Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-06-08 06:42:56 -04:00
Code Issues Projects Releases Packages Wiki Activity

clarify VPN phrasing

Browse source
This commit is contained in:
anarsec 2024-04-25 18:46:36 +00:00
parent d6c72fd6b9
commit f95c4b0a6a
No known key found for this signature in database
4 changed files with 14 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

2
content/posts/grapheneos/index.md
View file

@ -136,7 +136,7 @@ To install and configure Sandboxed Google Play:
### Installing a VPN
You are now ready to install applications from the Google Play Store. The first application we are going to install is a [VPN](/glossary/#vpn-virtual-private-network). If you can afford to pay for a VPN, we recommend both [Mullvad](https://www.privacyguides.org/en/vpn/#mullvad) and [IVPN](https://www.privacyguides.org/en/vpn/#ivpn). Otherwise, we recommend RiseupVPN. A VPN subscription should be purchased anonymously — vouchers are available from [Mullvad](https://mullvad.net/en/blog/2022/9/16/mullvads-physical-voucher-cards-are-now-available-in-11-countries-on-amazon/) and [IVPN](https://www.ivpn.net/knowledgebase/billing/voucher-cards-faq/) to purchase the subscription anonymously without cryptocurrency.
You are now ready to install applications from the Google Play Store. The first application we are going to install is a [VPN](/glossary/#vpn-virtual-private-network). If you can afford to pay for a VPN, we recommend both [Mullvad](https://www.privacyguides.org/en/vpn/#mullvad) and [IVPN](https://www.privacyguides.org/en/vpn/#ivpn). Otherwise, you can use RiseupVPN, although it has far fewer users to blend in with, and it doesn't meet several important [security criteria for VPN providers](https://www.privacyguides.org/en/vpn/#criteria), such as published security audits of its code and infrastructure. A VPN subscription should be purchased anonymously — vouchers are available from [Mullvad](https://mullvad.net/en/blog/2022/9/16/mullvads-physical-voucher-cards-are-now-available-in-11-countries-on-amazon/) and [IVPN](https://www.ivpn.net/knowledgebase/billing/voucher-cards-faq/) to purchase the subscription anonymously without cryptocurrency.
VPNs must be installed in each user profile separately. All standard GrapheneOS connections will be forced through the VPN (except for [connectivity checks](https://grapheneos.org/faq#default-connections), which can be optionally [disabled](https://privsec.dev/posts/android/android-tips/#connectivity-check)). We recommended using a VPN in every profile, for reasons that are well-summarized by the [Security Lab](https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/):

6
content/posts/qubes/index.md
View file

@ -325,10 +325,10 @@ To understand this configuration, it may help to visualize the qubes involved in
## Configure connecting to the VPN before Tor
Unless you are intentionally using [Internet not tied to your identity](/posts/tails-best#internet-not-tied-to-your-identity), we recommend connecting to a VPN *before* connecting to Tor (i.e. [You → VPN → Tor → Internet](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN#you-vpnssh-tor)).
We recommend connecting to a VPN *before* connecting to Tor (i.e. [You → VPN → Tor → Internet](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN#you-vpnssh-tor)) when you are using an Internet connection tied to your identity.
* To configure connecting to a VPN *before* connecting to Tor, go to sys-whonix's **Settings → Basic** tab and change the net qube to `sys-vpn`.
* When using Internet from home, its best to use a VPN for all network traffic. But if you are intentionally using Internet not tied to your identity, such as Wi-Fi at a random cafe, the VPN ties you to any other computer activity you've used it for (via your subscription). In this scenario, you can change sys-whonix's net qube back to `sys-firewall` (connect to Tor directly), or change sys-whonix's net qube to another VPN qube (`sys-vpn-2`) that uses a compartmentalized VPN subscription.
* When using the Internet from home, it is best to use a VPN for all network traffic — this puts your trust in your VPN instead of an inherently untrustworthy Internet Service Provider. But if you are intentionally using an [Internet connection not tied to your identity](/posts/tails-best/#an-internet-connection-not-tied-to-your-identity), such as Wi-Fi at a random cafe, the VPN ties you to any other computer activity you've used it for (via your subscription). In this scenario, you can change sys-whonix's net qube back to `sys-firewall` (connect to Tor directly), or change sys-whonix's net qube to another VPN qube (`sys-vpn-2`) that uses a compartmentalized VPN subscription.
* As a last step, we will verify that only `sys-vpn` has its net qube set to `sys-firewall`. Go to **Applications menu → Qubes Tools → Qube Manager** and sort the entries by "Net qube" to make this easier.
For more information on the rationale of this configuration, see [Privacy Guides](https://privacyguides.org/en/advanced/tor-overview/#safely-connecting-to-tor). Note that you should not connect to a VPN *after* Tor because this [breaks Stream Isolation](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN#you-tor-x).
@ -447,7 +447,7 @@ To create a Kicksecure disposable, go to **Applications menu → Qubes Tools →
* **Networking**: default (sys-firewall)
* In the new qubes' **Settings → Advanced** tab, under "Other", check "Disposable Template", then press **OK**. You will now see the disposable in the Apps tab of the Applications Menu. Make sure you are not working in the disposable Template (the same name in the Templates tab of the Applications menu).
Kicksecure is [considered untested](https://www.kicksecure.com/wiki/Qubes#Service_VMs) for sys qubes. If you set all sys qubes to use the Debian Template during the Qubes OS installation, and set sys qubes to be disposable, the Template for `sys-net`, `sys-firewall`, and `sys-usb` will be `debian-12-dvm`. If you want to use disposable Kicksecure for sys qubes, set `sys-net`, `sys-firewall`, and `sys-usb` to use the `kicksecure-17-dvm` Template.
Kicksecure is [not officially supported](https://forums.kicksecure.com/t/kicksecure-for-sys-qubes-and-sys-vpn/442/2) for sys qubes. If you set all sys qubes to use the Debian Template during the Qubes OS installation, and set sys qubes to be disposable, the Template for `sys-net`, `sys-firewall`, and `sys-usb` will be `debian-12-dvm`. If you want to use disposable Kicksecure for sys qubes, set `sys-net`, `sys-firewall`, and `sys-usb` to use the `kicksecure-17-dvm` Template.
# Appendix: Hardware Security

15
content/posts/tails-best/index.md
View file

@ -74,11 +74,11 @@ To explain how this works, it helps if you have a basic understanding of what To
For your *physical footprint*, a surveillance operation can observe you go to a cafe regularly, then try to correlate this with online activity they suspect you of (for example, if they suspect you are a website moderator, they can try to correlate these time windows with web moderator activity). For your *digital footprint*, if you are using Internet from home, an investigator can observe all your Tor traffic and then try to correlate this with online activity they suspect you of. For your *specific online activity*, a more sophisticated analysis would involve logging the connections to the server for detailed comparison, and a simple analysis would be something that is publicly visible to anyone (such as when your alias is online in a chatroom, or when a post is published to a website).
You can mitigate the techniques available to powerful adversaries by **prioritizing .onion links when available**, by **taking the possibility of targeted surveillance into account** and by **not using an Internet connection that is tied to your identity**.
You can mitigate the techniques available to powerful adversaries by **prioritizing .onion links when available**, by **taking the possibility of targeted surveillance into account** and by **using an Internet connection that is not tied to your identity**.
### Internet not tied to your identity
### An Internet connection not tied to your identity
Using Internet that is not tied to your identity means that if an attack on the Tor network succeeds, it still doesn't deanonymize you. You have two options: using Wi-Fi from a public space (like going to a cafe without CCTV cameras), or using a Wi-Fi antenna through a window from a private space.
Using an Internet connection that is not tied to your identity means that if an attack on the Tor network succeeds, it still doesn't deanonymize you. You have two options: using Wi-Fi from a public space (like going to a cafe without CCTV cameras), or using a Wi-Fi antenna through a window from a private space.
#### Working from a public space
@ -98,11 +98,11 @@ When using Wi-Fi in a public space, keep the following operational security cons
If you need to regularly use the Internet for projects like moderating a website or hacking, going to a new Wi-Fi location after doing surveillance countermeasures might not be realistic on a daily basis. Additionally, a main police priority will be to seize the computer while it is unencrypted, and this is much easier for them to achieve in a public space, especially if you are alone. In this scenario, the ideal mitigation is to **use a Wi-Fi antenna positioned behind a window in a private space to access from a few hundred metres away** — a physical surveillance effort won't observe you entering a cafe or be able to easily seize your powered-on laptop, and a digital surveillance effort won't observe anything on your home Internet. To protect against [hidden cameras](https://www.notrace.how/earsandeyes), you should still be careful about where you position your screen.
If a Wi-Fi antenna is too technical for you, you may even want to **use your home internet** for some projects that require frequent internet access. This contradicts the previous advice to not use an Internet connection that is tied to your identity. It's a trade-off: using Tor from home avoids creating a physical footprint that is so easy to observe, at the expense of creating a digital footprint which is more technical to observe, and may be harder to draw meaningful conclusions from (especially if you intentionally [make correlation attacks more difficult](/posts/tails/#make-correlation-attacks-more-difficult)). There are two main deanonymization risks to consider when using your home internet: that the adversary deanonymizes you through a targeted correlation attack, or that they deanonymize you by hacking your system (such as through [phishing](/posts/tails-best/#phishing-awareness)) which [enables them to bypass Tor](/posts/qubes/#when-to-use-tails-vs-qubes-os).
If a Wi-Fi antenna is too technical for you, you may even want to **use your home internet** for some projects that require frequent internet access. This contradicts the previous advice to not use an Internet connection that is tied to your identity. It's a trade-off: using Tor from home avoids creating a physical footprint that is so easy to observe, at the expense of creating a digital footprint which is more technical to observe, and may be harder to draw meaningful conclusions from (especially if you connect to a VPN *before* connecting to Tor, see the [appendix](/posts/tails-best#appendix-vpns-and-tails)). There are two main deanonymization risks to consider when using your home internet: that the adversary deanonymizes you through a Tor correlation attack, or that they deanonymize you by hacking your system (such as through [phishing](/posts/tails-best/#phishing-awareness)) which [enables them to bypass Tor](/posts/qubes/#when-to-use-tails-vs-qubes-os).
#### To summarize
For sensitive and irregular Internet activities, use Internet from a random cafe, preceeded by surveillance detection and anti-surveillance. For activities that require daily Internet access such that taking surveillance countermeasures and finding a new cafe isn't realistic, it's best to use a Wi-Fi antenna. If this is too technical for you, using your home Wi-Fi is an option, but this requires trusting Tor's resilience to correlation attacks and the measures you take against being hacked.
For sensitive and irregular Internet activities, use an Internet connection from a random cafe, preceeded by surveillance detection and anti-surveillance. For activities that require daily Internet access such that taking surveillance countermeasures and finding a new cafe isn't realistic, it's best to use a Wi-Fi antenna. If this is too technical for you, using your home Wi-Fi is an option, but this requires trusting Tor's resilience to correlation attacks and the measures you take against being hacked.
# Reducing risks when using untrusted computers
@ -127,7 +127,7 @@ This second issue requires several mitigations. Let's start with a few definitio
* *Software* is the instructions for the computer, which are written in "code".
* *Hardware* is the physical computer you are using.
* *Firmware* is the low-level software that's embedded in a piece of hardware; you can simply think of it as the glue between the hardware and higher-level software of the operating system. It can be found in several different components (hard drives, USB drives, graphics processor, etc.).
* *Firmware* is the low-level software that's embedded in a piece of hardware; you can simply think of it as the glue between the hardware and higher-level software of the operating system. It can be found in [several different components](https://www.kicksecure.com/wiki/Firmware_Security_and_Updates#Firmware_on_Personal_Computers) (hard drives, USB drives, graphics processor, etc.).
* *BIOS* is the specific firmware that's embedded in the "motherboard" hardware and responsible for booting your computer when you press the power button.
Our adversaries have two categories of attack vectors: [physical attacks](/glossary/#physical-attacks) (via physical access) and [remote attacks](/glossary/#remote-attacks) (via the remote access of the Internet). An adversary with physical access can compromise the software (e.g. by replacing the operating system with a malicious version), the hardware (e.g. by adding a keylogger), and the firmware (e.g. by replacing the BIOS with a malicious version). An adversary with remote access starts by hacking you (a software compromise) and can then proceed to compromise the firmware.
@ -374,3 +374,6 @@ Now we know that we have a genuine version of the Tails public key. `gpg` also
Now that we know that we have a genuine version of the Tails .img file, we can proceed to install it on a USB.
# Appendix: VPNs and Tails

2
content/recommendations/_index.md
View file

@ -14,7 +14,7 @@ You may also be interested in the Threat Library's ["Digital Best Practices"](ht
## Your Phone
>**[Operating system](/glossary#operating-system-os)**: **GrapheneOS** is the only reasonably secure choice for cell phones. See [GrapheneOS for Anarchists](/posts/grapheneos/). [Kill the cop in your pocket](/posts/nophones/) — if you decide to have a phone, treat it like an "encrypted landline" and leave it at home when you are out of the house.
>**[Operating system](/glossary#operating-system-os)**: **GrapheneOS** is the only reasonably secure choice for cell phones. See [GrapheneOS for Anarchists](/posts/grapheneos/). If you decide to have a phone, treat it like an "encrypted landline" and leave it at home when you are out of the house. See [Kill the Cop in Your Pocket](/posts/nophones/).
## Your Computer