Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-06-08 23:02:55 -04:00
Code Issues Projects Releases Packages Wiki Activity

fix .onion img src

Browse source
This commit is contained in:
anarsec 2024-04-14 22:16:58 +00:00
parent ec6fb8110b
commit 7e7fbd3bc1
No known key found for this signature in database
8 changed files with 54 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

8
content/posts/e2ee/index.md
View file

@ -39,7 +39,7 @@ The following recommendations for encrypted messaging are listed in order of hig
# Cwtch
![](cwtch.png)
![](/posts/e2ee/cwtch.png)
* **Mediums**: Text
* **Metadata protection**: Yes (strong)
@ -151,7 +151,7 @@ Cwtch on Whonix does not guarantee Tor [Stream Isolation](/posts/qubes/#whonix-a
# SimpleX Chat
![](network.png)
![](/posts/e2ee/network.png)
* **Mediums**: Video call, voice call, text
* **Metadata protection**: Yes (strong)
@ -249,7 +249,7 @@ SimpleX Chat on Whonix does not guarantee Tor [Stream Isolation](/posts/qubes/#w
# Signal
![](signal.jpg)
![](/posts/e2ee/signal.jpg)
* **Mediums**: Video call, voice call, text
* **Metadata protection**: Yes (Moderate)
@ -352,7 +352,7 @@ https_proxy = 127.0.0.1:8082
# PGP Email
![](pgp.webp)
![](/posts/e2ee/pgp.webp)
* **Mediums**: Text
* **Metadata protection**: No

2
content/posts/linux/index.md
View file

@ -38,7 +38,7 @@ Part of the learning curve for Linux is figuring out which open-source software
# The Command Line Interface
![](cli.png)
![](/posts/linux/cli.png)
The dreaded [command line](/glossary/#command-line-interface-cli)! What even is it? You are used to interacting with applications through a **Graphical User Interface (GUI)**, which means pointing and clicking with your mouse. Some applications can also be interacted with through a **Command Line Interface (CLI)**, which is textual. Many applications are available in both CLI and GUI versions. In a nutshell, the GUI is just a graphical depiction of the same things that you would do in the Command Line (CLI), designed to make it easier and more intuitive to navigate your computer.

20
content/posts/qubes/index.md
View file

@ -31,13 +31,13 @@ Qubes OS is not quite another version of Linux. Rather, it is based on many "[vi
What is a virtual machine? [Virtualization](/glossary/#virtualization) is the process of running a virtual computer *inside* your computer. The virtual machine thinks it's a computer running on real hardware, but it's actually running on abstracted hardware (software that mimics hardware). Qubes OS uses a special program called a hypervisor to manage and run many of these virtual machines simultaneously, on the same physical computer. To simplify things, virtual machines are referred to as qubes. Different operating systems such as Debian, Whonix, Fedora, Windows, etc. can all run together at the same time in their own qubes. The hypervisor strongly isolates each of the qubes from one another.
![](r4.0-xfce.png)
![](/posts/qubes/r4.0-xfce.png)
At the risk of overwhelming you, here is an overview of how Qubes OS is structured. You don't need to memorize any of this to actually use Qubes OS, but it may be helpful to understand the outline of the system before you get started. Each rectangle represents a qube (i.e. a virtual machine). Let's break it down.
## General Usage
![](qubes-general.png)
![](/posts/qubes/qubes-general.png)
Ignore the greyed-out parts of the diagram for now. Daily use of Qubes OS primarily involves interaction with two components:
@ -53,7 +53,7 @@ A Disposable qube is a type of App qube that self-destructs when its originating
## Management Qubes
![](qubes-arch.png)
![](/posts/qubes/qubes-arch.png)
Two more components are needed to complete the Qubes OS system:
@ -140,20 +140,20 @@ There is a special tool for moving files and directories (folders) between qubes
From the [docs](https://www.qubes-os.org/doc/how-to-copy-and-move-files/):
>1. Open a file manager in the qube containing the file you wish to copy (the source qube), right-click on the file you wish to copy or move, and select **Copy to Other AppVM**... or **Move to Other AppVM**....
![](copy-to.png)
![](/posts/qubes/copy-to.png)
>2. A dialog box will appear in dom0 asking for the name of the target qube (qube B). Enter or select the desired destination qube name.
![](dom0.png)
![](/posts/qubes/dom0.png)
>3. If the target qube is not already running, it will be started automatically, and the file will be copied there. It will show up in this directory (which will automatically be created if it does not already exist): `/home/user/QubesIncoming/<source_qube>/<filename>`. If you selected Move rather than Copy, the original file in the source qube will be deleted. (Moving a file is equivalent to copying the file, then deleting the original.)
>
>4. If you wish, you may now move the file in the target qube to a different directory and delete the `/home/user/QubesIncoming/` directory when no longer needed.
# How to Shutdown Qubes
![](r4.1-widgets.png)
![](/posts/qubes/r4.1-widgets.png)
Click on the Domains widget to see which Qubes are currently running and how much memory (RAM) and processing power (CPU) they are using. Each qube uses memory, so when you are done with a qube, you should shut it down to free up the memory it is using. Closing windows isn't enough - you need to shut down the qube when you're done with it.
![](shutdown.png)
![](/posts/qubes/shutdown.png)
# How to Install Software
@ -186,7 +186,7 @@ To install new software, as described in the [docs](https://www.qubes-os.org/doc
>
>6. (Recommended) In the relevant qubes **Settings → Applications** tab, select the new application(s) from the list, and press **OK**. These new shortcuts will appear in the Applications Menu. (If you encounter problems, see [here](https://www.qubes-os.org/doc/app-menu-shortcut-troubleshooting/) for troubleshooting.)
![](menu.png)
![](/posts/qubes/menu.png)
Remember that you should not run `apt update` or `dnf update`.
@ -202,7 +202,7 @@ After installation, a number of qubes will already exist by default. Click on th
How the App qubes will be organized, without displaying service qubes or Templates:
![](diagram.png)
![](/posts/qubes/diagram.png)
* **A vault qube**. This is used for all data storage because you don't need internet to store files. This qube can be reassigned to the `debian-12-documents` Template so that trusted files can be opened there.
@ -261,7 +261,7 @@ Once you close all the windows of a disposable, the whole disposable is shut dow
In contrast, an App qube must be shut down manually (using the Qubes Domains widget), and will persist data in the `/home`, `/usr/local`, and `/rw/config` directory. The next time an App qube boots, all locations in its file system other than these three directories will reflect the state of its Template. See how [inheritance and persistence](https://www.qubes-os.org/doc/templates/#inheritance-and-persistence) works for Templates, App qubes, and disposables for more information.
![](disposable.png)
![](/posts/qubes/disposable.png)
In the file manager of an App qube, right-clicking on certain fle types gives you the **Edit In DisposableVM** and **View In DisposableVM** options. This is how we want to open any untrusted files. It will use the default disposable that we set earlier, which is offline. As soon as you close the viewing application, the disposable is reverted to its prior state. If you have edited the file and saved the changes, the changed file will be saved back to the original app qube, overwriting the original. In contrast, viewing in a disposable is read-only, so if the file does something malicious, it can't write to the App qube you launched it from - this is preferable for files you don't need to edit.

20
content/posts/tails-best/index.md
View file

@ -22,7 +22,7 @@ Let's start by looking at the three topics covered on the [Tails Warnings page](
# Protecting your identity when using Tails
![](identity.png)
![](/posts/tails-best/identity.png)
> Tails is designed to hide your identity. But some of your activities could reveal your identity:
>
@ -45,7 +45,7 @@ You can mitigate this second issue by what's called **"compartmentalization"**:
# Limitations of the [Tor network](/glossary#tor-network)
![](tor.png)
![](/posts/tails-best/tor.png)
> Tails uses the Tor network because it is the strongest and most popular network to protect from surveillance and censorship. But Tor has limitations if you are concerned about:
>
@ -100,7 +100,7 @@ To summarize: For sensitive and brief Internet activities, use Internet from a r
# Reducing risks when using untrusted computers
![](warning_compromisedpc.png)
![](/posts/tails-best/warning_compromisedpc.png)
> Tails can safely run on a computer that has a virus. But Tails cannot always protect you when:
>
@ -133,9 +133,9 @@ Our adversaries have two attack vectors to compromise BIOS, firmware, hardware,
<p>
<span class="is-hidden">
![](X230.jpg)
![](/posts/tails-best/X230.jpg)
</span>
<img src="X230.jpg" class="no-dark">
<img src="/posts/tails-best/X230.jpg" class="no-dark">
</p>
* **Make the laptop's screws tamper-evident, store it in a tamper-evident manner, and monitor for break-ins**. With these precautions in place, you'll be able to detect any future physical attacks. See the [Make Your Electronics Tamper-Evident](/posts/tamper/) tutorial to adapt your laptop's screws, use some form of intrusion detection, and store your laptop so you'll know if it's been physically accessed. Store any external devices youll be using with the laptop in the same way (USB, external hard drive, mouse, keyboard). When physical attack vectors are mitigated, an adversary can only use remote attacks.
@ -150,7 +150,7 @@ Our adversaries have two attack vectors to compromise BIOS, firmware, hardware,
* **Use USBs with secure firmware**, such as the [Kanguru FlashTrust](https://www.kanguru.com/products/kanguru-flashtrust-secure-firmware-usb-3-0-flash-drive), so that the USB will [stop working](https://www.kanguru.com/blogs/gurublog/15235873-prevent-badusb-usb-firmware-protection-from-kanguru) if the firmware is compromised. Kanguru has [retailers worldwide](https://www.kanguru.com/pages/where-to-buy), allowing you to buy them in person to avoid the risk of mail interception.
![](flashtrust.webp)
![](/posts/tails-best/flashtrust.webp)
* **Use a USB with a physical write-protect switch**.
@ -173,7 +173,7 @@ On a USB with a write-protect switch, you will not be able to make any changes t
Where can we store personal data for use between Tails sessions if the write-protect switch prevents us from using Persistent Storage? We recommend storing personal data on a second LUKS USB. This "personal data" USB should not look identical to your Tails USB to avoid confusion. To create this separate USB, see [How to create an encrypted USB](/posts/tails/#how-to-create-an-encrypted-usb). If you are reading this from a country like the UK, where not providing encryption passwords can land you in jail, this second drive should be an HDD containing a [Veracrypt Hidden Volume](https://www.veracrypt.fr/en/Hidden%20Volume.html) (SSD and USB drives are [not suitable for Hidden Volumes](https://www.veracrypt.fr/en/Trim%20Operation.html)).
![](luks.png)
![](/posts/tails-best/luks.png)
Compartmentalization is an approach that neatly separates different identities by using separate Tails sessions for separate activities - in Tails session #1 you do activities related to moderating a website, and in Tails session #2 you do activities related to researching for an action. This approach also comes into play with your "personal data" USBs. If the files you save could be used to link your activities together, use a different "personal data" USB for each activity. For a "personal data" USB that stores very sensitive files (such as the text of a communique), it is best to reformat and then destroy the USB once you no longer need the files (see [Really delete data from a USB drive](/posts/tails/#really-delete-data-from-a-usb)). This is another reason to use a separate USB for any files that need to be saved - you don't accumulate the forensic history of all your files on your Tails Persistent Storage, and you can easily destroy USBs as needed.
@ -198,7 +198,7 @@ Never reuse a password/passphrase for multiple things ("password recycling") - K
Password strength is measured in "[bits of entropy](https://en.wikipedia.org/wiki/Password_strength#Entropy_as_a_measure_of_password_strength)". Your passwords/passphrases should ideally have an entropy of about 128 bits (diceware passphrases of **ten words**, or passwords of **21 random characters**, including uppercase, lowercase, numbers, and symbols) and shouldn't have less than 90 bits of entropy (seven words).
![](passphrase.png)
![](/posts/tails-best/passphrase.png)
What is a diceware passphrase? As [Privacy Guides notes](https://www.privacyguides.org/en/basics/passwords-overview/#diceware-passphrases), "Diceware passphrases are a great option when you need to memorize or manually input your credentials, such as for your password manager's master password or your device's encryption password. An example of a diceware passphrase is `viewable fastness reluctant squishy seventeen shown pencil`." The Password Generator feature in KeePassXC can generate diceware passphrases and random passwords. If you prefer to generate diceware passphrases using real dice, see [Privacy Guides](https://www.privacyguides.org/en/basics/passwords-overview/#diceware-passphrases).
@ -283,7 +283,7 @@ Your information can only be protected **by your behavior**—phishing awareness
Investigate untrusted links before you click by **manually copying and pasting the address into your browser**—do not click through a hyperlink as the text can be used to mislead you about where you are going. **Never follow a shortened link** (e.g. a site like bit.ly that takes long web addresses and makes a short one) because it cannot be verified before redirection. [Unshorten.me](https://unshorten.me/) can reveal shortened links.
![](duckduck.cleaned.png)
![](/posts/tails-best/duckduck.cleaned.png)
Also, **dont follow links to domains you don't recognize**. When in doubt, search for the domain with the domain name in quotation marks using a privacy-preserving search engine (such as DuckDuckGo) to see if its a legitimate website. This isnt a surefire solution, but its a good precaution to take.
@ -312,7 +312,7 @@ GPG is a classic example of [public-key cryptography](/glossary/#public-key-cryp
Now you need to understand the basics of public-key cryptography. [This Computerphile video](https://invidious.sethforprivacy.com/watch?v=GSIDS_lvRv4) has a great overview with visual aids. To summarize, a **secret/private** key is used to **sign** messages, and only the user who has that key can do so. Each **private** key has a corresponding **public** key - this is called a **key pair**. The public key is shared with everyone and is used to verify the signature. Confused? Watch the video!
![](signature.png)
![](/posts/tails-best/signature.png)
Tails signs their releases, and only they can do this because only they have their private key. However, I can verify that this signature is valid by having a copy of their public key. Now let's go through the [Tails verification instructions](https://tails.net/install/expert/index.en.html).

34
content/posts/tails/index.md
View file

@ -33,7 +33,7 @@ There are other operating systems. Maybe you have heard of Linux? Linux refers t
* ***Incognito***
* Tails is also a system that allows you to be incognito, or anonymous. It hides the elements that could reveal your identity, location, etc. Tails uses the [Tor anonymity network](/glossary#tor-network) to protect your anonymity online by forcing all default software to connect to the Internet through Tor. If an application tries to connect to the Internet directly, Tails will automatically block the connection. Tails also changes the "MAC address" of your network hardware, which can be used to uniquely identify your laptop.
![](tor-features.png)
![](/posts/tails/tor-features.png)
* ***Security***
* Tails was designed with security in mind. A minimal, functional, and verified environment is already installed (with everything needed for basic word processing, image editing, etc.). It comes bundled with easy-to-use [encryption](/glossary/#encryption) and data deletion tools, as well as protection against common attacks or threats.
@ -89,11 +89,11 @@ There are two solutions for the "source".
Once you have a Tails USB, follow the Tails instructions [for booting Tails on a Mac or PC](https://tails.net/doc/first_steps/start/index.en.html). The Tails USB must be inserted before turning on your laptop. The Boot Loader screen will appear and Tails will start automatically after 4 seconds.
![](grub.png)
![](/posts/tails/grub.png)
After about 30 seconds of loading, the [Welcome Screen](https://tails.net/doc/first_steps/welcome_screen/index.en.html) will appear.
![](welcome_screen.png)
![](/posts/tails/welcome_screen.png)
On the Welcome Screen, select your language and keyboard layout in the **Language & Region** section. For Mac users, there is a keyboard layout for Macintosh. Under "Additional Settings" you will find a **+** button, click it and more configuration options will appear:
@ -110,7 +110,7 @@ If you have Persistent Storage enabled, the passphrase to unlock it will appear
## Using the Tails Desktop
![](desktop-label.png)
![](/posts/tails/desktop-label.png)
Tails is a classic and simple operating system.
@ -172,7 +172,7 @@ In order for Tails to remain secure, the operating system must be continually de
Every time you start Tails, right after you connect to the Tor network, the Tails Upgrader checks to see if you have the latest version of Tails. There are two types of upgrades.
![](upgrader_automatic.png)
![](/posts/tails/upgrader_automatic.png)
### The [automatic upgrade](https://tails.net/doc/upgrade/index.en.html)
@ -190,11 +190,11 @@ Every time you start Tails, right after you connect to the Tor network, the Tail
[Tor](/glossary/#tor-network), which stands for The Onion Router, is the best way to be anonymous on the Internet. Tor is open-source software connected to a public network of thousands of relays (servers). Instead of connecting directly to a location on the Internet, Tor takes a detour through three intermediate relays. The Tor Browser uses the Tor network, but other applications can as well if they are configured properly. All internet-facing applications included in Tails by default use Tor.
![](tor.png)
![](/posts/tails/tor.png)
Internet traffic, including the IP address of the final destination, is encrypted in layers like an onion. Each hop along the three relays removes one layer of encryption. Each relay only knows the relay before it and the relay after it (relay #3 knows that it came from relay #2 and that it goes to such-and-such a website, but not relay #1).
![See *anarsec.guide* for the animation.](anonymous-browsing.gif)
![See *anarsec.guide* for the animation.](/posts/tails/anonymous-browsing.gif)
This means that any intermediaries between you and relay #1 know that you're using Tor, but they don't know what site you're going to. Any intermediaries after relay #3 know that someone in the world is going to that site, but they don't know who it is. The site's web server sees you coming from the IP address of relay #3.
@ -206,7 +206,7 @@ Virtually all websites today use [HTTPS](/glossary/#https); the S stands for "se
If there's a yellow warning on the padlock, it means that some elements on the page you're viewing are not encrypted (they use HTTP), which could reveal the exact page or allow intermediaries to partially modify the page. By default, the Tor Browser uses HTTPS-Only Mode to prevent users from visiting HTTP sites.
![](http.png)
![](/posts/tails/http.png)
HTTPS is essential both to limit your web fingerprint and to prevent an intermediary from modifying the data you exchange with websites. If the intermediary cannot decrypt the data, they cannot modify it. For an overview of HTTP / HTTPS connections with and without Tor, and what information is visible to various third parties, see the EFF's [interactive graphic](https://www.eff.org/pages/tor-and-https).
@ -216,7 +216,7 @@ In short, don't visit websites that don't use HTTPS.
Have you ever seen a strange website address with 56 random characters ending in .onion? This is called an onion service, and the only way to visit a website using such an address is to use the Tor Browser. The "deepweb" and "darkweb" are terms that have been popularized in the media in recent years to describe these onion services.
![](lead.webp)
![](/posts/tails/lead.webp)
Anyone can set up an .onion site. But why would they want to? Well, the server location is anonymized, so authorities cannot find out where the site is hosted in order to shut it down. When you send data to an .onion site, you enter the site's three Tor relays after the standard Tor circuit. So we have 6 Tor relays between us and the site; we know the first 3 relays, the site knows the last 3, and each Tor node only knows the relay before and after. Unlike a normal HTTPS website, it's all Tor encrypted from end to end.
@ -230,7 +230,7 @@ Some sites offer both a classic URL and an .onion address. In this case, if the
Some sites block users who visit through the Tor network, or otherwise make it inconvenient to visit the site. Some sites may force you to complete CAPTCHAs or provide additional personal information (ID, phone number…) before continuing, or they may block Tor altogether.
![](new_identity.png)
![](/posts/tails/new_identity.png)
The site may only block certain Tor relays. In this case, you can change the Tor exit node being used for this site: click the **≣ → "New Tor circuit for this site"** button. The Tor circuit (path) will only change for the one tab. You may need to do this several times in a row if you're unlucky enough to encounter multiple banned relays.
@ -242,13 +242,13 @@ It is not recommended to perform different Internet tasks that should not be ass
The Tor Browser's 'New Identity' feature is not sufficient to completely separate contextual identities in Tails, since it does not reestablish connections outside the Tor Browser, and you keep the same Tor entry node. Restarting Tails is a better solution.
![](onion-circuits.png)
![](/posts/tails/onion-circuits.png)
The Onion Circuits application shows which Tor circuit a server connection (website or otherwise) is using. Sometimes it can be useful to make sure that the exit relay is not located in a certain country, to be further away from the easiest access for investigating authorities. In the example above, the connection to check.torproject.org goes through the relays tor7kryptonit, Casper03, and the exit node blackfish. Clicking on a circuit will display technical details about its relays in the right pane. The Tor Browser's 'New Identity' feature is useful for changing this exit relay without restarting the Tails session, which can be repeated until you have an exit relay you are happy with. We do not recommend using 'New Identity' to switch between identities, but only if you want to change the exit node within the same identity's activities.
### Tor Browser security settings
![](safest.png)
![](/posts/tails/safest.png)
Like any software, the Tor Browser has vulnerabilities that can be exploited - various police agencies have Tor Browser exploits for serious cases. To mitigate this, it's important to keep Tails up to date, and you should increase the Tor Browser's security settings: click the shield icon, and then click **Settings...**. By default, it's set to Standard, which maintains a browsing experience comparable to a regular browser. **We strongly recommend that you set it to the most restrictive setting before you start browsing: Safest**. The vast majority of exploits against Tor Browser will not work with the Safest setting.
@ -262,7 +262,7 @@ The Tor Browser on Tails is kept in a ["sandbox"](/glossary/#sandboxing) to prev
When you download something using the Tor Browser, it is stored in the Tor Browser folder (`/home/amnesia/Tor Browser/`), which is inside the sandbox. If you want to do anything with the file, you should move it out of the Tor Browser folder. You can use the file manager (**Applications → Accessories → Files**) to do this.
![](nautilus.png)
![](/posts/tails/nautilus.png)
#### Uploading
@ -274,7 +274,7 @@ Be aware that if you are downloading or otherwise working with very large files,
### Share Files with Onionshare
![](onionshare.png)
![](/posts/tails/onionshare.png)
It is possible to send a document through an .onion link thanks to [OnionShare](https://tails.net/doc/anonymous_internet/onionshare/index.en.html) (**Applications → Internet → OnionShare**). By default, OnionShare stops the hidden service after the files have been downloaded once. If you want to offer the files for multiple downloads, you need to go to the settings and uncheck "Stop sharing after first download". As soon as you close OnionShare, disconnect from the Internet, or shut down Tails, the files will no longer be accessible. This is a great way to share files because it doesn't require you to plug a USB into someone else's computer, which we [don't recommended](/posts/tails-best/#reducing-risks-when-using-untrusted-computers). The long .onion address can be shared through another channel (such as a [Riseup Pad](https://pad.riseup.net/) you create that is easier to type).
@ -298,7 +298,7 @@ We recommend that you compartmentalize your passwords - have a different KeePass
>In the terminology used by KeePassXC, a *password* is a random sequence of characters (letters, numbers, and other symbols), while a *passphrase* is a random sequence of words.
![](seconds.png)
![](/posts/tails/seconds.png)
When you [create a new KeePassXC database](https://tails.net/doc/encryption_and_privacy/manage_passwords/index.en.html#index1h1), increase the decryption time in the **Encryption settings** window from the default to the maximum (5 seconds). Then choose a [strong passphrase](/posts/tails-best/#passwords) and save your KeePassXC file. We recommend that you click the small dice icon (🎲) in the password field to generate a random passphrase of 7-10 words.
@ -308,7 +308,7 @@ After creating the database itself, you should see an empty “Root” folder. I
You can now add your first entry. Click **Entries → New Entry**, or click the “plus” icon. Enter the title of the account, your username for the account, and your password. Click the “dice” icon to generate a random password or passphrase for the entry.
![](entry.png)
![](/posts/tails/entry.png)
To copy a password from the database, select the entry and press CTRL + C. To copy a username, select the entry and press CTRL + B.
@ -334,7 +334,7 @@ Store data only on encrypted drives. This is necessary if you want to use a sepa
* In the Partitioning drop-down list, select **Compatible with all systems and devices (MBR/DOS)** .
* Then click **Format…**
![](empty_device.png)
![](/posts/tails/empty_device.png)
* Now you need to add the encrypted partition.
* Click on the "**+**" button

8
content/posts/tamper/index.md
View file

@ -29,16 +29,16 @@ Mullvad VPN [created a guide](https://mullvad.net/en/help/how-tamper-protect-lap
<p>
<span class="is-hidden">
![](mullvad.png)
![](/posts/tamper/mullvad.png)
</span>
<img src="mullvad.png" class="no-dark">
<img src="/posts/tamper/mullvad.png" class="no-dark">
</p>
For this reason, it is preferable to apply nail polish directly to the screws rather than over a sticker. This direct application is done for [NitroKey](https://docs.nitrokey.com/nitropad/qubes/sealed-hardware) and [Purism](https://puri.sm/posts/anti-interdiction-update-six-month-retrospective/) laptops. Keep these nuances in mind:
> The screws holes are particularly relevant here. If they are too deep, it is difficult to take a suitable photo of the seal under normal conditions. If the hole is shallow or if it is completely filled with nail polish, there is a risk that if a lot of polish is used, the top layer can be cut off and reapplied after manipulation with clear polish. If the nail polish contains too few elements, they could be manually arranged back to the original location after manipulation if necessary.
![](X230.jpg)
![](/posts/tamper/X230.jpg)
Glitter nail polish was successfully bypassed during a Tamper Evident Challenge in 2018 - the winner [explained](https://hoodiepony.medium.com/bypassing-the-glitter-nail-polish-tamper-evident-seal-25d6973d617d) how they managed to do it. Notably, a brand of nail polish with relatively large pieces of glitter in only two colors was used. It would be difficult to apply this bypass to inset screw holes; if the glitter was applied with a high density of elements, but not too thick, this would also increase the difficulty. Finally, [using an adhesive](https://dys2p.com/en/2021-12-tamper-evident-protection.html#glitzer-nagellack-mit-klebstoff) would also make the bypass less feasible.
@ -60,7 +60,7 @@ If you ever need to remove the nail polish to access the inside of the laptop, y
Now that you understand the concept, you need a tamper-evident storage solution for all sensitive electronics when you are away from home (laptops, external drives, USBs, phones, external keyboards and mice). Safes are often used to protect valuable items, but they can be bypassed in several ways, and some of these bypasses are difficult to detect (see [below](#appendix-cracking-safes)). It is not trivial or inexpensive to make a safe tamper-evident, if it can be done at all.
![](linsen.jpg)
![](/posts/tamper/linsen.jpg)
A better and cheaper solution is to implement [dys2p's guide](https://dys2p.com/en/2021-12-tamper-evident-protection.html#kurzzeitige-lagerung):

9
themes/DeepThought/sass/deep-thought.sass
View file

@ -510,7 +510,6 @@ $footer-padding: 1.0rem 2.5rem
/* hide for 1023px instead of default 768px */
.is-hidden-mobile
display: none !important
html
scroll-behavior: smooth
@ -588,7 +587,7 @@ body[theme="dark"]
body[theme="dark"] article.box
background-color: black !important
box-shadow: 0 .5em 1em -.125em rgba(10,10,10,.1),0 0 0 1px rgba(10,10,10,.02)
box-shadow: 0 .5em 1em -.125em rgba(245,245,245,.1),0 0 0 1px rgba(245,245,245,.02)
body[theme="dark"] blockquote
background-color: #090809 !important
@ -603,6 +602,9 @@ body[theme="dark"] .footer
body[theme="dark"] .navbar-item
color: #c9c7c9 !important
body[theme="dark"] .navbar-item:hover
color: black !important
body[theme="dark"] p
color: #c9c7c9 !important
@ -633,6 +635,9 @@ body[theme="dark"] h4
body[theme="dark"] a.toc
color: #c9c7c9 !important
body[theme="dark"] a.toc:hover
color: black !important
body[theme="dark"] a:not(.toc,.navbar-item)
color: #fa86d8 !important

2
themes/DeepThought/templates/macros.html
View file

@ -58,7 +58,7 @@
</span>
<span>Published on&nbsp;</span>
<span><time datetime="{{ page.date }}">{{ page.date | date(format='%B %d, %Y') }}</time></span>
<span>&nbsp;| <a href="http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/anarsec/anarsec.guide/-/blob/no-masters/CHANGELOG.md#{{page.title | slugify}}">Last edited on&nbsp;<time datetime="{{ page.extra.dateedit }}">{{ page.extra.dateedit | date(format='%B %d, %Y') }}</time></a></span>
<span>&nbsp;| <a href="https://0xacab.org/anarsec/anarsec.guide/-/blob/no-masters/CHANGELOG.md#{{page.title | slugify}}">Last edited on&nbsp;<time datetime="{{ page.extra.dateedit }}">{{ page.extra.dateedit | date(format='%B %d, %Y') }}</time></a></span>
</span>
{% endmacro %}