mirror of
https://0xacab.org/anarsec/anarsec.guide.git
synced 2025-07-26 16:15:42 -04:00
csp, remove js, various updates
This commit is contained in:
anarsec
parent
f59a9dc2c5
commit
515d5e5229
6 changed files with 20 additions and 372 deletions
|
|
@ -41,7 +41,7 @@ Like all peer-to-peer communication, Cwtch requires *synchronous* communication,
|
|||
|
||||
Any Cwtch user can turn the app on their phone or computer into an untrusted server to host a group chat, though this is best for temporary needs like an event or short-term coordination, because the device needs to stay powered on for it to work. Medium-term untrusted servers can be set up on a spare Android device that can stay on, and longer-term servers can be self-hosted on a VPS if you know Linux system administration. Once the server exists, contacts can be invited to use it. You can create a group chat with only two people, which enables asynchronous direct messages.
|
||||
|
||||
>**Note**: [**Briar**](https://briarproject.org) is another application which works in a similar way (with peer-to-peer and Tor), and uses the [Bramble Transport Protocol](https://code.briarproject.org/briar/briar/-/wikis/A-Quick-Overview-of-the-Protocol-Stack) (BTP). The main distinguishing feature of Briar is that it continues to function [even when underlying network infrastructure is down](https://briarproject.org/how-it-works/). It was [audited in 2017](https://code.briarproject.org/briar/briar/-/wikis/FAQ#has-briar-been-independently-audited). Unfortunately, Briar Desktop does not yet work with Tails or Qubes-Whonix, because it cannot [use the system Tor](https://code.briarproject.org/briar/briar/-/issues/2095). Unlike Cwtch, to add a contact on Briar, you must both add each other first. You can either exchange `briar://` links or scan a contact’s QR code if they are nearby.
|
||||
>**Note**: [**Briar**](https://briarproject.org) is another application which works in a similar way (with peer-to-peer and Tor), and uses the [Bramble Transport Protocol](https://code.briarproject.org/briar/briar/-/wikis/A-Quick-Overview-of-the-Protocol-Stack) (BTP). The main distinguishing feature of Briar is that it continues to function [even when underlying network infrastructure is down](https://briarproject.org/how-it-works/). It was [audited in 2017](https://code.briarproject.org/briar/briar/-/wikis/FAQ#has-briar-been-independently-audited). Unfortunately, Briar Desktop does not yet work with Tails or Qubes-Whonix, because it cannot [use the system Tor](https://code.briarproject.org/briar/briar/-/issues/2095). Unlike Cwtch, to connect with a contact on Briar, you must both add each other first. You can either exchange `briar://` links or scan a contact’s QR code if they are nearby. [Briar Mailbox](https://briarproject.org/download-briar-mailbox/) enables asynchronous communication.
|
||||
|
||||
<details>
|
||||
<summary><strong>Cwtch Installation on GrapheneOS</strong></summary>
|
||||
|
|
@ -53,27 +53,27 @@ Any Cwtch user can turn the app on their phone or computer into an untrusted ser
|
|||
<details>
|
||||
<summary><strong>Cwtch Installation on Tails</strong></summary>
|
||||
<br>
|
||||
<p>There is no Tor <a href="https://tails.boum.org/contribute/design/stream_isolation/">Stream Isolation</a> for Cwtch on Tails, so each session must be run in a unique Tails session, or can otherwise be associated with Tor Browser activity, etc.</p>
|
||||
<ul>
|
||||
<li>Start Tails with an Adminstration Password.</li>
|
||||
<li>Download <a href="https://cwtch.im/download/#linux">Cwtch for Linux</a> using Tor Browser</li>
|
||||
<li>Verify the download <ul>
|
||||
<li>Open the folder from Tor Browser's download icon </li>
|
||||
<li>Right click in the file manager and select "Open a Terminal Here"</li>
|
||||
<li>Run <code>sha512sum cwtch-v1.10.0.tar.gz</code> (replacing the filename as appropriate)</li>
|
||||
<li>Run <code>sha512sum cwtch-VERSION-NUMBER.tar.gz</code> (replacing the filename as appropriate)</li>
|
||||
<li>Compare the hash of the file with what is listed on the download page </li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>As per our <a href="/posts/tails-best/#using-a-write-protect-switch">Tails Best Practices</a>, personal data should be stored on a second LUKS USB, not on the Tails Persistent Storage. Copy the file to a second LUKS USB and extract it with the file manager (right click, select "Extract Here"). We will not be using the Additional Software Persistent Storage feature (because it is an AppImage so doesn't require it). </li>
|
||||
<li>As per our <a href="/posts/tails-best/#using-a-write-protect-switch">Tails Best Practices</a>, personal data should be stored on a second LUKS USB, not on the Tails Persistent Storage. Copy the file to such a personal data LUKS USB and extract it with the file manager (right click, select "Extract Here"). We will not be using the Additional Software Persistent Storage feature - Cwtch is an AppImage so doesn't require it. </li>
|
||||
<li>Run the install script<ul>
|
||||
<li>In the File Manager, enter to directory you just created, <code>cwtch</code>. Right click in the File Manager and select "Open a Terminal Here"</li>
|
||||
<li>Run <code>install-home.sh</code></li>
|
||||
<li>TODO backup for persistence? Test</li>
|
||||
<li>Run <code>install-tails.sh</code></li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>Tails forces all networking through Tor, so <a href="https://docs.cwtch.im/docs/tor#advanced-tor-configuration">Advanced Tor Configuration</a> must be set within Cwtch:<ul>
|
||||
<li>Start Cwtch by TODO. </li>
|
||||
<li>As the <a href="https://docs.cwtch.im/docs/platforms/tails">documentation</a> specifies, "When launching, Cwtch on Tails should be passed the CWTCH_TAILS=true environment variable". In the Terminal, run:<ul>
|
||||
<li><code>exec env CWTCH_TAILS=true LD_LIBRARY_PATH=~/.local/lib/cwtch/:~/.local/lib/cwtch/Tor ~/.local/lib/cwtch/cwtch</code></li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>Cwtch must be re-installed every session you need to use it. Backup <code>`$HOME/.cwtch`</code> to the personal data LUKS USB, and copy it back into <code>$HOME/</code> the next time you install Cwtch.</li>
|
||||
<li>Updates must be made manually - back up your profile first.</li>
|
||||
</ul>
|
||||
<br>
|
||||
|
|
@ -82,34 +82,9 @@ Any Cwtch user can turn the app on their phone or computer into an untrusted ser
|
|||
<details>
|
||||
<summary><strong>Cwtch Installation on Qubes-Whonix</strong></summary>
|
||||
<br>
|
||||
<p>Cwtch on Whonix currently has an <a href="https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/550">issue</a> - it works, but there is no Tor Stream Isolation. This is resolved by creating a dedicated Cwtch qube. Cwtch is installed in an App qube, not a Template (because it is an AppImage).</p>
|
||||
<ul>
|
||||
<li>Download <a href="https://cwtch.im/download/#linux">Cwtch for Linux</a> using Tor Browser in a disposable Whonix qube.</li>
|
||||
<li>Verify the download:<ul>
|
||||
<li>Open the folder from Tor Browser's download icon </li>
|
||||
<li>Right click in the file manager and select "Open a Terminal Here"</li>
|
||||
<li>Run <code>sha512sum cwtch-v1.10.0.tar.gz</code> (replacing the filename as appropriate)</li>
|
||||
<li>Compare the hash of the file with what is listed on the download page </li>
|
||||
</ul>
|
||||
</li>
|
||||
<li><a href="/posts/qubes/#how-to-organize-your-qubes">Create an App qube</a> with the Template <code>whonix-ws-16</code> and networking <code>sys-whonix</code>.</li>
|
||||
<li>Copy the file to your new Cwtch App qube and extract it with the file manager (right click, select "Extract Here"). </li>
|
||||
<li>Run the install script<ul>
|
||||
<li>In the File Manager, enter to directory you just created, <code>cwtch</code>. Right click in the File Manager and select "Open a Terminal Here"</li>
|
||||
<li>Run <code>install-home.sh</code></li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>Reboot the App qube for Cwtch to show up in the <strong>Settings > Applications</strong> tab</li>
|
||||
<li><code>sys-whonix</code> forces all networking through Tor, so <a href="https://docs.cwtch.im/docs/tor#advanced-tor-configuration">Advanced Tor Configuration</a> must be set within Cwtch:<ul>
|
||||
<li>TODO </li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>Updates must be made manually - back up your profile first.</li>
|
||||
</ul>
|
||||
<p>Cwtch on Whonix currently has an <a href="https://git.openprivacy.ca/cwtch.im/cwtch-ui/issues/550">issue</a> - support is forthcoming. </p>
|
||||
</details>
|
||||
|
||||
<br>
|
||||
|
||||
|
||||
|
||||
# OnionShare
|
||||
|
|
@ -178,11 +153,12 @@ use_proxy = on
|
|||
http_proxy = 127.0.0.1:8082
|
||||
https_proxy = 127.0.0.1:8082
|
||||
```
|
||||
* [Create an App qube](/posts/qubes/#how-to-organize-your-qubes) with the Template `whonix-ws-16-element` and networking `sys-whonix`.
|
||||
* [Create an App qube](/posts/qubes/#how-to-organize-your-qubes) with the Template `whonix-ws-16-signal` and networking `sys-whonix`.
|
||||
* In the new App qube's **Settings > Applications** tab, bring Signal into the Selected column, and press **OK**.
|
||||
* Updates will be handled by **Qubes Update** as you would expect.
|
||||
|
||||
Alternatively, you can install Signal Desktop in a Whonix Workstation App qube by using [Qube Apps](https://micahflee.com/2021/11/introducing-qube-apps/), and you will not need to bother with Templates. Signal Desktop on Flathub is [community maintained](https://github.com/flathub/org.signal.Signal), not official, which [is a security consideration](https://www.kicksecure.com/wiki/Install_Software#Flathub_Package_Sources_Security).
|
||||
>**Alternative:** You can install Signal Desktop in a Whonix Workstation App qube by using [Qube Apps](https://micahflee.com/2021/11/introducing-qube-apps/), and you will not need to bother with Templates. Signal Desktop on Flathub is [community maintained](https://github.com/flathub/org.signal.Signal), not official, which [is a security consideration](https://www.kicksecure.com/wiki/Install_Software#Flathub_Package_Sources_Security).
|
||||
|
||||
<br>
|
||||
<br>
|
||||
|
||||
|
|
@ -257,7 +233,8 @@ https_proxy = 127.0.0.1:8082
|
|||
* Updates will be handled by **Qubes Update** as you would expect.
|
||||
* Avoid pressing "Sign Out", simply shutdown the qube when finished.
|
||||
|
||||
Alternatively, you can install Element Desktop in a Whonix Workstation App qube by using [Qube Apps](https://micahflee.com/2021/11/introducing-qube-apps/), and you will not need to bother with Templates. Element Desktop on Flathub is [community maintained](https://github.com/flathub/im.riot.Riot), not official, which [is a security consideration](https://www.kicksecure.com/wiki/Install_Software#Flathub_Package_Sources_Security).
|
||||
>**Alternative:** You can install Element Desktop in a Whonix Workstation App qube by using [Qube Apps](https://micahflee.com/2021/11/introducing-qube-apps/), and you will not need to bother with Templates. Element Desktop on Flathub is [community maintained](https://github.com/flathub/im.riot.Riot), not official, which [is a security consideration](https://www.kicksecure.com/wiki/Install_Software#Flathub_Package_Sources_Security).
|
||||
|
||||
<br>
|
||||
<br>
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue