motioneye and css

This commit is contained in:
anarsec 2024-04-21 20:23:26 +00:00
parent 1354ddb396
commit 6597d786ae
No known key found for this signature in database
4 changed files with 13 additions and 5 deletions

View file

@ -17,7 +17,7 @@ There are several different options for [end-to-end encrypted](/glossary/#end-to
<!-- more -->
Before proceeding, lets go over a few concepts to help you distinguish between the different options.
* **End-to-end encryption** means (in theory) that only you and the person you are communicating with can read messages. However, not all [encryption](/glossary/#encryption) is created equal. The quality of the encryption is determined by the *encryption protocol* used and how it's implemented at the software level.
* **End-to-end encryption** means (in theory) that only you and the person you are communicating with can read messages. However, not all [encryption](/glossary/#encryption) is created equal. The quality of the encryption is determined by the *encryption protocol* used and how it's implemented at the software level. See ["End-to-end encryption security: attacks and defense"](https://simplex.chat/blog/20240314-simplex-chat-v5-6-quantum-resistance-signal-double-ratchet-algorithm.html#end-to-end-encryption-security-attacks-and-defense) for more information.
* **Metadata protection** means that the message [*metadata*](/glossary/#metadata) (the data about the data) is obscured. Even if the message itself is encrypted, metadata can reveal who is communicating with whom, when, how often, the sizes of any files that may have been transferred, and so on. Metadata exposure is [a major concern](https://docs.cwtch.im/security/risk#threat-model).
* **Peer-to-peer** means that the messages do not pass through a centralized server.
* **Tor** is an [anonymity network](/glossary/#tor-network). Some applications route your messages through Tor by default.
@ -241,7 +241,8 @@ SimpleX Chat on Whonix does not guarantee Tor [Stream Isolation](/posts/qubes/#w
* Copy the file to your new App qube
* Make the AppImage executable
* In the File Manager, right-click "Properties". Under "Permissions", enable "Allow this file to run as a program".
* Reboot the App qube for SimpleX Chat to show up in the **Settings > Applications** tab
* Reboot the App qube. In the **Settings > Applications** tab of the new App qube, you may need to click "Refresh applications" for SimpleX Chat to show up. Move SimpleX Chat to the Selected column and press "OK".
* Updates will be handled by **Qubes Update** as you would expect.
<br>
</details>
@ -341,7 +342,7 @@ http_proxy = 127.0.0.1:8082
https_proxy = 127.0.0.1:8082
```
* [Create an App qube](/posts/qubes/#creating-qubes) with the Template `whonix-workstation-17-signal` and networking `sys-whonix`.
* In the **Settings → Applications** tab of the new App qube, move Signal to the Selected column and press **OK**.
* In the **Settings → Applications** tab of the new App qube, you may need to click "Refresh applications" for Signal to show up. Move Signal to the Selected column and press "OK".
* Updates will be handled by **Qubes Update** as you would expect.
>**Alternative method**

View file

@ -98,7 +98,7 @@ When using Wi-Fi in a public space, keep the following operational security cons
If you need to regularly use the Internet for projects like moderating a website or hacking, going to a new Wi-Fi location after doing surveillance countermeasures might not be realistic on a daily basis. Additionally, a main police priority will be to seize the computer while it is unencrypted, and this is much easier for them to achieve in a public space, especially if you are alone. In this scenario, the ideal mitigation is to **use a Wi-Fi antenna positioned behind a window in a private space to access from a few hundred metres away** — a physical surveillance effort won't observe you entering a cafe or be able to easily seize your powered-on laptop, and a digital surveillance effort won't observe anything on your home Internet. To protect against [hidden cameras](https://www.notrace.how/earsandeyes), you should still be careful about where you position your screen.
If a Wi-Fi antenna is too technical for you, you may even want to **use your home internet** for some projects that require frequent internet access. This contradicts the previous advice to not use an Internet connection that is tied to your identity. It's a trade-off: using Tor from home avoids creating a physical footprint that is so easy to observe, at the expense of creating a digital footprint which is more technical to observe, and may be harder to draw meaningful conclusions from (especially if you intentionally [make correlation attacks more difficult](/posts/tails/#make-correlation-attacks-more-difficult)). In our view, the main risk of using your home internet is not that the adversary deanonymizes you through a correlation attack, but rather through hacking your system (such as through [phishing](/posts/tails-best/#phishing-awareness)), which [enables them to bypass Tor](/posts/qubes/#when-to-use-tails-vs-qubes-os).
If a Wi-Fi antenna is too technical for you, you may even want to **use your home internet** for some projects that require frequent internet access. This contradicts the previous advice to not use an Internet connection that is tied to your identity. It's a trade-off: using Tor from home avoids creating a physical footprint that is so easy to observe, at the expense of creating a digital footprint which is more technical to observe, and may be harder to draw meaningful conclusions from (especially if you intentionally [make correlation attacks more difficult](/posts/tails/#make-correlation-attacks-more-difficult)). There are two main deanonymization risks to consider when using your home internet: that the adversary deanonymizes you through a targeted correlation attack, or that they deanonymize you by hacking your system (such as through [phishing](/posts/tails-best/#phishing-awareness)) which [enables them to bypass Tor](/posts/qubes/#when-to-use-tails-vs-qubes-os).
#### To summarize

View file

@ -116,7 +116,7 @@ We recommend employing physical intrusion detection in addition to all of the ta
Haven is an Android app developed by the Freedom of Press Foundation that uses the smartphones many sensors — microphone, motion detector, light detector, and cameras — to monitor the room for changes, and it logs everything it notices. Unfortunately Haven is currently unmaintained, remote notifications are [broken](https://github.com/guardianproject/haven/issues/454), and it is unreliable on many devices.
Until [Haven is fully functional](https://github.com/guardianproject/haven/issues/465), we recommend also using a video surveillance system so that you can receive remote notifications — this is important to protect against the local logs being modified by an intruder. Choose a model with privacy features (e.g. it doesn't function through the cloud) so that the police cannot easily learn the timing of your comings and goings from it.
Until [Haven is fully functional](https://github.com/guardianproject/haven/issues/465), we recommend also using a video surveillance system so that you can receive remote notifications — this is important to protect against the local logs being modified by an intruder. Choose a model with privacy features (e.g. it doesn't function through the cloud) so that the police cannot easily learn the timing of your comings and goings from it. For instance, [motionEye OS](https://github.com/motioneye-project/motioneyeos/wiki/Features) supports remote notifications for motion detection, but it requires Linux knowledge to set up.
## In practice

View file

@ -588,6 +588,13 @@ code
.icon-text
font-size: 16px
summary
cursor: pointer
margin-top: 0.5em
summary > p
display: inline
body[theme="dark"]
background-color: black !important