Misc. formatting edits from a friend

2024-06-18 10:49:59 +00:00 · 2022-06-09 03:22:09 +00:00 · 2022-06-09 03:22:09 +00:00 · b17bb1d7bd
commit b17bb1d7bd
parent 3508f9303c
1 changed files with 317 additions and 303 deletions
--- a/README.md
+++ b/README.md
@ -33,7 +33,7 @@
    - [Blending](#blending)
 - [Minimize Architecture](#minimize-architecture)
 - [Automated Shutdown Procedures](#automated-shutdown-procedures)
-	- [Dead Man's Switch](#dead-man's-switch)
+    - [Dead Man's Switch](#dead-mans-switch)
 - [Play on Resources](#play-on-resources)
 - [Radio Transmitters](#radio-transmitters)
 - [EMF Shielding](#emf-shielding)
@ -88,6 +88,7 @@ While federal agents certainly aren't possessors of divine power and are largely
 While we understand that circumvention is not a simple nor passive process, it doesn't take billions of dollars in black budget funds to orchestrate. The vast majority of the work is placed in security procedures such as network traffic encryption, local disk encryption, and communications security.
 Anti-forensics, or the reduction, removal, and obscuration of forensic data, has been around for quite some time. There are a variety of methods for stifling both private and public investigations. From the physical side, this could include any action that removes traces such as fingerprints, hair samples, etc.
 The digital side of forensics has taken off in recent years. This is multi-faceted from network traffic to random access memory (RAM) to disk storage, and ultimately ties back into physical security.
 What is to come throughout this book consists of not only methods of strong cryptographic implementations, automated tasking, and obscurity, but underlying concepts for increasing the time expended on investigations. If you make a large enough splash against the system, they will come after you with all of their resources. If you dive deep enough, you can at least reach the bottom and muddy the waters. Successful operations often depend on how long you can hold your breathe.
@ -106,6 +107,7 @@ Central processing units (CPU) have a narrowed list of options. For the vast maj
 ## Operating System
 Researching the right operating system (OS) for your specific operation can be a monstrous task. If Operations Security (OPSEC) is of utmost importance, then operating systems that generate excess logs and call home with telemetry and error reporting should be ruled out.
 For desktop, this process eliminates Windows, Mac, and ChromiumOS/CloudReady from the race. While there are significant attempts at undermining Windows telemetry, this requires a substantial amount of effort that is bound to corrupt processes and retain the bloat from disabled software.
 >Note: Solutions with Windows 10 aren't necessarily the anti-thesis to anti-forensics. These systems have excessive bloat, however they can pursue the same aims. Windows provides many areas to hide files amongst the system. Windows systems can also be an overload to inexperienced investigators with the caches, shellbags, shortcut files, monolithic registry hives, and a myriad of ways to set persistence mechanisms. This could force investigators to expend more time in the investigation. The reason it is avoided in this book is due to the proprietary blobs, bloatware, legacy protocols (which will continue to render it vulnerable to exploitation), and excess telemetry. In good faith, one could not claim to provide secure cryptography on a system that was designed for the aims of counterinsurgency.
@ -124,7 +126,7 @@ GNU/Linux based phones, such as Pine64's Pine Phone[^14] or Purism's Librem 5,[^
 ## Disable Logging
 Disabling logs at the source is the best solution to ensure excess logs are not being stored. Daemons or processes can automate the process of log collection. This has its useful functions for both debugging and security (auditing), however it is detrimental to the idea of information retention. It is strongly advised to periodically shred the log files if not disabling the logging daemons entirely.
-Some pro
+
 Some developers have created simple bash and python scripts that remove and disable the logging daemons such as CoverMyAss.[^16] Scripts aren't necessarily needed, however they could automate a manual process and identify logging components of your system that you did not know were present.
 Here is a quick example of disabling logging daemons on GNU/Linux with the SystemD service manager:
@ -140,10 +142,12 @@ While it is wise to reduce your logging footprint locally on your device, full d
 ## Clear Caches
 There are various caches containing sensitive information on both mobile devices and GNU/Linux systems. Linux systems have the tendency to push most logs to the /var/log/ directory. This is a simple deletion process.
 Due to Android sandbox implementations, caches can no longer be centrally erased; caches must be cleared on individual applications. System logging is also sprawled across various directories.  Reducing locally generated logs on Android is comparable to removing telemetry from Windows OS variants. Clearing caches on Android provides no serious benefit, but it does remove the amount of data present on the device. For proper privacy, only trusted applications should be used - preferably Free and Open-Source (FOSS).
 ## Secure Deletion
 Deletion of files in most operating systems today is a loose version of the term. Deletion implies the eradication of the selected file. Rather, this is deletion of the file's reference. To truly delete a file from the drive, one must completely overwrite the data. This can be done over time by passive dumb luck or it could be a conscious effort. There are existing tools for secure deletion (wiping over the file) on most platforms. On GNU/Linux systems, there is a tool in the "secure-delete" package called shred that will zero over the file. This performs deletion using the Gutmann method. Another tool called Bleachbit[^17] is known to clean the caches of the system. Built into the tool is an option to overwrite all free space on the disk. This could be a routine cleanup procedure for the concerned. On Windows, there is a tool included in the SysInternals[^18] package called SDelete that will provide a similar function to GNU/Linux's shred.
 A simple shred command in a Linux bash shell: `shred -n 32 -z -u <FILE>`
 This command would use GNU coreutils shred function to wipe over the designated file with 32 iterations. The -z adds a final overwrite to hide the shredding process, and the -u unlinks the file completely.
@ -155,17 +159,23 @@ The NSA has in the past developed malicious firmware for HDDs that can create se
 Media access control (MAC) addresses are unique identifiers for network interface controllers/cards (NIC). These identifiers exist at Layer 2 of the OSI model.[^19] As one could expect, unique identifiers can be problematic. Proprietary router firmware such as Netgear and other vendors can attempt to correlate static MACs to individuals. Your MAC could also be correlated between different routers and subsequently different router SSIDs. Wardriving is a method by which organizations will scan for SSIDs around different areas to collect MAC addresses and SSIDs.
 All anti-forensic operating systems  spoof or randomize the MAC address by default. A GNU/Linux utility called `macchanger` can alter and randomize the MAC address.
 Set MAC to one by the same vendor: `macchanger -a <interface (i.e. eth0)>`
 Set a random vendor MAC of any kind: `macchanger -A <interface (i.e. eth0)>`
 Using the `-r` flag will set a fully random MAC. This isn't necessarily a problem, but it will stand to make an anomaly out of you. Mimic known vendors to help blend in the crowd. Combine this with a service manager to automatically run on each boot.
 This is not the only implementation of MAC randomization. Some services such Network Manager now provide this feature by setting MAC randomization via service configuration files.
 GrapheneOS, and other non-stock OSs have begun to randomize MAC address upon connection to different wireless networks.
 To check whether this setting is enabled, go to `Settings > Wi-Fi > Settings Gear > Advanced > Privacy > Use fully randomized MAC (default)`
 ## Traffic Manipulation
 ### Packet Filter
 While physical forensics is a primary concern of investigations, network forensics can provide fruit-bearing evidence to investigators. Therefore it is vital to restrict and regulate what traffic is passed on.
 Packet filters (often mistakenly called firewalls) can be leveraged to place limitations on ingress (inbound) and egress (outbound) traffic from the perspective of the local system's network interface card (NIC). Firewalls are packet filters that are their own separate device intended solely for the function of filtering traffic. If you don't want certain applications phoning home with device information, they can be restricted based on application, port, and/or IP address. This can become very granular. For most purposes using a local client, you should block all incoming traffic. If services are being hosted by a server such as a website or Instant Messenger (IM) instance, packet filtering becomes more complex as certain ports have to remain open to properly host a service.
 ### Proxy
@ -186,7 +196,9 @@ Both of these channels have some pitfalls, so why not combine them for layered s
 I2P[^23] or the Invisible Internet Project spawned in 2003. This is an encrypted private network layer designed to mask user identity. I2P is not the same idea as TOR, although some concepts cross over. I2P users cannot officially communicate with clearnet sites like TOR users can; all I2P traffic stays internal to the I2P network. Without having the exit of traffic via exit nodes or outproxies to the internet, this reduces usability and enhances privacy. I2P can prove useful at limiting the information captured by global passive adversaries. I should note that some mixnets have called I2P legacy technology claiming that it opens up users to a number of attacks that can isolate, misdirect, and deanonymize users. Therefore I2P should not be solely relied on. If one is adament about using I2P, there are configurations that facilitate the use of I2P via TOR.
-Mixnets have the goal of anonymizing packets through uniformity. The design is to obscure and craft packets of the same size despite the amount of data being transmitted. Often times mixnets have technology that address time-based attacks, provide decoy or cover traffic, and implement uniformity of packets, however the pitfalls tend to be lack of scrutiny and adoption. Anonymity loves company, and most mixnets lack that component, especially in their early conceptions. Due to the lack of scrutiny with early conception and lack of adoption, I cannot provide any recommendations. Even if one is to involve themselves with the use of a mixnet, they should be on guard. Intelligence agencies are not ones to shy away from a good honeypot. While not a perfect example as this wasn't a mixnet, the FBI ran an operation with an operating system called ArcaneOS and a built-in messaging platform called anom[.]io[^24] designed for organized crime. ANOM was an application that opened as a calculator which had the user enter a pin to reach the hidden messenger. All communications were intercepted. The morale of the story is that the slightest amount of skepticism into the website communications, hosting platform, or the closed-source application could've prevented the downfall of multiple criminal enterprises globally. The same skepticism should be applied to any organization unwilling to address their shortcomings and model their potential attack vectors. Many are willing to route your traffic, and node-based cryptocurrency projects with a model that resembles that of a ponzi-scheme could always be a source of both black budget funds and traffic analysis for letter agencies. I have no fingers to point or organizations to accuse. However, it is far from a half-cocked conspiracy that intelligence agencies would engage in this type of activity. 
+Mixnets have the goal of anonymizing packets through uniformity. The design is to obscure and craft packets of the same size despite the amount of data being transmitted. Often times mixnets have technology that address time-based attacks, provide decoy or cover traffic, and implement uniformity of packets, however the pitfalls tend to be lack of scrutiny and adoption. Anonymity loves company, and most mixnets lack that component, especially in their early conceptions. Due to the lack of scrutiny with early conception and lack of adoption, I cannot provide any recommendations. Even if one is to involve themselves with the use of a mixnet, they should be on guard. Intelligence agencies are not ones to shy away from a good honeypot. While not a perfect example as this wasn't a mixnet, the FBI ran an operation with an operating system called ArcaneOS and a built-in messaging platform called anom[.]io[^24] designed for organized crime.
 ANOM was an application that opened as a calculator which had the user enter a pin to reach the hidden messenger. All communications were intercepted. The morale of the story is that the slightest amount of skepticism into the website communications, hosting platform, or the closed-source application could've prevented the downfall of multiple criminal enterprises globally. The same skepticism should be applied to any organization unwilling to address their shortcomings and model their potential attack vectors. Many are willing to route your traffic, and node-based cryptocurrency projects with a model that resembles that of a ponzi-scheme could always be a source of both black budget funds and traffic analysis for letter agencies. I have no fingers to point or organizations to accuse. However, it is far from a half-cocked conspiracy that intelligence agencies would engage in this type of activity.
 In regards to implementation, there are a variety of options. Host-based virtualization with pre-configured systems like Whonix can be used. This routes all of the Whonix workstation's traffic through the Whonix gateway to prevent leakage. A bootable TAILS USB is also preconfigured to allow only TOR traffic, excluding the exempt or whitelisted insecure browser designed for getting your device through WiFi portals. Open-source operating systems, such as OpenWRT, on a travel router can force certain subnets to use a VPN configuration or route via TOR.
@ -195,8 +207,10 @@ As previously stated in the Traffic Leakage section, software-based routing shou
 ## Browsing
 ### Browser Configuration
 It is no secret that governments deliver malware based on anomalous internet activity, alternately put, flagged activity. While the common forms of investigations are typically conducted via physical device seizure, security mechanisms should be taken into account to stunt "passive" investigations. Browsers can be configured to disable the installation of extensions, device storage usage, setting alterations, theme changes, cookie restrictions, and cache deletions. The most important facets of private internet browsing include the browser security model, fingerprinting mitigations, and reliance on JavaScript.
 For the security model, ungoogled variants of Chromium[^27] are advised. The security model exists unlike Gecko-based browser derivatives (i.e. Firefox).
 Browser security and anti-fingerprinting do not always align. For instance, the TOR Browser is not unique based on fingerprinting. Tor Browser with JavaScript disabled is generally a secure setup despite being based on Gecko. Most browser-based vulnerabilities require JavaScript or some other browser-run code (fonts, WebGL, etc). Tor Browser on security setting "Safest" reduces this attack surface significantly. While Chromium browsers may have upped the ante in terms of security, many do not have any built-in anti-fingerprinting mechanisms. Some projects have taken the initiative to provide anti-fingerprinting configurations such as Bromite[^28] or Brave Browser[^29]. Using a privacy-tweaked configuration of Brave Browser is the best option for those who are not technical. However, many of the problems that plague vanilla Chromium can be mitigated with the right appended flags for process execution.
 To further elaborate, whenever Chromium is executed, it can be ran by typing the following into terminal:
 ```
 /usr/bin/chromium %U --disable-reading-from-canvas --disable-3d-apis --disable-component-update --disable-background-networking --user-agent="" --no-default-browser-check --incognito --disable-breakpad --no-crash-upload --no-report-upload --disable-crash-reporter --disable-speech-synthesis-api --disable-speech-api --disable-cloud-policy-on-signin --disable-print-preview --disable-drive --disable-full-history-sync --disable-sync
@ -216,10 +230,7 @@ Searx instances[^32] are decentralized search engines that can be stood up by an
 ## Live Boot
 Live media (USB or CD) can be booted from in a process called Live Boot. Data is prevented from being stored on the hard drive of your computer (so long as you do not attempt to decrypt your hard drive that is detected). Nothing lives in permenance from the live boot. This is a useful tool for the privacy conscious as there is little to no cleanup process of your actions. Some operating systems such as The Amnesiac Incognito Live System (TAILS)[^33] are forensicly conscious and wipe the data from the device's physical memory once the USB is removed or the system is shutdown. This is not always the case for live media. Be conscious of network activity living on in permenance. This is where the use of strong cryptography can come into play from Virtual Private Network (VPN) configurations to the use of TOR. Live booting reduces the effectiveness of the Cold Boot attacks. Cold boot is heavily reliant upon data that is temporarily stored in Random Access Memory (RAM).
->Note: Cold boot attacks require a system to be under attacker control. DDR3 memory modules lose data within 3 seconds of losing power under normal circumstances. DDR4 loses data within 1 second (more like a fraction of a second) after losing power under normal conditions.
+>Note: Cold boot attacks require a system to be under attacker control. DDR3 memory modules lose data within 3 seconds of losing power under normal circumstances. DDR4 loses data within 1 second (more like a fraction of a second) after losing power under normal conditions. Sufficient mitigation against cold boot attacks is generally to simply remove memory before control of the system is released. Linux allows this via the "magic" SysRq combo SysRq+o. This is available by default on some OSs, but needs to be enabled manually on others. Parrot enables many SysRq commands by default. Among those allowed by Parrot include SysRq+o (immediate poweroff, with no shutdown cycle).
 Sufficient mitigation against cold boot attacks is generally to simply remove memory before control of the system is released.
 Linux allows this via the "magic" SysRq combo SysRq+o. This is available by default on some OSs, but needs to be enabled manually on others.
 Parrot enables many SysRq commands by default. Among those allowed by Parrot include SysRq+o (immediate poweroff, with no shutdown cycle).
 Systems can be started in non-persistent sessions with the use of `grub-live` and `grub-live-default` packages. `grub-live` boots to persistence by default, while `grub-live-default` starts directly to a non-persistent session.
@ -242,35 +253,24 @@ Destroying SSDs:
 - Burn the remains
 - Separate and scatter the debris[^34]
->Note:
+>Note: The DoD generally cites a drive wiping policy of 7 passes using random data. Each pass is performed on the entire drive. Other acceptable means of data removal include a single random pass (modern drives make it nearly impossible to recover data, even with a single overwrite), microwaving the platter (the platter should be removed from the enclosure before doing this), applying sand paper aggressively to the platter, heating the drive in an oven (500 degrees Fahrenheit for 15 minutes? 30 if you want to be extra paranoid, or just leave it in the oven until investigators arrive), or taking a powerful magnet (perhaps from a home/car stereo) to degauss the drive. The platter should be removed first in this method to maximize effectiveness.
 	The DoD generally cites a drive wiping policy of 7 passes using random data. Each pass is performed on the entire drive.
 	Other acceptable means of data removal include a single random pass (modern drives make it nearly impossible to recover data, even with a single overwrite), microwaving the platter (the platter should be removed from the enclosure before doing this), applying sand paper aggressively to the platter, heating the drive in an oven (500 degrees Fahrenheit for 15 minutes? 30 if you want to be extra paranoid, or just leave it in the oven until investigators arrive), or taking a powerful magnet (perhaps from a home/car stereo) to degauss the drive. The platter should be removed first in this method to maximize effectiveness.
 ## Cryptography
 Cryptography is a monolith of a topic that is included with the anti-forensics threat model. If the cryptography cannot be broken, forensic investigations are stunted in their tracks. Cryptography can range from encryption of individual files or messages to Full Disk Encryption (FDE). As Simon Singh has said in The Code Book, "I must mention a problem that faces any author who tackles the subject of cryptography: the science of secrecy is largely a secret science."[^35]
 History goes back and forth favoring both codemakers and codebreakers through different eras. While there are algorithms that exist (and yet to be created) that could be unbreakable for the necessary classification time (at least outside the statute of limitations) against codebreakers. Such encryption could involve the use of multiple algorithms such as Serpent((Twofish)(AES)) with the hash algorithm of Whirlpool, Streebog-512, or SHA512. Do be warned that there are threats imposed from the use of cascading algorithms or the use of multiple algorithms with the same key.
 All this being said, there is only one form of unbreakable encryption that will stand the test of time. This is a one-time pad (OTP) cipher. This encrypts the message based on completely randomized data. This cannot be digitally or mentally generated; this needs pure randomness to be bulletproof.
 "The security of the onetime pad cipher is wholly due to the randomness of the key. The key injects randomness into the ciphertext, and if the ciphertext is random then it has no patterns, no structure, nothing the cryptanalyst can latch onto. In fact, it can be mathematically proved that it is impossible for a cryptanalyst to crack a message encrypted with a onetime pad cipher. In other words, the onetime pad cipher is not merely believed to be unbreakable, just as the Vigenère cipher was in the nineteenth century, it really is absolutely secure. The onetime pad offers a guarantee of secrecy: the Holy Grail of cryptography." - Simon Sughes, The Code Book[^35]
->Note:
+>Note: An OTP using a CSPRNG (cryptographically secure pseudo-random number generator) still maintains the security of the CSPRNG used, although isn't really an OTP anymore. Instead, it acts as a stream cipher. OTPs are information-theoretically secure, but are not tamper-resistant. Full-disk encryption should only ever be performed using the XTS mode of operation. AES is considered secure against the most powerful attackers in the world, even those with access to quantum computing. If quantum computing is a threat, a 256-bit key should be used. Serpent was the most secure of the 5 AES semifinalists. Rijndael (now known as AES) was the least secure. Rijndael displays a concerningly linear structure, which causes many cryptoanalysts discomfort. However, Rijndael has received the most review of all AES semifinalists and is therefore the best understood. This provides higher assurance that Rijndael is secure than for any other AES semifinalist. ChaCha20 is considered equivalent in security to AES and peforms better on embedded devices. ChaCha20 is also more resistant to improper implementations.
 	An OTP using a CSPRNG (cryptographically secure pseudo-random number generator) still maintains the security of the CSPRNG used, although isn't really an OTP anymore. Instead, it acts as a stream cipher.
 	OTPs are information-theoretically secure, but are not tamper-resistant.
 	Full-disk encryption should only ever be performed using the XTS mode of operation.
 	AES is considered secure against the most powerful attackers in the world, even those with access to quantum computing. If quantum computing is a threat, a 256-bit key should be used.
 	Serpent was the most secure of the 5 AES semifinalists. Rijndael (now known as AES) was the least secure. Rijndael displays a concerningly linear structure, which causes many cryptoanalysts discomfort. However, Rijndael has received the most review of all AES semifinalists and is therefore the best understood. This provides higher assurance that Rijndael is secure than for any other AES semifinalist.
 	ChaCha20 is considered equivalent in security to AES and peforms better on embedded devices. ChaCha20 is also more resistant to improper implementations.
 ### Randomness
 Randomness or entropy is the complement to cryptography, or rather a fundamental component. There are two forms of randomness that one would use to generate a One-Time Pad (OTP) message. This randomness can be derived from computational randomness (pseudo random) or pure (theoretical) randomness. Pure randomness is always the goal with the use of OTPs. Unfortunately, there are few ways of achieving this pure randomness. Computational randomness but not theoretical randomness has potential to be broken.
->Note:
+>Note: Many (most) modern computers contain hardware true-random number generators (TRNG). To identify if your hardware has such hardware, run `cat /dev/random` on a Linux-based OS. For systems with no TRNG, `cat /dev/random` will produce some amount of output, then produce nothing or produce output slowly. For systems with a TRNG, `cat /dev/random` will produce output continuously, appearing to behave the same as `cat /dev/urandom`. On some systems with TRNGs, `cat /dev/random` will actually produce output faster than `cat /dev/urandom`.
 	Many (most) modern computers contain hardware true-random number generators (TRNG). To identify if your hardware has such hardware, run `cat /dev/random` on a Linux-based OS.
 	For systems with no TRNG, `cat /dev/random` will produce some amount of output, then produce nothing or produce output slowly.
 	For systems with a TRNG, `cat /dev/random` will produce output continuously, appearing to behave the same as `cat /dev/urandom`.
 	(on some systems with TRNGs, `cat /dev/random` will actually produce output faster than `cat /dev/urandom`).
 For systems with TRNGs, the /dev/random and /dev/urandom devices provide no security difference from each other. However, /dev/urandom performs additional processing on the random data which could help mitigate certain hardware (mis)trust issues, specifically the risk of a backdoored TRNG (while there's no evidence TRNGs have ever been backdoored, this is a concern for some). To increase entropy on GNU/Linux systems, the packages `haveged` and `jitterentropy` can be used along with the boot parameter `random.trust_cpu=off` in the `/etc/default/grub` file. See Madaidan's Linux hardening guide for more details on increasing system entropy.[^36]
@ -284,6 +284,7 @@ While we would love to maintain idealism and believe that we could write somethi
 #### Signature-Based Identification
 Chances are most operations will be conducted remotely, and there is a chance that the need to validate those whom you are communicating with will arise. There are some simple tools that can be leveraged to mathematically validate someone is who they say they are.
 Pretty Good Privacy (PGP) is a timeless tool for message verification. One can create a key pair, and use this key pair to sign and encrypt/decrypt messages.
 To start using PGP, one must generate a keypair:
@ -302,7 +303,9 @@ Comment:
 Now you will type characters in the terminal to generate entropy (randomness) for the encryption. You will then be prompted to enter a passphrase.
 Now you can use commands via terminal with gpg/gpg2, or you can use a tool with a Graphical User Interface (GUI) such as GNU Privacy Assistant (GPA)[^37] to sign, validate, and encrypt messages to your affiliates.
-ex. Signing the file `plaintext.txt` via terminal
+ex.
 Signing the file `plaintext.txt` via terminal:
 `gpg -s plaintext.txt`
 For the party trying to validate the signature, they can issue the following command:
@ -310,7 +313,9 @@ For the party trying to validate the signature, they can issue the following com
 Minisign[^38] is an incredibly simple tool developed in python for the purpose of signature validation. It is a more modern tool than PGP that is user-friendly.
 Generate key pair: `minisign -G`
 The public key can be distributed as needed, while the private key should remain strictly under user control for signing files.
 `minisign -S [-x sigfile] [-s seckey] -m file [file ...]`
 #### Encrypting Drives and Files
@ -323,25 +328,21 @@ To date, Linux Unified Key Setup (LUKS) and Veracrypt[^39] are the two most nota
 #### Offline Password Managers
 Security often comes down to the basics; Make your devices/accounts/services hard to crack. Feds & private forensics companies may be able to allocate ridiculous amounts of computing power against your services to see logs and compromise your accounts, but their brute forcing efforts can be rendered useless.
 Consider offline variants of KeePass[^40] for secure password storage, then consider placing the KeePass database inside of a hidden veracrypt. Having a password with an absurd amount of characters such as `dHK&*/4pk_!i??5R=^K}~FU!kxF{fG}*&>oMdRt([);7?=v(e^,ch_n)r()]:&k$D@f4#G"Y\v_5-*i$E[+)"bT*@BF+{hkvn7[B]{qq'[~]3@+-Ju6C(@<]=TEM6a\h$c+:W[k$=;Jy[Un7&~NtvK*{Bn` is enough to stunt any brute force attempt. Cryptographic security can only be as strong as the key being used.
->Note: 
+>Note: A 20-character random password (letters, numbers, and symbols) provides 132.877 bits of security (compare to 128 bit symmetric encryption keys).
 A 20-character random password (letters, numbers, and symbols) provides 132.877 bits of security (compare to 128 bit symmetric encryption keys).
 >A 29-character random password (letters, numbers, and symbols) provides 192.671 bits of security (compare to 192 bit symmetric encryption keys).
 >A 39-character random password (letters, numbers, and symbols) provides 259.110 bits of security (compare to 256 bit symmetric encryption keys).
-	Security margins greater than 256 bits are unnecessary, even against quantum attacks (256 bits of security against classical attack = 128 bits of security against quantum attack)
+> Security margins greater than 256 bits are unnecessary, even against quantum attacks (256 bits of security against classical attack = 128 bits of security against quantum attack). Breaking 128 bits of security requires time approximately equal to 1000 times the life of the universe (measured from the big bang to the projected death of the universe). Passwords larger than 39 characters are unnecessary (although rounding to 40 is reasonable).
 	Breaking 128 bits of security requires time approximately equal to 1000 times the life of the universe (measured from the big bang to the projected death of the universe)
 	Passwords larger than 39 characters are unnecessary (although rounding to 40 is reasonable)
 ### PIM (Personal Iterations Multiplier)
 PIM is treated as a secret value that controls the number of iterations used by the header key derivation function. So long as PIM is treated as a secret parameter, this increases the complexity that an attacker would have to guess.
->Note:
+>Note: Larger-value PIMs also increase the time complexity of attacks, at the expense of time taken to perform password hashing. Most cryptologists would argue that a PIMs should not be treated as a secret parameter (or at least, such secrecy should not be relied on). The user's own password should be the source of security. Password hashing, in general, is a mitigation for users with less-than-secure passwords. As a person who values security against the world's most powerful attackers, one should make a point to not rely on password hashing for security.
 	Larger-value PIMs also increase the time complexity of attacks, at the expense of time taken to perform password hashing. Most cryptologists would argue that a PIMs should not be treated as a secret parameter (or at least, such secrecy should not be relied on). The user's own password should be the source of security. Password hashing, in general, is a mitigation for users with less-than-secure passwords.
 	As a person who values security against the world's most powerful attackers, one should make a point to not rely on password hashing for security.
 ## Obscurity
 ### Justification
@ -372,20 +373,24 @@ Every introduced system creates a larger fingerprint and attack vector, ultimate
 ## Automated Shutdown Procedures
 Depending on your threat model, not all operations can be conducted from a coffee shop. There are an increasing amount of cameras, and facial recognition technology is already being deployed, along with license plate scanners at every street light. If operations are sensitive and must be conducted from the same location consistently, preparation should always lean towards the worst-case scenario.
 While some of these proposed methods may be unconventional, these are unconventional times. Mechanisms can be put in place to ensure that your systems are sent shutdown signals that will lock them behind disk encryption. Shutdown signals are the most common, however we are not limited to the commands we issue. The use of radio transmitters to issue shutdowns have some level of intricacy that surpasses skills of the novice user.
 ### Dead Man's Switch
 A physical wired dead man's switch reduces attack surface and intricacy. After the dead man's switch aka killswitch is configured, we can move on to the commands to issue. If we wanted to securely wipe the random access memory before shutting down, we could issue the "sdmem -v" command to verbosely clean the RAM as the killswitch is activated. The killswitch can be activated from a system event. Any form of shell command that is compatible with the particular GNU/Linux system can be ran based on a specified system behavior. See resources at the end of this section [^41], [^42], and [^43] for USB dead man's switch. In a nutshell, this is configured to watch system USB events. When a change occurs, the switch commands are invoked. Panic buttons are another form of a killswitch that essentially remains active on your display and is ready to select at any moment. (Centry.py[^44] is a good example of a panic button). There are USB devices known as "Mouse Jigglers" that are used by forensic teams after device seizure. These jigglers are serial devices plugged in to interface with the system to keep the screenlock from being invoked.
 There are easy preventative software-based solutions such as USBCTL[^45] that can prevent these devices for operating, however this will likely be picked up on and human mouse jigglers can take their place. Ideally a process can be utilized to detect such a device and invoke a shutdown process. A mitigation for the human mouse jigglers could be implementing forced authentication every half hour to an hour. If the credentials have not been entered, the user session could be terminated, memory could be cleared, or the shutdown command could even be invoked.
 Remote switches are interesting devils, and their utility should be placed under high consideration if the size of the operation warrants it. Panic buttons such as Centry.py can be used to broadcast or propagate a panic signal to all nodes on the network.
 ## Play on Resources
 Earlier, it was said that these groups have unlimited resources; this is not entirely true. The one resource which they lack is time. While they have infinite funds to allocate towards password and key cracking methods, so long as quantum physics strays behind computing, time is their main constraint. Taking methods from obscurity, the use of non-default encryption algorithms and hashing mechanisms for keys substantially increases the amount of time the analyst must expend on cracking. If the analyst cannot identify the hash function or cipher, they must try all possible options. Even if the correct password is obtained, this becomes useless without the proper cipher. For instance, Veracrypt uses over fifteen combinations of individual encryption algorithms and cascaded/stacked ciphers. Complement this with the five supported hash functions, and we are looking at 75 possible combinations of symmetric ciphers and one-way hash functions. As stated by ElcomSoft,[^46] "Trying all possible combinations is about 175 times slower compared to attacking a single combination of AES+SHA-512."
 Hypothetically, if the algorithm/hash combination is known by the attacker, here is where the cascading algorithms display their value:
 "Whether they choose to encrypt with AES, Serpent, Twofish or any other single algorithm, the speed of the attack will remain the same. Attacks on cascaded encryption with two algorithms (e.g. AES(Twofish)) work at half the speed, while cascading three algorithms slows them down to around 1/3 the speed."
->Note:
+>Note: VeraCrypt does not keep encryption/hashing algorithms secret. Keeping such information secret would break the functionality of VeraCrypt (unless the user were to enter such information on every boot, comparably to how PIMs work). An attacker will never need to attempt multiple combinations. They will simply need to attempt cracking a single, different, algorithm.
 	VeraCrypt does not keep encryption/hashing algorithms secret. Keeping such information secret would break the functionality of VeraCrypt (unless the user were to enter such information on every boot, comparably to how PIMs work). An attacker will never need to attempt multiple combinations. They will simply need to attempt cracking a single, different, algorithm.
 Leveraging Veracrypt
 1. Generate keyfiles: `veracrypt --create-keyfile`
@ -398,8 +403,11 @@ Unless you are an undeniably high-value target, it is unlikely to have entire in
 ## Radio Transmitters
 Every radio transmitter, the hardware component that emits a radio frequency, adds a substantial attack vector. Near-field communication (NFC), Bluetooth, Wi-Fi, Cellular, and GPS are all examples of wireless communications.
 When feasible, radio transmitters should be physically removed from devices. From a software perspective, the use of certain transmitters can be limited; however, without purging the hardware, there is no absolute assurance. Chipsets could still emit frequencies, and there is a potential for leakage.
 For an adversary who gains a foothold on your system(s) without the physically removed hardware, they could activate certain frequencies to create a persistent foothold and compromise your system even further.
 For critical operations, reduce reliance on wireless radio transmissions. Consider the process of removing all radio transmitter chipsets, otherwise known as airgapping, to mitigate a medley of threats.
 Methods of "jumping" airgaps have been found in the past.[^47] One must be sure to remove all hardware which could be used for communication. This includes Wi-Fi cards (often Bluetooth and Wi-Fi are within the same physical card), Bluetooth card (if you have a Bluetooth card separate from your Wi-Fi card), microphones (communications protocols have been devised to transmit data through ultrasonic audio). Many modern OSs still have the drivers to support these protocols, and the attacks surface therefore still exists), speakers (usable for data exfiltration using the same means), physical ports (USB, SD, headphone jack). Even power cords have been used as a means of compromise (on both laptop and desktop systems).
@ -430,14 +438,12 @@ If the operation is mobile (I suspect it would be if you cannot remove radio tra
 ## Optimization
 Ultimately you may find that many of these precautions are far out of your scope or threat model. You may find them to be immensely inconvenient.
 Every intricacy added for security reduces operation uptime and as a result, productivity. For such extensive security mechanisms to be used, there must be a practical method of implementing given procedures.
 Your operations and system must remain accessible despite such intense OPSEC precautions. 
 Instead of compromising on security, consider implementing automation. Simple scripts can reduce the effort needed while keeping nested layers of cryptographic solutions. 
 For instance, create a function for mounting your encrypted drive, closing out an encrypted volume, and the "when things get out of hand" function where files should undergo the process of secure deletion. 
->Note:
+Every intricacy added for security reduces operation uptime and as a result, productivity. For such extensive security mechanisms to be used, there must be a practical method of implementing given procedures.
-	As previously noted, secure deletion is generally impossible on SSDs. Also, any bad sectors on a drive (SSD or HDD) cannot be securely erased by software. Such bad sectors must be erased physically.
+
-	Kali and Parrot include a LUKS "nuke" feature which erases the LUKS headers. This can be used to ensure an encrypted drive cannot be decrypted, even if your password can be broken. This feature can also be installed on any Linux-based OS. Installation of the LUKS nuke feature may conflict with Secure Boot on OSs which don't support it by default.
+Your operations and system must remain accessible despite such intense OPSEC precautions. Instead of compromising on security, consider implementing automation. Simple scripts can reduce the effort needed while keeping nested layers of cryptographic solutions. For instance, create a function for mounting your encrypted drive, closing out an encrypted volume, and the "when things get out of hand" function where files should undergo the process of secure deletion.
 >Note: As previously noted, secure deletion is generally impossible on SSDs. Also, any bad sectors on a drive (SSD or HDD) cannot be securely erased by software. Such bad sectors must be erased physically. Kali and Parrot include a LUKS "nuke" feature which erases the LUKS headers. This can be used to ensure an encrypted drive cannot be decrypted, even if your password can be broken. This feature can also be installed on any Linux-based OS. Installation of the LUKS nuke feature may conflict with Secure Boot on OSs which don't support it by default.
 With the Bourne Again Shell (BASH) built into GNU/Linux systems, you can create simple functions that will perform these tasks. ([See Appendix A](#appendix-a))
@ -447,14 +453,12 @@ That wasn't so painful now, was it?
 Some of this efficiency does come with a high price to be paid; obscurity and cryptographic security are harmed in the production of this script. The script would give away your PIM number for your encrypted drive. This gives investigators one less field to guess in the decryption process. As for obscurity, it becomes evident which keys are being used and which hidden volume is being decrypted. Kiss your plausible deniability goodbye. To retain some of the obscurity, one could create multiple dummy scripts, one for each volume, and even create scripts for volumes that don't actually exist. Take a mental note at the specific script needed for execution, and the varying duplicates will add to the case's confusion.
 ## Alibi Creation
-We are in an age where we are constantly connected. Dropping off for even a few hour span begins to induce psychological stress on individuals. 
+We are in an age where we are constantly connected. Dropping off for even a few hour span begins to induce psychological stress on individuals. There are always expectations to quickly answer that text or view this post or like this status. To be successful in your operations, you must learn to kick these habits. Make it routine to disappear. Routine has substantial importance, and we must learn to create alibis or narratives around what we are working on. Perhaps it's a side project of some sort, or some harmless hobby. If there is no attestation from anyone during a substantial amount of time, even with plausible deniability, the situation can start to look grim.
 There are always expectations to quickly answer that text or view this post or like this status. To be successful in your operations, you must learn to kick these habits. 
 Make it routine to disappear. Routine has substantial importance, and we must learn to create alibis or narratives around what we are working on. 
 Perhaps it's a side project of some sort, or some harmless hobby. If there is no attestation from anyone during a substantial amount of time, even with plausible deniability, the situation can start to look grim. 
 Regarding the creation of online accounts and personas, don't use identifiable names. Your operations should be treated as a second life that should be appropriately segmented. While you may find some of your ideas to be profound/esoteric and want to reuse and redistribute across platforms - refrain. You're only creating a trail that could come back to bite you. Not only should you segment your usernames creative talents, but ensure that projects also become segmented. The more you divulge into separate projects, the less connection you want to have - unless of course they are related and you desire the marketing crossover.
 The physical use of your device, from pinging telecommunications infrastructure to local area network (LAN) connections will rat you out. Geofencing requests have gained increasing popularity with American law enforcement. Google self-reported, "Year over year, Google has observed over a 1,500% increase in the number of geofence requests it received in 2018 compared to 2017; and to date, the rate has increased over 500% from 2018 to 2019."[^48]
 After the physical side is dealt with, the digital side can start to be addressed. Just like scripts can be implemented to increase efficiency, they can also be used to aid and/or create alibis.
 Consider the creation of python scripts to engage your devices to perform certain functions. For instance, create a wordlist that your browser searches for on demand (with a hint of randomness). Program your music player to play certain songs at certain times. The goal of these actions is to emulate real activity that could provide that alibi for you.
@ -467,6 +471,7 @@ You will likely not come out unscathed from the psychological toll of withholdin
 ## False Compromise
 Malware with computing is still in the early stages. It truly is the wild west in many regards. For an extra layer of plausible deniabilty, embed a tailored backdoor or malware variant. This method will not protect you if there are logs that correlate your activity and no logs correlating connection attempts.
 The vast majority of cases related to online operations become unsolved mysteries in the archives of law enforcement. Most happenings become heresay or mere hunches. Take APT groups and nation-states as an example; the majority of cyberwarfare that occurs today is between state-funded APT groups with a primary focus of non-attribution. Despite how many correlating clues lead back to the APT groups and their communications with nation-states, the water remains murky. In replacement or in conjunction with the killswitch, consider weaponizing your own variant of ransomware. You could create a maintain ownership of the key or you could accept the loss of your data. The malware could also perform shred functions as with any script that you could program. Not only does the embedded malware render your data inaccessible, but it provides another level of plausible deniability. "I was not aware my infrastructure was being used for that." Technically, "malware" implies the application of code that will create adverse or undesired action to the system. This is not truly malware, but rather programmed code designed to mimic malicious function.
 On GNU/Linux, there are many ways to embed malware on the system. Some of which leverage crontabs or other variants of scheduling tools. Aliases can be altered to perform malicious functions rather than the desired results. System process in `bin/` directories can perform unintended tasks, or simply be swapped out and/or linked to alternate processes. Some files such as `/etc/rc.local` or `/home/$USER/.bashrc` can contain commands to execute upon booting to the disk or logging into a user account respectively. Analyzing the newest trends of threat actors can useful to determine indicators of compromise (IOC). Kinsing[^50] and other threat actors that leverage new vulnerabilities to compromise internet-facing systems and embed cryptominers provide insight into the world of persistence, along with a competitive nature that stunts competition. The sub-sections listed below identify remnance that could indicate past compromise.
@ -490,6 +495,7 @@ There are a few concepts to touch on this topic.
 1. Avoid main vendors such as Amazon. Either go directly to the vendor or order through an IT Ma' & Pop shop.
 2. Order by proxy - Offer to pay someone in cash or cryptocurrency
 3. Order with an alias - There are plenty of defined methods of "dead drops" that exist. Consider ordering to a hotel with an alias, paying with a prepaid card that was paid for with cash.
 There is no perfect solution here, and procurement can quickly become intricate. This landscape undergoes constant change, therefore I have refrained for diving into minute detail. The traditional cash route, preload cards, and cryptocurrencies with strong cryptography and privacy features stand to be the best options to date.
 ### Cryptocurrency
@ -498,7 +504,9 @@ Similar to how cryptography is a monolith of a concept to tackle, cryptography w
 Zcash (ZEC) was ground-breaking in the implementation of a protocol known as Succint Non-Interactive Zero-Knowledge Proofs (zk-SNARKs). The protocol enabled the use of what they refer to as shielded "sapling" addresses. This facilitates anonymous payment from one party to the other. The pitfall to Zcash is that it also allows the use of transparent addresses. The vast majority of Zcash is held in a completely transparent blockchain. When amounts are exchanged via the shielded private addresses, the scope is narrowed on those making the transactions. Money going in and out of the private sapling addresses becomes trivial to correlate.
 Monero is often hailed as the privacy king of cryptocurrency. While it has commendable features with its RingCT protocol, the overarching theme is obscurity rather than traceless transactions.
 "The fundamental problem of coin mixing methods though is that transaction data is not being hidden through encryption. RingCT is a system of disassociation where information is still visible in the blockchain. Mind that a vulnerability might be discovered at some point in the future which allows traceability since Monero’s blockchain provides a record of every transaction that has taken place."
 This operates similar to a mixnet where it is difficult to discern the originating address from a transaction. One of Monero's developers publicly admits that "zk-SNARKs provides much stronger untraceability characteristics than Monero (but a much smaller privacyset and much higher systemic risks)." Intelligence agencies have placed their eyes on Monero for some time. The United States has even brought in a private firm called CipherTrace who claims to have built tools capable of tracing transactions.[^51] At the time of writing, these are unsubstantiated claims; there is no evidence to suggest that Monero has been deobfuscated.
 Pirate Chain's ARRR addresses the fungibility problem of Zcash by removing the transparent address schema (t-tx) and forcing all transactions to use Sapling shielded transactions (z-tx). "By consistently utilizing zk-SNARKs technology, Pirate leaves no usable metadata of user’s transactions on its blockchain." This means that even if the blockchain was compromised down the line, the adversary would obtain little to no useful metadata. The transactions contain no visible amount to no visible address from no visible address. The underlying cryptography would have to be broken or the viewing/spending keys would have to be intercepted in order to peer into the transactions. For an adversary without key possession, the trace is baseless. "A little bit of math can accomplish what all the guns and barbed wire can’t: a little bit of math can keep a secret." - Edward Snowden
@ -512,9 +520,13 @@ While I could write mounds of literature diving into the depths of cryptocurrenc
 ## Defensive Mechanisms
 System security or hardening is vital for successful operations. Lack of hardening could result in your machines being cut through like hot butter. Center for Internet Security (CIS)[^55]  and Defense Information Systems Agency (DISA) with Standard Technical Implementation Guides[^56] both have decent system hardening standards that are to be applied to all DoD contractor, government, and affiliated nodes. For Linux and Unix systems, Kernel Self-Protection Project (KSPP)[^57] is a great resource for kernel configuration settings.
 Hardening procedures fall in line with the concept of minimizing architecture and running processes on a system. This makes each system easier to audit with less noise/clutter, and reduces the attack surface for exploitation. Hardening should encompass patches, scans with most recent virus definitions, restrictive permissions, kernel hardening, purging unnecessary software, and disabling physical ports, unnecessary users, filesystems, firmware modules, compilers, and network protocols.
 System hardening is far from a quick and easy process, unless you have preconfigured images for systems. For small operations lacking technical prowess, preconfigured operating systems such as TAILS or Whonix mentioned in the Operating System section assure the greatest security and the least hassle.
 If the goal is to run a more persistent lightweight OS with minimal functionality, I suggest running a variant of Arch Linux that does not use SystemD (Consider runit, OpenRC, or s6). If wide community support is needed, Arch with a hardened configuration will be your best bet. For the tech-savvy, hardened variants of Gentoo are ideal.
 The more persistence desired for the operation increases the complexity of the hardening. Some projects have been introduced to rival Xen-based hypervisors with minimalist GNU/Linux systems. Some development towards Whonix Host[^58] was started but has not yet come to fruition. PlagueOS[^59] is based on the Void musl build with numerous hardening mechanisms. This is designed to act strictly as a locked down hypervisor with all system activities conducted inside of Kicksecure/Whonix VMs. The VMs also are restricted by AppArmor profiles and are ran inside a `bwrap`[^60] sandboxed container. See the PARSEC repository for examples of how to implement bubblewrap profiles.[^61]. Do note that the listed hardening is incomplete and will not fit all operations and GNU/Linux systems. This is not meant to be a book on methods for defensive cybersecurity. For those concerned with exploitation of GNU/Linux systems, see the reference to Madaidan's hardening guide.[^62]
@ -534,7 +546,9 @@ There is no way to address every threat model, therefore I have opted to provide
 ### Anonymous Activism
-Anonymous activism may be seem counter-intuitive as activism typically implies attracting an audience in large numbers to support your cause. Unless you have a specific niche that lies in the darkest recesses of the internet such as forums on onion/i2p addresses, likely you will have to conform to expand your ideas to a larger audience. This involves communication with social media platforms that are more or less espionage outfits for intelligence agencies. Not only is the communication hostile, but anonymity is constantly challenged by the forced verification of phone numbers. Voice-over Internet Protocol (VoIP) numbers are dynamic internet numbers that can be provided via applications. For some time, this was a decent alternative to the privacy-invasive practice of SIM correlation. Unfortunately, the espionage outfits are beginning to filter out any VoIP-based phone numbers. To be more blunt, this is not for the purpose of security; the core is surveillance. If security was the primary goal, they would provide you with a key for setting up a time-based one time password (TOTP). Unfortunately all workarounds for this require money and time. Many legacy accounts have bypassed these practices by being fathered in. If these platforms must be used, your options stand to either purchase a legacy account from someone anonymously with cryptocurrency, or buy a burner SIM card and phone for the purpose of verification. If the goal is anonymity, based on where the traffic is coming in from alone, you will likely be flagged as suspicious, and a code will be sent to your number for verification. If they offer TOTP for accounts, turn it on. Likely if there is a flag for suspicious activity, you can leverage an offline password database for TOTP and the hassle with constant phone verification will be reduced. If phone verification is enforced solely, your options are to store the dumb phone without the battery and inside of an EMF shield faraday bag. Only use this in public locations (you can see why key-generated TOTP can save a lot of time). That addresses phone activation.
+Anonymous activism may be seem counter-intuitive as activism typically implies attracting an audience in large numbers to support your cause. Unless you have a specific niche that lies in the darkest recesses of the internet such as forums on onion/i2p addresses, likely you will have to conform to expand your ideas to a larger audience. This involves communication with social media platforms that are more or less espionage outfits for intelligence agencies. Not only is the communication hostile, but anonymity is constantly challenged by the forced verification of phone numbers. Voice-over Internet Protocol (VoIP) numbers are dynamic internet numbers that can be provided via applications. For some time, this was a decent alternative to the privacy-invasive practice of SIM correlation. Unfortunately, the espionage outfits are beginning to filter out any VoIP-based phone numbers. To be more blunt, this is not for the purpose of security; the core is surveillance. If security was the primary goal, they would provide you with a key for setting up a time-based one time password (TOTP).
 Unfortunately all workarounds for this require money and time. Many legacy accounts have bypassed these practices by being fathered in. If these platforms must be used, your options stand to either purchase a legacy account from someone anonymously with cryptocurrency, or buy a burner SIM card and phone for the purpose of verification. If the goal is anonymity, based on where the traffic is coming in from alone, you will likely be flagged as suspicious, and a code will be sent to your number for verification. If they offer TOTP for accounts, turn it on. Likely if there is a flag for suspicious activity, you can leverage an offline password database for TOTP and the hassle with constant phone verification will be reduced. If phone verification is enforced solely, your options are to store the dumb phone without the battery and inside of an EMF shield faraday bag. Only use this in public locations (you can see why key-generated TOTP can save a lot of time). That addresses phone activation.
 Another problem you may run into is that certain platforms do not provide a way of access without a mobile application (i.e. Instagram). While stronger permission controls have been imposed on applications in more recent mobile builds, correlation can still be made in a number of ways, even if on a segmented device. The best solution to mitigating correlation is to run an emulated Android on a hardened linux base. Consider finding the APK file to install the platform from the mobile device's browser to avoid the use of Google. If Google framework is not required to make the application run properly, do not flash it.
@ -548,6 +562,7 @@ For all intents, the use-case of journalism varies widely, therefore I will isol
 1. You are investigating a nation-state.
 2. Freedom of speech / lawful protection does not apply.
 3. Being caught could land you anywhere from imprisonment to death.
 It's evident that poking powerful players could result in irreversable consequences. Therefore many of the concepts described in this book should be applied with the emphasis on encryption, signal restriction, and minimal infrastructure.
 The OS selection should be oriented towards amnesia. TAILS could be leveraged with a USB, and the drive in the system could simply be a dummy (filled with insignificant data, vacation pictures, etc). The physical wireless chipset should be removed and replaced with a wireless dongle and attached only when needed. While I prefer hardware mitigations over software mitigations, you may not wish to fry the USB ports or desolder the SATA ports. The BIOS should be password-protected, and the USB ports at the very least can be disabled from the menu. If you will be operating from public locations, consider running a blank keyboard with a privacy screen covering the LED.
@ -620,8 +635,7 @@ For the hollow men (federal agents or contractors) who stumbled upon my work by
 ## Contact Us
 Email: x0ptoutx@protonmail.ch
-Do note that there is end-to-end encryption (e2ee) implemented between protonmail users.
+Do note that there is end-to-end encryption (e2ee) implemented between protonmail users. The keys can be adjusted in settings to use Elliptic Curve Cryptography (ECC) or RSA-4096.
 The keys can be adjusted in settings to use Elliptic Curve Cryptography (ECC) or RSA-4096.
 ```
 -----BEGIN PGP PUBLIC KEY BLOCK-----
@ -685,13 +699,13 @@ Donations to support projects under https://git.arrr.cloud/WhichDoc are welcome
 ## References
-[^1]: https://www.forbes.com/sites/andygreenberg/2011/02/11/palantir-apologizes-for-wikileaks-attack-proposal-cuts-ties-with-hbgary/
+[^1]: The Palantir apology - https://www.forbes.com/sites/andygreenberg/2011/02/11/palantir-apologizes-for-wikileaks-attack-proposal-cuts-ties-with-hbgary/
 [^2]: Social Media Ban - https://www.newsweek.com/trump-has-now-been-suspended-four-six-most-popular-social-media-platforms-1559830
 [^3]: NSO targets journalists - https://threatpost.com/apple-emergency-fix-nso-zero-click-zero-day/169416/
 [^4]: Purism technical writeup for IME - https://puri.sm/posts/deep-dive-into-intel-me-disablement/
-[^5]: https://github.com/corna/me_cleaner
+[^5]: Tool for partial deblob of Intel ME/TXE firmware images - https://github.com/corna/me_cleaner
 [^6]: Coreboot - https://www.coreboot.org
-[^7]: AMD PSP Vulnerability: https://hackaday.com/2021/10/01/flaw-in-amd-platform-security-processor-affects-millions-of-computers/
+[^7]: AMD PSP Vulnerability - https://hackaday.com/2021/10/01/flaw-in-amd-platform-security-processor-affects-millions-of-computers/
 [^8]: Site detailing reasons against SystemD usage - https://nosystemd.org/
 [^9]: Artix Linux - https://artixlinux.org
 [^10]: Void Linux - https://voidlinux.org
@ -704,7 +718,7 @@ Donations to support projects under https://git.arrr.cloud/WhichDoc are welcome
 [^17]: Bleachbit software - https://www.bleachbit.org/
 [^18]: Sysinternals - https://docs.microsoft.com/en-us/sysinternals/
 [^19]: OSI Model - https://en.wikipedia.org/wiki/OSI_model
-[^20]: ProtonVPN threat model - https://protonvpn.com/blog/threat-model/
+[^20]: ProtonVPN threat model - https://proton.me/blog/threat-model/
 [^21]: Whonix VPN leakage - https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN
 [^22]: Tails VPN article - https://gitlab.tails.boum.org/tails/blueprints/-/wikis/vpn_support
 [^23]: I2P - https://geti2p.net/en/
@ -714,14 +728,14 @@ Donations to support projects under https://git.arrr.cloud/WhichDoc are welcome
 [^27]: Ungoogled Chromium binaries - https://ungoogled-software.github.io/ungoogled-chromium-binaries/
 [^28]: Bromite Browser - https://www.bromite.org
 [^29]: Brave Browser - https://brave.com
-[^30]: The Hitchhikers Guide to Anonymity (Browser Hardening) - https://anonymousplanet.org/guide.html#appendix-v1-hardening-your-browsers
+[^30]: The Hitchhikers Guide to Online Anonymity (Browser Hardening) - https://anonymousplanet-ng.org/guide.html#appendix-v1-hardening-your-browsers
 [^31]: DuckDuckGo - https://duckduckgo.com
 [^32]: Searx instances - https://searx.space/
 [^33]: TAILS - https://tails.boum.org
-[^34]: Drive Destruction - https://anonymousplanet.org/guide.html#how-to-securely-wipe-your-whole-laptopdrives-if-you-want-to-erase-everything
+[^34]: Drive Destruction - https://anonymousplanet-ng.org/guide.html#how-to-securely-wipe-your-whole-laptopdrives-if-you-want-to-erase-everything
-[^35]: Singh, S. (1999). The code book: the secret history of codes and codebreaking (Vol. 366). London: Fourth Estate.
+[^35]: Singh, S. (2000). The Code Book: The Secret History of Codes and Code-Breaking - https://3lib.net/dl/1314297/2c09dd
 [^36]: Linux Entropy - https://madaidans-insecurities.github.io/guides/linux-hardening.html#entropy
-[^37]: GNU Privacy Assistant - gnupg.org/related_software/gpa/index.html
+[^37]: GNU Privacy Assistant - https://gnupg.org/related_software/gpa/
 [^38]: Minisign - https://github.com/jedisct1/minisign/
 [^39]: Veracrypt - https://www.veracrypt.fr/code/VeraCrypt/
 [^40]: KeepassXC - https://keepassxc.org
@ -733,7 +747,7 @@ Donations to support projects under https://git.arrr.cloud/WhichDoc are welcome
 [^46]: Elcomsoft Forensics - https://blog.elcomsoft.com/2020/03/breaking-veracrypt-containers/
 [^47]: Jumping Airgaps - https://arxiv.org/pdf/2012.06884.pdf
 [^48]: Geofence Requests - https://assets.documentcloud.org/documents/6747427/2.pdf
-[^49]: Jung, C. G. (2014). Modern man in search of a soul. Routledge.
+[^49]: Jung, C. G. (1955). Modern Man in Search of a Soul - https://p302.zlibcdn.com/dtoken/aeb0b1ef15cc3ecac1f6febcf966248a
 [^50]: Kinsing Crypto-Miner - https://blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability
 [^51]: CipherTrace - https://ciphertrace.com/ciphertrace-announces-worlds-first-monero-tracing-capabilities/
 [^52]: ZkSnarks - https://z.cash/technology/zksnarks