Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-06-14 09:39:18 -04:00
Code Issues Projects Releases Packages Wiki Activity

preference for mullvad and ivpn

Browse source
This commit is contained in:
anarsec 2024-04-24 19:04:09 +00:00
parent 1aa4e02215
commit 61a9fdb3e8
No known key found for this signature in database
3 changed files with 13 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
content/glossary/_index.md
View file

@ -214,7 +214,7 @@ For more information, see [the No Trace Project Threat Library](https://notrace.
Every website visited through the Tor network passes through 3 relays. Relays are servers hosted by different people and organizations around the world. No single relay ever knows both where the encrypted connection is coming from and where it is going. An excerpt from a leaked top-secret NSA assessment calls Tor "the King of high secure, low latency Internet anonymity" with "no contenders for the throne in waiting". The Tor network can be accessed through the Tor Browser on any operating system. The [Tails](/glossary/#tails) operating system forces every program to use the Tor network when accessing the Internet.
For more information, see [our description of Tor](/posts/tails/#tor) and [Privacy Guides'](https://www.privacyguides.org/en/advanced/tor-overview/). To understand the limitations of Tor, see the [Whonix documentation](https://www.whonix.org/wiki/Warning).
For more information, see [Tails for Anarchists](/posts/tails/#tor) and [Privacy Guides](https://www.privacyguides.org/en/advanced/tor-overview/). To understand the limitations of Tor, see the [Whonix documentation](https://www.whonix.org/wiki/Warning).
### Two-Factor Authentication (2FA)

10
content/posts/grapheneos/index.md
View file

@ -118,10 +118,14 @@ To reiterate, the user profiles and their purposes are:
The GrapheneOS app store contains the standalone applications developed by the GrapheneOS project, such as Vanadium, Auditor, Camera, and PDF Viewer. These are automatically updated.
To install additional software, avoid F-Droid due to its numerous [security issues](https://www.privacyguides.org/en/android/#f-droid). GrapheneOS has a [Sandboxed](/glossary/#sandboxing) Google Play that can be installed through the GrapheneOS app store: ["Google Play receives absolutely no special access or privileges on GrapheneOS."](https://grapheneos.org/features#sandboxed-google-play) Alternatively, you can use the [Aurora Store](https://www.privacyguides.org/en/android/#aurora-store), though it has [some of the same security issues as F-Droid](https://privsec.dev/posts/android/f-droid-security-issues/#conclusion-what-should-you-do).
To install additional software, a [Sandboxed](/glossary/#sandboxing) Google Play can be installed through the GrapheneOS app store: ["Google Play receives absolutely no special access or privileges on GrapheneOS."](https://grapheneos.org/features#sandboxed-google-play)
Avoid F-Droid due to its numerous [security issues](https://www.privacyguides.org/en/android/#f-droid). The [Aurora Store](https://www.privacyguides.org/en/android/#aurora-store) has [some of the same security issues as F-Droid](https://privsec.dev/posts/android/f-droid-security-issues/#conclusion-what-should-you-do).
The approach we will take is that all applications needed in the Default user profile will be installed in the Owner user profile, using Sandboxed Google Play. In the Owner user profile, all installed applications (except the VPN) will be "disabled", because we only use these applications from the Default user profile. Then we'll use the **Install available apps** feature to delegate apps to the Default user profile.
## Software from Sandboxed Google Play
To install and configure Sandboxed Google Play:
* In the Owner user profile, install Sandboxed Google Play by opening Apps and installing Google Play services (this will also install the Google Services Framework and the Google Play Store).
@ -130,7 +134,9 @@ To install and configure Sandboxed Google Play:
* Automatic updates are enabled by default on the Google Play Store: **Google Play Store Settings → Network Preferences → Auto-update apps**.
* Notifications for Google Play Store and Google Play Services must be enabled for auto-updates to work: **Settings → Apps → Google Play Store / Google Play Services → Notifications**. If you get notifications from the Play Store that it wants to update itself, [accept them](https://discuss.grapheneos.org/d/4191-what-were-your-less-than-ideal-experiences-with-grapheneos/18).
You are now ready to install applications from the Google Play Store. The first application we will install is a [VPN](/glossary/#vpn-virtual-private-network). If you want to use a free VPN, we recommend RiseupVPN. If you want to pay for a VPN anonymously, we recommend both [Mullvad](https://www.privacyguides.org/en/vpn/#mullvad) and [IVPN](https://www.privacyguides.org/en/vpn/#ivpn). VPNs must be installed in each user profile separately. All standard GrapheneOS connections will be forced through the VPN (except for [connectivity checks](https://grapheneos.org/faq#default-connections), which can be optionally [disabled](https://privsec.dev/posts/android/android-tips/#connectivity-check)). We recommended using a VPN in every profile, for reasons that are well-summarized by the [Security Lab](https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/):
You are now ready to install applications from the Google Play Store. The first application we are going to install is a [VPN](/glossary/#vpn-virtual-private-network). If you can afford to pay for a VPN, we recommend both [Mullvad](https://www.privacyguides.org/en/vpn/#mullvad) and [IVPN](https://www.privacyguides.org/en/vpn/#ivpn). Otherwise, we recommend RiseupVPN. A VPN subscription should be purchased anonymously — vouchers are available from [Mullvad](https://mullvad.net/en/blog/2022/9/16/mullvads-physical-voucher-cards-are-now-available-in-11-countries-on-amazon/) and [IVPN](https://www.ivpn.net/knowledgebase/billing/voucher-cards-faq/) to purchase the subscription anonymously without cryptocurrency.
VPNs must be installed in each user profile separately. All standard GrapheneOS connections will be forced through the VPN (except for [connectivity checks](https://grapheneos.org/faq#default-connections), which can be optionally [disabled](https://privsec.dev/posts/android/android-tips/#connectivity-check)). We recommended using a VPN in every profile, for reasons that are well-summarized by the [Security Lab](https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/):
>Using a reputable VPN provider can provide more privacy against surveillance from your ISP or government and prevent network injection attacks from those entities. A VPN will also make traffic correlation attacks — especially those targeting messaging apps — more difficult to perform and less effective.

6
content/posts/qubes/index.md
View file

@ -256,11 +256,13 @@ Now, if a malicious document achieves code execution after being opened, it will
## A VPN Qube
You should configure your non-Tor qubes to be forced through a reputable [VPN](/glossary/#vpn-virtual-private-network) (RiseupVPN, Mullvad, or IVPN), for reasons that are well-summarized by the [Security Lab](https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/):
You should configure your non-Tor qubes to be forced through a reputable [VPN](/glossary/#vpn-virtual-private-network), for reasons that are well-summarized by the [Security Lab](https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/):
>Using a reputable VPN provider can provide more privacy against surveillance from your ISP or government and prevent network injection attacks from those entities. A VPN will also make traffic correlation attacks — especially those targeting messaging apps — more difficult to perform and less effective.
There are guides for [the Mullvad app](https://privsec.dev/posts/qubes/using-mullvad-vpn-on-qubes-os/), [Mullvad without the app](https://forum.qubes-os.org/t/tutorial-4-2-4-1-mullvad-wireguard-with-qubes/21172), and [the IVPN app](https://forum.qubes-os.org/t/ivpn-app-4-2-setup-guide/23804). It is possible to buy a voucher card for [Mullvad](https://mullvad.net/en/blog/2022/9/16/mullvads-physical-voucher-cards-are-now-available-in-11-countries-on-amazon/) and [IVPN](https://www.ivpn.net/knowledgebase/billing/voucher-cards-faq/), which makes anonymously purchasing a subscription easier than using a cryptocurrency.
If you can afford to pay for a VPN, we recommend both [Mullvad](https://www.privacyguides.org/en/vpn/#mullvad) and [IVPN](https://www.privacyguides.org/en/vpn/#ivpn). Otherwise, we recommend RiseupVPN. A VPN subscription should be purchased anonymously — vouchers are available from [Mullvad](https://mullvad.net/en/blog/2022/9/16/mullvads-physical-voucher-cards-are-now-available-in-11-countries-on-amazon/) and [IVPN](https://www.ivpn.net/knowledgebase/billing/voucher-cards-faq/) to purchase the subscription anonymously without cryptocurrency.
There are guides for [the Mullvad app](https://privsec.dev/posts/qubes/using-mullvad-vpn-on-qubes-os/), [Mullvad without the app](https://forum.qubes-os.org/t/tutorial-4-2-4-1-mullvad-wireguard-with-qubes/21172), and [the IVPN app](https://forum.qubes-os.org/t/ivpn-app-4-2-setup-guide/23804).
## Additional Settings