Git-Mirrors/anonymousland
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/anonymousland.git synced 2024-07-04 23:31:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
3aa768411a
anonymousland/_items/Another guide.md

14 KiB
Raw Blame History

layout description title
page Just... a guide Another Guide :/

“You never appreciate your anonymity until you don't have it anymore"

The Guide

Note: This is still a work in progress!

Well... I never thought i'd be making a guide so, here we go.... I guess....
Let's define a few important things here:

Adversary: Your threat.

Privacy: The act of your personal activities being hidden from public.

Security: The act of protecting yourself and online content such as files from either known and / or unknown adversary.

Anonymity: The act of hiding yourself to become indistinguishable from everyone else. (blending in)

Getting Started

Disclaimer: This is for education / research.

Table of contents:

>> Important Concepts
>> Proper Mindset
>> Knowing Your Adversary
>> Setting Goals
>> Creating Your Threat model
>> Knowing Resources
>> Getting Ready to "clean up"
>> Setting Your Foundation

Important Concepts

This guide requires you to understand various important concepts in order to truly be anonymous - The following below is to be ASSUMED.

  • Understanding of TOR and Its threats
  • Understanding benefits and downfalls of a VPN
  • Understanding important privacy concepts
  • Understanding important security concepts
  • Understanding the principles of thread modeling
  • Understanding how the internet functions

Proper Mindset

Having the proper mindset when starting a process like this, is critical for success. You must be both willing and determined.

Here is a general thought process...

  • Always always always know what you are doing. You don't want to compromise yourself because you thought you knew what you were doing. Make sure 100%. Do research before.

  • Have a strong mind. Most flaws are user error, meaning YOU. Having a strong mind is critical. You must be in a clear state of mind, and almost be "talking to yourself" mentally. Ask yourself before you do something "is this right". A good memory is CRITICAL. You are going to need to remember almost EVERYTHING you do on the internet if you want to do this "properly". Don't be compromised because you forgot something. Let's eliminate user error. More on this subject will be later in this guide.

  • Take over-procedures. Don't "skimp" out on encryption because you don't feel like entering in a password. Don't be lazy.

  • Do not compromise your security for a friend. If they are your friend, they will respect your new-founded love for being secure.

  • Do not reveal more than you need to. MMJ doesn't need to know what you had for lunch.

(things to keep in mind)* Reveal as little about yourself and origin as possible.

  • Remember - you can be identified by more ways than you can imagine.

  • Do not trust anyone.

  • Your life will change drastically.

  • Do not be lazy


Setting Goals

We need to understand what we are trying to accomplish.

Think - what are you trying to do?

You need to properly identify a threat model, an adversary along with performing a self-analysis. You need to understand your own flaws.


Creating your threat model

The most important part of your setup.

Threat modeling can become an advanced topic, you will need to learn how to balance security, privacy and anonymity. You'll need to properly layout and identify what you are protecting yourself from. Everyone has something to protect, whether it is passwords, location, internet activity, confidential documents, etc. The items you are trying to protect will be referred here as "assets".

Ask yourself these basic questions:

  • What am I trying to protect?
  • Who am I trying to protect this from?
  • What happens if I fail to protect this?

These are some basic questions to ask yourself when creating your threat model. Based upon your answers to these questions, will determine the route you must go. Example - You don't want your neighbor Joe to see you sleeping, so you close your blinds.

Developing a threat model will require a lot of time and effort. You will need to think of every possibility for your "assets". Using your resources. you will need to start documenting various tools and services will be a benefit to you, such as ProtonMail, TOR, Matrix, etc. The tools and services will all depend on your threat model.

Examples:

  • If you are trying to hide internet activity, then you would likely use a proxy, TOR, or a VPN.

  • If you want to encrypt your emails, you would likely use a secure email provider and PGP.

  • If you want to encrypt your communications, you would likely use an encrypted messenger.

Listed below are some useful resources for getting started.


Knowing Resources

Along your journey, you'll need to have the proper resources at hand to deal with any sort of situation you will be facing. Get yourself accustomed to these resources to better understand various conceptions and prepare yourself.

Common Tools:
More:

Getting Ready to "clean up"

What is "cleaning up"?

Simply put, cleaning up is the process of deleting your various traces on the internet. For the average person, this will be a long and arduous process. You'll have to go through every single online account, email, activity, forum, message, game, etc. and literally delete everything. This may seem extremely tedious - but remember, your adversary can easily find these data points and exploit them.

How to do this efficiently? Well... there is no "efficient" method, you just have to brute force this all of your data points have somewhat been eliminated.

You can first start by going to various apps that you are already signed into, start to delete all of your activities, message, posts and friends. You'll have to do this for all of your "currently-known" services. After you've done this, make sure everything is deleted including your PfP, and change your username, anonymize as much data as possible such as changing username, email and other s. After you've done this, you are now ready to delete this account.

As for finding services you may have forgotten, look through your entire email and find services you may have signed up for and start to do the same process. Try to search up your commonly-used usernames to help you with this process. Do this for every single account, just to ensure there is not anything that you may have missed.

There are some services which exist that can help expedite this process, though be aware of the risks involved in doing this.


Setting your foundation

Our foundation will be the core of our setup. Everything done here will impact the level of security, privacy and anonymity that we have.


Choosing an Operating System

Choosing our operating system is one of the most important pieces for this setup. This guide will be focused around QubesOS, but any type of linux/unix OS should be suitable as long as it is properly configured & hardened for our needs.


QubesOS
Note: Your PC may not have enough RAM for this setup, modify it based upon your needs.

For our setup with Qubes, we are going to be heavily utilizing virtualization. Ensure your PC has enough RAM. Make sure you verify the ISO and such. During installation, ensure to encrypt the disk along with a secure password as an insecure one could easily comprise the entire system. Ensure that Whonix will be installed along with updates over TOR. After installation, ensure everything is updated.


"Splitting"

Let's startup by creating some basic VMs. To start, clone vault and create pgp-keys and ssh-keys to store our keys securely. Both should have no internet access. We will need to properly setup split-pgp and split-ssh. Using the "split" method, we are able to create an additional split-browser and a split-dm-crypt.


Qube Template

As for networking, if you have a VPN service such as ProtonVPN, you are able to utilize qtunnel and setup multiple VPNs. For each of our VPN VMs, we will need a sys-firewall. If you wanted a dedicated sys-dns, you would be able to do this as well. Make sure to read the proper documentation on how to achieve this.

sys-net -> sys-firewall -> sys-vpn -> sys-firewall-vpn

We will now create additional VMs for our use.

  • sys-net -> sys-firewall -> sys-firewall-email-personal -> personal-email - By placing the firewall here, this allows us to only whitelist internet traffic from specifically our email provider.

  • sys-net -> sys-firewall -> sys-firewall-IN-vpn-us-1 -> sys-vpn-us-1 -> sys-firewall-vpn-us-1 - This again gives us the ability to whitelist traffic from only the sys-vpn-us-1.

More:

  • personal-web - Web Traffic
  • personal-email - Email
  • personal-dvm - Disposable
  • personal-random - Random Web
  • personal-social - Social Activity
  • sys-personal-vpn - VPN for only personal
  • sys-firewall-personal - Firewall for only personal
  • personal-vault - Vault VM for only personal

This can be used for a wide variety of activities, not just specifically "personal". Your setup should take heavy use of the sys-firewall VM. We can utilize the firewall to help maintain compartmentalization among our system. The firewall can be useful for preventing data leaks & sniffing along with enforcing VPN policies.


Additional Setup

You are never truly done configuring and setting up Qubes. There will always be more and more to configure. This section goes through some of these additional configurations.

U2F-Proxy

Like the variety of tools offered by QubesOS, u2f-proxy is no exception. This is an amazing tool that we will use for multi-factor authentication. This allows you to "compartmentalize the browser in one qube and the USB stack in another so that they are always kept separate from each other".

The Qubes documentation shows the following for installation:

dom0:

sudo qubes-dom0-update qubes-u2f-dom0

Now, execute this command for all the Qubes you will utilize u2f.

qvm-service --enable QUBE_NAME qubes-u2f-proxy

To install on our templates, use the following:

Fedora:

sudo dnf install qubes-u2f

Debian:

sudo apt install qubes-u2f

Finally, you must restart your Qubes. It's suggested you read the u2f-proxy documentation.


YubiKey

Using a YubiKey can help mitigate certain attacks such as password "snooping", along with increasing security. Read the official documentation.

Installation for template VMs:

Fedora:

sudo dnf install ykpers yubikey-personalization-gui

Debian:

sudo apt-get install yubikey-personalization yubikey-personalization-gui

The GUI on for Debian can be run via the yubikey-personalization-gui command.

  • Choose configuration slot2.
  • Select HMAC-SHA1 mode: fixed 64 bit input.
  • Ensure to backup the Secret Key (20 bytes hex).

Now the following is required for dom0:

sudo qubes-dom0-update qubes-yubikey-dom0

If we had changed the name of sys-usb or are using something other than that, we would need to edit ``/etc/qubes/yk-keys/yk-vm'' in dom0.

  • Paste the Secret Key (20 bytes hex) into /etc/qubes/yk-keys/yk-secret-key.hex in dom0.

  • Paste your hashed password into /etc/qubes/yk-keys/yk-login-pass-hashed.hex in dom0.

To get your hashed password:

read -r password

echo -n "$password" | openssl dgst -sha1

Edit /etc/pam.d/login in dom0 and add:

auth include yubikey

Now, edit /etc/pam.d/xscreensaver to include:

auth include yubikey

GUI-VM

This is for advanced users. Read the official documentation.

Utilizing TOR

TOR can be an extremely useful tool. Combined with QubesOS, our limit is the sky.


Additional utilization

Other

Creating our aliases

For setting our foundation, we are going to be creating a variety of aliases and each of these aliases are going to each need an "arsenal". For step 1 we are going to need a password manager.

Upon creating our aliases we will have several different approaches:

  1. Each username, email, and other will be completely random
  2. Each alias will have its own email, username, etc.