Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-06-09 23:32:56 -04:00
Code Issues Projects Releases Packages Wiki Activity

whonix updates

Browse source
This commit is contained in:
anarsec 2023-07-13 23:20:32 +00:00
parent 849dc2dfb5
commit 6f33bc5e8d
No known key found for this signature in database
5 changed files with 19 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

4
content/glossary/_index.md
View file

@ -103,7 +103,7 @@ Malware (malicious software) is a generic term for software containing unwanted
An example of a man-in-the-middle attack is when Alice communicates with Bob via the Internet, Eve (Eavesdropper) joins the conversation “in the middle” and becomes man-in-the-middle. Eve can modify, insert, replay, or read messages at will. Protective measures are encryption (confidentiality) and checking the authenticity and integrity of all messages. However, one must also ensure that one is communicating with the expected party. You have to verify that you possess the real public key of the respective recipient. For instance, this is what you are doing when verifying the 'Safety Number' of a contact in the Signal encrypted messaging app.
For a more detailed look, check out [Defend Dissent: The Man in the Middle](https://open.oregonstate.education/defenddissent/chapter/the-man-in-the-middle/)
For a more detailed look, check out [Defend Dissent: The Man in the Middle](https://open.oregonstate.education/defenddissent/chapter/the-man-in-the-middle/) and the [Whonix documentation](https://www.whonix.org/wiki/Warning#Man-in-the-middle_Attacks).
### Metadata
@ -209,7 +209,7 @@ For more info, see [the CSRC Threat Library](https://www.csrc.link/threat-librar
Each website visited through the Tor network passes through 3 relays. Relays are servers operated by different people and organizations around the world. A single relay never knows both where the encrypted connection is coming from and where it is going to. An extract of a leaked Top Secret appraisal by the NSA characterized Tor as "the King of high secure, low latency Internet anonymity" with "no contenders for the throne in waiting". The Tor network can be accessed through the Tor Browser on any operating system. The operating system [Tails](/glossary/#tails) forces every program to use the Tor network when accessing the Internet.
For more info, see [our description of Tor](/posts/tails/#tor) and [Privacy Guides](https://www.privacyguides.org/en/advanced/tor-overview/).
For more info, see [our](/posts/tails/#tor) and [Privacy Guides](https://www.privacyguides.org/en/advanced/tor-overview/) description of Tor. To understand the limitations of Tor, see the [Whonix documentation](https://www.whonix.org/wiki/Warning).
### Two-Factor Authentication (2FA)

2
content/posts/grapheneos/index.md
View file

@ -148,7 +148,7 @@ Many [banking apps](https://grapheneos.org/usage#banking-apps) will require Sand
A Wi-Fi only smartphone doesn't require paying a monthly fee for a SIM card. As explained in [Why Anarchists Shouldn't Have Phones](/posts/nophones#bureaucracy), bureaucracies often require a phone number that can be called normally (without encryption). [VoIP](/glossary#voip-voice-over-internet-protocol) applications allow you to create a number and make phone calls over the Internet rather than through cell towers. A phone number is also occasionally required for applications, such as [Signal registration](/posts/e2ee/#signal), and a VoIP number will often work.
Some of the VoIP applications [that work on computers](/posts/nophones#bureaucracy) also work on smartphones; the main advantage is that you will hear it ring even when your computer is off. The [jmp.chat](https://jmp.chat/) VoIP service works well with their client [Cheogram](https://cheogram.com/) and can be paid for in Bitcoin. In addition, there are paid options that are only present on mobile such as MySudo (although it only works in a [handful of countries](https://support.mysudo.com/hc/en-us/articles/360020177133-Why-isn-t-MySudo-working-in-my-country-)). A MySudo subscription can be anonymously purchased with [Google Play gift cards](https://support.google.com/googleplay/answer/3422734), but this is likely unnecessary if the point is to give the number to bureaucracies. MySudo requires Google Play Services.
Some of the VoIP applications [that work on computers](/posts/nophones#bureaucracy) also work on smartphones; the main advantage is that you will hear it ring even when your computer is off. The [jmp.chat](https://www.kicksecure.com/wiki/Mobile_Phone_Security#Phone_Number_Registration_Unlinked_to_SIM_Card) VoIP service works well with their client [Cheogram](https://cheogram.com/) and can be paid for in Bitcoin. In addition, there are paid options that are only present on mobile such as MySudo (although it only works in a [handful of countries](https://support.mysudo.com/hc/en-us/articles/360020177133-Why-isn-t-MySudo-working-in-my-country-)). A MySudo subscription can be anonymously purchased with [Google Play gift cards](https://support.google.com/googleplay/answer/3422734), but this is likely unnecessary if the point is to give the number to bureaucracies. MySudo requires Google Play Services.
# Tor

2
content/posts/nophones/index.md
View file

@ -44,7 +44,7 @@ However, it's best to avoid using phones altogether. If it's only the comrades w
Many bureaucratic organizations make it difficult to not have a phone: healthcare, the post office, banking, etc. Since these communications do not need to be encrypted, you can use a [Voice over Internet Protocol (VoIP)](/glossary#voip-voice-over-internet-protocol) application (which allows you to make phone calls over the Internet rather than through cell towers).
Any VoIP application option on a computer will be asynchronous because it won't ring when the computer is off - you rely on the voicemail feature to return missed calls. For example, a service like [jmp.chat](https://jmp.chat/) gives you a VoIP number that you can optionally pay for in Bitcoin, and you make calls through a XMPP (Jabber) client - [Cheogram](https://cheogram.com/) works well.
Any VoIP application option on a computer will be asynchronous because it won't ring when the computer is off - you rely on the voicemail feature to return missed calls. For example, a service like [jmp.chat](https://www.kicksecure.com/wiki/Mobile_Phone_Security#Phone_Number_Registration_Unlinked_to_SIM_Card) gives you a VoIP number that you can optionally pay for in Bitcoin, and you make calls through a XMPP (Jabber) client - [Cheogram](https://cheogram.com/) works well.
Although typically more expensive then VoIP, a flip phone or landline also works well for making and receiving 'normal life' calls if you aren't going to be using it to speak with anarchists, and, in the case of the flip phone, leaving it at home. These have the advantage that you don't need a computer to be on to hear it ring.

22
content/posts/qubes/index.md
View file

@ -190,7 +190,11 @@ How the App qubes will be organized, without displaying service qubes or Templat
* **A vault qube**. This will be used for all data storage, because a qube that doesn't need networking shouldn't have it. This qube can be reassigned to the `debian-11-documents` Template so that trusted files can be opened there.
* **A disposable Whonix qube**. The default `whonix-ws-16-dvm` qube is disposable (noted by the "dvm" naming, meaning disposable virtual machine). You can think of it as similar to Tails: system-wide Tor, and erasure after shutdown (without the anti-forensics property, as noted above). All Whonix App qubes use the `whonix-ws` (workstation) Template and only the `sys-whonix` qube uses the `whonix-gw` (gateway) Template.
* **A disposable Whonix-Workstation qube (`whonix-ws-16-dvm`)**.
* [Remember](#general-usage) - Whonix works by using the Whonix-Workstation Template (`whonix-ws-16`) for the App qube and the Whonix-Gateway Template (`whonix-gw-16`) for a separate Service qube named `sys-whonix` (not shown in this diagram). Unless you are an advanced user, you should never be touching the Whonix-Gateway - all of your activity happens in Whonix-Workstation. When an App qube is disposable, the naming convention is to append `-dvm` for *disposable virtual machine*.
* Disposables display in a way that may be confusing in the Qubes **Applications menu**. You will see two entries for this qube: the **Disposable: whonix-ws-16-dvm** entry which is where you launch applications from, and the **Template (disp): whonix-ws-16-dvm** entry which is the Template for the disposable (do not use applications from here).
* You can think of a disposable Whonix-Workstation qube as similar to Tails: system-wide Tor, and erasure after shutdown (without the anti-forensics property, as noted above).
* Do not customize the disposable Template at all, in order to resist fingerprinting.
* **A disposable Debian or Fedora qube**. The default `debian/fedora-dvm` qube (depending on your post-installation decision) is disposable, and is great for web browsing that blocks Tor, such as logging into online banking.
@ -204,7 +208,8 @@ It's possible to just use the system as it is now, but let's show you how to cre
* **Type**: AppVM
* **Template**: whonix-ws-16
* **Networking**: sys-whonix
* The official Monero wallet is natively included in whonix-ws. Now that the qube exists, in the **Settings → Applications** tab, bring Monero Wallet into the Selected column, and press **OK**. The shortcut will now appear in the Applications Menu.
* Now that the qube exists, [install the Monero wallet in the App qube](https://www.kicksecure.com/wiki/Monero#c-kicksecure-for-qubes-app-qube). Then in the **Settings → Applications** tab, bring Monero Wallet into the Selected column, and press **OK**. The shortcut will now appear in the Applications Menu.
* This App qube is not made disposable - our preference is that all networked qubes are disposable, but a straight-forward set up requires that data persists for the wallet to function properly.
* **An offline disposable qube**. Right now both disposables have networking (with and without Tor). Finally, we will demonstrate how to create a disposable without networking for opening untrusted files (like PDFs and LibreOffice documents). Again, go to **Applications menu → Qubes Tools → Create Qubes VM**
* **Name**: debian-11-offline-dvm
@ -222,6 +227,7 @@ It's possible to just use the system as it is now, but let's show you how to cre
* **Split-ssh**: SSH keys live in an offline qube and their access is tightly controlled
* **Mullvad-vpn**: A [VPN](/glossary/#vpn-virtual-private-network) qube using the WireGuard protocol (via Mullvad). Mullvad is one of the only reputable VPN companies - they accept cryptocurrency, and also sell [voucher cards](https://mullvad.net/en/blog/2022/9/16/mullvads-physical-voucher-cards-are-now-available-in-11-countries-on-amazon/).
* **sys-vpn**: A VPN qube using the OpenVPN protocol
* **split-xmr**: The monero wallet lives in an offline qube and its access is tightly controlled.
If you want your qubes that are not using Tor to be forced through a VPN, this is the easiest way to set that up.
@ -292,16 +298,16 @@ Adapted from the [docs](https://www.qubes-os.org/doc/how-to-back-up-restore-and-
The Whonix project has their own [extensive documentation](https://www.whonix.org/wiki/Documentation). So does [Kicksecure](https://www.kicksecure.com/wiki/Documentation), which Whonix is based upon. When Whonix is used in Qubes OS it is sometimes referred to as Qubes-Whonix. Whonix can be used on other operating systems as well, but it's preferable to use it on Qubes OS due to the superior isolation it provides.
Different applications on a Whonix App qube are configured to use unique circuits of the [Tor network](/glossary#tor-network) so that their activity cannot be correlated - this is called [Stream Isolation](https://www.whonix.org/wiki/Stream_Isolation).
[Several default applications](https://www.whonix.org/wiki/Stream_Isolation#List) on a Whonix-Workstation App qube are configured to use unique circuits of the [Tor network](/glossary#tor-network) so that their activity cannot be correlated - this is called [Stream Isolation](https://www.whonix.org/wiki/Stream_Isolation).
Note that [multiple Whonix App qubes](https://www.whonix.org/wiki/Multiple_Whonix-Workstation#Safety_Precautions) should not be used simultaneously:
To take advantage of compartmentalization, create distinct Whonix-Workstation App qubes for distinct activities/identities, like we did [above](#creating-qubes) for the Project-monero qube. Distinct Whonix-Workstation App qubes are automatically stream isolated. Note that it is considered best practice to not use [multiple Whonix-Workstation App qubes](https://www.whonix.org/wiki/Multiple_Whonix-Workstation#Safety_Precautions) simultaneously:
> It is safest to only use one Whonix-Workstation at a time and for a single activity. New risks are introduced by running multiple Whonix-Workstation at the same time. For instance, if a single Whonix-Workstation was compromised, it could potentially perform various side channel attacks to learn about running processes in other VMs, and not all of these can be defeated. Depending on user activities, a skilled adversary might be able to correlate multiple Whonix-Workstations to the same pseudonym.
Also worth noting is that "for those who regularly download Internet files, Tor Browser's default download folder is inconvenient." Follow the [docs](https://www.whonix.org/wiki/Tor_Browser#Navigating_Tor_Browser_Downloads) to change the default in the `whonix-ws` (workstation) Template.
> While multiple Whonix-Workstation are recommended, this is not an endorsement for using them simultaneously! It is safest to only use one Whonix-Workstation at a time and for a single activity. New risks are introduced by running multiple Whonix-Workstation at the same time. For instance, if a single Whonix-Workstation was compromised, it could potentially perform various side channel attacks to learn about running processes in other VMs, and not all of these can be defeated. Depending on user activities, a skilled adversary might be able to correlate multiple Whonix-Workstations to the same pseudonym.
Tor Browser can't upload files from `/home/user/QubesIncoming/` due to how permissions are set, so move files somewhere in `/home/user/` to upload them, such as the Downloads directory.
Occasionally, a new version of Tor Browser will be available before it can be updated through the Qubes Update tool. If this is the case, you can [run **Tor Browser Downloader**](https://www.whonix.org/wiki/Tor_Browser#Installation_Process) from the Whonix-Workstation Template (`whonix-ws-16`). As the [docs](https://www.whonix.org/wiki/Tor_Browser#Summary) specify, do NOT run this tool from within a disposable Template - the disposable Template will be automatically updated.
# Password Management
Passwords should be managed with KeePassXC from the `vault` App qube. If unfamiliar with KeePassXC, you can learn about it in [Tails for Anarchists](/posts/tails/#password-manager-keepassxc). This leaves three passwords that must be memorized:
@ -338,7 +344,7 @@ There is a lot more flexibility in how you configure Qubes OS than Tails, but mo
* Phishing awareness
* This is where Qubes OS really shines. Awareness is no longer your only defence - the design of Qubes OS protects against [phishing](/glossary/#phishing) attacks.
* Open attachments in a qube that is disposable and offline.
* Open links in a Whonix qube that is disposable.
* Open links in a Whonix-Workstation qube that is disposable.
## Post-installation Decisions

2
content/posts/tails-best/index.md
View file

@ -74,7 +74,7 @@ This second issue is mitigated by **not using an Internet connection that could
* Do not make a routine by using the same cafes repeatedly, if it can be avoided.
* If you need to buy a coffee to get the Wi-Fi password, pay in cash!
* Position yourself with your back against a wall so that nobody can 'shoulder surf' you to see your screen, and ideally install a privacy screen on the laptop.
* Maintain situational awareness, and be ready to pull out the Tails USB and power down the computer at a moment's notice. An individual responsible for a darknet marketplace had his Tails computer seized while distracted by a fake fight beside him. Similar tactics have been employed [in other police operations](https://dys2p.com/en/2023-05-luks-security.html#attacks). If his Tails USB had been attached to a belt by a short length of fishing line, the feds would have very likely lost all evidence when the Tails USB was yanked out - a more technical equivalent is [BusKill](https://docs.buskill.in/buskill-app/en/stable/introduction/what.html) (we don't recommend buying it through mail, which can be intercepted to make hardware [malicious](https://en.wikipedia.org/wiki/BadUSB)). You can also remove the laptop battery so that if the power cable is removed, the laptop immediately powers off. The Tails USB being removed will cause the screen to freeze on whatever was up last, and powering down the laptop will cause any LUKS USBs to be encrypted once [the RAM dissipates](https://www.kicksecure.com/wiki/Cold_Boot_Attack_Defense). If maintaining situational awareness feels unrealistic, consider asking a trusted friend to hang out who can dedicate themselves to this.
* Maintain situational awareness, and be ready to pull out the Tails USB and power down the computer at a moment's notice. An individual responsible for a darknet marketplace had his Tails computer seized while distracted by a fake fight beside him. Similar tactics have been employed [in other police operations](https://dys2p.com/en/2023-05-luks-security.html#attacks). If his Tails USB had been attached to a belt by a short length of fishing line, the feds would have very likely lost all evidence when the Tails USB was yanked out - note that [Tails warns](https://tails.boum.org/doc/first_steps/shutdown/index.en.html) "Only physically remove the USB stick in case of emergency as doing so can sometimes break the file system of the Persistent Storage." A more technical equivalent is [BusKill](https://docs.buskill.in/buskill-app/en/stable/introduction/what.html) - we don't recommend buying it through mail, which can be [intercepted](https://docs.buskill.in/buskill-app/en/stable/faq.html#q-what-about-interdiction) to make hardware [malicious](https://en.wikipedia.org/wiki/BadUSB)). The Tails USB being removed will shut down Tails and [overwrite the RAM with random data](https://tails.boum.org/doc/advanced_topics/cold_boot_attacks/index.en.html). Any LUKS USBs that were being used will now again be encrypted. If maintaining situational awareness feels unrealistic, consider asking a trusted friend to hang out who can dedicate themselves to this.
* If cafes without CCTV cameras are few and far between, you can try to access the Wi-Fi of a cafe from outdoors, outside of the view of their cameras. Some external Wi-Fi adapters will be able to catch signals that are further away, as discussed [below](#appendix-2-location-location-location).
* If a determined adversary breaks Tor through a [correlation attack](https://anonymousplanet.org/guide.html#your-anonymized-torvpn-traffic), the Internet address you had used in a cafe without CCTV cameras will only lead to your general area (for example, your city) because it is not associated with you, provided that you don't use it routinely. A correlation attack being used to deanonymize a Tor user is unprecedented in current evidence that has been used in court, though [it has been used](https://medium.com/beyond-install-tor-signal/case-file-jeremy-hammond-514facc780b8) as supporting evidence once a suspect was already identified to correlate with. Correlation attacks are even less feasible against connections to an .onion address, because you never exit the Tor network, so there is no 'end' to correlate with.
* However, a more likely low-tech 'correlation attack' is possible by local law enforcement, starting from your identity rather than starting from your anonymous Internet activity, if you are already in their sights and a target of [physical surveillance](https://www.csrc.link/threat-library/techniques/physical-surveillance/covert.html). For example, if a surveillance operation notices that you go to a cafe regularly, and an anarchist website is always updated in those time windows, this pattern can indicate that you are moderating that website. Perhaps an undercover can even get a glance at your screen.