Git-Mirrors/anonymousland
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/anonymousland.git synced 2024-10-01 11:49:49 -04:00
Code Issues Packages Projects Releases Wiki Activity

Update Mullvad Browser information and update Qubes section

Browse Source
This commit is contained in:
deathrow 2023-05-01 14:53:32 -04:00
parent 8fb15c8d79
commit eeb79c72b9
No known key found for this signature in database
GPG Key ID: FF39D67A22069F73
1 changed files with 9 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
_items/1-Guide.md
View File

@ -230,10 +230,6 @@ All of your applications will occur in `Whonix-Workstation`.
There are several different ways to access Tor, primarily through a browser. There are several different ways to access Tor, primarily through a browser.
Browsers such as Brave offer this, but this should **NOT** be used, as it contains a unique fingerprint. Browsers such as Brave offer this, but this should **NOT** be used, as it contains a unique fingerprint.
[Mullvad](https://mullvad.net) has released the [Mullvad Browser](https://mullvad.net/en/browser), which focuses on minimizing the browser fingerprint and to minimize tracking.
It comes installed with UBlock Origin by-default.
With this browser being brand-new, it would be advisable to proceed with caution, but this browser does appear promising.
<br> <br>
#### Contributing to Tor #### Contributing to Tor
@ -651,10 +647,10 @@ qubes-usb-proxy
qubes-gpg-split qubes-gpg-split
``` ```
Fedora-36: Fedora-37:
``` ```
sudo qubes-dom0-update qubes-template-fedora-36 sudo qubes-dom0-update qubes-template-fedora-37
``` ```
Debian-11: Debian-11:
@ -717,101 +713,10 @@ More thoughts:
<br> <br>
#### U2F-Proxy #### Additional Setup
Using [u2f-proxy](https://qubes-os.org/doc/u2f-proxy) allows you to "compartmentalize the browser in one qube and the USB stack in another so that they are always kept separate from each other". We are able to use [u2f-proxy](https://qubes-os.org/doc/u2f-proxy) along with [yubikey](https://qubes-os.org/doc/yubikey).
Review the official documentation.
The Qubes documentation shows the following for installation:
dom0:
```
sudo qubes-dom0-update qubes-u2f-dom0
```
Now, execute this command for all the Qubes you will utilize u2f.
```
qvm-service --enable QUBE_NAME qubes-u2f-proxy
```
To install on our templates, use the following:
Fedora:
```
sudo dnf install qubes-u2f
```
Debian:
```
sudo apt install qubes-u2f
```
Finally, you must restart your Qubes.
It's suggested you read the [u2f-proxy](https://qubes-os.org/doc/u2f-proxy) documentation.
<br>
#### YubiKey
Using a YubiKey can help mitigate certain attacks such as password "snooping", along with increasing security.
Read the [official documentation](https://qubes-os.org/doc/yubikey).
Installation for template qubes:
Fedora:
```
sudo dnf install ykpers yubikey-personalization-gui
```
Debian:
```
sudo apt-get install yubikey-personalization yubikey-personalization-gui
```
The GUI on for Debian can be run via the `yubikey-personalization-gui` command.
- Choose `configuration slot2`.
- Select `HMAC-SHA1 mode: fixed 64 bit input`.
- Ensure to backup the `Secret Key (20 bytes hex)`.
Now the following is required for dom0:
```
sudo qubes-dom0-update qubes-yubikey-dom0
```
If we had changed the name of `sys-usb` or are using something other than that, we would need to edit ``/etc/qubes/yk-keys/yk-vm'' in dom0.
- Paste the `Secret Key (20 bytes hex)` into `/etc/qubes/yk-keys/yk-secret-key.hex` in dom0.
- Paste your hashed password into `/etc/qubes/yk-keys/yk-login-pass-hashed.hex` in dom0.
To get your hashed password:
```
read -r password
```
```
echo -n "$password" | openssl dgst -sha1
```
Edit `/etc/pam.d/login` in dom0 and add:
```
auth include yubikey
```
Now, edit `/etc/pam.d/xscreensaver` to include:
```
auth include yubikey
```
<br> <br>
@ -1013,8 +918,6 @@ LibreWolf is a good alternative to utilizing Arkenfox on Qubes as we cannot reas
#### General Notes #### General Notes
- For using Tor, you should only use the *official* Tor Browser. - For using Tor, you should only use the *official* Tor Browser.
- (You may want to look at [Mullvad Browser](https://mullvad.net/en/browser))
- For an ideal browser setup focused around privacy, you should **NOT** store any browser history, cookies or cache. - For an ideal browser setup focused around privacy, you should **NOT** store any browser history, cookies or cache.
- HTTPS-Only should be activated on all browsers. - HTTPS-Only should be activated on all browsers.
- Disable saving of passwords, logins, credit cards, etc. as this is a security concern saving all of this in a web browser. - Disable saving of passwords, logins, credit cards, etc. as this is a security concern saving all of this in a web browser.
@ -1031,6 +934,10 @@ There are a variety of tools to test your different browser configurations in a
- [SSL Test](https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html) - [SSL Test](https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html)
[Mullvad](https://mullvad.net) has released the [Mullvad Browser](https://mullvad.net/en/browser), which focuses on minimizing the browser fingerprint and to minimize tracking.
It comes installed with UBlock Origin by-default.
With this browser being brand-new, it would be advisable to proceed with caution, but this browser does appear promising.
<br> <br>
--- ---