diff --git a/content/_index.md b/content/_index.md index 9acca40..60143c3 100644 --- a/content/_index.md +++ b/content/_index.md @@ -9,3 +9,6 @@ title = "Tech Guides for Anarchists" * You want to protect your digital devices from covert house visits by law enforcement? → [**Make Your Electronics Tamper-Evident**](/posts/tamper)

See all guides

+ +

Note: AnarSec is currently in a draft state, but will launch in the near future.

+ diff --git a/content/contact/_index.md b/content/contact/_index.md index 6d4b335..4658df6 100644 --- a/content/contact/_index.md +++ b/content/contact/_index.md @@ -8,16 +8,10 @@ paginate_by = 5

-**Cwtch**: Coming soon - -[What is Cwtch?](/posts/e2ee/#cwtch) - **Email**: anarsec (at) riseup (dot) net [PGP key](/anarsec.asc) -[Why we don't recommend email](/posts/e2ee/#pgp-email) - >Our PGP public key can be verified from a second location [at 0xacab](https://0xacab.org/anarsec/anarsec.guide/-/blob/no-masters/static/anarsec.asc) - commit history should display "Initial commit". > >WayBack Machine of PGP key: [anarsec.guide](https://web.archive.org/web/20230619164601/https://www.anarsec.guide/anarsec.asc) / [0xacab.org](https://web.archive.org/web/20230619164309/https://0xacab.org/anarsec/anarsec.guide/-/blob/no-masters/static/anarsec.asc) diff --git a/content/glossary/_index.md b/content/glossary/_index.md index 2cb838b..1cd9b22 100644 --- a/content/glossary/_index.md +++ b/content/glossary/_index.md @@ -141,7 +141,7 @@ Phishing is a technique of [social engineering](/glossary/#social-engineering). A physical attack is a situation where an adversary first gains physical access to your device through loss, theft, or confiscation. For example, your phone may be confiscated when you cross a border or are arrested. This is in contrast to a [remote attack](/glossary/#remote-attacks). -For more information, see [Making Your Electronics Tamper-Evident](/posts/tamper), the [Threat Library](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance/physical-access.html), and [Defend Dissent: Protecting Your Devices](https://open.oregonstate.education/defenddissent/chapter/protecting-your-devices/). +For more information, see [Making Your Electronics Tamper-Evident](/posts/tamper), the [Threat Library](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance/physical-access.html), and [Defend Dissent: Protecting Your Devices](https://open.oregonstate.education/defenddissent/chapter/protecting-your-devices/). ### Plausible deniability @@ -205,7 +205,7 @@ For more information, see [Tails for Anarchists](/posts/tails). Threat modeling is a family of activities for improving security by identifying a set of adversaries, [security goals](/glossary/#security-goal), and [vulnerabilities](/glossary/#vulnerability), and then defining countermeasures to prevent or mitigate the effects of threats to the system. A threat is a potential or actual undesirable event that can be malicious (such as a [DDoS attack](/glossary/#ddos-attack)) or accidental (such as a hard drive failure). Threat modeling is the deliberate activity of identifying and assessing threats and vulnerabilities. -For more information, see [the CSRC Threat Library](https://www.csrc.link/threat-library/), [Defend Dissent: Digital Threats to Social Movements](https://open.oregonstate.education/defenddissent/chapter/digital-threats/) and [Defending against Surveillance and Suppression](https://open.oregonstate.education/defenddissent/chapter/surveillance-and-suppression/). +For more information, see [the No Trace Project Threat Library](https://www.notrace.how/threat-library/), [Defend Dissent: Digital Threats to Social Movements](https://open.oregonstate.education/defenddissent/chapter/digital-threats/) and [Defending against Surveillance and Suppression](https://open.oregonstate.education/defenddissent/chapter/surveillance-and-suppression/). ### Tor network diff --git a/content/posts/e2ee/index.md b/content/posts/e2ee/index.md index bd5a2c5..fa16cf6 100644 --- a/content/posts/e2ee/index.md +++ b/content/posts/e2ee/index.md @@ -22,7 +22,7 @@ Before proceeding, there are a few concepts that need to be understood, in order * **Peer-to-peer** means that there is no centralized server to trust. * **Tor** is an [anonymity network](/glossary/#tor-network), and some applications route your messages through it by default. -For a more in-depth look at these various considerations, we recommend [The Guide to Peer-to-Peer, Encryption, and Tor: New Communication Infrastructure for Anarchists](https://www.csrc.link/#the-guide-to-peer-to-peer-encryption-and-tor). This text criticizes Signal for not being peer-to-peer and not using Tor by default, and goes on to compare Signal, Cwtch, and Briar. +For a more in-depth look at these various considerations, we recommend [The Guide to Peer-to-Peer, Encryption, and Tor: New Communication Infrastructure for Anarchists](https://www.notrace.how/resources/#the-guide-to-peer-to-peer-encryption-and-tor). This text criticizes Signal for not being peer-to-peer and not using Tor by default, and goes on to compare Signal, Cwtch, and Briar. Public-facing projects have additional needs for encrypted communication, because they will be interacting with unknown (and untrusted) contacts: * Anyone can contact the project without requiring a separate channel @@ -107,7 +107,7 @@ If a project has multiple members, all of them should be able to access the same
-If you have decided to use a smartphone despite our [recommendation not to use phones](/posts/nophones/), Cwtch is available for Android. Follow the instructions for [installing software that isn't available in the Play Store](/posts/grapheneos/#software-that-isn-t-on-the-play-store). Updates must be done manually - back up your profile first. +If you have decided to use a smartphone despite our [recommendation not to use phones](/posts/nophones/), Cwtch is available for Android. Install Cwtch as you would any [app that doesn't require Google Services](/posts/grapheneos/#how-to-install-software) (we don't recommend F-Droid).
@@ -120,7 +120,7 @@ If you have decided to use a smartphone despite our [recommendation not to use p
-Cwtch is still in beta - support for Tails is very new and not thoroughly tested. +Cwtch support for Tails is very new and not thoroughly tested. * Start Tails with an Adminstration Password. * Download [Cwtch for Linux](https://cwtch.im/download/#linux) with Tor Browser @@ -157,7 +157,7 @@ Cwtch on Whonix currently has an [issue](https://git.openprivacy.ca/cwtch.im/cwt # SimpleX Chat -![](network.svg) +![](network.png) * **Mediums**: Video call, voice call, text * **Metadata protection**: Yes (strong) @@ -207,13 +207,13 @@ If a project has multiple members, all of them should be able to access the same The Signal Protocol has a moderate amount of metadata protection; [sealed sender](https://signal.org/blog/sealed-sender/), [private contact discovery](https://signal.org/blog/private-contact-discovery/), and the [private group system](https://signal.org/blog/signal-private-group-system/). Message recipient identifiers are only stored on Signal's servers for as long as it takes to deliver each message. As a result, if Signal is served with a warrant, they [will only be able to provide](https://signal.org/bigbrother/) the time of account creation and the date of the account's last connection to the Signal servers. Still, Signal relies on the Google Services Framework (though it's possible to use it without it), and the sealed sender metadata protection applies only to contacts (by default). -Signal [is not peer-to-peer](https://www.csrc.link/#the-guide-to-peer-to-peer-encryption-and-tor); it uses centralized servers that we must trust. Signal will work with Tor if used on an operating system that forces it to, such as Whonix or Tails. +Signal is not peer-to-peer; it uses centralized servers that we must trust. Signal will work with Tor if used on an operating system that forces it to, such as Whonix or Tails. Signing up for a Signal account is difficult to do anonymously. The account is tied to a phone number that the user must still control - due to [changes in "registration lock"](https://blog.privacyguides.org/2022/11/10/signal-number-registration-update/), it is no longer sufficient to register with a disposable phone number. An anonymous phone number can be obtained [on a burner phone or online](https://anonymousplanet.org/guide.html#getting-an-anonymous-phone-number) and must be maintained - most people will not do this. There have been unfounded rumors that Signal plans to remove the need for a phone number after the release of a username feature - however, [registration will still require a phone number](https://mastodon.world/@Mer__edith/110895045552696836). Another barrier to anonymous registration is that Signal Desktop will only work if Signal is first registered from a smartphone. For users familiar with the [command line](/glossary/#command-line-interface-cli), it is possible to register an account from a computer using [Signal-cli](http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/about.privacy/messengers-on-tails-os/-/wikis/HowTo#signal). The [VoIP](/glossary#voip-voice-over-internet-protocol) account used for registration would have to be obtained anonymously. -These barriers to anonymous registration mean that Signal is rarely used anonymously. This has significant implications if the State gains [physical](/glossary/#physical-attacks) or [remote](/glossary/#remote-attacks) access to the device. One of the primary goals of State surveillance of anarchists is [network mapping](https://www.csrc.link/threat-library/techniques/network-mapping.html), and it's common for them to gain physical access to devices through [house raids](https://www.csrc.link/threat-library/techniques/house-raid.html) or even simple arrests. For example, if your device's [authentication is bypassed](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), it is easy for the police to identify all of your Signal contacts (as well as the members of any groups you are in) simply by their phone number. This is a serious security breach, especially in the context of Signal groups. Compare this to the same attack on a Cwtch or SimpleX Chat user - all contacts are anonymous so device compromise does not contribute to network mapping. +These barriers to anonymous registration mean that Signal is rarely used anonymously. This has significant implications if the State gains [physical](/glossary/#physical-attacks) or [remote](/glossary/#remote-attacks) access to the device. One of the primary goals of State surveillance of anarchists is [network mapping](https://www.notrace.how/threat-library/techniques/network-mapping.html), and it's common for them to gain physical access to devices through [house raids](https://www.notrace.how/threat-library/techniques/house-raid.html) or even simple arrests. For example, if your device's [authentication is bypassed](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), it is easy for the police to identify all of your Signal contacts (as well as the members of any groups you are in) simply by their phone number. This is a serious security breach, especially in the context of Signal groups. Compare this to the same attack on a Cwtch or SimpleX Chat user - all contacts are anonymous so device compromise does not contribute to network mapping. In a recent repressive operation in France against a riotous demonstration, the police did exactly that. The phones of suspects were accessed through physically seizing them during arrests and house raids, as well as through spyware, and then Signal contacts and group members were identified. These identities were added to the list of suspects who were subsequently investigated. **We need to understand this as a wake-up call that it is time for anarchist networks to stop using Signal**. diff --git a/content/posts/e2ee/network.png b/content/posts/e2ee/network.png new file mode 100644 index 0000000..93cb611 Binary files /dev/null and b/content/posts/e2ee/network.png differ diff --git a/content/posts/e2ee/network.svg b/content/posts/e2ee/network.svg deleted file mode 100644 index ede8102..0000000 --- a/content/posts/e2ee/network.svg +++ /dev/null @@ -1,96 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/content/posts/grapheneos/index.md b/content/posts/grapheneos/index.md index 692d5d9..ad89c48 100644 --- a/content/posts/grapheneos/index.md +++ b/content/posts/grapheneos/index.md @@ -19,7 +19,7 @@ letter="grapheneos-letter.pdf" # What is GrapheneOS? -GrapheneOS is a private and secure version of the Android [operating system](/glossary#operating-system-os). Standard Android smartphones have Google baked into them (for example, [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) have irrevocable access to your files, call logs, location, etc.), and it is trivial to [bypass standard Android authentication](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html) with [physical access](/glossary/#physical-attacks) to the device. GrapheneOS uses hardware-based security to [greatly increase the difficulty](https://grapheneos.org/faq#encryption) of bypassing authentication, is significantly [hardened](/glossary#hardening) against hacking, and has all Google apps and services removed by default. There are other alternative Android operating systems, [but they are inferior](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/). See the [GrapheneOS documentation](https://grapheneos.org/features) for an extensive list of privacy and security improvements over standard Android. GrapheneOS is [regularly audited](https://grapheneos.org/faq#audit). +GrapheneOS is a private and secure version of the Android [operating system](/glossary#operating-system-os). Standard Android smartphones have Google baked into them (for example, [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) have irrevocable access to your files, call logs, location, etc.), and it is trivial to [bypass standard Android authentication](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html) with [physical access](/glossary/#physical-attacks) to the device. GrapheneOS uses hardware-based security to [greatly increase the difficulty](https://grapheneos.org/faq#encryption) of bypassing authentication, is significantly [hardened](/glossary#hardening) against hacking, and has all Google apps and services removed by default. There are other alternative Android operating systems, [but they are inferior](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/). See the [GrapheneOS documentation](https://grapheneos.org/features) for an extensive list of privacy and security improvements over standard Android. GrapheneOS is [regularly audited](https://grapheneos.org/faq#audit). Due to the nature of [how the technology works](https://privsec.dev/posts/android/android-tips/#carrier-tracking), cell phones leave a geolocation history when they connect to cell towers. For this reason, we recommend that you use a smartphone that stays at home like a landline and connects to the Internet via Wi-Fi in airplane mode, rather than using a SIM card to connect through cell towers. Even if you use an anonymously purchased SIM card, if it is linked to your identity in the future, the service provider can be retroactively queried for all geolocation data. Furthermore, it's not enough to only leave your phone at home when you're going to a demo or action, as this will [stand out](/posts/nophones/#metadata-patterns) as an outlier and serve as an indication of conspiratorial activity in that time window. @@ -136,8 +136,6 @@ Some apps are not on the Play Store, either because they're still in development As an example of how to use Obtainium, Molly-FOSS is a hardened version of Signal without [Google software](https://github.com/mollyim/mollyim-android#free-and-open-source) and is available from [Github Releases](https://github.com/mollyim/mollyim-android/releases). In Obtanium, press **Add App**, then copy the Github Releases URL. Obtanium will be able to install the app, and if there is a new version, you will get a system notification and an update icon next to it, and you will need to update it manually. -Cwtch is not yet available on the Google Play Store and can be added to Obtainium by entering the [download page URL](https://cwtch.im/download/). - ## Software That Requires Google Play Services If there is an app you want to use that requires Google Play services, create a specific user profile for it from the Owner user profile; you can name it Google. This is also a good way to isolate any app you need to use that isn't [open-source](/glossary/#open-source) or reputable. If you create a Google user profile, you will need to install and configure Sandboxed Google Play in it. diff --git a/content/posts/linux/index.md b/content/posts/linux/index.md index 5d11369..1183ad6 100644 --- a/content/posts/linux/index.md +++ b/content/posts/linux/index.md @@ -21,7 +21,7 @@ As an anarchist, you've probably heard the recommendation to use a Linux compute # What is Linux and Why Use It? -If you are reading this, you are probably using either Windows or macOS on your computer. These are both [operating systems](/glossary#operating-system-os), which is the system software that runs your device. They're also both "closed-source", which means that the software's "*source* code" is not available (*closed*) to the public, so it can't be audited for privacy and security. Windows and macOS computers send your data to Microsoft and Apple, and you can't trust their [full-disk encryption](/glossary#full-disk-encryption-fde) to protect your data if the computer is [physically accessed](/glossary/#physical-attacks) (like after a [house raid](https://www.csrc.link/threat-library/techniques/house-raid.html)). +If you are reading this, you are probably using either Windows or macOS on your computer. These are both [operating systems](/glossary#operating-system-os), which is the system software that runs your device. They're also both "closed-source", which means that the software's "*source* code" is not available (*closed*) to the public, so it can't be audited for privacy and security. Windows and macOS computers send your data to Microsoft and Apple, and you can't trust their [full-disk encryption](/glossary#full-disk-encryption-fde) to protect your data if the computer is [physically accessed](/glossary/#physical-attacks) (like after a [house raid](https://www.notrace.how/threat-library/techniques/house-raid.html)). Linux is a set of operating systems that are [open-source](/glossary#open-source), which means that the *source* code can be analyzed by anyone. Linux is the name given to the core (**kernel**) of the operating system, and many different **distributions** (or 'distros') are based on it. Simply put, *Linux is the only type of computer that anarchists can trust*. diff --git a/content/posts/nophones/index.md b/content/posts/nophones/index.md index fed2df8..56353e8 100644 --- a/content/posts/nophones/index.md +++ b/content/posts/nophones/index.md @@ -14,7 +14,7 @@ a4="nophones-a4.pdf" letter="nophones-letter.pdf" +++ -With effective [security culture and operational security](https://www.csrc.link/read/csrc-bulletin-1-en.html#header-a-base-to-stand-on-distinguishing-opsec-and-security-culture), the forces of repression wouldn't know about our specific criminal activities, but they also wouldn't know about our lives, [relationships](https://www.csrc.link/threat-library/techniques/network-mapping.html), movement patterns, and so on. This knowledge is a huge advantage in narrowing down suspects and conducting targeted surveillance. Your phone's location is [tracked at all times](https://www.vice.com/en/article/m7vqkv/how-fbi-gets-phone-data-att-tmobile-verizon), and this data is harvested by private companies, allowing police to bypass laws requiring them to obtain a warrant. The phone's [hardware identifiers and subscription information](https://anonymousplanet.org/guide.html#your-imei-and-imsi-and-by-extension-your-phone-number) are logged by cell towers with every connection. Hacking services like [Pegasus](https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/) put total phone compromise within reach of even local law enforcement and are "zero-click," meaning success doesn't depend on you clicking a link or opening a file. +With effective [security culture and operational security](https://www.notrace.how/resources/read/csrc-bulletin-1-en.html#header-a-base-to-stand-on-distinguishing-opsec-and-security-culture), the forces of repression wouldn't know about our specific criminal activities, but they also wouldn't know about our lives, [relationships](https://www.notrace.how/threat-library/techniques/network-mapping.html), movement patterns, and so on. This knowledge is a huge advantage in narrowing down suspects and conducting targeted surveillance. Your phone's location is [tracked at all times](https://www.vice.com/en/article/m7vqkv/how-fbi-gets-phone-data-att-tmobile-verizon), and this data is harvested by private companies, allowing police to bypass laws requiring them to obtain a warrant. The phone's [hardware identifiers and subscription information](https://anonymousplanet.org/guide.html#your-imei-and-imsi-and-by-extension-your-phone-number) are logged by cell towers with every connection. Hacking services like [Pegasus](https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/) put total phone compromise within reach of even local law enforcement and are "zero-click," meaning success doesn't depend on you clicking a link or opening a file. @@ -22,7 +22,7 @@ On the flip side, after more than 30 recent arsons in a small town in France wen # Encryption and Geolocation -Some comrades respond to the issues with smartphones by using flip phones or a landline to communicate with each other, but this approach leaves nothing hidden from the eyes of the State because nothing is [encrypted](/glossary/#encryption) - neither the content of your conversations nor who is talking to whom. For example, in a [recent repressive operation](https://www.csrc.link/#quelques-premiers-elements-du-dossier-d-enquete-contre-ivan), the police set up real-time geolocation of the suspect's phone and made a list of everyone the suspect communicated with using unencrypted phone calls. A short biography was written for each contact. +Some comrades respond to the issues with smartphones by using flip phones or a landline to communicate with each other, but this approach leaves nothing hidden from the eyes of the State because nothing is [encrypted](/glossary/#encryption) - neither the content of your conversations nor who is talking to whom. For example, in a [recent repressive operation](https://www.notrace.how/resources/#quelques-premiers-elements-du-dossier-d-enquete-contre-ivan), the police set up real-time geolocation of the suspect's phone and made a list of everyone the suspect communicated with using unencrypted phone calls. A short biography was written for each contact. It has become quite common for comrades to carry a cell phone around with them wherever they go, and in the contexts where people use flip phones, to make unencrypted calls to other anarchists. We think both of these practices should be completely avoided. Let's not make the job of the police and intelligence agencies so easy by providing them with our social network and geolocation history on a silver platter. @@ -32,7 +32,7 @@ Another primary goal of targeted surveillance is to map the target's social netw # Metadata Patterns -The normalization of constant connectivity within dominant society has led some anarchists to correctly note that the [metadata](/glossary/#metadata) generated by phone activity is useful to investigators. However, the conclusion that some draw from this insight, that we should ["never turn off the phone,"](https://www.csrc.link/#never-turn-off-the-phone-a-new-approach-to-security-culture) takes us in the wrong direction. Their logic is that if you step out of the normal metadata patterns, those moments become suspicious, and if those moments coincide with when an action occurs, that could be used as evidence to link you to the crime or to investigate you more closely. This is true, but the only conclusion that can be drawn from this - which is not a total dead end, at least - is to minimize the creation of normal metadata patterns in the first place. +The normalization of constant connectivity within dominant society has led some anarchists to correctly note that the [metadata](/glossary/#metadata) generated by phone activity is useful to investigators. However, the conclusion that some draw from this insight, that we should ["never turn off the phone,"](https://web.archive.org/web/20210126183740/https://325.nostate.net/2018/11/09/never-turn-off-the-phone-a-new-approach-to-security-culture) takes us in the wrong direction. Their logic is that if you step out of the normal metadata patterns, those moments become suspicious, and if those moments coincide with when an action occurs, that could be used as evidence to link you to the crime or to investigate you more closely. This is true, but the only conclusion that can be drawn from this - which is not a total dead end, at least - is to minimize the creation of normal metadata patterns in the first place. Our connections to the infrastructures of domination must remain sporadic and unpredictable if we are to retain any semblance of freedom and ability to strike at the enemy. What if the reconnaissance required for an action requires an entire weekend away from electronic devices? Or let's start with the simple fact that phones must be left at home during an action - this only becomes the outlier to a pattern if phones otherwise accompany us wherever we go. In a normatively "always connected" life, either of these metadata changes would stick out like a sore thumb, but this is not the case if you refuse to always be plugged in. diff --git a/content/posts/qubes/index.md b/content/posts/qubes/index.md index 849ff04..370edf6 100644 --- a/content/posts/qubes/index.md +++ b/content/posts/qubes/index.md @@ -21,9 +21,9 @@ Qubes OS can be configured to force all Internet connections through the [Tor ne # Who is Qubes OS For? -Given that anarchists are [regularly targeted](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance/malware.html) for hacking in repressive investigations, Qubes OS is an excellent choice for us. AnarSec [recommends](/recommendations) Qubes OS for everyday use, and [below](#when-to-use-tails-vs-qubes-os) we compare when it is appropriate to use Tails vs. Qubes OS - both have unique strengths. While Tails is so easy to use that you don't even need to know anything about Linux, Qubes OS is a bit more involved, but still designed to be accessible to users like journalists who don't know much about Linux. This guide is labelled as "intermediate", though if you need to extensively customize your set up or troubleshoot something, it is more likely to be "advanced". +Given that anarchists are [regularly targeted](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance/malware.html) for hacking in repressive investigations, Qubes OS is an excellent choice for us. AnarSec [recommends](/recommendations) Qubes OS for everyday use, and [below](#when-to-use-tails-vs-qubes-os) we compare when it is appropriate to use Tails vs. Qubes OS - both have unique strengths. While Tails is so easy to use that you don't even need to know anything about Linux, Qubes OS is a bit more involved, but still designed to be accessible to users like journalists who don't know much about Linux. This guide is labelled as "intermediate", though if you need to extensively customize your set up or troubleshoot something, it is more likely to be "advanced". -Even if nothing directly incriminating is done on a computer you use every day, its compromise will still give investigators a field day for [network mapping](https://www.csrc.link/threat-library/techniques/network-mapping.html) - knowing who you talk to and what you talk to them about, what projects you are involved in, what websites you read, etc. Most anarchists use everyday computers for some anarchist projects and to commmunicate with other comrades, so making our personal computers difficult to hack is a reasonable goal for all anarchists. That said, the time investment to learn Qubes OS isn't for everyone. For those with limited energy to put towards increased anonymity and security, Tails is much more straightforward. +Even if nothing directly incriminating is done on a computer you use every day, its compromise will still give investigators a field day for [network mapping](https://www.notrace.how/threat-library/techniques/network-mapping.html) - knowing who you talk to and what you talk to them about, what projects you are involved in, what websites you read, etc. Most anarchists use everyday computers for some anarchist projects and to commmunicate with other comrades, so making our personal computers difficult to hack is a reasonable goal for all anarchists. That said, the time investment to learn Qubes OS isn't for everyone. For those with limited energy to put towards increased anonymity and security, Tails is much more straightforward. # How Does Qubes OS Work? @@ -73,7 +73,7 @@ Qubes includes Whonix by default for when you want to force all connections thro > >Whonix virtual machines may be more leak-proof, however they are not amnesic, meaning data may be recovered from your storage device. By design, Tails is meant to completely reset itself after each reboot. Encrypted persistent storage can be configured to store some data between reboots. -In order to recover data from a Qubes OS system, the [Full Disk Encryption](/glossary#full-disk-encryption-fde) would still need to be successfully [bypassed](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html) (e.g. by seizing the computer when it is turned on, or using a weak password). If the Tails Persistent Storage feature is in use, any data configured to persist will face the same problem. +In order to recover data from a Qubes OS system, the [Full Disk Encryption](/glossary#full-disk-encryption-fde) would still need to be successfully [bypassed](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html) (e.g. by seizing the computer when it is turned on, or using a weak password). If the Tails Persistent Storage feature is in use, any data configured to persist will face the same problem. Our recommendation is to use Qubes OS: @@ -279,7 +279,7 @@ You don't always need to attach a USB drive to another qube with the Qubes Devic # How to Backup -Once your qubes are organized the way you want them, you should back up your system. Depending on your needs, we recommend a weekly backup - pick a day of the week and add a reminder to your calendar. We also recommend a redundant backup that is stored off-site and synchronized monthly (to protect against data loss in a [house raid](https://www.csrc.link/threat-library/techniques/house-raid.html)). +Once your qubes are organized the way you want them, you should back up your system. Depending on your needs, we recommend a weekly backup - pick a day of the week and add a reminder to your calendar. We also recommend a redundant backup that is stored off-site and synchronized monthly (to protect against data loss in a [house raid](https://www.notrace.how/threat-library/techniques/house-raid.html)). Adapted from the [docs](https://www.qubes-os.org/doc/how-to-back-up-restore-and-migrate/#creating-a-backup): @@ -333,7 +333,7 @@ There is much more flexibility in how you configure Qubes OS than Tails, but mos * Compartmentalization is baked into Qubes OS; instead of restarting Tails, use a dedicated qube. * Limitations of the Tor network * For sensitive activities, don't use Internet connections that could deanonymize you, and prioritize .onion links when available. BusKill is also [available for Qubes OS](https://www.buskill.in/qubes-os/) (and we recommend not obtaining it through the mail). - * If you might be a target for physical surveillance, consider doing [surveillance detection](https://www.csrc.link/threat-library/mitigations/surveillance-detection.html) and [anti-surveillance](https://www.csrc.link/threat-library/mitigations/anti-surveillance.html) before going to a cafe. Alternatively, use a Wi-Fi antenna from indoors. + * If you might be a target for physical surveillance, consider doing [surveillance detection](https://www.notrace.how/threat-library/mitigations/surveillance-detection.html) and [anti-surveillance](https://www.notrace.how/threat-library/mitigations/anti-surveillance.html) before going to a cafe. Alternatively, use a Wi-Fi antenna from indoors. * Reducing risks when using untrusted computers * The [verification stage](https://www.qubes-os.org/security/verifying-signatures/) of the Qubes OS installation is equivalent to the [GnuPG verification of Tails](https://tails.boum.org/install/expert/index.en.html). * Only attach USBs and external drives to a qube that is disposable and offline. diff --git a/content/posts/tails-best/index.md b/content/posts/tails-best/index.md index 9b45fe7..2d5679e 100644 --- a/content/posts/tails-best/index.md +++ b/content/posts/tails-best/index.md @@ -16,7 +16,7 @@ letter="tails-best-letter.pdf" As mentioned in our [recommendations](/recommendations/#your-computer), Tails is an [operating system](/glossary#operating-system-os) that is unparalleled for sensitive computer use that requires leaving no forensic trace (writing and sending communiques, research for actions, etc.). Tails runs from a USB drive and is [designed](https://tails.boum.org/about/index.en.html) to leave no trace of your activity on your computer, and to force all Internet connections through the [Tor network](/glossary#tor-network). If you are new to Tails, start with [Tails for Anarchists](/posts/tails/). -This text describes some additional precautions you can take that are relevant to an anarchist [threat model](/glossary#threat-model) - operational security for Tails. Not all anarchist threat models are the same, and only you can decide which mitigations are worth putting into practice for your activities, but we aim to provide advice that is appropriate for high-risk activities. The [CSRC Threat Library](https://www.csrc.link/threat-library/) is another great resource for thinking through your threat model and appropriate mitigations. +This text describes some additional precautions you can take that are relevant to an anarchist [threat model](/glossary#threat-model) - operational security for Tails. Not all anarchist threat models are the same, and only you can decide which mitigations are worth putting into practice for your activities, but we aim to provide advice that is appropriate for high-risk activities. The [No Trace Project Threat Library](https://www.notrace.how/threat-library/) is another great resource for thinking through your threat model and appropriate mitigations. @@ -43,7 +43,7 @@ You can mitigate this first issue by **cleaning metadata from files before shari You can mitigate this second issue by what's called **"compartmentalization"**: -* [Compartmentalization](https://www.csrc.link/threat-library/mitigations/compartmentalization.html) means keeping different activities or projects separate. If you use Tails sessions for more than one purpose at a time, an adversary could link your different activities together. For example, if you log into different accounts on the same website in a single Tails session, the website could determine that the accounts are being used by the same person. This is because websites can tell when two accounts are using the same Tor circuit. +* [Compartmentalization](https://www.notrace.how/threat-library/mitigations/compartmentalization.html) means keeping different activities or projects separate. If you use Tails sessions for more than one purpose at a time, an adversary could link your different activities together. For example, if you log into different accounts on the same website in a single Tails session, the website could determine that the accounts are being used by the same person. This is because websites can tell when two accounts are using the same Tor circuit. * To prevent an adversary from linking your activities while using Tails, restart Tails between different activities. For example, restart Tails between checking different project emails. * Tails is amnesiac by default, so to save any data from a Tails session, you must save it to a USB. If the files you save could be used to link your activities together, use a different encrypted ([LUKS](/glossary#luks)) USB stick for each activity. For example, use one Tails USB stick for moderating a website and another for researching actions. Tails has a feature called Persistent Storage, but we do not recommend using it for data storage, explained [below](#using-a-write-protect-switch). @@ -86,14 +86,14 @@ Use an Internet connection that isn't connected to you, such as in a cafe withou As described in the quotation above, a global adversary (i.e. the NSA) may be capable of breaking Tor through a [correlation attack](https://anonymousplanet.org/guide.html#your-anonymized-torvpn-traffic). If this happens, the Internet address you used in a coffee shop without CCTV cameras will only lead to your general area (e.g. your city) because it is not associated with you. Of course, this is less true if you use it routinely. Correlation attacks are even less feasible against connections to an .onion address because you never leave the Tor network, so there is no "end" to correlate with through network traffic analysis (if the server location is unknown to the adversary). -What we will term a "targeted" correlation attack is possible by a non-global adversary (i.e. local law enforcement), if you are already in their sights and a target of [physical surveillance](https://www.csrc.link/threat-library/techniques/physical-surveillance/covert.html) and/or [digital surveillance](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance.html). This is a subtype of correlation attack where the presumed target is already known, thus making the attack easier to achieve because it vastly reduces the amount of data to filter through for correlation. A non-targeted correlation attack used to deanonymize a Tor user is unprecedented in current evidence used in court, although [a "targeted" correlation attack has been used](https://medium.com/beyond-install-tor-signal/case-file-jeremy-hammond-514facc780b8) as corroborating evidence - a suspect had already been identified, which allowed investigators to correlate their local footprint with specific online activity. Specifically, they correlated Tor network traffic coming from the suspect's house with the times their anonymous alias was online in chatrooms. +What we will term a "targeted" correlation attack is possible by a non-global adversary (i.e. local law enforcement), if you are already in their sights and a target of [physical surveillance](https://www.notrace.how/threat-library/techniques/physical-surveillance/covert.html) and/or [digital surveillance](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance.html). This is a subtype of correlation attack where the presumed target is already known, thus making the attack easier to achieve because it vastly reduces the amount of data to filter through for correlation. A non-targeted correlation attack used to deanonymize a Tor user is unprecedented in current evidence used in court, although [a "targeted" correlation attack has been used](https://medium.com/beyond-install-tor-signal/case-file-jeremy-hammond-514facc780b8) as corroborating evidence - a suspect had already been identified, which allowed investigators to correlate their local footprint with specific online activity. Specifically, they correlated Tor network traffic coming from the suspect's house with the times their anonymous alias was online in chatrooms. To explain how this works, it helps if you have a basic understanding of what Tor information is visible to various third parties - see the EFF's [interactive graphic](https://www.eff.org/pages/tor-and-https). For a non-targeted correlation attack, the investigator will need to **start from after Tor's exit node**: take the specific online activity coming from the exit node and try to correlate it with an enormous amount of global data that is entering Tor entry nodes. However, if a suspect is already identified, the investigator can instead do a "targeted" correlation attack and **start from before Tor's entry node**: take the data entering the entry node (via **the suspect's physical or digital footprint**) and try to correlate it with **specific online activity** coming from the exit node. A more sophisticated analysis of the specific online activity would involve logging the connections to the server for detailed comparison, and a simple analysis would be something that is publicly visible to anyone (such as when your alias is online in a chatroom, or when a post is published to a website). For your physical footprint, a surveillance operation can note that you go to a cafe regularly, then try to correlate this with online activity they suspect you of (for example, if they suspect you are a website moderator, they can try to correlate these time windows with web moderator activity). For your digital footprint, if you are using Internet from home, an investigator can log all your Tor traffic and then try to correlate it with specific online activity. -* Possible mitigations in this scenario include **doing [surveillance detection](https://www.csrc.link/threat-library/mitigations/surveillance-detection.html) and [anti-surveillance](https://www.csrc.link/threat-library/mitigations/anti-surveillance.html) before going to a coffee shop**, and changing Wi-Fi locations regularly. For projects like moderating a website that require daily Internet access, this may not be particularly realistic. In that case, the ideal mitigation is to **use a Wi-Fi antenna from indoors** (guide coming soon) - a physical surveillance effort won't see you entrying a cafe, and a digital surveillance effort won't see anything on your home Internet. If this is too technical for you, you may even want to **use your home internet** for some projects that require very frequent internet access. This contradicts the previous advice to not use your personal Wi-Fi. It's a trade-off: using Tor from home avoids creating a physical footprint that is so easy to observe, at the expense of creating a digital footprint which is more technical to observe, and may be harder to draw meaningful conclusions from (especially if you intentionally [make correlation attacks more difficult](/posts/tails/#make-correlation-attacks-more-difficult)). -* If you want to submit a report-back the morning after a riot, or a communique shortly after an action (times when there may be a higher risk of targeted surveillance), consider waiting and at least taking surveillance detection and anti-surveillance measures beforehand. In 2010, the morning after a bank arson in Canada, police surveilled a suspect as he traveled from his home to an Internet cafe, and watched him post the communique and then bury the laptop in the woods. More recently, investigators physically surveilling [an anarchist in France](https://www.csrc.link/#quelques-premiers-elements-du-dossier-d-enquete-contre-ivan) installed a hidden camera to monitor access to an Internet cafe near the comrade's home and requested CCTV footage for the day an arson communique was sent. +* Possible mitigations in this scenario include **doing [surveillance detection](https://www.notrace.how/threat-library/mitigations/surveillance-detection.html) and [anti-surveillance](https://www.notrace.how/threat-library/mitigations/anti-surveillance.html) before going to a coffee shop**, and changing Wi-Fi locations regularly. For projects like moderating a website that require daily Internet access, this may not be particularly realistic. In that case, the ideal mitigation is to **use a Wi-Fi antenna from indoors** (guide coming soon) - a physical surveillance effort won't see you entrying a cafe, and a digital surveillance effort won't see anything on your home Internet. If this is too technical for you, you may even want to **use your home internet** for some projects that require very frequent internet access. This contradicts the previous advice to not use your personal Wi-Fi. It's a trade-off: using Tor from home avoids creating a physical footprint that is so easy to observe, at the expense of creating a digital footprint which is more technical to observe, and may be harder to draw meaningful conclusions from (especially if you intentionally [make correlation attacks more difficult](/posts/tails/#make-correlation-attacks-more-difficult)). +* If you want to submit a report-back the morning after a riot, or a communique shortly after an action (times when there may be a higher risk of targeted surveillance), consider waiting and at least taking surveillance detection and anti-surveillance measures beforehand. In 2010, the morning after a bank arson in Canada, police surveilled a suspect as he traveled from his home to an Internet cafe, and watched him post the communique and then bury the laptop in the woods. More recently, investigators physically surveilling [an anarchist in France](https://www.notrace.how/resources/#quelques-premiers-elements-du-dossier-d-enquete-contre-ivan) installed a hidden camera to monitor access to an Internet cafe near the comrade's home and requested CCTV footage for the day an arson communique was sent. To summarize: For highly sensitive activities, use Internet from a random cafe, preceeded by surveillance detection just like you would prior to a direct action. For activities that require frequent internet access such that the random cafe model isn't sustainable, it's best to use a Wi-Fi antenna positioned behind a window to access from a few kilometers away. If this is too technical for you, using your home Wi-Fi is an option, but requires putting faith in it being difficult to break Tor with a non-targeted correlation attack, and it being difficult to draw meaningful conclusions from your home's Tor traffic through a "targeted" correlation attack. @@ -212,7 +212,7 @@ If you are using Persistent Storage, this is another passphrase that you will ha ## Encrypted containers -[LUKS](/glossary#luks) is great, but defense-in-depth can't hurt. If the police seize your USB in a house raid, they will try a [variety of tactics to bypass the authentication](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), so a second layer of defense with a different encryption implementation can be useful for highly sensitive data. +[LUKS](/glossary#luks) is great, but defense-in-depth can't hurt. If the police seize your USB in a house raid, they will try a [variety of tactics to bypass the authentication](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance/authentication-bypass.html), so a second layer of defense with a different encryption implementation can be useful for highly sensitive data. [Gocryptfs](https://nuetzlich.net/gocryptfs/) is an encrypted container program that is [available for Debian](https://packages.debian.org/bullseye/gocryptfs) and can be easily installed as [additional software](/posts/tails/#optional-create-and-configure-persistent-storage). If you don't want to reinstall it every session, you will need to [configure Additional Software in Persistent Storage](#using-a-write-protect-switch). @@ -407,4 +407,4 @@ Now that we know that we have a genuine version of the Tails .img file, we can p [^8]: Recognizable by the green fields in the column "Non-free firmware required." -[^9]: AnarSec note: Keep in mind that a car can easily be [tracked with a GPS device](https://www.csrc.link/threat-library/techniques/covert-surveillance-devices/location.html). +[^9]: AnarSec note: Keep in mind that a car can easily be [tracked with a GPS device](https://www.notrace.how/threat-library/techniques/covert-surveillance-devices/location.html). diff --git a/content/posts/tails/index.md b/content/posts/tails/index.md index 48d3c81..d3de9a4 100644 --- a/content/posts/tails/index.md +++ b/content/posts/tails/index.md @@ -58,7 +58,7 @@ Tails is not magic and has many limitations. The Internet and computers are host Building a threat model is simply a matter of asking yourself certain questions. Who am I defending against? What are their capabilities? What would be the consequences if they had access to that data? And then, based on the particular situation, assess how you can protect yourself. -It makes no sense to say "this tool is secure". Security always depends on the threat model and the level (network, hardware, software, etc.). For more information on this topic, see the [Threat Library](https://www.csrc.link/threat-library/). +It makes no sense to say "this tool is secure". Security always depends on the threat model and the level (network, hardware, software, etc.). For more information on this topic, see the [Threat Library](https://www.notrace.how/threat-library/). # I) The Basics of Using Tails diff --git a/content/posts/tamper/index.md b/content/posts/tamper/index.md index 3be2782..7809453 100644 --- a/content/posts/tamper/index.md +++ b/content/posts/tamper/index.md @@ -14,14 +14,14 @@ a4="tamper-a4.pdf" letter="tamper-letter.pdf" +++ -If the police ever have [physical access](/glossary/#physical-attacks) to an electronic device like a laptop, even [for five minutes](https://www.vice.com/en/article/a3q374/hacker-bios-firmware-backdoor-evil-maid-attack-laptop-5-minutes), they can install hardware keyloggers, create images of the storage media, or otherwise trivially compromise it at the hardware, firmware, or software level. One way to minimize this risk is to make it tamper-evident. As the CSRC Threat Library [notes](https://www.csrc.link/threat-library/mitigations/tamper-evident-preparation.html), "Tamper-evident preparation will make it possible to discern when something has been [physically accessed](/glossary/#physical-attacks) - it's not possible to prevent a powerful enemy from obtaining physical access to your computer when you are away, but it should be possible to be able to detect when they do." +If the police ever have [physical access](/glossary/#physical-attacks) to an electronic device like a laptop, even [for five minutes](https://www.vice.com/en/article/a3q374/hacker-bios-firmware-backdoor-evil-maid-attack-laptop-5-minutes), they can install hardware keyloggers, create images of the storage media, or otherwise trivially compromise it at the hardware, firmware, or software level. One way to minimize this risk is to make it tamper-evident. As the No Trace Project Threat Library [notes](https://www.notrace.how/threat-library/mitigations/tamper-evident-preparation.html), "Tamper-evident preparation will make it possible to discern when something has been [physically accessed](/glossary/#physical-attacks) - it's not possible to prevent a powerful enemy from obtaining physical access to your computer when you are away, but it should be possible to be able to detect when they do." ['Evil maid' attacks](https://en.wikipedia.org/wiki/Evil_maid_attack) work like this: An attacker gains temporary access to your [encrypted](/glossary/#encryption) laptop or phone. Although they can’t decrypt your data, they can tamper with your laptop for a few minutes and then leave it exactly where they found it. When you return and enter your credentials, you have been hacked. The attacker may have [modified data on your hard drive](https://media.ccc.de/v/gpn20-32-poc-implementing-evil-maid-attack-on-encrypted-boot), replaced the firmware, or installed a hardware component such as a keylogger. # Tamper-Evident Laptop Screws -Let's start with your laptop. For a seal to effectively alert you to intruders, it must be impossible to remove and replace without leaving a trace, and it must also be unique—otherwise, the adversary could simply replicate the seal and you’d never know they’d been there. Glitter nail polish creates a unique pattern that is impossible to replicate, and if you take a photo of this pattern, you can use it to verify that the nail polish has not been removed and reapplied in your absence, such as during a [covert house search](https://www.csrc.link/threat-library/techniques/covert-house-search.html). The presentation "[Thwarting Evil Maid Attacks](https://media.ccc.de/v/30C3_-_5600_-_en_-_saal_1_-_201312301245_-_thwarting_evil_maid_attacks_-_eric_michaud_-_ryan_lackey)" introduced this technique in 2013. +Let's start with your laptop. For a seal to effectively alert you to intruders, it must be impossible to remove and replace without leaving a trace, and it must also be unique—otherwise, the adversary could simply replicate the seal and you’d never know they’d been there. Glitter nail polish creates a unique pattern that is impossible to replicate, and if you take a photo of this pattern, you can use it to verify that the nail polish has not been removed and reapplied in your absence, such as during a [covert house search](https://www.notrace.how/threat-library/techniques/covert-house-search.html). The presentation "[Thwarting Evil Maid Attacks](https://media.ccc.de/v/30C3_-_5600_-_en_-_saal_1_-_201312301245_-_thwarting_evil_maid_attacks_-_eric_michaud_-_ryan_lackey)" introduced this technique in 2013. Mullvad VPN [created a guide](https://mullvad.net/en/help/how-tamper-protect-laptop/) for applying this technique: first apply stickers over the laptop case screws, then apply the nail polish. An [independent test](https://dys2p.com/en/2021-12-tamper-evident-protection.html#glitzer-nagellack-mit-aufklebern) noted: @@ -102,7 +102,7 @@ This excerpt assumes that we take the cell phone with us, but [as discussed else # Physical Intrusion Detection -"Defense in depth" means that there are multiple layers of security that must be bypassed for an adversary to succeed. [Physical intrusion detection](https://www.csrc.link/threat-library/mitigations/physical-intrusion-detection.html) should be in addition to tamper-evident laptops and storage. That way, even if a covert house search doesn't interact with the tamper-evident storage (for example, because the goal is to install [covert surveillance devices](https://www.csrc.link/threat-library/techniques/covert-surveillance-devices.html)), you can still find out about it. +"Defense in depth" means that there are multiple layers of security that must be bypassed for an adversary to succeed. [Physical intrusion detection](https://www.notrace.how/threat-library/mitigations/physical-intrusion-detection.html) should be in addition to tamper-evident laptops and storage. That way, even if a covert house search doesn't interact with the tamper-evident storage (for example, because the goal is to install [covert surveillance devices](https://www.notrace.how/threat-library/techniques/covert-surveillance-devices.html)), you can still find out about it. Haven is an Android app developed by the Freedom of Press Foundation that uses the smartphone’s many sensors — microphone, motion detector, light detector, and cameras — to monitor the room for changes, and it logs everything it notices. The version on [Github](https://github.com/guardianproject/haven) is newer than the Google Play store, so [use Obtanium](/posts/grapheneos/#software-that-isn-t-on-the-play-store) to install it. Haven should be used on a dedicated cheap Android device that is otherwise empty - an older [Pixel](https://www.privacyguides.org/android/#google-pixel) is a good choice because it is cheap but has good cameras. Make sure [full disk encryption](/glossary/#full-disk-encryption-fde) is enabled. If you have a smartphone in addition to the dedicated Haven phone, it should be turned off in the tamper-evident storage - if Haven was running on it instead and was discovered by the intruder, they would now have physical access to it while it was turned on. diff --git a/content/recommendations/_index.md b/content/recommendations/_index.md index a4f523b..8283d3c 100644 --- a/content/recommendations/_index.md +++ b/content/recommendations/_index.md @@ -5,7 +5,7 @@ paginate_by = 5 +++
-These recommendations are intended for all anarchists and are accompanied by guides on how to put them into practice. They are based on a threat model that protects against government security forces and equivalent adversaries that seek to achieve [targeted digital surveillance](https://www.csrc.link/threat-library/techniques/targeted-digital-surveillance.html) for [incrimination](https://www.csrc.link/threat-library/tactics/incrimination.html) or [network mapping](https://www.csrc.link/threat-library/techniques/network-mapping.html). The goal is to obscure the visibility of our enemies into our lives and projects, and to leave no trace when relevant. Technology is hostile terrain. +These recommendations are intended for all anarchists and are accompanied by guides on how to put them into practice. They are based on a threat model that protects against government security forces and equivalent adversaries that seek to achieve [targeted digital surveillance](https://www.notrace.how/threat-library/techniques/targeted-digital-surveillance.html) for [incrimination](https://www.notrace.how/threat-library/tactics/incrimination.html) or [network mapping](https://www.notrace.how/threat-library/techniques/network-mapping.html). The goal is to obscure the visibility of our enemies into our lives and projects, and to leave no trace when relevant. Technology is hostile terrain. We agree with the conclusion of an overview of [targeted surveillance measures in France](https://actforfree.noblogs.org/post/2023/07/24/number-of-the-day-89502-preventive-surveillance-measures-france/): "So let’s be clear about our responsibilities: if we knowingly bring a networked device equipped with a microphone and/or a camera (cell phone, baby monitor, computer, car GPS, networked watch, etc.) close to a conversation in which “private or confidential words are spoken” and must remain so, even if it's switched off, we become a potential state informer…" @@ -33,9 +33,3 @@ See [Encrypted Messaging for Anarchists](/posts/e2ee/) See [Make Your Electronics Tamper-Evident](/posts/tamper/). -## Preparation for Crossing Borders - -It is not recommended to risk taking the phone or computer you use every day across a border. If you do, make sure that Full Disk Encryption is enabled, that it is turned off, and that you are prepared to deny password access and accept the consequences of doing so. It is not enough to delete files (or messages, apps, etc.) before crossing the border and then unlock your device. In fact, the first thing a border team will check is whether anything was recently deleted. To prevent data recovery, you must perform a Factory Reset and then reinstall the operating system. - -A better approach is to have a dedicated travel device that you can unlock for border agents, since you always cross with a fresh operating system installation. For phones, stock Android can be [easily installed (flashed)](https://flash.android.com) on [certain phone models](https://source.android.com/docs/setup/build/flash#device-requirements) after a factory reset. The fresh phone can be populated with benign contacts such as family. Once across the border, you can restore your data and use the phone normally, but redo this process before crossing the border again. The same principle applies to computers - reinstall the operating system, make it look normal, then restore the data you need once you have crossed. If the device is taken out of your sight at any point, don’t even turn it back on before trashing it, as it may now send your password to the authorities and be infected with spyware. - diff --git a/layout/anarsec_article.typ b/layout/anarsec_article.typ index aa78ed3..d6ee16a 100644 --- a/layout/anarsec_article.typ +++ b/layout/anarsec_article.typ @@ -101,8 +101,13 @@ } else if it.dest.starts-with("/glossary#") or it.dest.starts-with("/glossary/#") { locate(location => { - let elements = query(label(it.dest.trim("/glossary#", at: start).trim("/glossary/#", at: start)), location) - text[#super[†]] + let elements = query(heading.where(label: label(it.dest.trim("/glossary#", at: start).trim("/glossary/#", at: start)), level: 2), location) + if elements.len() != 0 { + text[#super[†]] + } + else { + footnote[anarsec.guide/glossary] + } }) } else if it.dest.starts-with("/") { diff --git a/layout/python/anarsec_article_to_pdf.py b/layout/python/anarsec_article_to_pdf.py index 3be71a7..03ba266 100644 --- a/layout/python/anarsec_article_to_pdf.py +++ b/layout/python/anarsec_article_to_pdf.py @@ -135,17 +135,6 @@ class Converter: for match in re.findall(r'\[.*?\]\(/glossary\/?#(.*?)\)', markdown_content): glossary_entries.add(slugify.slugify(match)) - # Add to glossary entries the glossary entries that appear in glossary entries, recursively - added_entry = True - while added_entry: - added_entry = False - for entry in list(glossary_entries): - for match in re.findall(r'\[.*?\]\((?:/glossary|)\/?#(.*?)\)', glossary[entry][1]): - new_entry = slugify.slugify(match) - if new_entry not in glossary_entries: - glossary_entries.add(new_entry) - added_entry = True - # Add glossary entries to the Markdown content if glossary_entries: markdown_content += "\n\n# Glossary\n\n" diff --git a/themes/DeepThought/templates/index.html b/themes/DeepThought/templates/index.html index 5eab20d..5b35997 100644 --- a/themes/DeepThought/templates/index.html +++ b/themes/DeepThought/templates/index.html @@ -5,7 +5,9 @@

{{ section.title }}

+ {% if section.description %}

{{ section.description }}

+ {% endif %}
{{ section.content | safe }}