mirror of
https://github.com/PrivSec-dev/privsec.dev.git
synced 2025-01-05 04:20:59 -05:00
Typo Fixes
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
dfdfeb9cf8
commit
f8f84fcae6
@ -1,17 +1,17 @@
|
||||
---
|
||||
title: "Using Lokinet on Qubes OS"
|
||||
date: 2022-07-27
|
||||
tags: ['Operating Systems', 'Qubes OS', 'Anonimity', 'Privacy']
|
||||
tags: ['Operating Systems', 'Qubes OS', 'Anonymity', 'Privacy']
|
||||
author: Tommy
|
||||
---
|
||||
|
||||
![Lokinet](/lokinet.png)
|
||||
|
||||
[Lokinet](https://lokinet.org) is an Internet overlay network utilizing onion routing to provide anonimity for its users, similar to Tor network. This post will provide a quick (and non exhaustive) list of its [pros](#advantages) and [cons](#disadvantages) from an end user perspective and go over how to set it up on Qubes OS.
|
||||
[Lokinet](https://lokinet.org) is an Internet overlay network utilizing onion routing to provide anonymity for its users, similar to Tor network. This post will provide a quick (and non exhaustive) list of its [pros](#advantages) and [cons](#disadvantages) from an end user perspective and go over how to set it up on Qubes OS.
|
||||
|
||||
## Advantages
|
||||
|
||||
- Provides anonimity by removing trust in a service provider (as opposed to a traditional VPN)
|
||||
- Provides anonymity by removing trust in a service provider (as opposed to a traditional VPN)
|
||||
- Better versatility than Tor by supporting any IP based protocols (Tor only supports TCP)
|
||||
- Generally faster speed than the Tor Network
|
||||
|
||||
@ -24,7 +24,7 @@ author: Tommy
|
||||
|
||||
## Creating the TemplateVM
|
||||
|
||||
As mentioned [above](#disadvantages), the Lokinet client only works well with Debian-based distributions. This means that our template will have to be one of the Debian-based ones, and I would highly recommend that you convert the official Debian template by the Qubes OS team into a KickSecure template to use as a base. KickSecure reduces the attack surface of Debian with a substantial set of hardening configurations, and a nice feature to go with an anonimity network like Lokinet is [Boot Clock Randomization](https://www.kicksecure.com/wiki/Boot_Clock_Randomization) which helps defend against [time-based denonymization attacks](https://www.whonix.org/wiki/Time_Attacks). You will only need the `kicksecure-cli` meta package (`kicksecure-gui` is unnecessary), and experimental services like `proc-hidepid`, `hide-hardware-info` and `permission-hardening` work just fine with the Lokinet client. [Hardened Malloc](https://www.kicksecure.com/wiki/Hardened_Malloc) and [LKRG](https://www.kicksecure.com/wiki/Linux_Kernel_Runtime_Guard_LKRG) do not cause any problem with Lokinet, either.
|
||||
As mentioned [above](#disadvantages), the Lokinet client only works well with Debian-based distributions. This means that our template will have to be one of the Debian-based ones, and I would highly recommend that you convert the official Debian template by the Qubes OS team into a KickSecure template to use as a base. KickSecure reduces the attack surface of Debian with a substantial set of hardening configurations, and a nice feature to go with an anonymity network like Lokinet is [Boot Clock Randomization](https://www.kicksecure.com/wiki/Boot_Clock_Randomization) which helps defend against [time-based denonymization attacks](https://www.whonix.org/wiki/Time_Attacks). You will only need the `kicksecure-cli` meta package (`kicksecure-gui` is unnecessary), and experimental services like `proc-hidepid`, `hide-hardware-info` and `permission-hardening` work just fine with the Lokinet client. [Hardened Malloc](https://www.kicksecure.com/wiki/Hardened_Malloc) and [LKRG](https://www.kicksecure.com/wiki/Linux_Kernel_Runtime_Guard_LKRG) do not cause any problem with Lokinet, either.
|
||||
|
||||
Since DNS with Lokinet does not work if it is installed inside of a ProxyVM, we will need to have Lokinet running inside the same AppVM as the applications you intend to run. This is less than ideal, as a compromised AppVM could reveal your IP address. Beyond that, accidental leaks can happen, too.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user