- Element/Matrix.org: <del>@anonypla:envs.net, @anonypla:tchncs.de, and @anonypla:matrix.org </del> (all deactivated permanently)
- E-Mail: <anonypla@mailfence.com> (You may use our [PGP public signature](https://github.com/Anon-Planet/thgtoa/blob/master/42FF35DB9DE7C088AB0FD4A70C216A52F6DF4920.asc) to encrypt e-mails. Do not forget to attach your PGP public key if you want an encrypted answer)
- E-Mail: <contact@anonymousplanet.org> (You may use our [PGP public signature](https://github.com/Anon-Planet/thgtoa/blob/master/42FF35DB9DE7C088AB0FD4A70C216A52F6DF4920.asc) to encrypt e-mails. Do not forget to attach your PGP public key if you want an encrypted answer)
@ -14,7 +14,7 @@ You will find here the rules for the rooms part of the PSA Community. These rule
- [Ban Appeals](#appeals)
#### General default rules for PSA rooms **unless specific rules are mentioned below**:<aname="general"></a>
These are currently only enforced on **Anonymity** and **Security**, and not applied on rooms with their own ruleset below.
These are currently enforced on **```#anonymity:matrix.org```**, **```#security:matrix.org```**, **```#OSINT:matrix.org```**, and not applied on rooms with their own ruleset below.
- Keep it legal
- English only
@ -29,24 +29,24 @@ These are currently only enforced on **Anonymity** and **Security**, and not app
- No upload of any non-media files (binaries, executables, compressed files...)
- No voice messages (these will be auto-deleted by the bots)
- **Avoid drifting too much off-topic or move to an off-topic room like #bnonymity**
- **Any discussion about AnonyPla / Lena whereabouts is only tolerated, to an extent, in the #Bnonymity room.**
- **Any discussion about AnonyPla / Lena whereabouts is only tolerated, to an extent, in the ```#Bnonymity:matrix.org``` room.**
Some exceptions can apply, see the [exceptions](#exceptions) section at the bottom of this page. Violations will be handled at the discretion of the acting moderator.
#### Rules for Nothing To Hide Privacy:<aname="nth"></a>
#### Rules for Nothing To Hide Privacy (```#privacy:matrix.org```):<aname="nth"></a>
- Zero tolerance for discussion of how to commit illicit acts
- LIMIT POLITICAL DISCUSSION TO PRIVACY-RELATED TOPICS ONLY
- Do not dox others
- No suspicious links or uploading of non-image binary files
- Be respectful
#### Rules for Modern Cryptography:<aname="moderncrypto"></a>
See <https://anonymousplanet-ng.org/moderncrypto-rules.html>
#### Rules for Modern Cryptography (```#moderncrypto:gnuradio.org```):<aname="moderncrypto"></a>
See <https://anonymousplanet.org/moderncrypto-rules.html>
#### Rules for OS Security:<aname="ossecurity"></a>
See <https://artemislena.eu/coc.html>
#### Rules for Bnonymity:<aname="bnonymity"></a>
#### Rules for Bnonymity (```#bnonymity:matrix.org```):<aname="bnonymity"></a>
- Keep it legal (seriously)
- English only (no Russian, no Chinese, English only)
- Be "somewhat" respectful to each other
@ -64,11 +64,11 @@ See <https://artemislena.eu/coc.html>
#### PSA Bans:<aname="psabans"></a>
Currently, the following rooms are sharing a common PSA banlist for serious offenders:
- #Anonymity
- #Security
- #Bnonymity
- #OS-Security
- #ModernCrypto
- ```#Anonymity:matrix.org```
- ```#Security:matrix.org```
- ```#Bnonymity:matrix.org```
- ```#OSINT:matrix.org```
- ```#ModernCrypto:gnuradio.org```
This means that those PSA bans are effectively applied on all those rooms and can be issued by admins of these rooms. See the next section for information about appeals.
@ -32,6 +32,7 @@ Here are the addresses for the main project:
Donations log (UTC date/time):
- 2022-07-30 03:51: 0.0222 XMR
- 2021-02-06 16:48: 0.1 XMR
- 2021-03-15 00:09: 1.24869 mBTC
- 2021-03-15 08:41: 0.07896 mBTC
@ -69,7 +70,7 @@ Donations log (UTC date/time):
- 2022-02-18 17:27: 0.019 XMR
- 2022-03-14 10:25: 0.0139887 XMR
Total Monero donations received: **4.734092580358 XMR**
Total Monero donations received: **4.756292580358 XMR**
Total Bitcoin donations received: **1.89353 mBTC**
Spendings log (UTC date):
@ -95,7 +96,7 @@ Spendings log (UTC date):
- 2022-02-02: 0.966793601024 XMR (+fees) for sponsoring a related external special project in line with the Universal Declaration of Human Rights (details will remain indisclosed to protect project members)
- 2022-07-11: 0.503232784687 XMR (+fees) for 1984.is VPS (12 months)
@ -24,7 +24,7 @@ The manual is here: <https://briarproject.org/manual/>, quick-start guide here:
**There might be some wrong or outdated information in this guide because no human is omniscient, and humans do make mistakes.** **Please do not take this guide as a definitive gospel or truth because it is not. Mistakes have been written in the guide in earlier versions and fixed later when discovered. There are likely still some mistakes in this guide at this moment (hopefully few). Those are fixed as soon as possible when discovered.**
**This guide has been moved, due to recent unfortunate events. The old guide was at [anonymousplanet.org](https://web.archive.org/web/20220227172123/https://anonymousplanet.org/), but has since been moved to <https://anonymousplanet-ng.org>**
**This guide has been moved, due to recent unfortunate events. The old guide was at [anonymousplanet.org](https://web.archive.org/web/20220227172123/https://anonymousplanet.org/), but has since been moved to <https://anonymousplanet.org>**
**Your experience may vary.** **Remember to check regularly for an updated version of this guide.**
@ -38,7 +38,7 @@ Feel free to submit issues **(please do report anything wrong)** using GitHub Is
Feel free to come to discuss ideas at:
- Rules for our chatrooms: <https://anonymousplanet-ng.org/chatrooms-rules.html>
- Rules for our chatrooms: <https://anonymousplanet.org/chatrooms-rules.html>
- Mastodon at <https://mastodon.social/@anonymousplanet>
To contact me, see the updated information on the website or send an e-mail to <contact@anonymousplanet-ng.org>
To contact me, see the updated information on the website or send an e-mail to <contact@anonymousplanet.org>
**Please consider [donating][Donations:] if you enjoy the project and want to support the hosting fees or support the funding of initiatives like the hosting of Tor Exit Nodes.**
@ -312,7 +312,7 @@ Finally note that this guide does mention and even recommends various commercial
- [Socks Proxy VPS:]
- [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option]
- [Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:]
- [Appendix R: Installing a VPN on your VM or Host OS.]
- [Appendix R: Installing a VPN on your VM or Host OS]
- [Appendix S: Check your network for surveillance/censorship using OONI]
- [Appendix T: Checking files for malware]
- [Integrity (if available):]
@ -383,6 +383,8 @@ Finally note that this guide does mention and even recommends various commercial
- [Appendix B1: Checklist of things to verify before sharing information:]
- [Appendix B2: Monero Disclaimer]
- [Appendix B3: Threat modeling resources]
- [Appendix B4: Important notes about evil-maid and tampering]
- [Appendix B5: Types of CPU attacks:]
- [References:]
# Pre-requisites and limitations:
@ -768,9 +770,7 @@ This guide will later propose some mitigations to such attacks by changing your
You have seen this in action/spy/Sci-Fi movies and shows, the protagonists always remove the battery of their phones to make sure it cannot be used. Most people would think that's overkill. Well, unfortunately, no, this is now becoming true at least for some devices:
- iPhones and iPads (IOS 13 and above)[^78]'[^79]
- Samsung Phones (Android 10 and above)[^80]
- MacBooks (macOS 10.15 and above)[^81]
Such devices will continue to broadcast identity information to nearby devices even when offline using Bluetooth Low-Energy[^82]. They do not have access to the devices directly (which are not connected to the internet) but instead use BLE to find them through other nearby devices[^83]. They are using peer-to-peer short-range Bluetooth communication to broadcast their status through nearby online devices.
@ -861,21 +861,23 @@ These have already been affected by several security vulnerabilities in the past
There are some not so straightforward ways[^107] to disable the Intel IME on some CPUs and you should do so if you can. For some AMD laptops, you can disable it within the BIOS settings by disabling PSP.
Note that to AMD's defense, so far and AFAIK, there were no security vulnerabilities found for ASP and no backdoors either: See <https://www.youtube.com/watch?v=bKH5nGLgi08&t=2834s><sup>[[Invidious]][77]</sup>. In addition, AMD PSP does not provide any remote management capabilities contrary to Intel IME.
Note that, to AMD's defense, there were no security vulnerabilities found for ASP and no backdoors either. See <https://www.youtube.com/watch?v=bKH5nGLgi08&t=2834s><sup>[[Invidious]][77]</sup>. In addition, AMD PSP does not provide any remote management capabilities contrary to Intel IME.
If you are feeling a bit more adventurous, you could install your own BIOS using Libreboot or Coreboot [^108] if your laptop supports it (be aware that Coreboot does contain some propriety code unlike its fork Libreboot).
In addition, some CPUs have unfixable flaws (especially Intel CPUs) that could be exploited by various malware. Here is a good current list of such vulnerabilities affecting recent widespread CPUs: <https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability><sup>[[Wikiless]][78]</sup><sup>[[Archive.org]][79]</sup>
Check yourself:
- If you are using Linux you can check the vulnerability status of your CPU to Spectre/Meltdown attacks by using <https://github.com/speed47/spectre-meltdown-checker><sup>[[Archive.org]][80]</sup> which is available as a package for most Linux distros including Whonix.
- If you are using Linux you can check the vulnerability status of your CPU to Spectre/Meltdown attacks by using <https://github.com/speed47/spectre-meltdown-checker><sup>[[Archive.org]][80]</sup> which is available as a package for most Linux distros including Whonix. Spectre is a transient execution attack. There is also PoC code for Spectre v1 and v2 on iPhone devices here: <https://github.com/cispa/BranchDifferent><sup>[[Archive.org]](https://web.archive.org/web/20220814122148/https://github.com/cispa/BranchDifferent)</sup> and here <https://misc0110.net/files/applespectre_dimva22.pdf><sup>[[Archive.org]](https://web.archive.org/web/20220814122652/https://misc0110.net/files/applespectre_dimva22.pdf)</sup>
- If you are using Windows, you can check the vulnerability status of your CPU using inSpectre <https://www.grc.com/inspectre.htm><sup>[[Archive.org]][81]</sup>
Some CPUs have unfixable flaws (especially Intel CPUs) that could be exploited by various malware. Here is a good current list of such vulnerabilities affecting recent widespread CPUs: <https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability><sup>[[Wikiless]](https://wikiless.org/wiki/Transient_execution_CPU_vulnerability)</sup><sup>[[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability)</sup>
Some of these can be avoided using Virtualization Software settings that can mitigate such exploits. See this guide for more information <https://www.whonix.org/wiki/Spectre_Meltdown><sup>[[Archive.org]][82]</sup> (warning: these can severely impact the performance of your VMs).
We will therefore mitigate some of these issues in this guide by recommending the use of virtual machines on a dedicated anonymous laptop for your sensitive activities that will only be used from an anonymous public network.
This guide won't go too deep into side-channel and microarchitecture attacks but we will highlight some issues with both Intel and AMD CPU architectures that will be mitigated throughout. It's important to recognize hardware is just as susceptible to bugs, and therefore exploitation, regardless of manufacturer.
We will mitigate some of these issues in this guide by recommending the use of virtual machines on a dedicated anonymous laptop for your sensitive activities that will only be used from an anonymous public network.
**In addition, we recommend the use of AMD CPUs instead of Intel CPUs.**
@ -1063,6 +1065,8 @@ A real use and well-documented case of this was the arrest of the hacker Jeremy
There are also a few cases involving OSINT at Bellingcat[^154]. Have a look at their very informative (but slightly outdated) toolkit here: <https://docs.google.com/spreadsheets/d/18rtqh8EG2q1xBo2cLNyhIDuK9jrPGwYr9DI2UncoqJQ/edit#gid=930747607><sup>[[Archive.org]][100]</sup>
**We have an OSINT discussion room in our Matrix community. Feel free to join at ```#OSINT:matrix.org```.**
You can also view some convenient lists of some available OSINT tools here if you want to try them on yourself for example:
@ -1411,12 +1415,28 @@ This guide will mitigate these issues by mitigating, obfuscating, and randomizin
There was an attack published that can deanonymize users if they have a known alias. For example, an attacker trying to track the activities of a journalist can use that journalist's public Twitter handle to link their anonymous identities with their public one. This breaks compartmentalization of identities and can lead to complete deanonymization, even of users who practice proper OPSEC.
The attack, published at <https://leakuidatorplusteam.github.io/> <sup>[[Archive.org]][1386]</sup>, can be mitigated using a browser extension:
The attack, published at <https://leakuidatorplusteam.github.io/> <sup>[[Archive.org]][1386]</sup>, can be mitigated using the well-known [NoScript](https://noscript.net/) extension and will be our preferred recommendation.
- <https://chrome.google.com/webstore/detail/leakuidator%2B/hhfpajcjkikoocmmhcimllpinjnbedll> (Chrome, Edge, and other Chrome-based browsers)
- <https://addons.mozilla.org/en-US/firefox/addon/leakuidatorplus/> (Firefox, Tor Browser, and other Firefox-based browsers)
## Tor Browser:
It's generally not recommended to install extensions into Tor Browser, because the fact that you have an extension installed can be an extra data point for browser fingerprinting. As such, this extension is only a temporary solution until the fix can be implemented by the browsers' own developers.
This attack is now prevented by default by an update of [NoScript](https://noscript.net/) (11.4.8 and above) on all security levels.
## All others:
Installing the [NoScript](https://noscript.net/) extension will prevent the attack **by default only in private Windows** using their new "TabGuard feature". But can be enabled in the NoScript options to work on all Windows. See:
- User explanation: <https://noscript.net/usage/#crosstab-identity-leak-protection><sup>[[Archive.org]](https://web.archive.org/web/https://noscript.net/usage/#crosstab-identity-leak-protection)</sup>
- Tor Project Forum Post: <https://forum.torproject.net/t/tor-browser-can-leak-your-identity-through-side-channel-attack/4005/2><sup>[[Archive.org]](https://web.archive.org/web/https://forum.torproject.net/t/tor-browser-can-leak-your-identity-through-side-channel-attack/4005/2)</sup>
- NoScript extension for Firefox (Firefox, and other Firefox-based browsers except Tor Browser): https://addons.mozilla.org/en-US/firefox/addon/noscript/
- NoScript extension for Chromium based browsers (Brave, Chrome, Edge, and other Chromium-based browsers): https://chrome.google.com/webstore/detail/noscript/doojmbjmlfjjnbmnoijecmcbfeoakpjm?hl=en
### Alternative to NoScript for all other browsers:
The researches who disclosed the issue also made an extension available below. Again, **nothing is required in Tor Browser**. This path is not our preferred path but is still available if you do not want to use NoScript.
- Lekuidator+ extension for Chromium based browsers (Brave, Chrome, Edge, and other Chromium-based browsers): <https://chrome.google.com/webstore/detail/leakuidator%2B/hhfpajcjkikoocmmhcimllpinjnbedll>
- Lekuidator+ extension for Firefox (Firefox, and other Firefox-based browsers except Tor Browser): <https://addons.mozilla.org/en-US/firefox/addon/leakuidatorplus/>
Separating identities via separate browsers or even with VMs is not enough to avoid this attack. However, another solution is to make sure that when you start working with an anonymous identity, you entirely close all activities linked to other identities. The vulnerability only works if you're actively logged into a non-anonymous identity. The issue with this is that it can hinder effective workflow, as multitasking across multiple identities becomes impossible.
@ -1697,15 +1717,15 @@ If you still do not think such information can be used by various actors to trac
@ -2073,6 +2093,14 @@ Please see [Appendix Y: Installing and using desktop Tor Browser].
- Snowflake
- **If your internet isn't censored**, consider running one of the bridge types to help the network!
- Easy: Obsf4 - You can run your own Obsf4 easily with these instructions. <https://community.torproject.org/relay/setup/bridge/>
- Medium: Snowflake - More about Snowflakes here. <https://snowflake.torproject.org/>
- Hard: Meek - This is the documentation. It's not as simple. <https://gitlab.torproject.org/legacy/trac/-/wikis/doc/meek/#how-to-run-a-meek-server-bridge>
Personally, if you need to use a Bridge (this is not necessary for a non-hostile environment), you should pick a Meek-Azure. Those will probably work even if you are in China and want to bypass the Great Firewall. It is probably the best option to obfuscate your Tor activities if needed and Microsoft servers are usually not blocked.
*Only available for Desktop Tor users: Recently, the Tor Project has made it incredibly simple to access Bridges with **Connection Assist**, and it is now automatically done in hostile or censored regions. Simply open the Tor Browser and the connection will be configured based on your needs on any hostile network. Previously, we had a list of options below this paragraph which were necessary to enable and configure bridges, but now that this is done automatically using [moat](https://support.torproject.org/glossary/moat/).* <sup>[[Archive.org]][1387]</sup>
@ -2119,6 +2147,8 @@ However, the Safer level should be used with some extra precautions while using
Now, you are really done, and you can now surf the web anonymously from your Android device.
**Please see** [Warning for using Orbot on Android][Appendix B6: Warning for using Orbot on Android].
### iOS:
**Disclaimer: Onion Browser, following a 2018 release on iOS, has had IP leaks via WebRTC. It is still the only officially endorsed browser for the Tor network for iOS. Users should exercise caution when using the browser and check for any DNS leaks.**
@ -2143,7 +2173,15 @@ While the official Tor Browser is not yet available for iOS, there is an alterna
- Snowflake
- (Meek-Azure is unfortunately not available on Onion Browser for iOS for some reason)
- (Meek-Azure is unfortunately not available on Onion Browser for iOS (See [commit 21bc18428](https://github.com/OnionBrowser/OnionBrowser/commit/21bc18428368224507b27ee58464ad352f4ec810) for more information.)
- **If your internet isn't censored**, consider running one of the bridge types to help the network!
- Easy: Obsf4 - You can run your own Obsf4 easily with these instructions. <https://community.torproject.org/relay/setup/bridge/>
- Medium: Snowflake - More about Snowflakes here. <https://snowflake.torproject.org/>
- Hard: Meek - This is the documentation. It's not as simple. <https://gitlab.torproject.org/legacy/trac/-/wikis/doc/meek/#how-to-run-a-meek-server-bridge>
Personally, if you need to use a Bridge (this is not necessary for a non-hostile environment), you should pick a Snowflake one (since Meek-Azure bridges are not available). Those will probably work even if you are in China and want to bypass the Great Firewall. It is probably the best option you have on iOS.
@ -2285,8 +2323,6 @@ When using Tor Browser, you should click the little shield Icon (upper right, ne
We would recommend the "Safer" level for most cases. The Safest level should be enabled if you think you are accessing suspicious or dangerous websites or if you are extra paranoid. The Safest mode will also most likely break many websites that rely actively on JavaScript.
**Temporary Important Warning: Please see [Microarchitectural Side-channel Deanonymization Attacks][Microarchitectural Side-channel Deanonymization Attacks:].**
If you are extra paranoid, use the "Safest" level by default and consider downgrading to Safer is the website is unusable because of Javascript blocking.
Lastly, while using Tor Browser on Tails on the "Safer" level, please consider [Appendix A5: Additional browser precautions with JavaScript enabled]
@ -3815,7 +3851,7 @@ Remember that in this case, we recommend having two VPN accounts. Both paid with
If you intend to only use Tor over VPN, you only need one VPN account.
See [Appendix R: Installing a VPN on your VM or Host OS][Appendix R: Installing a VPN on your VM or Host OS.] for instructions.
See [Appendix R: Installing a VPN on your VM or Host OS][Appendix R: Installing a VPN on your VM or Host OS] for instructions.
### Whonix Virtual Machines:
@ -4209,7 +4245,7 @@ Test that KeePassXC is working before going to the next step.
**If you cannot use a VPN at all in a hostile environment, skip this step.**
Otherwise, see [Appendix R: Installing a VPN on your VM or Host OS][Appendix R: Installing a VPN on your VM or Host OS.] to install a VPN client on your client VM.
Otherwise, see [Appendix R: Installing a VPN on your VM or Host OS][Appendix R: Installing a VPN on your VM or Host OS] to install a VPN client on your client VM.
This should conclude the Route and you should now be ready.
@ -5885,6 +5921,9 @@ Tools that can help with this:
- <https://thispersondoesnotexist.com/>
- <https://generated.photos/face-generator> (**Generated pictures using this tool have a watermark that you might need to remove using image editing software such as Gimp**)
- **Warning:** This tool requires JavaScript to function and does a lot of fingerprinting. Most of it is being sent to Microsoft Clarity. Even with uBlock installed and on safer level, Tor Browser wasn't efficient at blocking the fingerprinting. This obviously does not work on Safest level. On our tests, only Brave with agressive fingerprinting/ad shields did not send analytics.
Now is also the moment where you could finally consider getting an online phone number as explained in the [Online Phone Number (less recommended)] section.
We will help you bit by listing a few tips we learned while researching over the years **(disclaimer: this is based on my individual experiences alone)**:
@ -5909,11 +5948,13 @@ We will help you bit by listing a few tips we learned while researching over the
- Brave Browser (Chromium-based) with a Private Tor Tab has a better acceptance level than Tor Browser (Firefox based). You will experience fewer issues with captchas and online platforms[^383] if you use Brave than if you use Tor Browser (feel free to try this yourself).
- For every identity, you should have a matching profile picture associated with it. For this purpose, we recommend you just go to <https://thispersondoesnotexist.com/><sup>[[Archive.org]][399]</sup> and generate a computer-generated profile picture (Do note that algorithms have been developed[^393]'[^394] to detect these and it might not work 100% of the time). You can also generate such pictures yourself from your computer if you prefer by using the open-source StyleGan project here <https://github.com/NVlabs/stylegan2><sup>[[Archive.org]][400]</sup>. Just refresh the page until you find a picture that matches your identity in all aspects (age, sex, and ethnicity) and save that picture. It would be even better to have several pictures associated with that identity, butWedo not have an "easy way" of doing that yet.
- For every identity, you should have a matching profile picture associated with it. For this purpose, we recommend you just go to <https://thispersondoesnotexist.com/>or <https://generated.photos/face-generator>* and generate a computer-generated profile picture (Do note that algorithms have been developed[^393]'[^394] to detect these and it might not work 100% of the time). You can also generate such pictures yourself from your computer if you prefer by using the open-source StyleGan project here <https://github.com/NVlabs/stylegan2><sup>[[Archive.org]][400]</sup>. Just refresh the page until you find a picture that matches your identity in all aspects (age, sex, and ethnicity) and save that picture. It would be even better to have several pictures associated with that identity, butWedo not have an "easy way" of doing that yet.
- **Bonus**, you could also make it more real by using this service (with an anonymous identity) <https://www.myheritage.com/deep-nostalgia><sup>[[Archive.org]][401]</sup> to make a picture more lifelike. Here is an example:
***Warning:** https://generated.photos/face-generator requires JavaScript to function and does a lot of fingerprinting. Most of it is being sent to Microsoft Clarity. Even with uBlock installed and on safer level, Tor Browser wasn't efficient at blocking the fingerprinting. This obviously does not work on Safest level. On our tests, only Brave with agressive fingerprinting/ad shields did not send analytics.
- Original:
- **Bonus**, you could also make it more real by using this service (with an anonymous identity) <https://www.myheritage.com/deep-nostalgia><sup>[[Archive.org]][401]</sup> to make a picture more lifelike. Here is an example:
- Original:
![][402]
@ -9431,7 +9472,7 @@ Consider helping others (see [Helping others staying anonymous][Helping others s
**This project has no funding or sponsoring, and donations are more than welcome.**
**(Please do verify the checksum and GPG signature of this file for authenticity, this is explained in the README of the repository if you do not know how to do that)**.
@ -10392,8 +10433,8 @@ There are three VPN companies recommended by PrivacyGuides.org (<https://www.pri
In addition, we will also mention a newcomer to watch: Safing SPN <https://safing.io/><sup>[[Archive.org]][621]</sup>) which (while still in the alpha stage at the time of this writing) which also accepts cash and has a very distinct new concept for a VPN which provides benefits similar to Tor Stream isolation with their "SPN"). Note that Safing SPN is not available on macOS at the moment. This possibility is "provisional" and at your own risk, but we think was worth mentioning.
@ -10587,7 +10628,7 @@ The process is simple:
Ideally, this should "not be an issue" since this guide provides multiple ways of hiding your origin IP using VPNs and Tor. But if you are in a situation where VPN and Tor are not an option, then this could be your only security.
# Appendix R: Installing a VPN on your VM or Host OS.
# Appendix R: Installing a VPN on your VM or Host OS
Download the VPN client installer of your cash paid VPN service and install it on Host OS (Tor over VPN, VPN over Tor over VPN) or the VM of your choice (VPN over Tor):
@ -10981,7 +11022,7 @@ If you are to resort to this, you should never do so from a monitored/known netw
# Appendix V: What browser to use in your Guest VM/Disposable VM
**Temporary Important Warning: Please see [Microarchitectural Side-channel Deanonymization Attacks:].**
**Temporary Important Warning: Please see [Microarchitectural Side-channel Deanonymization Attacks:] for all browsers except Tor Browser.**
There are 6 possibilities of browser to use on your guest/disposable VM:
@ -11676,17 +11717,17 @@ Each Virtual Machine is a sandbox. Remember the reasons for using them are to pr
In some environments, your ISPs might be trying to prevent you from accessing Tor. Or accessing Tor openly might be a safety risk.
In those cases, it might be necessary to use Tor bridges to connect to the Tor network (see Tor Documentation <https://2019.www.torproject.org/docs/bridges><sup>[[Archive.org]][244]</sup> and Whonix Documentation <https://www.whonix.org/wiki/Bridges><sup>[[Archive.org]][337]</sup>).
In those cases, it might be necessary to use Tor bridges to connect to the Tor network (see Tor Documentation <https://2019.www.torproject.org/docs/bridges><sup>[[Archive.org]][244]</sup> and Whonix Documentation <https://www.whonix.org/wiki/Bridges><sup>[[Archive.org]][337]</sup>). Optionally, if you are able, you should (seriously!) consider running a bridge <https://blog.torproject.org/run-tor-bridges-defend-open-internet/><sup>[[Archive.org]](https://web.archive.org/web/20220708014922/https://blog.torproject.org/run-tor-bridges-defend-open-internet/)</sup> yourself, as this would greatly help reduce the amount of censorship in the world.
Bridges are special Tor entry nodes that are not listed on the Tor public directory. Some of those are running on people running the Snowflake Browser extension[^520] while others are running on various servers around the world. Most of those bridges are running some type of obfuscation method called obfs4[^521].
*Only available for Desktop Tor users: Recently, the Tor Project has made it incredibly simple to access Bridges with **Connection Assist**, and it is now automatically done in hostile or censored regions. Simply open the Tor Browser and the connection will be configured based on your needs on any hostile network. Previously, we had a list of options below this paragraph which were necessary to enable and configure bridges, but now that this is done automatically using [moat](https://support.torproject.org/glossary/moat/).* <sup>[[Archive.org]][1387]</sup>
Here is the definition from the Tor Browser Manual[^522]: "obfs4 makes Tor traffic look random and prevents censors from finding bridges by Internet scanning. obfs4 bridges are less likely to be blocked than its predecessor, obfs3 bridges".
Here is the definition from the Tor Browser Manual[^523]: "obfs4 makes Tor traffic look random and prevents censors from finding bridges by Internet scanning. obfs4 bridges are less likely to be blocked than its predecessor, obfs3 bridges".
Some of those are called "Meek" bridges and are using a technique called "Domain Fronting" where your Tor client (Tails, Tor Browser, Whonix Gateway) will connect to a common CDN used by other services. To a censor, it would appear you are connecting to a normal website such as Microsoft.com. See <https://gitlab.torproject.org/legacy/trac/-/wikis/doc/meek> for more information.
As per their definition from their manual[^523]: "meek transports make it look like you are browsing a major web site instead of using Tor. meek-azure makes it look like you are using a Microsoft web site". This is a type of "domain fronting" [^524].
As per their definition from their manual: "meek transports make it look like you are browsing a major web site instead of using Tor. meek-azure makes it look like you are using a Microsoft web site". Snowflake bridges make it appear like your connections are phone calls to random internet users. This is a type of "domain fronting" [^524]. See ["domain fronting"](https://www.bamsoftware.com/papers/fronting/#sec:introduction) from the link in the previous paragraph for a detailed explanation of these types of secret "bridges".
Lastly, there are also bridges called Snowflake bridges that rely on users running the snowflake extension in their browser to become themselves entry nodes. See <https://snowflake.torproject.org/><sup>[[Archive.org]][563]</sup>.
@ -11719,8 +11760,6 @@ Hopefully, these bridges should be enough to get you connected even in a hostile
If not, consider [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option]
# Appendix Y: Installing and using desktop Tor Browser
**Temporary Important Warning: Please see [Microarchitectural Side-channel Deanonymization Attacks:].**
## Installation:
@ -12166,21 +12205,21 @@ These recommendations are similar to the ones at the beginning of the guide and
Find it online at:
- Original: <https://anonymousplanet-ng.org>
- Original: <https://anonymousplanet.org>
- Tor Onion Mirror: <http://thgtoallkcxrdv37u6knsc3pumk6cq6lqmcqlw3j5vkmyahkxive4jyd.onion>
- OpenDocument Text (ODT) version at: <del><https://anonymousplanet-ng.org/export/guide.odt></del> (temporarily disabled) <sup>[[Archive.org]][732]</sup><sup>[[Tor Mirror]][733]</sup>
- OpenDocument Text (ODT) version at: <del><https://anonymousplanet.org/export/guide.odt></del> (temporarily disabled) <sup>[[Archive.org]][732]</sup><sup>[[Tor Mirror]][733]</sup>
# Appendix A7: Comparing versions
@ -12327,26 +12366,29 @@ Also please consider reading: **<https://github.com/monero-project/monero/blob/m
Here are various threat modeling resources if you want to go deeper in threat modeling.
- (My personal favorite) LINDDUN <https://www.linddun.org/><sup>[[Archive.org]][739]</sup>
- The one we recommend: LINDDUN (Linkability, Identifiability, Non-repudiation, Detectability, Disclosure of information, Unawareness, and Non-compliance) <https://www.linddun.org/><sup>[[Archive.org]][739]</sup>.
- Researchers created an online tool to help make your threat model at <https://www.linddun.org/go><sup>[[Archive.org]](https://web.archive.org/web/https://www.linddun.org/go)</sup>.
- It is synergistic with STRIDE below.
- It is focused on privacy but is clearly perfectly suitable for anonymity.
- It is accessible to all skill levels including beginners (providing many tutorials) but also suitable for highly skilled readers.
- It is used in the making of the Threat Modeling Manifesto: <https://www.threatmodelingmanifesto.org/><sup>[[Archive.org]][745]</sup>
- Here is a video **endorsed and recommended** by LINDDUN designers to help understanding: <https://www.youtube.com/watch?v=zI4SFyq_Xjw><sup>[[Invidious]](https://yewtu.be/zI4SFyq_Xjw)</sup>
![][1389]
(Illustration from [LINDDUN2015])
Here are alternative resources and models if LINDDUN doesn't suit you:
# Appendix B4: Important notes about evil-maid and tampering
Your context needs to be taken into account.
@ -12357,6 +12399,40 @@ On the other hand, allowing the attack but detecting it will not let your advers
See the [Some last OPSEC thoughts][Some last OPSEC thoughts:] section for some tips.
# Appendix B5: Types of CPU attacks:
Select security issues plague many Intel CPUs, such as transient execution attacks (formerly called speculative execution side channel methods). Here you can check your CPU against affected micro-processors with known bugs <https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html><sup>[[Archive.org]](https://web.archive.org/web/20220814123250/https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html)</sup>.
The Advanced Programmable Interrupt Controller (APIC) is an integrated CPU component responsible for accepting, prioritizing, and dispatching interrupts to logical processors (LPs). The APIC can operate in xAPIC mode, also known as legacy mode, in which APIC configuration registers are exposed through a memory-mapped I/O (MMIO) page.
Enter AEPIC (stylized ÆPIC), the first architectural CPU bug that leaks stale data from the microarchitecture without using a side channel. It architecturally leaks stale data incorrectly returned by reading undefined APIC-register ranges. This novel method was revealed in the paper *ÆPIC Leak: Architecturally Leaking Uninitialized Data from the
Microarchitecture* which you can read here: [Borrello2022AEPIC](https://aepicleak.com/aepicleak.pdf) <sup>[[Archive.org]](https://web.archive.org/web/20220812101719/https://aepicleak.com/aepicleak.pdf)</sup>
Model-specific registers (MSRs) and their configuration bits can also be detected automatically on Intel and AMD CPUs: [Kogler2022](https://github.com/IAIK/msrevelio) <sup>[[Archive.org]](https://web.archive.org/web/20220814125349/https://andreaskogler.com/papers/msrtemplating.pdf)</sup>. This allows an attacker (with heavy knowledge of CPU functionality) to view information about the MSRs, which are essentially special CPU registers allowing interaction with low-level CPU features and advanced configuration of the CPU's behavior. Modern x86 CPUs have hundreds of these, which are usually documented very little and in increasingly less verbosity over the past few years.
#### Some other microarchitecture bugs:
- [PLATYPUS](https://platypusattack.com/) <sup>[[Archive.org]](https://web.archive.org/web/20220814132343/https://platypusattack.com/)</sup> - Software-based Power Side-Channel Attacks on x86, which shows how an unprivileged attacker can leak AES-NI keys from Intel SGX and the Linux kernel and break kernel address-space layout randomization (KASLR).
- [SQUIP](https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) <sup>[[Archive.org]](https://web.archive.org/web/20220812082548/https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/)</sup> - Scheduler Queue Usage via Interface Probing. All of AMD's Zen CPUs are vulnerable to a medium-severity flaw which can allow threat actors to run side-channel attacks.
- [Hertzbleed](https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) <sup>[[Archive.org]](https://web.archive.org/web/20220712000058/https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html)</sup> - Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit.
- [Retbleed](https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) <sup>[[Archive.org]](https://web.archive.org/web/20220804151557/https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/)</sup> - Retbleed focuses on return instructions, which are part of the retpoline software mitigation against the speculative execution class of attacks that became known starting early 2018, with Spectre.
# Appendix B6: Warning for using Orbot on Android
While this is often misunderstood, Orbot on Android does not make your "Tor-Enabled Apps" go through Tor if you add them to the list. Orbot is acting as a device-wide VPN or (also known as a transparent proxy). The list of apps using Orbot is a whitelist. This list will not make some apps magically use Tor and unchecked ones use the clear-net. This only ensures the device-wide VPN is using Tor to route traffic. This means that Orbot can only control what app can access the VPN it creates. Other apps will lose connectivity.
What is important to know is that, if you launch an app (or Android does it automatically) while Orbot is not running, the app will just use the normal network, without involving Orbot (with the exception of some apps supporting a proxy Orbot).
Additionally, you should not be surprised by Tor Browser not working when using Orbot in VPN mode, as the Tor design does not allow "Tor over Tor" (you cannot re-enter the Tor network from a Tor exit node).
This is explained rather well by Alexander Færøy, who is a core developer at the Tor Project, in their [TorifyHOWTO: Tor over Tor](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorifyHOWTO#tor-over-tor).
"When using a transparent proxy, it is possible to start a Tor session from the client as well as from the transparent proxy (read the warning!), creating a "Tor over Tor" scenario. Doing so produces undefined and potentially unsafe behavior. In theory, however, you can get six hops instead of three, but it is not guaranteed that you'll get three different hops - you could end up with the same hops, maybe in reverse or mixed order. It is not clear if this is safe. It has never been discussed. You can choose an entry/exit point, but you get the best security that Tor can provide when you leave the route selection to Tor; overriding the entry / exit nodes can mess up your anonymity in ways we don't understand. Therefore Tor over Tor usage is highly discouraged."
And from [a post](https://tor.stackexchange.com/questions/427/is-running-tor-over-tor-dangerous) on the Tor Stack Exchange:
"The danger (beyond the performance hit) which keeps me from running Tor over Tor has to do with timing and congestion measurements. Adversaries watching your traffic at the exit(s) of your circuits have a better chance of linking your Whonix activity with your [Tor Browser Bundle] activity when those shared circuits slow down or drop packets at the same time. This can happen without Tor over Tor when your instances use a common upstream link. The linkage will be made tighter and more explicit if you run the Whonix Tor traffic through your TBB SOCKS5 Tor circuits. This tighter linkage raises the danger of successful correlation."
---
# References:
@ -13401,8 +13477,6 @@ See the [Some last OPSEC thoughts][Some last OPSEC thoughts:] section for some t
@ -13652,7 +13726,7 @@ See the [Some last OPSEC thoughts][Some last OPSEC thoughts:] section for some t
[Socks Proxy VPS:]: #socks-proxy-vps
[Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option]: #appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option
[Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:]: #appendix-q-using-long-range-antenna-to-connect-to-public-wi-fis-from-a-safe-distance
[Appendix R: Installing a VPN on your VM or Host OS.]: #appendix-r-installing-a-vpn-on-your-vm-or-host-os.
[Appendix R: Installing a VPN on your VM or Host OS]: #appendix-r-installing-a-vpn-on-your-vm-or-host-os
[Appendix S: Check your network for surveillance/censorship using OONI]: #appendix-s-check-your-network-for-surveillancecensorship-using-ooni
[Appendix T: Checking files for malware]: #appendix-t-checking-files-for-malware
@ -10,7 +10,7 @@ Some of those resources may, in order to sustain their project, contain or propo
- Premium content such as ad-free content
- Merchandising
**AnonymousPlanet-ng.org does not participate in any sponsoring or affiliate program for any entity. Anonymousplanet-ng.org relies only on anonymous donations.**
**anonymousplanet.org does not participate in any sponsoring or affiliate program for any entity. anonymousplanet.org relies only on anonymous donations.**
All the links below are listed in alphabetical order.
In theory this command should fetch the key from the a default pool server. If this doesn't work, you can also download/view it directly from here: <https://anonymousplanet-ng.org/42FF35DB9DE7C088AB0FD4A70C216A52F6DF4920.asc><sup>[[Mirror]][12]</sup>
In theory this command should fetch the key from the a default pool server. If this doesn't work, you can also download/view it directly from here: <https://anonymousplanet.org/42FF35DB9DE7C088AB0FD4A70C216A52F6DF4920.asc><sup>[[Mirror]][12]</sup>
For redundancy, you can also verify the authenticity of this GPG signature using:
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
TwoSixtyThreeFiftyFour
