From 81d536b3c4bc6ad84adf028bbfb6f56c3689ed07 Mon Sep 17 00:00:00 2001
From: nopeitsnothing <no@anonymousplanet.org>
Date: Sat, 10 Jun 2023 22:23:10 -0400
Subject: [PATCH] missing some inline images

Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
---
 guide.md | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/guide.md b/guide.md
index a700b06..74cc78e 100644
--- a/guide.md
+++ b/guide.md
@@ -591,7 +591,7 @@ Small in-between Disclaimer: **This guide does not necessarily endorse or recomm
 
 Unfortunately, the TLS protocol used in most HTTPS connections in most Browsers (Chrome/Brave among them) will leak the Domain Name again through SNI[^39] handshakes (this can be checked here at Cloudflare: <https://www.cloudflare.com/ssl/encrypted-sni/> <sup>[[Archive.org]](https://web.archive.org/web/https://www.cloudflare.com/ssl/encrypted-sni/)</sup> ). **As of the writing of this guide, only Firefox-based browsers supports ECH (Encrypted Client Hello**[^40] **previously known as eSNI**[^41]**) on some websites which will encrypt everything end to end (in addition to using a secure private DNS over TLS/HTTPS) and will allow you to hide your DNS requests from a third party**[^42]**.** And this option is not enabled by default either so you will have to enable it yourself.
 
-![][50]
+![](media/image04.png)
 
 In addition to limited browser support, only web Services and CDNs[^43] behind Cloudflare CDN support ECH/eSNI at this stage[^44]. This means that ECH and eSNI are not supported (as of the writing of this guide) by most mainstream platforms such as:
 
@@ -625,7 +625,7 @@ Here is a list of how various browsers behave with OCSP: <https://www.ssl.com/bl
 
 Here is an illustration of the issue you could encounter on Firefox-based browsers:
 
-![][52]
+![](media/image05.png)
 
 Finally, even if you use a custom encrypted DNS server (DoH or DoT) with ECH/eSNI support and OCSP stapling, it might still not be enough as traffic analysis studies[^52] have shown it is still possible to reliably fingerprint and block unwanted requests. Only DNS over Tor was able to show efficient DNS Privacy in recent studies but even that can still be defeated by other means (see [Your Anonymized Tor/VPN traffic][Your Anonymized Tor/VPN traffic:]).
 
@@ -640,7 +640,7 @@ Lastly, there is also this new possibility called DoHoT which stands for DNS ove
 
 Here is an illustration showing the current state of DNS and HTTPS privacy based on our current knowledge.
 
-![][56]
+![](media/image06.png)
 
 As for your normal daily use (non-sensitive), remember that only Firefox-based browsers support ECH (formerly eSNI) so far and that it is only useful with websites hosted behind Cloudflare CDN at this stage. If you prefer a Chrome-based version (which is understandable for some due to some better-integrated features like on-the-fly Translation), then we would recommend the use of Brave instead which supports all Chrome extensions and offers much better privacy than Chrome.
 
@@ -696,7 +696,7 @@ Other researchers have found a way to count the people in a defined space using
 
 You could therefore imagine many use cases for such technologies like recording who enters specific buildings/offices (hotels, hospitals, or embassies for instance) and then discover who meets who and thereby tracking them from outside. Even if they have no smartphone on them.
 
-![][63]
+![](media/image07.png)
 
 Again, such an issue could only be mitigated by being in a room/building that would act as a Faraday cage.
 
@@ -734,15 +734,15 @@ Tor and VPNs are not silver bullets. Many advanced techniques have been develope
 
 -   **Correlation Fingerprinting Attack:** As illustrated (simplified) below, this attack will fingerprint your encrypted Tor traffic (like the websites you visited) based on the analysis of your encrypted traffic without decrypting it. Some of those methods can do so with a 96% success rate **in a closed-world setting**. **The efficacy of those methods in a real open-world setting** **has not been demonstrated yet and would probably require tremendous resources computing power making it very unlikely that such techniques would be used by a local adversary in the near future.** Such techniques could however hypothetically be used by an advanced and probably global adversary with access to your source network to determine some of your activity. Examples of those attacks are described in several research papers[^69]'[^70]'[^71] as well as their limitations[^72]. The Tor Project itself published an article about these attacks with some mitigations: <https://blog.torproject.org/new-low-cost-traffic-analysis-attacks-mitigations> <sup>[[Archive.org]](https://web.archive.org/web/https://blog.torproject.org/new-low-cost-traffic-analysis-attacks-mitigations)</sup>.
 
-![][67]
+![](media/image08.png)
 
 -   **Correlation Timing Attacks:** As illustrated (simplified) below, an adversary that has access to network connection logs (IP or DNS for instance, remember that most VPN servers and most Tor nodes are known and publicly listed) at the source and the destination could correlate the timings to de-anonymize you without requiring any access to the Tor or VPN network in between. A real use case of this technique was done by the FBI in 2013 to de-anonymize[^73] a bomb threat hoax at Harvard University.
 
-![][68]
+![](media/image09.png)
 
 -   **Correlation Counting Attacks:** As illustrated (simplified) below, an adversary that has no access to detailed connection logs (cannot see that you used Tor or Netflix) but has access to data counting logs could see that you have downloaded 600MB on a specific time/date that matches the 600MB upload at the destination. This correlation can then be used to de-anonymize you over time.
 
-![][69]
+![](media/image10.png)
 
 There are ways to mitigate these such as:
 
@@ -1129,11 +1129,11 @@ Contrary to popular belief and pop culture, modern gait recognition systems aren
 
 Other things than can be used to identify you include your earlobes, which are actually more identifiable than fingerprints, or even the shape of your skull. As such, soft headcoverings such as balaclavas are not recommendable for obscuring your identity - they make you look incredibly suspicious, while also conforming to the shape of your skull.
 
-![][113]
+![](media/image11.png)
 
 (Illustration from <https://www.nature.com/articles/s41598-020-79310-1> <sup>[[Archive.org]](https://web.archive.org/web/https://www.nature.com/articles/s41598-020-79310-1.pdf)</sup>)
 
-![][115]
+![](media/image12.png)
 
 (illustration from <https://rd.springer.com/chapter/10.1007/978-3-030-42504-3_15> <sup>[[Archive.org]](https://web.archive.org/web/https://rd.springer.com/chapter/10.1007/978-3-030-42504-3_15)</sup>)