Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-06-20 12:34:25 -04:00
Code Issues Projects Releases Packages Wiki Activity

header hrefs relative

Browse source
This commit is contained in:
anarsec 2024-04-15 14:27:12 +00:00
parent 022d014abc
commit 6679c65ba9
No known key found for this signature in database
5 changed files with 24 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

4
content/posts/grapheneos/index.md
View file

@ -33,7 +33,7 @@ Avoid carrier variants of the phone, i.e. don't buy one from a mobile operator,
[GrapheneOS can be installed](https://grapheneos.org/install/) using a web browser or the [command line](/glossary#command-line-interface-cli). If you are uncomfortable with command line, the web browser installer is fine; as the [instructions note](https://grapheneos.org/install/cli#verifying-installation), "Even if the computer you used to flash GrapheneOS was compromised and an attacker replaced GrapheneOS with their own malicious OS, it can be detected with Auditor", which is explained below. Both methods list the officially supported operating systems. [GrapheneOS can be installed](https://grapheneos.org/install/) using a web browser or the [command line](/glossary#command-line-interface-cli). If you are uncomfortable with command line, the web browser installer is fine; as the [instructions note](https://grapheneos.org/install/cli#verifying-installation), "Even if the computer you used to flash GrapheneOS was compromised and an attacker replaced GrapheneOS with their own malicious OS, it can be detected with Auditor", which is explained below. Both methods list the officially supported operating systems.
The first time you boot Graphene, it will ask you if you want to connect to Wi-Fi. Don't, we need to do [hardware-based attestation](#auditor) first. Never set up fingerprint authentication. Set a [strong password](/posts/tails-best/#passwords). The first time you boot Graphene, it will ask you if you want to connect to Wi-Fi. Don't, we need to do [hardware-based attestation](/posts/grapheneos/#auditor) first. Never set up fingerprint authentication. Set a [strong password](/posts/tails-best/#passwords).
There is no official support for installing from Qubes OS, but it is possible with the following steps. There is no official support for installing from Qubes OS, but it is possible with the following steps.
@ -195,7 +195,7 @@ Why recommend a Pixel over a Linux desktop phone? Linux desktop phones like the
# Wrapping Up # Wrapping Up
With the set-up described in this guide, if a cop starts with your name, they wont be able to simply look it up in a cellular provider database to get your phone number. If you use the phone as a Wi-Fi only device and always leave it at home, it cannot be used to determine your movement profile and history. If you use a VoIP number, it's accessed through a VPN, so even if that number is known, it can't be used to locate you. All communications with comrades use [end-to-end encryption](/posts/e2ee/) so they do not aid in network mapping. Even if you are unlucky enough to be the target of a well-funded investigation, the hardened operating system makes it difficult to compromise with spyware, and such a compromise should be [detectable](#auditor). With the set-up described in this guide, if a cop starts with your name, they wont be able to simply look it up in a cellular provider database to get your phone number. If you use the phone as a Wi-Fi only device and always leave it at home, it cannot be used to determine your movement profile and history. If you use a VoIP number, it's accessed through a VPN, so even if that number is known, it can't be used to locate you. All communications with comrades use [end-to-end encryption](/posts/e2ee/) so they do not aid in network mapping. Even if you are unlucky enough to be the target of a well-funded investigation, the hardened operating system makes it difficult to compromise with spyware, and such a compromise should be [detectable](/posts/grapheneos/#auditor).
By storing the phone in a tamper-evident manner when it's not in use, you'll be able to tell if it's been physically accessed. See the guide [Make Your Electronics Tamper-Evident](/posts/tamper/). By storing the phone in a tamper-evident manner when it's not in use, you'll be able to tell if it's been physically accessed. See the guide [Make Your Electronics Tamper-Evident](/posts/tamper/).

22
content/posts/qubes/index.md
View file

@ -21,7 +21,7 @@ Qubes OS can be configured to force all Internet connections through the [Tor ne
# Who is Qubes OS For? # Who is Qubes OS For?
Given that anarchists are [regularly targeted](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance/malware.html) for hacking in repressive investigations, Qubes OS is an excellent choice for us. AnarSec [recommends](/recommendations) Qubes OS for everyday use, and [below](#when-to-use-tails-vs-qubes-os) we compare when it is appropriate to use Tails vs. Qubes OS — both have unique strengths. While Tails is so easy to use that you don't even need to know anything about Linux, Qubes OS is a bit more involved, but still designed to be accessible to users with limited technical know-how, like journalists. This guide is labelled as "intermediate", though if you need to extensively customize your set up or troubleshoot something, it is more likely to be "advanced". Given that anarchists are [regularly targeted](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance/malware.html) for hacking in repressive investigations, Qubes OS is an excellent choice for us. AnarSec [recommends](/recommendations) Qubes OS for everyday use, and [below](/posts/qubes/#when-to-use-tails-vs-qubes-os) we compare when it is appropriate to use Tails vs. Qubes OS — both have unique strengths. While Tails is so easy to use that you don't even need to know anything about Linux, Qubes OS is a bit more involved, but still designed to be accessible to users with limited technical know-how, like journalists. This guide is labelled as "intermediate", though if you need to extensively customize your set up or troubleshoot something, it is more likely to be "advanced".
Even if you don't do anything directly incriminating on the computer you use every day, if it were compromised, this would still give investigators a field day for [network mapping](https://www.notrace.how/threat-library/techniques/network-mapping.html) — knowing who you talk to and what you talk to them about, what projects you are involved in, what websites you read, etc. Most anarchists use everyday computers for some anarchist projects and to communicate with other comrades, so making our personal computers difficult to hack is an important baseline for all anarchists. That said, the time investment to learn Qubes OS isn't for everyone. For those with limited energy to put towards increased anonymity and security, Tails is much more straightforward. Even if you don't do anything directly incriminating on the computer you use every day, if it were compromised, this would still give investigators a field day for [network mapping](https://www.notrace.how/threat-library/techniques/network-mapping.html) — knowing who you talk to and what you talk to them about, what projects you are involved in, what websites you read, etc. Most anarchists use everyday computers for some anarchist projects and to communicate with other comrades, so making our personal computers difficult to hack is an important baseline for all anarchists. That said, the time investment to learn Qubes OS isn't for everyone. For those with limited energy to put towards increased anonymity and security, Tails is much more straightforward.
@ -98,7 +98,7 @@ Keep in mind that with Tails it is easy to destroy an encrypted USB you no longe
# Getting Started # Getting Started
Qubes OS works best on a laptop with a solid state drive (SSD, which is faster than a hard disk drive, or HDD) and 16GB of RAM. Check this [hardware compatibility list](https://www.qubes-os.org/hcl/) to see if a specific laptop model will work. If you want to [install HEADS open-source firmware](/posts/tails-best/#to-mitigate-against-remote-attacks) it has [limited compatibility](https://osresearch.net/Prerequisites#supported-devices), so keep that in mind when buying your laptop. We recommend the ThinkPad X230 because it's the only developer-tested laptop model and is easily found in refurbished computer stores for around $200 USD. See the list of [community-recommended computers](https://forum.qubes-os.org/t/5560) for some other options, and [Best Practices](#hardware-security) for further discussion of hardware security. Qubes OS works best on a laptop with a solid state drive (SSD, which is faster than a hard disk drive, or HDD) and 16GB of RAM. Check this [hardware compatibility list](https://www.qubes-os.org/hcl/) to see if a specific laptop model will work. If you want to [install HEADS open-source firmware](/posts/tails-best/#to-mitigate-against-remote-attacks) it has [limited compatibility](https://osresearch.net/Prerequisites#supported-devices), so keep that in mind when buying your laptop. We recommend the ThinkPad X230 because it's the only developer-tested laptop model and is easily found in refurbished computer stores for around $200 USD. See the list of [community-recommended computers](https://forum.qubes-os.org/t/5560) for some other options, and [Best Practices](/posts/qubes/#hardware-security) for further discussion of hardware security.
The [installation guide](https://www.qubes-os.org/doc/installation-guide/) will get you started. The [verification step](https://www.qubes-os.org/security/verifying-signatures/) requires using the [command line](/glossary/#command-line-interface-cli). If this is over your head, ask a friend to walk you through it. Alternatively, learn the basics of the command line with [Linux Essentials](/posts/linux/) and see the [explanation of a similar verification for Tails](/posts/tails-best/#appendix-gpg-explanation). The [installation guide](https://www.qubes-os.org/doc/installation-guide/) will get you started. The [verification step](https://www.qubes-os.org/security/verifying-signatures/) requires using the [command line](/glossary/#command-line-interface-cli). If this is over your head, ask a friend to walk you through it. Alternatively, learn the basics of the command line with [Linux Essentials](/posts/linux/) and see the [explanation of a similar verification for Tails](/posts/tails-best/#appendix-gpg-explanation).
@ -108,7 +108,7 @@ After you first boot Qubes OS, there is a post-installation:
* Check the boxes for Whonix qubes, and for updates to happen over Tor. * Check the boxes for Whonix qubes, and for updates to happen over Tor.
* The post-installation gives the you option to install only Debian or only Fedora Templates (instead of both), and to use the Debian Template for all sys qubes (the default is Fedora). Whether you choose to use Debian or Fedora for qubes that don't require Tor is up to you. The Privacy Guides project [argue](https://www.privacyguides.org/os/linux-overview/#choosing-your-distribution) that the Fedora software model (semi-rolling release) is more secure than the Debian software model (frozen), but also recommend [Kicksecure](https://www.privacyguides.org/en/os/linux-overview/#kicksecure) (which is based on Debian). See [Best Practices](#post-installation-decisions) for further discussion of this configuration choice. * The post-installation gives the you option to install only Debian or only Fedora Templates (instead of both), and to use the Debian Template for all sys qubes (the default is Fedora). Whether you choose to use Debian or Fedora for qubes that don't require Tor is up to you. The Privacy Guides project [argue](https://www.privacyguides.org/os/linux-overview/#choosing-your-distribution) that the Fedora software model (semi-rolling release) is more secure than the Debian software model (frozen), but also recommend [Kicksecure](https://www.privacyguides.org/en/os/linux-overview/#kicksecure) (which is based on Debian). See [Best Practices](/posts/qubes/#post-installation-decisions) for further discussion of this configuration choice.
* Make sys-net disposable. If you are using Wi-Fi instead of Ethernet, you will need to re-enter the Wi-Fi password after every boot. * Make sys-net disposable. If you are using Wi-Fi instead of Ethernet, you will need to re-enter the Wi-Fi password after every boot.
@ -207,7 +207,7 @@ How the App qubes will be organized, without displaying service qubes or Templat
* **A vault qube**. This is used for all data storage because you don't need internet to store files. This qube can be reassigned to the `debian-12-documents` Template so that trusted files can be opened there. * **A vault qube**. This is used for all data storage because you don't need internet to store files. This qube can be reassigned to the `debian-12-documents` Template so that trusted files can be opened there.
* **A disposable Whonix-Workstation qube (`whonix-workstation-17-dvm`)**. * **A disposable Whonix-Workstation qube (`whonix-workstation-17-dvm`)**.
* [Remember](#general-usage) — Whonix works by using the Whonix-Workstation Template (`whonix-workstation-17`) for the App qube, and the Whonix-Gateway Template (`whonix-gateway-17`) for a separate Service qube called `sys-whonix` (not shown in this diagram). Unless you are an advanced user, you should never touch the Whonix-Gateway — all your activity takes place in Whonix-Workstation. When an App qube is disposable, the naming convention is to append `-dvm` for *disposable virtual machine*. * [Remember](/posts/qubes/#general-usage) — Whonix works by using the Whonix-Workstation Template (`whonix-workstation-17`) for the App qube, and the Whonix-Gateway Template (`whonix-gateway-17`) for a separate Service qube called `sys-whonix` (not shown in this diagram). Unless you are an advanced user, you should never touch the Whonix-Gateway — all your activity takes place in Whonix-Workstation. When an App qube is disposable, the naming convention is to append `-dvm` for *disposable virtual machine*.
* Disposables appear in Applications Menu in a way that can be confusing. You will see two entries for this qube: the **whonix-workstation-17-dvm** entry in the Apps menu, which is where you launch applications from, and the **whonix-workstation-17-dvm** entry in the Templates menu, which is the Template for the disposable (do not use applications from here). * Disposables appear in Applications Menu in a way that can be confusing. You will see two entries for this qube: the **whonix-workstation-17-dvm** entry in the Apps menu, which is where you launch applications from, and the **whonix-workstation-17-dvm** entry in the Templates menu, which is the Template for the disposable (do not use applications from here).
* You can think of a disposable Whonix-Workstation qube as similar to Tails: system-wide Tor, and deletion after shutdown (without the anti-forensics property, as noted above). * You can think of a disposable Whonix-Workstation qube as similar to Tails: system-wide Tor, and deletion after shutdown (without the anti-forensics property, as noted above).
* Do not customize the disposable Template at all to resist fingerprinting. * Do not customize the disposable Template at all to resist fingerprinting.
@ -285,7 +285,7 @@ To learn how to attach devices, let's format the empty USB or hard drive that wi
1. Go to **Applications menu → Disposable: debian-12-offline-dvm → Disks**. The disposable will have a name with a random number such as disp4653. If Disks does not exist, make the change in the **Settings → Applications** tab. 1. Go to **Applications menu → Disposable: debian-12-offline-dvm → Disks**. The disposable will have a name with a random number such as disp4653. If Disks does not exist, make the change in the **Settings → Applications** tab.
2. The Qubes Devices widget is used to attach a USB drive (or just its partitions) to any qube. Just click on the widget and plug in your USB drive (see the screenshot [above](#how-to-shutdown-qubes)). The new entry will be under "Data (Block) Devices", typically `sys-usb:sda` is the one you want (`sda1` is a partition and would need to be mounted manually). Hover over the entry and attach it to the disposable you just started (in the case of the example above, disp4653). 2. The Qubes Devices widget is used to attach a USB drive (or just its partitions) to any qube. Just click on the widget and plug in your USB drive (see the screenshot [above](/posts/qubes/#how-to-shutdown-qubes)). The new entry will be under "Data (Block) Devices", typically `sys-usb:sda` is the one you want (`sda1` is a partition and would need to be mounted manually). Hover over the entry and attach it to the disposable you just started (in the case of the example above, disp4653).
3. The empty USB or hard drive should now appear in the Disks application. Format the empty device, and then create a new encrypted partition [as you would in Tails](/posts/tails/#how-to-create-an-encrypted-usb). You can use the same LUKS password for the backup that you use for your Qubes OS LUKS because you will need to memorize it to restore from backup and it will contain the same data. 3. The empty USB or hard drive should now appear in the Disks application. Format the empty device, and then create a new encrypted partition [as you would in Tails](/posts/tails/#how-to-create-an-encrypted-usb). You can use the same LUKS password for the backup that you use for your Qubes OS LUKS because you will need to memorize it to restore from backup and it will contain the same data.
@ -295,7 +295,7 @@ Webcams and microphones are considered devices and must be attached to an App qu
There are command line instructions for setting up an [external keyboard](https://www.qubes-os.org/doc/usb-qubes/#manual-setup-for-usb-keyboards) or [mouse](https://www.qubes-os.org/doc/usb-qubes/#usb-mice) — we recommend configuring a confirmation prompt. We also recommend enabling a USB keyboard [on a dedicated USB controller](https://www.qubes-os.org/doc/usb-qubes/#qubes-41-how-to-enable-a-usb-keyboard-on-a-separate-usb-controller). There are command line instructions for setting up an [external keyboard](https://www.qubes-os.org/doc/usb-qubes/#manual-setup-for-usb-keyboards) or [mouse](https://www.qubes-os.org/doc/usb-qubes/#usb-mice) — we recommend configuring a confirmation prompt. We also recommend enabling a USB keyboard [on a dedicated USB controller](https://www.qubes-os.org/doc/usb-qubes/#qubes-41-how-to-enable-a-usb-keyboard-on-a-separate-usb-controller).
You don't always need to attach a USB drive to another qube with the Qubes Devices widget — external devices are also accessible directly from sys-usb, through the File Manager. You can [copy specific files](#how-to-copy-and-move-files) between the USB and another App qube without having to attach the USB controller to the App qube. After the USB is ejected, restart sys-usb to take advantage of it being disposable. You don't always need to attach a USB drive to another qube with the Qubes Devices widget — external devices are also accessible directly from sys-usb, through the File Manager. You can [copy specific files](/posts/qubes/#how-to-copy-and-move-files) between the USB and another App qube without having to attach the USB controller to the App qube. After the USB is ejected, restart sys-usb to take advantage of it being disposable.
# How to Backup # How to Backup
@ -307,7 +307,7 @@ Adapted from the [docs](https://www.qubes-os.org/doc/how-to-back-up-restore-and-
> >
>2. Move the VMs that you want to back up to the right-hand Selected column. VMs in the left-hand Available column will not be backed up. You may choose whether to compress backups by checking or unchecking the Compress the backup box. Compressed backups will be smaller but take more time to create. Once you have selected all desired VMs, click Next. >2. Move the VMs that you want to back up to the right-hand Selected column. VMs in the left-hand Available column will not be backed up. You may choose whether to compress backups by checking or unchecking the Compress the backup box. Compressed backups will be smaller but take more time to create. Once you have selected all desired VMs, click Next.
> >
>3. Go to **Applications menu → Disposable: debian-12-offline-dvm → Files** to start a file manager in an offline disposable. Plug in the LUKS USB or hard drive you will be saving your backup to and attach it to the qube ([see above for instructions on creating and attaching this drive](#how-to-use-devices-like-usbs)). The drive should now be displayed at **Other Locations** in the file manager. Mount the LUKS partition by entering your password. Create a new directory in the LUKS partition called `backups`. >3. Go to **Applications menu → Disposable: debian-12-offline-dvm → Files** to start a file manager in an offline disposable. Plug in the LUKS USB or hard drive you will be saving your backup to and attach it to the qube ([see above for instructions on creating and attaching this drive](/posts/qubes/#how-to-use-devices-like-usbs)). The drive should now be displayed at **Other Locations** in the file manager. Mount the LUKS partition by entering your password. Create a new directory in the LUKS partition called `backups`.
> >
>4. In Backup Qubes, select the destination for the backup: >4. In Backup Qubes, select the destination for the backup:
>* **Target qube**: select the disposable, named something like disp1217. >* **Target qube**: select the disposable, named something like disp1217.
@ -322,7 +322,7 @@ The Whonix project has its own [extensive documentation](https://www.whonix.org/
[Multiple default applications](https://www.whonix.org/wiki/Stream_Isolation#List) on a Whonix-Workstation App qube are configured to use unique circuits of the [Tor network](/glossary#tor-network) so that their activity cannot be correlated — this is called [stream isolation](https://www.whonix.org/wiki/Stream_Isolation). [Multiple default applications](https://www.whonix.org/wiki/Stream_Isolation#List) on a Whonix-Workstation App qube are configured to use unique circuits of the [Tor network](/glossary#tor-network) so that their activity cannot be correlated — this is called [stream isolation](https://www.whonix.org/wiki/Stream_Isolation).
To take advantage of compartmentalization, create separate Whonix-Workstation App qubes for distinct activities/identities, as we did [above](#creating-qubes) for the Project-monero qube. Distinct Whonix-Workstation App qubes are automatically stream isolated. Note that it is considered best practice not to use [multiple Whonix-Workstation App qubes](https://www.whonix.org/wiki/Multiple_Whonix-Workstation#Safety_Precautions) at the same time: To take advantage of compartmentalization, create separate Whonix-Workstation App qubes for distinct activities/identities, as we did [above](/posts/qubes/#creating-qubes) for the Project-monero qube. Distinct Whonix-Workstation App qubes are automatically stream isolated. Note that it is considered best practice not to use [multiple Whonix-Workstation App qubes](https://www.whonix.org/wiki/Multiple_Whonix-Workstation#Safety_Precautions) at the same time:
> While multiple Whonix-Workstation are recommended, this is not an endorsement for using them simultaneously! It is safest to only use one Whonix-Workstation at a time and for a single activity. New risks are introduced by running multiple Whonix-Workstation at the same time. For instance, if a single Whonix-Workstation was compromised, it could potentially perform various side channel attacks to learn about running processes in other VMs, and not all of these can be defeated. Depending on user activities, a skilled adversary might be able to correlate multiple Whonix-Workstations to the same pseudonym. > While multiple Whonix-Workstation are recommended, this is not an endorsement for using them simultaneously! It is safest to only use one Whonix-Workstation at a time and for a single activity. New risks are introduced by running multiple Whonix-Workstation at the same time. For instance, if a single Whonix-Workstation was compromised, it could potentially perform various side channel attacks to learn about running processes in other VMs, and not all of these can be defeated. Depending on user activities, a skilled adversary might be able to correlate multiple Whonix-Workstations to the same pseudonym.
@ -362,7 +362,7 @@ Configuring Qubes OS is much more flexible than configuring Tails, but most of t
* To mitigate physical attacks on the computer, buy a dedicated laptop from a refurbished store, make the laptop screws [tamper-evident, and use tamper-evident storage](/posts/tamper/). * To mitigate physical attacks on the computer, buy a dedicated laptop from a refurbished store, make the laptop screws [tamper-evident, and use tamper-evident storage](/posts/tamper/).
* To mitigate remote attacks on the computer, you can use anonymous Wi-Fi. You can also replace the BIOS with [HEADS](/posts/tails-best/#to-mitigate-against-remote-attacks), though this is advanced. Unlike for Tails, it's not possible to remove the hard drive because it is used by the operating system. Qubes OS already isolates the Bluetooth interface, camera, and microphone. USBs with secure firmware are less important thanks to the isolation provided by sys-usb, and a USB with a physical write-protect switch is unnecessary because the operating system files are stored on the hard drive (and App qubes don't have write access to their templates). * To mitigate remote attacks on the computer, you can use anonymous Wi-Fi. You can also replace the BIOS with [HEADS](/posts/tails-best/#to-mitigate-against-remote-attacks), though this is advanced. Unlike for Tails, it's not possible to remove the hard drive because it is used by the operating system. Qubes OS already isolates the Bluetooth interface, camera, and microphone. USBs with secure firmware are less important thanks to the isolation provided by sys-usb, and a USB with a physical write-protect switch is unnecessary because the operating system files are stored on the hard drive (and App qubes don't have write access to their templates).
* Encryption * Encryption
* Passwords: [See above](#password-management) * Passwords: [See above](/posts/qubes/#password-management)
* Encrypted containers: Gocryptfs works the same way, and is useful for a second layer of defense. * Encrypted containers: Gocryptfs works the same way, and is useful for a second layer of defense.
* Encrypted communication: Use [Cwtch](https://cwtch.im/). See [Encrypted Messaging for Anarchists](/posts/e2ee/). * Encrypted communication: Use [Cwtch](https://cwtch.im/). See [Encrypted Messaging for Anarchists](/posts/e2ee/).
* Phishing awareness * Phishing awareness
@ -372,7 +372,7 @@ Configuring Qubes OS is much more flexible than configuring Tails, but most of t
## Post-installation Decisions ## Post-installation Decisions
During the [post-installation of Qubes OS](#getting-started), you have the option to install only Debian or only Fedora Templates (instead of both). You also have the option to use the Debian Template for all sys qubes (the default is Fedora). Our recommendation is to install only Debian Templates and convert them to [Kicksecure](https://www.privacyguides.org/en/os/linux-overview/#kicksecure). This way, every App qube on your system will be either Whonix or Kicksecure — Kicksecure is significantly more [hardened](/glossary#hardening) than either Debian or Fedora. During the [post-installation of Qubes OS](/posts/qubes/#getting-started), you have the option to install only Debian or only Fedora Templates (instead of both). You also have the option to use the Debian Template for all sys qubes (the default is Fedora). Our recommendation is to install only Debian Templates and convert them to [Kicksecure](https://www.privacyguides.org/en/os/linux-overview/#kicksecure). This way, every App qube on your system will be either Whonix or Kicksecure — Kicksecure is significantly more [hardened](/glossary#hardening) than either Debian or Fedora.
Kicksecure is not currently [available as a Template](https://www.kicksecure.com/wiki/Qubes#Template). To get the Kicksecure Template, clone the Debian Template — follow the [Kicksecure docs for distribution morphing on Qubes OS](https://www.kicksecure.com/wiki/Qubes#Distribution_Morphing). App qubes that require Internet access without Tor can now use the Kicksecure template instead of the Debian Template. We recommend using disposable qubes whenever possible when connecting to the Internet. To create a Kicksecure disposable: Kicksecure is not currently [available as a Template](https://www.kicksecure.com/wiki/Qubes#Template). To get the Kicksecure Template, clone the Debian Template — follow the [Kicksecure docs for distribution morphing on Qubes OS](https://www.kicksecure.com/wiki/Qubes#Distribution_Morphing). App qubes that require Internet access without Tor can now use the Kicksecure template instead of the Debian Template. We recommend using disposable qubes whenever possible when connecting to the Internet. To create a Kicksecure disposable:
@ -412,7 +412,7 @@ To address "future not-yet-identified vulnerabilities of this kind" on older har
* sys-usb: Disposable. Run only when needed, and shut down when finished. Restart after using an untrusted USB device. * sys-usb: Disposable. Run only when needed, and shut down when finished. Restart after using an untrusted USB device.
* sys-net: Disposable. Run only when needed, and shut down when finished. Shut down when performing sensitive operations in other qubes, if possible. Restart before compartmentalized activities that require high security. * sys-net: Disposable. Run only when needed, and shut down when finished. Shut down when performing sensitive operations in other qubes, if possible. Restart before compartmentalized activities that require high security.
* [vault qube](#how-to-organize-your-qubes): * [vault qube](/posts/qubes/#how-to-organize-your-qubes):
* Instead of having only one vault qube that stores all files (as described above), you can compartmentalize by having different vault qubes dedicated to specific activities (i.e. `vault-personal`, `vault-project1`, etc.). This means that if a networked qube is compromised while working on project1, [intentional sniffing](https://www.qubes-os.org/doc/data-leaks/) will not have potential access to all files, but only to those files that are compartmentalized for project1. * Instead of having only one vault qube that stores all files (as described above), you can compartmentalize by having different vault qubes dedicated to specific activities (i.e. `vault-personal`, `vault-project1`, etc.). This means that if a networked qube is compromised while working on project1, [intentional sniffing](https://www.qubes-os.org/doc/data-leaks/) will not have potential access to all files, but only to those files that are compartmentalized for project1.
* Configure KeePassXC to lock when it is unused: **Application Settings → Security → Timeouts**, enable **Lock databases after inactivity**. Configure [automatic clipboard wiping](https://www.qubes-os.org/doc/how-to-copy-and-paste-text/#automatic-clipboard-wiping), which is disabled by default. If you need a password when using an untrusted qube: * Configure KeePassXC to lock when it is unused: **Application Settings → Security → Timeouts**, enable **Lock databases after inactivity**. Configure [automatic clipboard wiping](https://www.qubes-os.org/doc/how-to-copy-and-paste-text/#automatic-clipboard-wiping), which is disabled by default. If you need a password when using an untrusted qube:
* "Emergency pause" the untrusted qube(s), * "Emergency pause" the untrusted qube(s),

8
content/posts/tails-best/index.md
View file

@ -41,7 +41,7 @@ You can mitigate this second issue by what's called **"compartmentalization"**:
* [Compartmentalization](https://www.notrace.how/threat-library/mitigations/compartmentalization.html) means keeping different activities or projects separate. If you use Tails sessions for more than one purpose at a time, an adversary could link your different activities together. For example, if you log into different accounts on the same website in a single Tails session, the website could determine that the accounts are being used by the same person. This is because websites can tell when two accounts are using the same Tor circuit. * [Compartmentalization](https://www.notrace.how/threat-library/mitigations/compartmentalization.html) means keeping different activities or projects separate. If you use Tails sessions for more than one purpose at a time, an adversary could link your different activities together. For example, if you log into different accounts on the same website in a single Tails session, the website could determine that the accounts are being used by the same person. This is because websites can tell when two accounts are using the same Tor circuit.
* To prevent an adversary from linking your activities while using Tails, restart Tails between different activities. For example, restart Tails between checking different project emails. * To prevent an adversary from linking your activities while using Tails, restart Tails between different activities. For example, restart Tails between checking different project emails.
* Tails is amnesiac by default, so to save any data from a Tails session, you must save it to a USB. If the files you save could be used to link your activities together, use a different encrypted ([LUKS](/glossary#luks)) USB stick for each activity. For example, use one Tails USB stick for moderating a website and another for researching actions. Tails has a feature called Persistent Storage, but we do not recommend using it for data storage, explained [below](#using-a-write-protect-switch). * Tails is amnesiac by default, so to save any data from a Tails session, you must save it to a USB. If the files you save could be used to link your activities together, use a different encrypted ([LUKS](/glossary#luks)) USB stick for each activity. For example, use one Tails USB stick for moderating a website and another for researching actions. Tails has a feature called Persistent Storage, but we do not recommend using it for data storage, explained [below](/posts/tails-best/#using-a-write-protect-switch).
# Limitations of the [Tor network](/glossary#tor-network) # Limitations of the [Tor network](/glossary#tor-network)
@ -93,7 +93,7 @@ To mitigate the risk of "targeted" correlation attacks:
* If you only need to use the Internet briefly to submit a communique, you can **do [surveillance detection](https://www.notrace.how/threat-library/mitigations/surveillance-detection.html) and [anti-surveillance](https://www.notrace.how/threat-library/mitigations/anti-surveillance.html) before going to a coffee shop**, just like you would prior to a direct action. * If you only need to use the Internet briefly to submit a communique, you can **do [surveillance detection](https://www.notrace.how/threat-library/mitigations/surveillance-detection.html) and [anti-surveillance](https://www.notrace.how/threat-library/mitigations/anti-surveillance.html) before going to a coffee shop**, just like you would prior to a direct action.
* For projects like moderating a website or hacking that require daily Internet access, it is not realistic to find a new Wi-Fi location every day. In that case, the ideal mitigation is to **use a Wi-Fi antenna from indoors** — a physical surveillance effort won't see you entering a cafe, and a digital surveillance effort won't see anything on your home Internet. * For projects like moderating a website or hacking that require daily Internet access, it is not realistic to find a new Wi-Fi location every day. In that case, the ideal mitigation is to **use a Wi-Fi antenna from indoors** — a physical surveillance effort won't see you entering a cafe, and a digital surveillance effort won't see anything on your home Internet.
* If a Wi-Fi antenna is too technical for you, you may even want to **use your home internet** for some projects that require frequent internet access. This contradicts the previous advice to not use your personal Wi-Fi. It's a trade-off: using Tor from home avoids creating a physical footprint that is so easy to observe, at the expense of creating a digital footprint which is more technical to observe, and may be harder to draw meaningful conclusions from (especially if you intentionally [make correlation attacks more difficult](/posts/tails/#make-correlation-attacks-more-difficult)). In our view, the main risk of using your home internet is not that the adversary is able to break Tor through a correlation attack, but that the adversary is able to hack your system, such as through [phishing](#phishing-awareness), which [enables them to bypass Tor](/posts/qubes/#when-to-use-tails-vs-qubes-os). * If a Wi-Fi antenna is too technical for you, you may even want to **use your home internet** for some projects that require frequent internet access. This contradicts the previous advice to not use your personal Wi-Fi. It's a trade-off: using Tor from home avoids creating a physical footprint that is so easy to observe, at the expense of creating a digital footprint which is more technical to observe, and may be harder to draw meaningful conclusions from (especially if you intentionally [make correlation attacks more difficult](/posts/tails/#make-correlation-attacks-more-difficult)). In our view, the main risk of using your home internet is not that the adversary is able to break Tor through a correlation attack, but that the adversary is able to hack your system, such as through [phishing](/posts/tails-best/#phishing-awareness), which [enables them to bypass Tor](/posts/qubes/#when-to-use-tails-vs-qubes-os).
* If you want to submit a report-back the morning after a riot, or a communique shortly after an action (times when there may be a higher risk of targeted surveillance), consider waiting and at least taking surveillance detection and anti-surveillance measures beforehand. In 2010, the morning after a bank arson in Canada, police surveilled a suspect as he traveled from his home to an Internet cafe, and watched him post the communique and then bury the laptop in the woods. More recently, investigators physically surveilling [an anarchist in France](https://www.notrace.how/resources/#quelques-premiers-elements-du-dossier-d-enquete-contre-ivan) installed a hidden camera to monitor access to an Internet cafe near the comrade's home and requested CCTV footage for the day an arson communique was sent. * If you want to submit a report-back the morning after a riot, or a communique shortly after an action (times when there may be a higher risk of targeted surveillance), consider waiting and at least taking surveillance detection and anti-surveillance measures beforehand. In 2010, the morning after a bank arson in Canada, police surveilled a suspect as he traveled from his home to an Internet cafe, and watched him post the communique and then bury the laptop in the woods. More recently, investigators physically surveilling [an anarchist in France](https://www.notrace.how/resources/#quelques-premiers-elements-du-dossier-d-enquete-contre-ivan) installed a hidden camera to monitor access to an Internet cafe near the comrade's home and requested CCTV footage for the day an arson communique was sent.
To summarize: For sensitive and brief Internet activities, use Internet from a random cafe, preceeded by surveillance detection and anti-surveillance. For activities that require frequent internet access such that the random cafe model isn't sustainable, it's best to use a Wi-Fi antenna positioned behind a window to access from a few hundred metres away. If this is too technical for you, using your home Wi-Fi is an option, but requires putting faith in it being difficult to break Tor with a non-targeted correlation attack, and it being difficult to draw meaningful conclusions from your home's Tor traffic through a "targeted" correlation attack. To summarize: For sensitive and brief Internet activities, use Internet from a random cafe, preceeded by surveillance detection and anti-surveillance. For activities that require frequent internet access such that the random cafe model isn't sustainable, it's best to use a Wi-Fi antenna positioned behind a window to access from a few hundred metres away. If this is too technical for you, using your home Wi-Fi is an option, but requires putting faith in it being difficult to break Tor with a non-targeted correlation attack, and it being difficult to draw meaningful conclusions from your home's Tor traffic through a "targeted" correlation attack.
@ -112,7 +112,7 @@ To summarize: For sensitive and brief Internet activities, use Internet from a r
You can mitigate this first issue by **using a computer you trust to install Tails**: You can mitigate this first issue by **using a computer you trust to install Tails**:
* According to our [recommendations](/recommendations/#your-computer), this would ideally be a [Qubes OS](/posts/qubes/) system, as it is much harder to infect than a normal Linux computer. If you have a trusted friend with a Tails USB stick that has been installed with Qubes OS (and who uses these best practices), you could [clone it](/posts/tails/#installation) instead of installing it yourself. * According to our [recommendations](/recommendations/#your-computer), this would ideally be a [Qubes OS](/posts/qubes/) system, as it is much harder to infect than a normal Linux computer. If you have a trusted friend with a Tails USB stick that has been installed with Qubes OS (and who uses these best practices), you could [clone it](/posts/tails/#installation) instead of installing it yourself.
* Use the "Terminal" installation method ["Debian or Ubuntu using the command line and GnuPG"](https://tails.net/install/expert/index.en.html), as it more thoroughly verifies the integrity of the download using [GPG](/glossary/#gnupg-openpgp). If using the [command line](/glossary/#command-line-interface-cli) is over your head, ask a friend to walk you through it. Alternatively, learn the basics of the command line with [Linux Essentials](/posts/linux/) and see the [Appendix](#appendix-gpg-explanation). * Use the "Terminal" installation method ["Debian or Ubuntu using the command line and GnuPG"](https://tails.net/install/expert/index.en.html), as it more thoroughly verifies the integrity of the download using [GPG](/glossary/#gnupg-openpgp). If using the [command line](/glossary/#command-line-interface-cli) is over your head, ask a friend to walk you through it. Alternatively, learn the basics of the command line with [Linux Essentials](/posts/linux/) and see the [Appendix](/posts/tails-best/#appendix-gpg-explanation).
* Once installed, do not plug your Tails USB stick (or any [LUKS](/glossary/#luks) USBs used during Tails sessions) into any other computer while it is running a non-Tails operating system; if the computer is infected, the infection can [spread to the USB](https://en.wikipedia.org/wiki/BadUSB). * Once installed, do not plug your Tails USB stick (or any [LUKS](/glossary/#luks) USBs used during Tails sessions) into any other computer while it is running a non-Tails operating system; if the computer is infected, the infection can [spread to the USB](https://en.wikipedia.org/wiki/BadUSB).
## 2. Running Tails on a computer with a compromised BIOS, firmware, or hardware ## 2. Running Tails on a computer with a compromised BIOS, firmware, or hardware
@ -223,7 +223,7 @@ If you are using Persistent Storage, this is another passphrase that you will ha
[LUKS](/glossary#luks) is great, but defense-in-depth can't hurt. If the police seize your USB in a house raid, they will try a [variety of tactics to bypass the authentication](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), so a second layer of defense with a different encryption implementation can be useful for highly sensitive data. [LUKS](/glossary#luks) is great, but defense-in-depth can't hurt. If the police seize your USB in a house raid, they will try a [variety of tactics to bypass the authentication](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), so a second layer of defense with a different encryption implementation can be useful for highly sensitive data.
[Gocryptfs](https://nuetzlich.net/gocryptfs/) is an encrypted container program that is [available for Debian](https://packages.debian.org/bullseye/gocryptfs) and can be easily installed as [additional software](/posts/tails/#optional-create-and-configure-persistent-storage). If you don't want to reinstall it every session, you will need to [configure Additional Software in Persistent Storage](#using-a-write-protect-switch). [Gocryptfs](https://nuetzlich.net/gocryptfs/) is an encrypted container program that is [available for Debian](https://packages.debian.org/bullseye/gocryptfs) and can be easily installed as [additional software](/posts/tails/#optional-create-and-configure-persistent-storage). If you don't want to reinstall it every session, you will need to [configure Additional Software in Persistent Storage](/posts/tails-best/#using-a-write-protect-switch).
To use gocryptfs, you will need to use Terminal (the [command line](/glossary#command-line-interface-cli)). To use gocryptfs, you will need to use Terminal (the [command line](/glossary#command-line-interface-cli)).

6
content/posts/tails/index.md
View file

@ -164,7 +164,7 @@ A window will pop up asking you to enter a passphrase; see [Tails Best Practices
To use Persistent Storage, you must unlock it on the Welcome Screen. If you want to change the passphrase, see the [documentation](https://tails.net/doc/persistent_storage/passphrase/index.en.html). If you ever forget your passphrase, it's impossible to recover it; you'll have to [delete](https://tails.net/doc/persistent_storage/delete/index.en.html) the Persistent Storage and start over. To use Persistent Storage, you must unlock it on the Welcome Screen. If you want to change the passphrase, see the [documentation](https://tails.net/doc/persistent_storage/passphrase/index.en.html). If you ever forget your passphrase, it's impossible to recover it; you'll have to [delete](https://tails.net/doc/persistent_storage/delete/index.en.html) the Persistent Storage and start over.
In [Tails Best Practices](/posts/tails-best/#using-a-write-protect-switch), we recommend against using Persistent Storage in most cases. Any files that need to be persistent can be stored on a second [LUKS-encrypted USB](#how-to-create-an-encrypted-usb) instead. Most Persistent Storage features do not work well with USBs that have a write-protect switch. In [Tails Best Practices](/posts/tails-best/#using-a-write-protect-switch), we recommend against using Persistent Storage in most cases. Any files that need to be persistent can be stored on a second [LUKS-encrypted USB](/posts/tails/#how-to-create-an-encrypted-usb) instead. Most Persistent Storage features do not work well with USBs that have a write-protect switch.
## Upgrading the Tails USB ## Upgrading the Tails USB
@ -318,7 +318,7 @@ Clicking "Permanently delete" or sending files to the "trash" does not delete da
However, it can take weeks or years before that space is actually used for new files, at which point the old data actually disappears. In the meantime, if you look directly at what is written to the drive, you can find the contents of the files. This is a fairly simple process, automated by many software programs that allow you to "recover" or "restore" data. You can't really delete data, but you can overwrite data, which is a partial solution. However, it can take weeks or years before that space is actually used for new files, at which point the old data actually disappears. In the meantime, if you look directly at what is written to the drive, you can find the contents of the files. This is a fairly simple process, automated by many software programs that allow you to "recover" or "restore" data. You can't really delete data, but you can overwrite data, which is a partial solution.
There are two types of storage: magnetic (HDD) and flash (SSD, NVMe, USB, memory cards, etc.). The only way to erase a file on either is to [reformat the entire drive](#how-to-create-an-encrypted-usb) and select **Overwrite existing data with zeros**. There are two types of storage: magnetic (HDD) and flash (SSD, NVMe, USB, memory cards, etc.). The only way to erase a file on either is to [reformat the entire drive](/posts/tails/#how-to-create-an-encrypted-usb) and select **Overwrite existing data with zeros**.
However, traces of the previously written data may still remain. If you have sensitive documents that you really want to erase, it is best to physically destroy the USB after reformatting it. Fortunately, USBs are cheap and easy to steal. Be sure to reformat the drive before destroying it; destroying a drive is often a partial solution. Data can still be recovered from disk fragments, and burning a drive requires temperatures higher than a normal fire (i.e. thermite) to be effective. However, traces of the previously written data may still remain. If you have sensitive documents that you really want to erase, it is best to physically destroy the USB after reformatting it. Fortunately, USBs are cheap and easy to steal. Be sure to reformat the drive before destroying it; destroying a drive is often a partial solution. Data can still be recovered from disk fragments, and burning a drive requires temperatures higher than a normal fire (i.e. thermite) to be effective.
@ -417,7 +417,7 @@ In some programs, this is normal if the same file is already open. If this isn't
***I can't install Tails on a USB*** ***I can't install Tails on a USB***
Make sure your USB is not [known to have issues](https://tails.net/support/known_issues/index.en.html#problematic-usb-sticks) with Tails. [Format](#how-to-create-an-encrypted-usb) the entire USB and try the installation again. Make sure your USB is not [known to have issues](https://tails.net/support/known_issues/index.en.html#problematic-usb-sticks) with Tails. [Format](/posts/tails/#how-to-create-an-encrypted-usb) the entire USB and try the installation again.
***Is an application slowing down Tails? The screen is glitching?*** ***Is an application slowing down Tails? The screen is glitching?***

8
content/posts/tamper/index.md
View file

@ -47,13 +47,13 @@ For this reason, it is preferable to apply nail polish directly to the screws ra
Glitter nail polish was successfully bypassed during a Tamper Evident Challenge in 2018 — the winner [explained](https://hoodiepony.medium.com/bypassing-the-glitter-nail-polish-tamper-evident-seal-25d6973d617d) how they managed to do it. Notably, a brand of nail polish with relatively large pieces of glitter in only two colors was used. It would be difficult to apply this bypass to inset screw holes; if the glitter was applied with a high density of elements, but not too thick, this would also increase the difficulty. Finally, [using an adhesive](https://dys2p.com/en/2021-12-tamper-evident-protection.html#glitzer-nagellack-mit-klebstoff) would also make the bypass less feasible. Glitter nail polish was successfully bypassed during a Tamper Evident Challenge in 2018 — the winner [explained](https://hoodiepony.medium.com/bypassing-the-glitter-nail-polish-tamper-evident-seal-25d6973d617d) how they managed to do it. Notably, a brand of nail polish with relatively large pieces of glitter in only two colors was used. It would be difficult to apply this bypass to inset screw holes; if the glitter was applied with a high density of elements, but not too thick, this would also increase the difficulty. Finally, [using an adhesive](https://dys2p.com/en/2021-12-tamper-evident-protection.html#glitzer-nagellack-mit-klebstoff) would also make the bypass less feasible.
Verification that the random pattern hasn't changed can be done manually with what astronomers call a "blink comparison". This is used in astronomy to detect small changes in the night sky: you quickly flick between the original photo and the current one, which makes it easier to see any changes. Alternatively, if you have an Android smartphone (either [GrapheneOS](/posts/grapheneos/) or a cheap one for [intrusion detection](#physical-intrusion-detection) that has an inferior camera), you can use an app called [Blink Comparison](https://github.com/proninyaroslav/blink-comparison), which makes it less likely to miss something. It can be installed like any other [app that doesn't require Google Services](/posts/grapheneos/#how-to-install-software), i.e. not through F-Droid. Verification that the random pattern hasn't changed can be done manually with what astronomers call a "blink comparison". This is used in astronomy to detect small changes in the night sky: you quickly flick between the original photo and the current one, which makes it easier to see any changes. Alternatively, if you have an Android smartphone (either [GrapheneOS](/posts/grapheneos/) or a cheap one for [intrusion detection](/posts/tamper/#physical-intrusion-detection) that has an inferior camera), you can use an app called [Blink Comparison](https://github.com/proninyaroslav/blink-comparison), which makes it less likely to miss something. It can be installed like any other [app that doesn't require Google Services](/posts/grapheneos/#how-to-install-software), i.e. not through F-Droid.
The Blink Comparison app encrypts its storage to prevent an adversary from easily replacing the photos, and provides a helpful interface for comparing them. The app helps you take the comparison photo from the same angle and distance as the original photo. Blink Comparison then switches between the two images when you touch the screen, making direct comparison much easier than manually comparing two photos. The Blink Comparison app encrypts its storage to prevent an adversary from easily replacing the photos, and provides a helpful interface for comparing them. The app helps you take the comparison photo from the same angle and distance as the original photo. Blink Comparison then switches between the two images when you touch the screen, making direct comparison much easier than manually comparing two photos.
## Getting Started ## Getting Started
Now that you understand the nuances of applying nail polish to the screws of your laptop case, let's actually do it — if you are going to [install HEADS](#tamper-evident-software-and-firmware), do that first so the nail polish doesn't have to be removed and repeated. Before you start, you can also take a picture of the inside of the laptop in case you ever need to check if the internal components have been tampered with despite the nail polish protection (keep in mind that not all components are visible). Use a nail polish that has different colors and sizes of glitter, like the one shown above. Now that you understand the nuances of applying nail polish to the screws of your laptop case, let's actually do it — if you are going to [install HEADS](/posts/tamper/#tamper-evident-software-and-firmware), do that first so the nail polish doesn't have to be removed and repeated. Before you start, you can also take a picture of the inside of the laptop in case you ever need to check if the internal components have been tampered with despite the nail polish protection (keep in mind that not all components are visible). Use a nail polish that has different colors and sizes of glitter, like the one shown above.
* First, take a photo of the bottom of the computer and use a program like GIMP to number the screws to make it easier to verify. For example, the ThinkPad X230 shown above has 13 screws that need to be numbered so that in the future you know which screw the photo `3.jpg` refers to. * First, take a photo of the bottom of the computer and use a program like GIMP to number the screws to make it easier to verify. For example, the ThinkPad X230 shown above has 13 screws that need to be numbered so that in the future you know which screw the photo `3.jpg` refers to.
* Apply the glitter nail polish directly to each screw, making sure there are enough glitter elements without being too thick. * Apply the glitter nail polish directly to each screw, making sure there are enough glitter elements without being too thick.
@ -63,7 +63,7 @@ If you ever need to remove the nail polish to access the inside of the laptop, y
# Tamper-Evident Storage # Tamper-Evident Storage
Now that you understand the concept, you need a tamper-evident storage solution for all sensitive electronics when you are away from home (laptops, external drives, USBs, phones, external keyboards and mice). Safes are often used to protect valuable items, but they can be bypassed in several ways, and some of these bypasses are difficult to detect (see [below](#appendix-cracking-safes)). It is not trivial or inexpensive to make a safe tamper-evident, if it can be done at all. Now that you understand the concept, you need a tamper-evident storage solution for all sensitive electronics when you are away from home (laptops, external drives, USBs, phones, external keyboards and mice). Safes are often used to protect valuable items, but they can be bypassed in several ways, and some of these bypasses are difficult to detect (see [below](/posts/tamper/#appendix-cracking-safes)). It is not trivial or inexpensive to make a safe tamper-evident, if it can be done at all.
<p> <p>
<span class="is-hidden"> <span class="is-hidden">
@ -82,7 +82,7 @@ A better and cheaper solution is to implement [dys2p's guide](https://dys2p.com/
Several colorful mixtures are described: [red lentils & beluga lentils](https://dys2p.com/en/2021-12-tamper-evident-protection.html#rote-linsen-und-belugalinsen), [yellow peas & white beans](https://dys2p.com/en/2021-12-tamper-evident-protection.html#gelbe-erbsen-und-wei%C3%9Fe-bohnen), etc. For a box that is transparent on all sides and fits a laptop, a small fish tank works well. For longer-term storage, [vacuum seals](https://dys2p.com/en/2021-12-tamper-evident-protection.html#laengerfristige-lagerung-oder-versand) can be used. Several colorful mixtures are described: [red lentils & beluga lentils](https://dys2p.com/en/2021-12-tamper-evident-protection.html#rote-linsen-und-belugalinsen), [yellow peas & white beans](https://dys2p.com/en/2021-12-tamper-evident-protection.html#gelbe-erbsen-und-wei%C3%9Fe-bohnen), etc. For a box that is transparent on all sides and fits a laptop, a small fish tank works well. For longer-term storage, [vacuum seals](https://dys2p.com/en/2021-12-tamper-evident-protection.html#laengerfristige-lagerung-oder-versand) can be used.
This excerpt assumes that we take the cell phone with us, but [as discussed elsewhere](/posts/nophones/#do-you-really-need-a-phone), this has its own security issues and is not recommended. So the smartphone we use to take a picture of the storage will have to stay in the house outside of the storage. [In the next section](#physical-intrusion-detection), we recommend that you get a cheap Android phone that only runs an app called Haven when you are out of the house. This device will stay out of storage anyway, so you can use it to take pictures of the storage. Alternatively, if you don't have a dedicated Haven phone but do have a [GrapheneOS](/posts/grapheneos/) device (or if the Haven phone's camera is too low quality), you can use it to take photos of the storage and then hide it somewhere in your house while you're away. If you don't have a phone, you can use a camera. However, cameras don't have encryption, so it's much easier to modify the photos, and you won't be able to use the Blink Comparison app. This excerpt assumes that we take the cell phone with us, but [as discussed elsewhere](/posts/nophones/#do-you-really-need-a-phone), this has its own security issues and is not recommended. So the smartphone we use to take a picture of the storage will have to stay in the house outside of the storage. [In the next section](/posts/tamper/#physical-intrusion-detection), we recommend that you get a cheap Android phone that only runs an app called Haven when you are out of the house. This device will stay out of storage anyway, so you can use it to take pictures of the storage. Alternatively, if you don't have a dedicated Haven phone but do have a [GrapheneOS](/posts/grapheneos/) device (or if the Haven phone's camera is too low quality), you can use it to take photos of the storage and then hide it somewhere in your house while you're away. If you don't have a phone, you can use a camera. However, cameras don't have encryption, so it's much easier to modify the photos, and you won't be able to use the Blink Comparison app.
<details> <details>
<summary> <summary>