have to be obtained anonymously. 

@ -216,7 +276,7 @@ These barriers to anonymous registration mean that Signal is rarely used anonymo

 In a recent [repressive operation in France against a riotous demonstration](https://www.notrace.how/resources/read/lafarge-case-the-investigation-methods-used.html#header-access-to-phone-contents-during-and-after-police-custody), the police did exactly that. The phones of suspects were accessed through physically seizing them during arrests and house raids, as well as through spyware, and then Signal contacts and group members were identified. These identities were added to the list of suspects who were subsequently investigated.

-A compromised device contributing to network mapping is partly mitigated by the [username feature](https://community.signalusers.org/t/public-username-testing-staging-environment/56866) - use it to prevent a Signal contact from being able to learn your phone number. In **Settings → Privacy → Phone Number**, set both **Who can see my number** and **Who can find me by number** to **Nobody**. For voice and video calls, Signal reveals the IP address of both parties by default, which could also be used to identify Signal contacts. In **Settings → Privacy → Advanced**, enable **Always relay calls** to prevent this. 
+A compromised device contributing to network mapping is partly mitigated by the [username feature](https://community.signalusers.org/t/public-username-testing-staging-environment/56866) - use it to prevent a Signal contact from being able to learn your phone number. In **Settings → Privacy → Phone Number**, set both **Who can see my number** and **Who can find me by number** to **Nobody**. For voice and video calls, Signal reveals the IP address of both parties by default, which could also be used to identify Signal contacts. If you aren't using Signal from behind a VPN or Tor as [we recommend](/posts/grapheneos/#how-to-install-software), then in **Settings → Privacy → Advanced**, enable **Always relay calls** to prevent this. 

 A company that sells spyware to governments has a product called JASMINE that is [marketed to deanonymize Signal users](https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products), based on the analysis of metadata.  

@ -236,7 +296,7 @@ Signal was designed to bring encrypted communication to the masses, not for an a
 </summary>
 <br>

-If you have decided to use a smartphone [despite our recommendation not to use phones](/posts/nophones/), we recommend the [Signal Configuration and Hardening Guide](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/). As noted above, unless you are familiar with the [Command Line Interface](/glossary/#command-line-interface-cli), Signal needs to be registered on a smartphone before it can be connected to a computer. Install Signal as you would any [app that doesn't require Google Services](/posts/grapheneos/#how-to-install-software) (we don't recommend F-Droid). 
+We recommend the [Signal Configuration and Hardening Guide](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/). As noted above, unless you are familiar with the [Command Line Interface](/glossary/#command-line-interface-cli), Signal needs to be registered on a smartphone before it can be connected to a computer. Install Signal as you would any [app that doesn't require Google Services](/posts/grapheneos/#how-to-install-software) (we don't recommend F-Droid). 

 [Molly-FOSS](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/#molly-android) is a fork of Signal with hardening and anti-forensic features available on Android - we recommend it over Signal for anarchists, and extending trust to the Molly team is made easier by its [reproducible builds](https://github.com/mollyim/mollyim-android/tree/main/reproducible-builds). Follow the instructions for [installing software that isn't available in the Play Store](/posts/grapheneos/#software-that-isn-t-on-the-play-store). You can [migrate from an existing Signal account](https://github.com/mollyim/mollyim-android#compatibility-with-signal). Turn on database encryption. 

@ -273,7 +333,7 @@ Some of the [Signal Configuration and Hardening Guide](https://blog.privacyguide

 * Go to **Applications menu → Qubes Tools → Qube Manager**
 * Clone whonix-ws-16 and name it something like whonix-ws-16-signal. 
-	* We do this so as not to add attack surface to the base Whonix Workstation template. If you also install other messaging applications like Element Desktop, they could share a cloned template with a name like whonix-ws-16-e2ee 
+	* We do this so as not to add attack surface to the base Whonix Workstation template. If you also install other messaging applications like SimpleX Chat, they could share a cloned template with a name like whonix-ws-16-e2ee 
 * Open a Terminal in the new Template: **Applications menu → Template: whonix-ws-16-signal: Xfce Terminal**
 * Run the commands in the [Signal installation guide](https://www.signal.org/download/linux/) to install Signal Desktop in the Template. 
 	* Note that the layout of the Signal installation guide is a bit confusing for users unfamiliar with the command line; `wget` and `cat` are separate commands, but `echo` in #2 is a command so long that it takes two lines (which is why the second line is indented). 
@ -294,7 +354,6 @@ https_proxy = 127.0.0.1:8082
 <br>
 </details>

-<br>
 <br>

 # PGP Email
@ -317,17 +376,17 @@ PGP (Pretty Good Privacy) is not so much a messaging platform as it is a way to

 Anyone can send a message to a public email account regardless of whether the recipient is online or offline. 

-**Resiliency to correlation attacks from untrusted contacts**
+**Resiliency to correlation attacks**

 Email is not a real-time messaging application - this means that it is not particularly susceptible to end-to-end correlation attacks via time. 

 No content padding exists to frustrate correlation attacks via message size in email protocols, but if you access the mail servers through Tor then the traffic is padded. 

-**Resiliency to exploits from untrusted contacts**
+**Resiliency to exploits**

 A vulnerability in any application can be targeted with exploits - a severe vulnerability can allow an adversary to hack your system, such as by permitting [Remote Code Execution](https://en.wikipedia.org/wiki/Arbitrary_code_execution). Email can be accessed through webmail (via Tor Browser) or through a client like Thunderbird - these have different attack surfaces. For example, a Cwtch developer found an exploit to [turn Thunderbird into a decryption oracle](https://pseudorandom.resistant.tech/disclosing-security-and-privacy-issues-in-thunderbird.html) when it displays messages with HTML.  

-We recommend using Thunderbird, using the setting to display email as "Plain Text" rather than as HTML: View → Message Body As → Plain Text. Most webmail will not function with Tor Browser in "Safest" mode. 
+We recommend using Thunderbird (which is available in Tails and Qubes-Whonix by default) with the setting to display email as "Plain Text" rather than as HTML: View → Message Body As → Plain Text. Most webmail will not function with Tor Browser in "Safest" mode. 

 **Multiple project members can access the same messages**

@ -337,9 +396,11 @@ If a project has multiple members, all of them should be able to access the same
 >
 >PGP is used for another purpose outside of communication: verifying the integrity and authenticity of files. For this use case, see our [explanation](/posts/tails-best/#appendix-3-gpg-explanation).

+<br>
+
 # Warnings

-We recommend to not use:
+We do *not* recommend:
 * **Telegram**: Telegram has no end-to-end encryption for group chats, and it is opt-in for one-on-one chats. The encryption doesn't use established protocols, and has had cryptographers describe it as ["the most backdoor-looking bug I’ve ever seen"](https://words.filippo.io/dispatches/telegram-ecdh/). 
 * **Matrix/Element**: Matrix has a problem that is inherent in federated networks - terrible [metadata leakage](https://anarc.at/blog/2022-06-17-matrix-notes/#metadata-handling) and [data ownership](https://anarc.at/blog/2022-06-17-matrix-notes/#data-retention-defaults). It has no forward secrecy, the Element client has a large attack surface, and there is a [long list of other issues](https://telegra.ph/why-not-matrix-08-07). What's more, the developers are very friendly with various [national police agencies](https://element.io/blog/bundesmessenger-is-a-milestone-in-germanys-ground-breaking-vision/). 
 * **XMPP Clients**: Regardless of the client, an XMPP server will [always be able to see your contact list](https://coy.im/documentation/security-threat-model/). Additionally, server-side parties (e.g., administrators, attackers, law enforcement) can [inject arbitrary messages, modify address books, log passwords in cleartext](https://web.archive.org/web/20211215132539/https://infosec-handbook.eu/articles/xmpp-aitm/) and [act as a man-in-the-middle](https://notes.valdikss.org.ru/jabber.ru-mitm/). 
--- a/content/posts/grapheneos/index.md
+++ b/content/posts/grapheneos/index.md
@ -21,7 +21,7 @@ letter="grapheneos-letter.pdf"

 GrapheneOS is a private and secure version of the Android [operating system](/glossary#operating-system-os). Standard Android smartphones have Google baked into them (for example, [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) have irrevocable access to your files, call logs, location, etc.), and it is trivial to [bypass standard Android authentication](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html) with [physical access](/glossary/#physical-attacks) to the device. GrapheneOS uses hardware-based security to [greatly increase the difficulty](https://grapheneos.org/faq#encryption) of bypassing authentication, is significantly [hardened](/glossary#hardening) against hacking, and has all Google apps and services removed by default. There are other alternative Android operating systems, [but they are inferior](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/). See the [GrapheneOS documentation](https://grapheneos.org/features) for an extensive list of privacy and security improvements over standard Android. GrapheneOS is [regularly audited](https://grapheneos.org/faq#audit).

-Due to the nature of [how the technology works](https://privsec.dev/posts/android/android-tips/#carrier-tracking), cell phones leave a geolocation history when they connect to cell towers. For this reason, we recommend that you use a smartphone that stays at home like a landline and connects to the Internet via Wi-Fi in airplane mode, rather than using a SIM card to connect through cell towers. Even if you use an anonymously purchased SIM card, if it is linked to your identity in the future, the service provider can be retroactively queried for all geolocation data. Furthermore, it's not enough to only leave your phone at home when you're going to a demo or action, as this will [stand out](/posts/nophones/#metadata-patterns) as an outlier and serve as an indication of conspiratorial activity in that time window. 
+Due to the nature of [how the technology works](https://citizenlab.ca/2023/10/finding-you-teleco-vulnerabilities-for-location-disclosure/), cell phones leave a geolocation history when they connect to cell towers. For this reason, we recommend that you use a smartphone that stays at home like a landline and connects to the Internet via Wi-Fi in airplane mode, rather than using a SIM card to connect through cell towers. Even if you use an anonymously purchased SIM card, if it is linked to your identity in the future, the service provider can be retroactively queried for all geolocation data. Furthermore, it's not enough to only leave your phone at home when you're going to a demo or action, as this will [stand out](/posts/nophones/#metadata-patterns) as an outlier and serve as an indication of conspiratorial activity in that time window. 

 # Installation 

@ -121,7 +121,9 @@ To install and configure Sandboxed Google Play:
 * Automatic updates are enabled by default on the Google Play Store: **Google Play Store Settings → Network Preferences → Auto-update apps**.   
 * Notifications for Google Play Store and Google Play Services must be enabled for auto-updates to work: **Settings → Apps → Google Play Store / Google Play Services → Notifications**. If you get notifications from the Play Store that it wants to update itself, [accept them](https://discuss.grapheneos.org/d/4191-what-were-your-less-than-ideal-experiences-with-grapheneos/18).

-You are now ready to install applications from the Google Play Store. The first application we will install is a [VPN](/glossary/#vpn-virtual-private-network). If you want to use a free VPN, RiseupVPN is recommended. If you want to pay for a VPN anonymously, both [Mullvad](https://www.privacyguides.org/en/vpn/#mullvad) and [IVPN](https://www.privacyguides.org/en/vpn/#ivpn) are also recommended. VPNs are per profile, so must be installed in each user profile separately. All standard GrapheneOS connections will be forced through the VPN (expect for [connectivity checks](https://grapheneos.org/faq#default-connections), which can be optionally [disabled](https://privsec.dev/posts/android/android-tips/#connectivity-check)).
+You are now ready to install applications from the Google Play Store. The first application we will install is a [VPN](/glossary/#vpn-virtual-private-network). If you want to use a free VPN, RiseupVPN is recommended. If you want to pay for a VPN anonymously, both [Mullvad](https://www.privacyguides.org/en/vpn/#mullvad) and [IVPN](https://www.privacyguides.org/en/vpn/#ivpn) are also recommended. VPNs are per profile, so must be installed in each user profile separately. All standard GrapheneOS connections will be forced through the VPN (expect for [connectivity checks](https://grapheneos.org/faq#default-connections), which can be optionally [disabled](https://privsec.dev/posts/android/android-tips/#connectivity-check)). We recommended using a VPN in every profile, for reasons that are well-summarized by the [Security Lab](https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/):
+
+>Using a reputable VPN provider can provide more privacy against surveillance from your ISP or government and prevent network injection attacks from those entities. A VPN will also make traffic correlation attacks – especially those targeting messaging apps – more difficult to perform and less effective.

 Using the example of RiseupVPN, once installed, accept the 'Connection request' prompt. A green display means that the VPN has been successfully connected. Navigate to **Advanced settings** in the RiseupVPN menu, click **Always-on VPN** and follow the instructions. From now on, the VPN will connect automatically when you turn on your phone. Continue installing other apps - see [Encrypted Messaging for Anarchists](/posts/e2ee/) for ideas. 

--- a/content/posts/qubes/index.md
+++ b/content/posts/qubes/index.md
@ -231,7 +231,9 @@ It's possible to just use the system as is, but let's show you how to create an
 * **sys-VPN**: A VPN qube that uses the OpenVPN protocol
 * **split-XMR**: The Monero wallet lives in an offline qube and access to it is strictly controlled. 

-If you want your non-Tor qubes to be forced through a VPN, this is the easiest way to set it up. 
+You should configure your non-Tor qubes to be forced through a VPN (RiseupVPN, Mullvad, or IVPN), for reasons that are well-summarized by the [Security Lab](https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/):
+
+>Using a reputable VPN provider can provide more privacy against surveillance from your ISP or government and prevent network injection attacks from those entities. A VPN will also make traffic correlation attacks – especially those targeting messaging apps – more difficult to perform and less effective.

 By default, App qubes only have 2 GB of private storage. This small amount will fill up quickly - when an App qube is about to run out of space, the Disk Space Monitor widget will alert you. To increase the amount of private storage for any qube, go to the qubes' **Settings → Basic** tab and change the "Private storage max size". This storage won't be used immediately, it's just the maximum that can be used by that qube. 

--- a/content/posts/tails-best/index.md
+++ b/content/posts/tails-best/index.md
@ -79,7 +79,7 @@ Use an Internet connection that isn't connected to you, such as in a cafe withou
 * If you have to buy a coffee to get the Wi-Fi password, pay in cash! 
 * Position yourself with your back against a wall so that no one can "shoulder surf" to see your screen, and ideally install a [privacy screen](/posts/tails/#privacy-screen) on your laptop. 
 * Maintain situational awareness and be ready to pull out the Tails USB to shut down the computer at a moment's notice. If maintaining situational awareness seems unrealistic, consider asking a trusted friend to hang out who can dedicate themselves to keeping an eye on your surroundings. If the Tails USB is removed, Tails will shut down and [overwrite the RAM with random data](https://tails.boum.org/doc/advanced_topics/cold_boot_attacks/index.en.html). Any LUKS USBs that were unlocked in the Tails session will now be encrypted again. Note that [Tails warns](https://tails.boum.org/doc/first_steps/shutdown/index.en.html) "Only physically remove the USB stick in case of emergency as doing so can sometimes break the file system of the Persistent Storage." 
-	* One person in charge of a darknet marketplace had his Tails computer seized while distracted by a fake fight next to him. Similar tactics have been used [in other police operations](https://dys2p.com/en/2023-05-luks-security.html#attacks). If his Tails USB had been attached to a belt with a short piece of fishing line, the police would most likely have lost all evidence when the Tails USB was pulled out. A more technical equivalent is [BusKill](https://www.buskill.in/tails/) - however, we only recommend buying this in person (such as at a conference) or [3D printing it](https://www.buskill.in/3d-print-2023-08/). This is because any mail can be [intercepted](https://docs.buskill.in/buskill-app/en/stable/faq.html#q-what-about-interdiction) and altered, making the hardware [malicious](https://en.wikipedia.org/wiki/BadUSB). 
+	* One person in charge of a darknet marketplace had his Tails computer seized while distracted by a fake fight next to him. Similar tactics have been used [in other police operations](https://dys2p.com/en/2023-05-luks-security.html#attacks). If his Tails USB had been attached to a belt with a short piece of fishing line, the police would most likely have lost all evidence when the Tails USB was pulled out. A more technical equivalent is [BusKill](https://www.buskill.in/tails/) - however, we only recommend buying this [in person](https://www.buskill.in/leipzig-proxystore/) or [3D printing it](https://www.buskill.in/3d-print-2023-08/). This is because any mail can be [intercepted](https://docs.buskill.in/buskill-app/en/stable/faq.html#q-what-about-interdiction) and altered, making the hardware [malicious](https://en.wikipedia.org/wiki/BadUSB). 
 * If coffee shops without CCTV cameras are few and far between, you can try accessing a coffee shop's Wi-Fi from outside, out of view of the cameras. Some external Wi-Fi adapters can pick up signals from further away, as discussed [below](#appendix-2-location-location-location). 

 #### Non-Targeted and Targeted Correlation Attacks