Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-07-25 15:45:48 -04:00
Code Issues Projects Releases Packages Wiki Activity

fix .onion img src

Browse source
This commit is contained in:
anarsec 2024-04-14 22:16:58 +00:00
parent ec6fb8110b
commit 7e7fbd3bc1
No known key found for this signature in database
8 changed files with 54 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

20
content/posts/tails-best/index.md
View file

@ -22,7 +22,7 @@ Let's start by looking at the three topics covered on the [Tails Warnings page](
# Protecting your identity when using Tails
![](identity.png)
![](/posts/tails-best/identity.png)
> Tails is designed to hide your identity. But some of your activities could reveal your identity:
>
@ -45,7 +45,7 @@ You can mitigate this second issue by what's called **"compartmentalization"**:
# Limitations of the [Tor network](/glossary#tor-network)
![](tor.png)
![](/posts/tails-best/tor.png)
> Tails uses the Tor network because it is the strongest and most popular network to protect from surveillance and censorship. But Tor has limitations if you are concerned about:
>
@ -100,7 +100,7 @@ To summarize: For sensitive and brief Internet activities, use Internet from a r
# Reducing risks when using untrusted computers
![](warning_compromisedpc.png)
![](/posts/tails-best/warning_compromisedpc.png)
> Tails can safely run on a computer that has a virus. But Tails cannot always protect you when:
>
@ -133,9 +133,9 @@ Our adversaries have two attack vectors to compromise BIOS, firmware, hardware,
<p>
<span class="is-hidden">
![](X230.jpg)
![](/posts/tails-best/X230.jpg)
</span>
<img src="X230.jpg" class="no-dark">
<img src="/posts/tails-best/X230.jpg" class="no-dark">
</p>
* **Make the laptop's screws tamper-evident, store it in a tamper-evident manner, and monitor for break-ins**. With these precautions in place, you'll be able to detect any future physical attacks. See the [Make Your Electronics Tamper-Evident](/posts/tamper/) tutorial to adapt your laptop's screws, use some form of intrusion detection, and store your laptop so you'll know if it's been physically accessed. Store any external devices youll be using with the laptop in the same way (USB, external hard drive, mouse, keyboard). When physical attack vectors are mitigated, an adversary can only use remote attacks.
@ -150,7 +150,7 @@ Our adversaries have two attack vectors to compromise BIOS, firmware, hardware,
* **Use USBs with secure firmware**, such as the [Kanguru FlashTrust](https://www.kanguru.com/products/kanguru-flashtrust-secure-firmware-usb-3-0-flash-drive), so that the USB will [stop working](https://www.kanguru.com/blogs/gurublog/15235873-prevent-badusb-usb-firmware-protection-from-kanguru) if the firmware is compromised. Kanguru has [retailers worldwide](https://www.kanguru.com/pages/where-to-buy), allowing you to buy them in person to avoid the risk of mail interception.
![](flashtrust.webp)
![](/posts/tails-best/flashtrust.webp)
* **Use a USB with a physical write-protect switch**.
@ -173,7 +173,7 @@ On a USB with a write-protect switch, you will not be able to make any changes t
Where can we store personal data for use between Tails sessions if the write-protect switch prevents us from using Persistent Storage? We recommend storing personal data on a second LUKS USB. This "personal data" USB should not look identical to your Tails USB to avoid confusion. To create this separate USB, see [How to create an encrypted USB](/posts/tails/#how-to-create-an-encrypted-usb). If you are reading this from a country like the UK, where not providing encryption passwords can land you in jail, this second drive should be an HDD containing a [Veracrypt Hidden Volume](https://www.veracrypt.fr/en/Hidden%20Volume.html) (SSD and USB drives are [not suitable for Hidden Volumes](https://www.veracrypt.fr/en/Trim%20Operation.html)).
![](luks.png)
![](/posts/tails-best/luks.png)
Compartmentalization is an approach that neatly separates different identities by using separate Tails sessions for separate activities - in Tails session #1 you do activities related to moderating a website, and in Tails session #2 you do activities related to researching for an action. This approach also comes into play with your "personal data" USBs. If the files you save could be used to link your activities together, use a different "personal data" USB for each activity. For a "personal data" USB that stores very sensitive files (such as the text of a communique), it is best to reformat and then destroy the USB once you no longer need the files (see [Really delete data from a USB drive](/posts/tails/#really-delete-data-from-a-usb)). This is another reason to use a separate USB for any files that need to be saved - you don't accumulate the forensic history of all your files on your Tails Persistent Storage, and you can easily destroy USBs as needed.
@ -198,7 +198,7 @@ Never reuse a password/passphrase for multiple things ("password recycling") - K
Password strength is measured in "[bits of entropy](https://en.wikipedia.org/wiki/Password_strength#Entropy_as_a_measure_of_password_strength)". Your passwords/passphrases should ideally have an entropy of about 128 bits (diceware passphrases of **ten words**, or passwords of **21 random characters**, including uppercase, lowercase, numbers, and symbols) and shouldn't have less than 90 bits of entropy (seven words).
![](passphrase.png)
![](/posts/tails-best/passphrase.png)
What is a diceware passphrase? As [Privacy Guides notes](https://www.privacyguides.org/en/basics/passwords-overview/#diceware-passphrases), "Diceware passphrases are a great option when you need to memorize or manually input your credentials, such as for your password manager's master password or your device's encryption password. An example of a diceware passphrase is `viewable fastness reluctant squishy seventeen shown pencil`." The Password Generator feature in KeePassXC can generate diceware passphrases and random passwords. If you prefer to generate diceware passphrases using real dice, see [Privacy Guides](https://www.privacyguides.org/en/basics/passwords-overview/#diceware-passphrases).
@ -283,7 +283,7 @@ Your information can only be protected **by your behavior**—phishing awareness
Investigate untrusted links before you click by **manually copying and pasting the address into your browser**—do not click through a hyperlink as the text can be used to mislead you about where you are going. **Never follow a shortened link** (e.g. a site like bit.ly that takes long web addresses and makes a short one) because it cannot be verified before redirection. [Unshorten.me](https://unshorten.me/) can reveal shortened links.
![](duckduck.cleaned.png)
![](/posts/tails-best/duckduck.cleaned.png)
Also, **dont follow links to domains you don't recognize**. When in doubt, search for the domain with the domain name in quotation marks using a privacy-preserving search engine (such as DuckDuckGo) to see if its a legitimate website. This isnt a surefire solution, but its a good precaution to take.
@ -312,7 +312,7 @@ GPG is a classic example of [public-key cryptography](/glossary/#public-key-cryp
Now you need to understand the basics of public-key cryptography. [This Computerphile video](https://invidious.sethforprivacy.com/watch?v=GSIDS_lvRv4) has a great overview with visual aids. To summarize, a **secret/private** key is used to **sign** messages, and only the user who has that key can do so. Each **private** key has a corresponding **public** key - this is called a **key pair**. The public key is shared with everyone and is used to verify the signature. Confused? Watch the video!
![](signature.png)
![](/posts/tails-best/signature.png)
Tails signs their releases, and only they can do this because only they have their private key. However, I can verify that this signature is valid by having a copy of their public key. Now let's go through the [Tails verification instructions](https://tails.net/install/expert/index.en.html).