Git-Mirrors/thgtoa
1
0
Fork 0
mirror of https://github.com/Anon-Planet/thgtoa.git synced 2024-06-13 16:32:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into Adds-face-generator-tool

Browse Source
This commit is contained in:
TwoSixtyThreeFiftyFour 2022-08-16 09:10:45 +00:00 committed by GitHub
commit b1383ca8c5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 315 additions and 324 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
CHANGELOG.md
View File

@ -1,3 +1,18 @@
v1.1.6-pre1
- Update on Tor Browser route due to major changes
- Tor Project has condensed their settings and it is no longer
necessary to manually configure bridges.
- Fix out of date options/settings for Tor on Android
- Small grammar/spelling fixes
- Removal and fix of some bad links
- Removal of AnonArchive (down)
- "How to spot if someone has been searching your stuff" fixed
- PDF and ODT builds disabled temporarily
- Update to social links for SEO plugin
- Link to Qubes tutorial for installing Windows VMs
- Added link to Arkenfox/user.js
- Remove unnecessary addons
v1.1.5
- Various spelling and grammar fixes
- Fixed several numbering errors in references

2
README.md
View File

@ -18,7 +18,7 @@ This guide is an open-source non-profit initiative, [licensed](LICENSE.html) und
- Raw [Markdown](https://github.com/Anon-Planet/thgtoa/raw/master/guide.md) (references do not work when viewing this way).
Mirrors:
- **Coming soon**
- Tor Onion Mirror: <http://thgtoallkcxrdv37u6knsc3pumk6cq6lqmcqlw3j5vkmyahkxive4jyd.onion>
The guide and all the files are also readily available on Archive.org and Archive.today:

1
_config.yml
View File

@ -26,6 +26,7 @@ github:
links_url: links.html
twitter_url: https://twitter.com/AnonyPla
mastodon_url: https://mastodon.social/@anonymousplanet
tor_mirror_url: http://thgtoallkcxrdv37u6knsc3pumk6cq6lqmcqlw3j5vkmyahkxive4jyd.onion
defaults:
-
scope:

2
_layouts/default.html
View File

@ -154,7 +154,7 @@ input:checked + .slider::before {
<h1>The Hitchhikers Guide to Online Anonymity</h1>
</a>
<h2>How I learned to start worrying and love <del>privacy</del> anonymity</h2>
<h4 class="project-version">The latest Version is v1.1.5 See the <a href="{{ site.github.changelog_url }}" style="color:#ff4700">changelog.</a></h4>
<h4 class="project-version">The latest Version is v1.1.6-pre1 See the <a href="{{ site.github.changelog_url }}" style="color:#ff4700">changelog.</a></h4>
<section id="downloads">
{% if page.url != "/" %}
<a href="{{ site.github.home_url }}" class="btn_small">Home</a>

2
about.md
View File

@ -8,7 +8,7 @@ Follow or contact us on:
- Twitter: <https://twitter.com/AnonyPla>
- Mastodon: <https://mastodon.social/@anonymousplanet>
- Element/Matrix.org: <del>@anonypla:envs.net, @anonypla:tchncs.de, and @anonypla:matrix.org </del> (all deactivated permanently)
- E-Mail: <contact@anonymousplanet-ng.org>
- E-Mail: <anonypla@mailfence.com> (You may use our [PGP public signature](https://github.com/Anon-Planet/thgtoa/blob/master/42FF35DB9DE7C088AB0FD4A70C216A52F6DF4920.asc) to encrypt e-mails. Do not forget to attach your PGP public key if you want an encrypted answer)
Discussion Channels:
- Matrix room: ```#anonymity:matrix.org``` <https://matrix.to/#/#anonymity:matrix.org>

16
b2sum.txt
View File

@ -1,15 +1,15 @@
1da0bee96763274b4480fe6571655343c833b4680cfb6e8e47d7263a985ea1ef6b5c369ac00f9e8905fd02e93bc7122a04dd71ae1a3e23d47c87c5e164d3ded1 about.md
748e8fa9e64a0cde14f1fb179e13da8e3abf334f74d0b84c49e0f8db296c31622ddb92a21c6426a9bfd3bbff66be57c979154ffc0d087dbd57eca21ee0a98257 about.md
26196d7b81bb79c8dc290a98204e3d416e887552ec68b0de4bbe2f17bcc11fe8e3dfccc7f210a72ddecba2eecfa2e33ceaf57f4b0c3061230d62b805e8228f79 briar.md
508535a9c57c88e71905e3e355ab27445f3ac45352486331ddc1438a241db7dd1fb7cb2bf2d29225e17d88ac74c436683f483e39ad70d9bcdd82a0f5fa42d6cc CHANGELOG.md
356e84e2d72b7ec8c8c39fc46efcb0e7e907456493a1ec82c9bf78ad204f82d57ea523bf3fd016ffb27d0fc4903a0ce054d86a9e9a92d0e0ccabd7b47a3b645c chatrooms-rules.md
1c1b4de5b210ed1328954bc57aa48a3cb04e8f0a97eccf5561b4005fa044526acee6e8c8ad103e90e05b3e0be26c4d42574639d168058ea034e2439a62af41b7 CHANGELOG.md
0c9f4cedcb619c44388923b862a329e019441e2e92a798bb97694bb78a01d62259bf93c42191d80a986983b936292aa0cb52bbe984e43002f0e186f45899888b chatrooms-rules.md
13a500b51aaaab394f40d459c722f25c94fdb92c0488a45caa67b5ef5c4d8ea1d5a9e303879cb04fbe61fb756a0b0e713533178cac66310d1f6d227c7a1b9bc7 CODE_OF_CONDUCT.md
e1079876940fce57b827ee39295a1dfce05f003f9665296e0f9a56010a6037914808f430349a63a5d4ac0ce5510b0fc4b0f4727637b04cfc3c74e26758098747 CONTRIBUTING.md
95328cb2e2f626a5e465f735a7162d02ecb354637cea19a0f37c0d919e338ab472d4b41e1758fa175acc7412cf1be673a690613e9844430a7aa6fe7880881277 donations.md
13a8320f98a1e28a3b7f535a499b240065d3442dbf7f74cdbac3efbc6765dfa385fd1fc736679b6db7e8ef3afa027775d7b09d88f672e071101c8d3eb0697887 guide.md
57930e368db74237e225d57fb277dd30d68b75ce76567f5d608b2cd43ca547ac1f83ec04d3ba54e332e710ac3d641ec51c83fd92dd702d50e34d09d59a167ebb CONTRIBUTING.md
15989c822804b56311d0a00359215c23222f2f5f6b156af7701a9d50166e43e559dad8cd0bd6c04933ea6043e043f88c6f9ad57cef653bce863183ced8fbc815 donations.md
b548d028fdd990f7da5e029c0cf1fc1d537f430f9ef379d922f683f1733c3cb83024093d694838e9296687ff9eaf70441aa11969d369ba04a5761ab6f7efc99e guide.md
29ee4751542b8a15463da06ef1481066391cf0c6c3a8157a3bda0c5e656137428ca8e4b78edf64fb9a93ef916150fe745f83a9e12ea5171f4dab088020beb014 KEY_ROTATION.md
046a52e53005963dd38343505aa43e51b5d750f0891c0a20a675c80ef9a254077db98b15165641a5f7ea33cc19f035e2aa7dbec4504a95c32b63911e3c7a8046 legacy.md
f9aa769f3572fd8c1bf2c46cfac9c49113f73b8185e5edad04ccca003f973d79ccaa728c30078bd45a60bdb7f5a090a22a95f04836e9ea07aa53d16684158b19 LICENSE.md
372685463d375a6c25d7ef31b0ef31220d8daa9b69d3640ec5e64fcdf5b97f69615ecd548feebd30905ec65e4819f02fa4d82b67e88e4ce68408931d898abc6b links.md
fdf05ba24f10cba1ced92d36def4bfbb3fe1734392a86e81a434bbd195d97067b863ecb1e4c42668bce32b86fe46dc37f7dc5f0b79d9ea66d8d6cfb9338ef219 links.md
ab0ec9bcea9167177eae18a069ccf2354148b9f59a4248d03445e6d7bff10463d4f5e7d28a442ff2b620da16a57dfa91f2684bec69edaac5ead40f492f3270d6 moderncrypto-rules.md
742f20fb65e92308bcbf6f87c567096c463c324d1079e23194df310ca162b51c6e2496d44e2e28f94f544575eadb68d9b1a839a7aea21f21a4712f553dff166f README.md
2a3fe2f4a9818875c2b72d1e063453d2aa0f1c5d76e2c7e2b344b54cd5044f4ae0f9777238ae564d81a35f5e29806127096872d10b6ab20434e4f6a7de8695d0 README.md
d33ea2d1ca49eba4bba7128fda73c428aebe7640b1e50c9a7492c6a386db76eeedbb747aad52535f5aad3b47d6a1b3b4fd74e6e314b6ac844a39b1ee94f6e205 verify.md

90
b2sum.txt.asc
View File

@ -1,48 +1,48 @@
-----BEGIN PGP MESSAGE-----
owFFlgtslWcdxunWMdYyQMalFhmHiUF3Ke/94gQHpdI6aKErIrJY3yuWlRbasq0K
bBPdYG442FQCjItbZtjS6JwmKNE5kIiCmCFzxMUSthFgmMWYhW5DwOdrQjwn+XJy
znfe9/n//7/neb+nbrx2SEXZ8MnLmi+cbCiV9Q1b4W/wrHvV8pqeB3v8yVv6aHTE
p2SVVpxp4YUwJCclNVVScsGD4dwLZUjIXiWThI6aKe6skcnRlJWXgSvrAiHZJmOJ
zJGwZLkPmjLmiIhRU5eo44nxKHQwOshElYg8pkhLJec7V/XULI8VTFGrovaGeq9t
MDEwS7ARIyLhnxTbGy0lS0EZT2IS3ieWqfYhUJqhjcccQtCZUeI0izEF71hKIePK
eUguS52FJ4ETRRknUTFviEyGMZO1LZV8V5vrKqRIYiSXzgYJvSZpiroST1xK59El
ITN3QeAWJozinMYYqODGMUGj1zHS7HXwzGcWmWUM9epojAtaBMGVMjwLg+Wsi5pE
60OMBq3KMjvBogqhVKqtn9k4p25u05xCDpeoXSSG1nudgsGb2xyESjl4knSyRAup
hOUYSTAsWJ+1cRGdy4ZFqZOTjPvMMRuqckYNkeD/lnBHQiJSRKOcTdZZFkkiITiP
QQjtuFdCQk74puvp6uxc3n1H16r21F2IotxJQrykDi/PrciCRCFt0IxlJgO+iN6y
QAQqxyLOKe1lyjJgN7AT0d/ECTeYtYdQn1TRNqkAJGqiXKKx2gQXlOKUoKcqMqaD
dtSjZRo9appd19r0pdbapsbZC2tbClGJEm2NVlagviQBE9MJjWZWYsdc1JoJ4dkq
JZlVCdA6qQiAUYRrS0G/yQKqhHWgXEYBsrGQpBCFjuEiNINXNCSHHDhGmpjS0hBs
KwZFNbY0N8xa2NLQODg7KzkzYAGoKqacTELJrAEXHMYKqwTPpcCC4JNaQIBPYIKi
NwAKM2ARrqQgSJrscHVAXFAWMkXHNHfKgmaerBECwp1Gn3PSBoUYyjQUxc4O19PW
2XF1aoYzlG2ACjMYsM4F6sJazwQhSkYuACEAyqA1ehd4yj4gH2TMjhv4m+agQbG2
XoF2GA9uyI5gMy2BDbFgPSvNEtGUEgon8+SJshAFOUtXtcU06HebECeSSgEbOlo0
AWEEpjEFSjB0S0MmQQVIprJgET8jO5REvVqgqw555LVJMSvwA3oh1VJFJSIMhsgG
OZUoA/1U0yyi82gKYQg8T6gole6uW9za3NQys6WhqbFQRAQGxJLkhEgLNZEbRKAk
0jnBk6Qe5WFtYqCMOAZotAyGYFPHpCBaA3jjqUR2KkEd5pwcgidQmwmXiTmHOxKC
gwhnkZvMF0XSBIqcwealUnta6kJvoQVrOnCcudQsRxMowgSOR5gFC+dSykERshI5
LFN0ETjCtoNsax7hKRhOo0eoRRsPY4JwH4tpO4JYRTRbWAExpJJNjgAbySNFNgkq
UQPScG5DbV3jPXWDAYTMN4MD4gBQBYZGYOoURsWVMRJNdA482MiVIKmYksghZumt
zspiJClEKUxOyUdOijgNCl4wRWsYYg8B6BVYwkRDggj0GLFqgCnY82hMW8d9gwBj
hgn5Brdg0ppqtDhRA25QcWawEujxNkuLKBUmwskCYoBlzpQUFYgsk45AH5jnjF2h
3lEMXoNvSzMqFRiSsuiqQyEuIkuEZRnnI46MUml5Z0xdHaGrd0VP5//jEEBm+Mqj
Kouzxfjgs8rFYac0sQqj4xi4iEVA4SSkVkS0jgRszRCiQSUmcPwJxAl8mZGeEsp1
sb9XBocEhXEt7J0cg0jqBM7XjDM6ojClcqnUXDdz9rzBcUXOcVekAbZO3uGgRNpg
0eg0DzCOSz5pzMnTJEnAoigvKJi78LNKKUWcwEh/FyVDOAAZF/EUoKNC9uJDjkg9
lTgVXrmA4HEc+vAUITLKILJUuj91teVBjjdcw8uHlFUMmThucvmsK/KtZ8/8fv1L
I4//9OozyXXXFI8hQypuGHX1mxO7Rl4a9/jo5zpW9k969s6ZU57fl6dMGLl15ys/
aftuy+EfLKg7sCjdNnz29uVvP/XZx9ZVHXpx+LD+NdVjy04v3XkulJ+XNUtfHVAn
l1ROPbX93XWHn3j/nU+faRr78sDF1c+sXLD3WyMuVS3au6q/d6vedKjv7dXfydvs
guoJ9dv/3fRwEmefLt/c01v9D/WLh+Z1n17/s4/H/f22N27arkd/feF7t75w14Mb
nmzYVzVnx6I/5baX3WP68c7e21f++QvXzy/71wP9f+w/vOkT2469Nub05Wmli89v
3dFy5njlgouvfdi1Ye+kPef7v/KNubW/OX5Lx8+f2STP7fvtrvLvf9Q24qP5M0bN
un/Xoc9Un9t59wO1m3efOvrf7aPerWooO5EnVtRUXfvm3mVfnvb5vx07+rtHps27
+cjr9XWHlp7qe6umb8bW3VfWXOJscepuHTO8qnNN1Y4Ljy6ufvWegQP2xkvf29m/
buiWe/859NdTm8d2Npy9LD5ccuTNoZN3r71r4tc2jmxduG7YlrLz58YsefGrBxe8
v/GDbR/vaa/vvnD8ZnZs69TnFs7ZfHD6sqMTm/dPbriu+YObxn5qbc+d9/E4vv5z
v5rxh4crxvftKStv+eERP31+xXS//0czy69see+Tty9uWjvdnvj2nKYlLWdfv/WJ
v7DLfP/QFybccfCX975yoB1HXPvA+G36P+88+tcpLSMqeflLA2dXfvGhnh9PWrHh
ycrR69es3tuxaOgbNeM3Vjb+Dw==
=8bQm
owFFVguQlWUZ5trCxjUEDSf72VlKTNjvfnFGGi4nWIXdWCFbhga/6+4iy8JyFmMM
DccijEqnBpgpSBHQBKwJGsQsFTEEcrKk0ggpoBGJpsQBDVR6/p1x2pndPfOf7/z/
8z639zw4tH+f2r5Dxi1quXiisei7a9BSP9iz5T2dk6pfrfpL+z6jhUkmO5uUcCTE
REWm2VNtE+XRmcSdz5yLrEUk3oggbCLZRM+sCpwqxmL0ljlGgxJMOetz5N7nrJRP
UgerLZUi50AiMTr6KHUKOJ0ScdYwqYvC+a6e6qTOWMsUtSpqb6j32gYTA7O9p4hI
PAqqkjFaSpaCMp7EJLxPLFPtQ6A0J2CNOYSgM6PEaQBLwTuWUsj4y3lILkudhSeB
E0UZJ1Exb4hMhjGTtS0K393huksoNFAvYpIet0qRcmasFD5I7ZwwjgcPSCYDHKYJ
WUqF44TI7IgQEjSElIA2GBcp4cmSRKTniQCvCiIKzC0Ut5EqPN4kR7hITHDrFHNZ
UA9Wps2c0jSjMqt5RgmHBJtFSDF4UBSE4MZYxr3Bcc4gCLVC0MQShNDWeG+1smBH
G0cohmQSslgeBKOWRlNyqqzh3nLF8BHo7iUDmdaIJDghLJNEjcpCGmuNMb4oQrur
dnd1dS6f2N2zOC3v5Yg7SYiX1OHHcyuyIFFIGzRjmcmAC6U1AhHGOCGDc0p7mbIE
A5iZRgnXccINtAaf2ScF52mpHPEkacol51Sb4IJSnJJIs4qM6aAd9daHkqPm6ZWF
zV9YOK25afq8aXNLUFJbThJXcKgWjOuE4eG57JnWMZaSGzwiJK2k0llGRYxnIQoe
nBTaBZoNT4AME+MCXMOAhLjAowLDQdJgeI4W5tKERYlHIRc2Suuo0sn7ElTT3JbG
qfPmNjb1akelNTAzLEaEl5iERuII4dIyKgPjrGQry6w8xehZa0IdbkioUhAjSWmj
iyYgfVEBmOU8OUXwDn6zMUFl6zBhSFlJ7kMyeISB2aPJPhgqiyJ2LXHVjq4lvap5
KUwk8HuM1pKso5OJMBtIQO4DROGICCfZpsy1xaQsK4xMNQIE3xtOmCAWdFhhuIHj
rFJGZ5wHdrgfbqCIsY1cWY84OKkVdV5lnXKwNhVFW09HTL15tykJLdEPiKHDP4XG
ISplKgwlEN3SkElAzzjMoR33eDvIBOkoh7qwhkEJaJNiVvCPdZanbKmikuSkhYSW
sBhlyUmqaRbReWIMYcihJ1QUxa2V1oUtzXOnzG1sburNmVAO/SKRAWmBJnLDBZdE
IvaQgnoZNe5NDJARxwgcLYMheKhjUhBYzCN+VFJABBMSQzvwFqjNEDwhajiRgpDg
xcrAmS+HpInD1LCHKorFqc2FlSUW3NMhxplLzTIMQH1mQSiUWUAF4FM8a1QANTLJ
BIsQge4rjZWt5hGZQuA0OMIs2ngEE67xSEWWjqBWGQOCjGxylaAdQbNJjkJSRlCJ
GdCGsxqnVZpuq/SCiRkN5hiWA8rCUdgLGeAqJvRp9p7nBIegwZgzKD4KutA/kVoZ
rSbIPVyJNqYJC4ThGfAphkfFJKFigOV0DEDjS8fB3ioamB2KclgMdQ4wizuW3Nlr
YGiYAvKfHJTWVINilBV8g4kz41LAPd5mJFKw0uocjZzKtZKBvbSYyDLpyNBJguUM
CRiJSC+MGrEHaWagACIpC1Yd7OaiIFlYljnT6I+i6OyKqXtJ6F65tNr1/zpEFWes
IwgLTbCnAvPYQTQRxQWYLWs20wADqcQCeskDGMIYEHWB6nRYq1ZrzbhxCe6JIJFL
QGXWlNtKE4uc4YbEK+exErEyRFYwFBIPmklRtFSmTJ/dK1csSwJng8O69g5SOE3L
zDtdbgE8waMBBYEgErvFaYwXlONGwSAqpRSxPFCHKBYmSxR4xb3QUaF78SJHLbDg
OBUAE4wQjlvcK6HyMR1B56xI3R2518dr+/EBffrW9vnUmHEDpl6Rxza9+dy3dgw/
+thH30kG9iu/hvSpHTzioyszHx/+YdHaPmXjqeM7L6yR+++oefrmO2rqF8V7a1/a
vemdRRd/9eTIra1XHhnS88YPW355zZCLNYfeaRgxbN3x/OonyKqjV/4xeV1rdv/9
gd/x/BQ2/PO85tS/9x98d1PDnD+v/ZGYukfw/n/r97196699bdNVd/2rpfOGgzP/
Go8OGnX7gevaR2zZvC0de4WZR/L435+bMHr85ub6345e9cL78+rPNx3Y0tawt27v
ifljqke7bvnJoWdWdFR3np1++e7r29b/8Su0acDIL3/twqrdo7/Yc6TxsakLPpj9
/rjD61666czks5dt8Z8PX32z/fXvqJlXv9u5alfb2aeHDZ6kfrH59LrVduy5h/cs
HXP5xb0b2+55b+DyXG3cXZfFqH/G545s2T++v//64X2nvv/G5nCq/4FHn58w4Zur
57xVqVYW7pnx9q9ZuO/IyLEfa9peV3/j58Sg6xpMhS340jVP3PbtR3+6tm1N7Zw/
VLY9OXbrswOXP3Po7wPn9BEvrtZv/ebn507+5c7v3nqLe+rGw6/c3e+pWQ1Dz5tz
G+4fs37iAFa0Lht65E81uy/87J7t+sSloTfcu2bhnGGjjk0eu+wbL9+8dXH949tP
PLCyrv1Uc8PVO86u/OTGiXtOb9hz/Wcr5+5/efbDS1cMbt/mXpt05qEfp2HH54er
7Mc3DDx515D3hl37gnl21cmHTt5X98CCZa9fmn/T7dUL4ncHV3xQM/78zl1vn3xw
8ROnz7TWf7pxS93FI8P/Bw==
=LDie
-----END PGP MESSAGE-----

6
b2sum.txt.minisig
View File

@ -1,4 +1,4 @@
untrusted comment: signature from minisign secret key
RUSn9xivowlq/sr1ozWrENa+hzlcnhKNaMWoJL6rCw2U/XEzcylaiVQL0FlECQAEjFC7nJw6tFOYq1EYwV0g1Z8qp0Nn5iFUmwQ=
trusted comment: timestamp:1658790578 file:b2sum.txt hashed
RM54EBZy1QQHONjX4nNJ0+6Epx3BHKGxgB9plExnqQ6SDFHPRdl6igSidQ1DiWfxsCJ4ZcZPSIlM1xmBJtwJAw==
RUSn9xivowlq/r/UipZCfUDt2/GrYddEPgE1iKotc/69NVI3unWHyr1cQwWEAYj2nxr+16nCRR03XlEsNx2I/CnnKiecT6ZqHAk=
trusted comment: timestamp:1660598571 file:b2sum.txt hashed
X1mj7TyKrP2J9V5F/gFf8KBba23oSKBk6guDOUUsPmSy2unA7WwgHc2p/qJhpt5mwa4btcOEzVyp6pCNUjMrAQ==

20
chatrooms-rules.md
View File

@ -14,7 +14,7 @@ You will find here the rules for the rooms part of the PSA Community. These rule
- [Ban Appeals](#appeals)
#### General default rules for PSA rooms **unless specific rules are mentioned below**:<a name="general"></a>
These are currently only enforced on **Anonymity** and **Security**, and not applied on rooms with their own ruleset below.
These are currently enforced on **```#anonymity:matrix.org```**, **```#security:matrix.org```**, **```#OSINT:matrix.org```**, and not applied on rooms with their own ruleset below.
- Keep it legal
- English only
@ -29,24 +29,24 @@ These are currently only enforced on **Anonymity** and **Security**, and not app
- No upload of any non-media files (binaries, executables, compressed files...)
- No voice messages (these will be auto-deleted by the bots)
- **Avoid drifting too much off-topic or move to an off-topic room like #bnonymity**
- **Any discussion about AnonyPla / Lena whereabouts is only tolerated, to an extent, in the #Bnonymity room.**
- **Any discussion about AnonyPla / Lena whereabouts is only tolerated, to an extent, in the ```#Bnonymity:matrix.org``` room.**
Some exceptions can apply, see the [exceptions](#exceptions) section at the bottom of this page. Violations will be handled at the discretion of the acting moderator.
#### Rules for Nothing To Hide Privacy:<a name="nth"></a>
#### Rules for Nothing To Hide Privacy (```#privacy:matrix.org```):<a name="nth"></a>
- Zero tolerance for discussion of how to commit illicit acts
- LIMIT POLITICAL DISCUSSION TO PRIVACY-RELATED TOPICS ONLY
- Do not dox others
- No suspicious links or uploading of non-image binary files
- Be respectful
#### Rules for Modern Cryptography:<a name="moderncrypto"></a>
#### Rules for Modern Cryptography (```#moderncrypto:gnuradio.org```):<a name="moderncrypto"></a>
See <https://anonymousplanet-ng.org/moderncrypto-rules.html>
#### Rules for OS Security:<a name="ossecurity"></a>
See <https://artemislena.eu/coc.html>
#### Rules for Bnonymity:<a name="bnonymity"></a>
#### Rules for Bnonymity (```#bnonymity:matrix.org```):<a name="bnonymity"></a>
- Keep it legal (seriously)
- English only (no Russian, no Chinese, English only)
- Be "somewhat" respectful to each other
@ -64,11 +64,11 @@ See <https://artemislena.eu/coc.html>
#### PSA Bans:<a name="psabans"></a>
Currently, the following rooms are sharing a common PSA banlist for serious offenders:
- #Anonymity
- #Security
- #Bnonymity
- #OS-Security
- #ModernCrypto
- ```#Anonymity:matrix.org```
- ```#Security:matrix.org```
- ```#Bnonymity:matrix.org```
- ```#OSINT:matrix.org```
- ```#ModernCrypto:gnuradio.org```
This means that those PSA bans are effectively applied on all those rooms and can be issued by admins of these rooms. See the next section for information about appeals.

5
donations.md
View File

@ -32,6 +32,7 @@ Here are the addresses for the main project:
Donations log (UTC date/time):
- 2022-07-30 03:51: 0.0222 XMR
- 2021-02-06 16:48: 0.1 XMR
- 2021-03-15 00:09: 1.24869 mBTC
- 2021-03-15 08:41: 0.07896 mBTC
@ -69,7 +70,7 @@ Donations log (UTC date/time):
- 2022-02-18 17:27: 0.019 XMR
- 2022-03-14 10:25: 0.0139887 XMR
Total Monero donations received: **4.734092580358 XMR**
Total Monero donations received: **4.756292580358 XMR**
Total Bitcoin donations received: **1.89353 mBTC**
Spendings log (UTC date):
@ -95,7 +96,7 @@ Spendings log (UTC date):
- 2022-02-02: 0.966793601024 XMR (+fees) for sponsoring a related external special project in line with the Universal Declaration of Human Rights (details will remain indisclosed to protect project members)
- 2022-07-11: 0.503232784687 XMR (+fees) for 1984.is VPS (12 months)
Total Monero remaining: **0.037136719397 XMR**
Total Monero remaining: **0.059336719397 XMR**
Total Bitcoin remaining: **0 mBTC**
[1]: media/monero.png

26
export/b2sum.txt.asc
View File

@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEQv81253nwIirD9SnDCFqUvbfSSAFAmLfIp4ACgkQDCFqUvbf
SSBG8g//Rb7ahuTgYdsgtBwWuFK2imbvrGVultDPJorHR1Sph9OVnuqlqPAANmfc
73hmSVN06RbIPwfTScqVs9PlDbeWhG9F0s+90v39Oua1drhD/Ybmb3EaIk/tVl8y
UCzEJJ0xnmaz1SjgV4BApiWKt6q4cJJs3ZY8aDDOCBWJ7xMKQLI+pQyrj8UjL1am
lVEGQ2LLezCJBfJny/S8BdyG15AQ068JftQ1WU1BlIrMNgTyIJmKXRdJoWKvF1hf
RlCeVVgnvqSyvzXTb+KfWGef52kTIo1aib+zcpyK6VJ/kXJMuxLYNabxnbtY7Fnq
qrxQJQPPaHrz93LB1AFfV+dL2kjgKpVQygsWM5Dgj0nBiAg1dNjrQ0B/pcPqy73u
GrTumtrbsTc9ZfZqrcetZWY0OzLlceI9WUzuspswgBT7HYb4Xm1Jm1D5z8pTHX3Y
WObqS6KdUslTFdsnGyUb+lK5siY8kq5js/4LmlLpKsUphWOs/3InJODo6sIIkx9S
k8Bm7NU2snc+i4GhT5FsrSs8qBXXOn2MsEaOOlRqbfQtDP8wfDim8koEzrGLmTr5
esa4+01KG4yKDwDyHOJ9tPCAjaa1jRfiptDcWC7zD947YS9LbpnJC170LNkY8Uyq
ZNbjqpeurfoYv7OjwXMxG4M7ufshvoNayA/bU/ndhiiSsD8fTi4=
=BD4w
iQIzBAABCgAdFiEEQv81253nwIirD9SnDCFqUvbfSSAFAmL6uRYACgkQDCFqUvbf
SSD4QQ//aF+WuYUk6CDHIKVws+aDnn4QbnrE5VTTwQVfHweBdbQk+YqOAClTKwR6
hRUU1uV+W8tXhCyxSE8M1ugXX71AssU4wmiGHaVYAPiiwoHvqgGMug11pT342eS2
Q34VzHHNFVkP3KCoSo1isqoKUxJb+tbpe6Dcmzw9TBCGEOzPSxX7HTytNdyMjHtO
XZYNRvNMh5PaaK88YCjwvvCB/ST3qmKeFdqlVsrWHCL1rwoucPc4hVLu7FD2EHOY
FKWlG62b7nYER73EqLEI7hWZtRYfVhkeuQd8k0OU+QHinAMYZaAyHpdaTYUPbbRn
5p/irOs69plHRe7pF/M56kR9OMgSwV86lWNGrfdXrDF/Zfis9tDoSIjjoLwIl96w
rpDp1G3opYZhvrYPZLphyqNveHE2Q7MGmaMsZ0n+QMRSq/qsH3397B4Wm7sWIXbR
ijG0pC8zoOc+29cZnV19q4OiViIdNN9gnuVArSEOXnO76Ei9digQDNwerrX+1qv2
wJ2OZhc5hlOXnR18tYs2enM2FM2rcvFK9HJrmewxrhKH/ZnFgX2CKcywvGtryrak
rrxv+6Qn70yQ0yywTMn6vihXiFPRz8ZvrDd20oD/EyB6DNPHUykeDRNUGIwCS4X2
Y1q0kMSIJbtamquJQCLbdLudfvKBAkM57B/BtPiI7Ft47z6CPqc=
=rrVA
-----END PGP SIGNATURE-----

4
export/b2sum.txt.minisig
View File

@ -1,4 +1,4 @@
untrusted comment: signature from minisign secret key
RUSn9xivowlq/m9u4GCYbaa9GhEomTQimt7c7HvuJZJlN3em2Ydy2DeCKpvpENQ4T5DfNtSe3j5pjnNQda4QNXW/mp4d8Q0eeAM=
trusted comment: timestamp:1658790564 file:b2sum.txt hashed
roeGVEjvolb9c4v5LkdHxdnDLy699XjbobWaFwynhhB3Lr4zGc0RUvzt1abVi0ipY87qTzOINadCzVyiEEuhBA==
trusted comment: timestamp:1660598556 file:b2sum.txt hashed
zRsOp9ehZ24HnQCNis/pD9IeesI6628PKwEHIPpCKZeOZygE/dnBbB6sdbMauPgKx5hyMM8uklXX9rQh9KI6BQ==

26
export/sha256sum.txt.asc
View File

@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEQv81253nwIirD9SnDCFqUvbfSSAFAmLfIqQACgkQDCFqUvbf
SSAfOw//UviW61DOVRZNm0taWA1hXDYcUXlbcju77SQDApJlgjvll4t0NijWDJCp
hlUNfcEat68mvIYqguVStugq7qXqGyowduvqFrE2iQHelSAZTsBOkHy7X2anS+Q+
6SQclvTWOkj0qGME0W4MYYXP5nFwjqW9k3KX0touz9lZ31RhiHi810qEmJpmlpEO
qKGsXrvymXVaaahwJV69mjwf2Se5uOQfHvRIzhvrz+7HcIU+bGH8l+kx97xL1ES9
Lr5bhz/KC1WaLqjsUSbgcdvHaYA7rf6eTleW/AjpxhraikdpLhYCeTd+fx+OnOsv
yJ88yMqrQGhXRvgryL9k7Z9aZsNq5zOgKP2GFX4Ic+3Jo3xph6tm9oYIN+FganR9
+C1PePuhih8c3mL/5pvc8ULlcPl3Q3Xne8/VgW08IC4UvYqjJVh6hGD62VSARGIh
P+XecE9HlHLtDCGj0zGIcAoYZa+tWDTtifIdWp1fsFin4urnnrjyVbcsoX+7Qz7H
mrL5clE3MQ7VQOYtv/SARAKssTnTOn9392+aPW1pA1otRH+WOARlKYMzDL/iE+H5
JWwkHGYJge12Z6j/2kGCqJkQpY/ZGYUhokTq7fKoee2P6XcNjgGsuzQ9P+JGeSk/
vVsM7gPlUbo8zHccmRdT51SmQpNmunjtrNcy8kGXw1AH3HGkGW4=
=Qvca
iQIzBAABCgAdFiEEQv81253nwIirD9SnDCFqUvbfSSAFAmL6uR0ACgkQDCFqUvbf
SSBJpQ//Q6gO6ArEKjtQVhbqAoJlw+8Z5ydwJFBqHLXNfvYHxKJ3bNrkEHs2al7w
hamACTmqH6kEc4dk/FByFIoKlcCDtdG6WLQhlYFX+fi+mo69lS15tOKeYf3Hiuo/
uYDDkRvUNmzxXtHGosLpwD3uiRqQjK2Dj7uuPgR2xNF5PYM9Vh25Z/GQnW+Nqcfh
UXh0JpFNcTV1Dmbh37JgNZz6cEcpsFSAmHmK7n763L4Z/UJi7HXpCS7Cn95Xo52I
k5cxUeSHXzf2AgGGLpwYF/b2oFh7g8JQLYHPUyCnaf3otRAT3CRsQxelv/u1YDAk
OQ4X10vg19evUuKO3xpWx7oQOZWWz3m+4YRN2xbNZlSAb+KwZdEdblI5qTxlu/ud
ceaVW2t+n1Z8ygk0PbNGTjMbGdLsoQ0+knkVzPVs3ZK+ygnKW3q+P4aFM86EmgD+
QfWqeg3fhdnk8QGDzlXRsu15M1GpXjopKX2LBpPiqGZRGHq+H+PhNtLGQ7Oe7IAM
wCzZmOLUXic1vQ81V0US8JeK+9zMJPYLj6tKgFJ8hhRzJ3vwR0Ls/A0/q+J5nHIq
GX40i/HqYme67g66lhoMh+joyjvbxPJjKSjFCKsaHZ/xsv6SfWRY5WRzdMXh1icE
FQaDy5Ynu0VJ/WzQvsU9Chyp+AEOIfhvEaquHLtfiUErt1zPWho=
=qKci
-----END PGP SIGNATURE-----

4
export/sha256sum.txt.minisig
View File

@ -1,4 +1,4 @@
untrusted comment: signature from minisign secret key
RUSn9xivowlq/kJ6thrlMUlYMQS85xqWIMR7agiJynTCepUp5sRhyMVdmwl4SBXuQ1EczsCaq6kM7fEy4+ls9+Rux9PvVw8Jogo=
trusted comment: timestamp:1658790569 file:sha256sum.txt hashed
dj03R0KeT350j47kyRWoOIjbh9gZobfjiMR0Kk8XfeTMYAEXB3AvgNRJaueIIgz925321JmAw7tkfaXnDtxWAA==
trusted comment: timestamp:1660598561 file:sha256sum.txt hashed
yy3CaCiNigU6UZ/IDiIH+iLecXdURMwrg5DzCu+D3/WE81oPvHmUZOkFB063IWuPxzAniT6vGhDrSreyUqWOBg==

332
guide.md
View File

@ -2,7 +2,7 @@
(Or "How I learned to start worrying and love ~~privacy~~ anonymity")
Version 1.1.5, June 2022 by Anonymous Planet
Version 1.1.6-pre1, August 2022 by Anonymous Planet
**Forever in memory of Lena, 1999-2022**
@ -312,7 +312,7 @@ Finally note that this guide does mention and even recommends various commercial
- [Socks Proxy VPS:]
- [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option]
- [Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:]
- [Appendix R: Installing a VPN on your VM or Host OS.]
- [Appendix R: Installing a VPN on your VM or Host OS]
- [Appendix S: Check your network for surveillance/censorship using OONI]
- [Appendix T: Checking files for malware]
- [Integrity (if available):]
@ -349,7 +349,7 @@ Finally note that this guide does mention and even recommends various commercial
- [Appendix Z: Online anonymous payments using cryptocurrencies]
- [Reasonably anonymous option:]
- [Extra-Paranoid anonymous option:]
- [Warning about special tumbling, mixing, coinjoining privacy wallets and services:]
- [Warning about special tumbling, mixing, coinjoining privacy wallets and services]
- [When converting from BTC to Monero:]
- [Appendix A1: Recommended VPS hosting providers]
- [Appendix A2: Guidelines for passwords and passphrases]
@ -383,6 +383,8 @@ Finally note that this guide does mention and even recommends various commercial
- [Appendix B1: Checklist of things to verify before sharing information:]
- [Appendix B2: Monero Disclaimer]
- [Appendix B3: Threat modeling resources]
- [Appendix B4: Important notes about evil-maid and tampering]
- [Appendix B5: Types of CPU attacks:]
- [References:]
# Pre-requisites and limitations:
@ -861,21 +863,23 @@ These have already been affected by several security vulnerabilities in the past
There are some not so straightforward ways[^107] to disable the Intel IME on some CPUs and you should do so if you can. For some AMD laptops, you can disable it within the BIOS settings by disabling PSP.
Note that to AMD's defense, so far and AFAIK, there were no security vulnerabilities found for ASP and no backdoors either: See <https://www.youtube.com/watch?v=bKH5nGLgi08&t=2834s> <sup>[[Invidious]][77]</sup>. In addition, AMD PSP does not provide any remote management capabilities contrary to Intel IME.
Note that, to AMD's defense, there were no security vulnerabilities found for ASP and no backdoors either. See <https://www.youtube.com/watch?v=bKH5nGLgi08&t=2834s> <sup>[[Invidious]][77]</sup>. In addition, AMD PSP does not provide any remote management capabilities contrary to Intel IME.
If you are feeling a bit more adventurous, you could install your own BIOS using Libreboot or Coreboot [^108] if your laptop supports it (be aware that Coreboot does contain some propriety code unlike its fork Libreboot).
In addition, some CPUs have unfixable flaws (especially Intel CPUs) that could be exploited by various malware. Here is a good current list of such vulnerabilities affecting recent widespread CPUs: <https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability> <sup>[[Wikiless]][78]</sup> <sup>[[Archive.org]][79]</sup>
Check yourself:
- If you are using Linux you can check the vulnerability status of your CPU to Spectre/Meltdown attacks by using <https://github.com/speed47/spectre-meltdown-checker> <sup>[[Archive.org]][80]</sup> which is available as a package for most Linux distros including Whonix.
- If you are using Linux you can check the vulnerability status of your CPU to Spectre/Meltdown attacks by using <https://github.com/speed47/spectre-meltdown-checker> <sup>[[Archive.org]][80]</sup> which is available as a package for most Linux distros including Whonix. Spectre is a transient execution attack. There is also PoC code for Spectre v1 and v2 on iPhone devices here: <https://github.com/cispa/BranchDifferent> <sup>[[Archive.org]](https://web.archive.org/web/20220814122148/https://github.com/cispa/BranchDifferent)</sup> and here <https://misc0110.net/files/applespectre_dimva22.pdf> <sup>[[Archive.org]](https://web.archive.org/web/20220814122652/https://misc0110.net/files/applespectre_dimva22.pdf)</sup>
- If you are using Windows, you can check the vulnerability status of your CPU using inSpectre <https://www.grc.com/inspectre.htm> <sup>[[Archive.org]][81]</sup>
Some CPUs have unfixable flaws (especially Intel CPUs) that could be exploited by various malware. Here is a good current list of such vulnerabilities affecting recent widespread CPUs: <https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability> <sup>[[Wikiless]](https://wikiless.org/wiki/Transient_execution_CPU_vulnerability)</sup> <sup>[[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability)</sup>
Some of these can be avoided using Virtualization Software settings that can mitigate such exploits. See this guide for more information <https://www.whonix.org/wiki/Spectre_Meltdown> <sup>[[Archive.org]][82]</sup> (warning: these can severely impact the performance of your VMs).
We will therefore mitigate some of these issues in this guide by recommending the use of virtual machines on a dedicated anonymous laptop for your sensitive activities that will only be used from an anonymous public network.
This guide won't go too deep into side-channel and microarchitecture attacks but we will highlight some issues with both Intel and AMD CPU architectures that will be mitigated throughout. It's important to recognize hardware is just as susceptible to bugs, and therefore exploitation, regardless of manufacturer.
We will mitigate some of these issues in this guide by recommending the use of virtual machines on a dedicated anonymous laptop for your sensitive activities that will only be used from an anonymous public network.
**In addition, we recommend the use of AMD CPUs instead of Intel CPUs.**
@ -1063,6 +1067,8 @@ A real use and well-documented case of this was the arrest of the hacker Jeremy
There are also a few cases involving OSINT at Bellingcat[^154]. Have a look at their very informative (but slightly outdated) toolkit here: <https://docs.google.com/spreadsheets/d/18rtqh8EG2q1xBo2cLNyhIDuK9jrPGwYr9DI2UncoqJQ/edit#gid=930747607> <sup>[[Archive.org]][100]</sup>
**We have an OSINT discussion room in our Matrix community. Feel free to join at ```#OSINT:matrix.org```.**
You can also view some convenient lists of some available OSINT tools here if you want to try them on yourself for example:
- <https://github.com/jivoi/awesome-osint> <sup>[[Archive.org]][101]</sup>
@ -1411,12 +1417,28 @@ This guide will mitigate these issues by mitigating, obfuscating, and randomizin
There was an attack published that can deanonymize users if they have a known alias. For example, an attacker trying to track the activities of a journalist can use that journalist's public Twitter handle to link their anonymous identities with their public one. This breaks compartmentalization of identities and can lead to complete deanonymization, even of users who practice proper OPSEC.
The attack, published at <https://leakuidatorplusteam.github.io/> <sup>[[Archive.org]][1386]</sup>, can be mitigated using a browser extension:
The attack, published at <https://leakuidatorplusteam.github.io/> <sup>[[Archive.org]][1386]</sup>, can be mitigated using the well-known [NoScript](https://noscript.net/) extension and will be our preferred recommendation.
- <https://chrome.google.com/webstore/detail/leakuidator%2B/hhfpajcjkikoocmmhcimllpinjnbedll> (Chrome, Edge, and other Chrome-based browsers)
- <https://addons.mozilla.org/en-US/firefox/addon/leakuidatorplus/> (Firefox, Tor Browser, and other Firefox-based browsers)
## Tor Browser:
It's generally not recommended to install extensions into Tor Browser, because the fact that you have an extension installed can be an extra data point for browser fingerprinting. As such, this extension is only a temporary solution until the fix can be implemented by the browsers' own developers.
This attack is now prevented by default by an update of [NoScript](https://noscript.net/) (11.4.8 and above) on all security levels.
## All others:
Installing the [NoScript](https://noscript.net/) extension will prevent the attack **by default only in private Windows** using their new "TabGuard feature". But can be enabled in the NoScript options to work on all Windows. See:
- Release tweet: <https://twitter.com/ma1/status/1557751019945299969> <sup>[[Archive.org]](https://web.archive.org/web/https://twitter.com/ma1/status/1557751019945299969)</sup>
- User explanation: <https://noscript.net/usage/#crosstab-identity-leak-protection> <sup>[[Archive.org]](https://web.archive.org/web/https://noscript.net/usage/#crosstab-identity-leak-protection)</sup>
- Tor Project Forum Post: <https://forum.torproject.net/t/tor-browser-can-leak-your-identity-through-side-channel-attack/4005/2> <sup>[[Archive.org]](https://web.archive.org/web/https://forum.torproject.net/t/tor-browser-can-leak-your-identity-through-side-channel-attack/4005/2)</sup>
- NoScript extension for Firefox (Firefox, and other Firefox-based browsers except Tor Browser): https://addons.mozilla.org/en-US/firefox/addon/noscript/
- NoScript extension for Chromium based browsers (Brave, Chrome, Edge, and other Chromium-based browsers): https://chrome.google.com/webstore/detail/noscript/doojmbjmlfjjnbmnoijecmcbfeoakpjm?hl=en
### Alternative to NoScript for all other browsers:
The researches who disclosed the issue also made an extension available below. Again, **nothing is required in Tor Browser**. This path is not our preferred path but is still available if you do not want to use NoScript.
- Lekuidator+ extension for Chromium based browsers (Brave, Chrome, Edge, and other Chromium-based browsers): <https://chrome.google.com/webstore/detail/leakuidator%2B/hhfpajcjkikoocmmhcimllpinjnbedll>
- Lekuidator+ extension for Firefox (Firefox, and other Firefox-based browsers except Tor Browser): <https://addons.mozilla.org/en-US/firefox/addon/leakuidatorplus/>
Separating identities via separate browsers or even with VMs is not enough to avoid this attack. However, another solution is to make sure that when you start working with an anonymous identity, you entirely close all activities linked to other identities. The vulnerability only works if you're actively logged into a non-anonymous identity. The issue with this is that it can hinder effective workflow, as multitasking across multiple identities becomes impossible.
@ -2285,8 +2307,6 @@ When using Tor Browser, you should click the little shield Icon (upper right, ne
We would recommend the "Safer" level for most cases. The Safest level should be enabled if you think you are accessing suspicious or dangerous websites or if you are extra paranoid. The Safest mode will also most likely break many websites that rely actively on JavaScript.
**Temporary Important Warning: Please see [Microarchitectural Side-channel Deanonymization Attacks][Microarchitectural Side-channel Deanonymization Attacks:].**
If you are extra paranoid, use the "Safest" level by default and consider downgrading to Safer is the website is unusable because of Javascript blocking.
Lastly, while using Tor Browser on Tails on the "Safer" level, please consider [Appendix A5: Additional browser precautions with JavaScript enabled]
@ -3815,7 +3835,7 @@ Remember that in this case, we recommend having two VPN accounts. Both paid with
If you intend to only use Tor over VPN, you only need one VPN account.
See [Appendix R: Installing a VPN on your VM or Host OS][Appendix R: Installing a VPN on your VM or Host OS.] for instructions.
See [Appendix R: Installing a VPN on your VM or Host OS][Appendix R: Installing a VPN on your VM or Host OS] for instructions.
### Whonix Virtual Machines:
@ -4209,7 +4229,7 @@ Test that KeePassXC is working before going to the next step.
**If you cannot use a VPN at all in a hostile environment, skip this step.**
Otherwise, see [Appendix R: Installing a VPN on your VM or Host OS][Appendix R: Installing a VPN on your VM or Host OS.] to install a VPN client on your client VM.
Otherwise, see [Appendix R: Installing a VPN on your VM or Host OS][Appendix R: Installing a VPN on your VM or Host OS] to install a VPN client on your client VM.
This should conclude the Route and you should now be ready.
@ -10258,147 +10278,81 @@ Download the latest Debian testing amd64 netinst ISO from <https://www.debian.or
**(Get testing to get the latest mat2 release, stable is a few versions back)**
This is very lightweight, and we recommend doing it from a VM (VM inside a VM) to benefit from Whonix Tor Gateway. While it is possible to put this VM directly behind a Whonix Gateway. Whonix will not easily (AFAIK) allow communications between VMs on its network by default.
You could also just leave it on Clearnet during the install process and then leave it on the Host-Only network later.
Or install it from a VM within a VM then move it to host OS for Host-Only usage:
- Create a new machine with any name like mat2
- Select Linux as Type
- Select Debian (64-bit) as Version
- Leave the default options and click create
- Select the VM and click Settings
- Select System and disable the Floppy disk on the Motherboard tab
- Select the Processor tab and enable PAE/NX
- Select Audio and disable Audio
- Select USB and disable the USB controller
- Select Storage and select the CD drive to mount the Debian Netinst ISO
- Select Network and Attach to NAT
- Launch the VM
- Select Install (not Graphical install)
- Select Language, Location, and Keyboard layout as you wish
- Wait for the network to configure (automatic DHCP)
- Pick a name like "Mat2"
- Leave the domain empty
- Set a Root password as you wish (preferably a good one still)
- Create a new user and password as you wish (preferably a good one still)
- Select the Time Zone of your choice
- Select Guided - Use the entire disk
- Select the only ask available
- Select All files in one partition
- Confirm and write changes to the disk
- Select NO to scan any other CD or DVD
- Select any region and any mirror of your choice and leave proxy blank
- Select no to take part in any survey
- Select only System Standard Utilities (uncheck everything else)
- Select Yes to install GRUB bootloader
- Select /dev/sda and continue
- Complete the install and reboot
- Log in with your user or root (you should never use root directly as a best security practice but in this case, it is "okay")
- Update your install by running ```su apt upgrade``` (but it should be upgraded since it is a net install)
- Install the necessary packages for mat2 by running ```su apt install ffmpeg uwsgi python3-pip uwsgi-plugin-python3 librsvg2-dev git mat2 apache2 libapache2-mod-proxy-uwsgi```
- Go to the /var/www directory by running ```cd /var/www/```
- Clone mat2-web from the mat2-web repository by issuing ```git clone https://0xacab.org/jvoisin/mat2-web.git```
- Create a directory for uploads by running ```mkdir ./mat2-web/uploads/```
- Give permissions to Apache2 to read the files by running ```chown -R www-data:www-data ./mat2-web```
- Enable apache2 uwsgi proxy by running ```/usr/sbin/a2enmod proxy_uwsgi```
- Upgrade pip by running ```python3 -m pip install pip --upgrade```
- Install some python modules by running ```python3 -m pip install flasgger pyyaml flask-restful flask cerberus flask-cors jinja2```
- Move to the config directory of mat2 by running ```cd /var/www/mat2-web/config/```
- Copy the apache2 config file to etc by running ```cp apache2.config /etc/apache2/sites-enabled/apache2.conf```
- Remove the default config file by running ```rm /etc/apache2/sites-enabled/000-default.conf```
- Edit the apache2 config file provided by mat2-web by running ```nano /etc/apache2/sites-enabled/apache2.conf```
- Remove the first line ```Listen 80```
- Change the uwsgi path from ```/var/www/mat2-web/mat2-web.sock``` to ```/run/uwsgi/uwsgi.sock``` and save/exit
- Copy the uwsgi config file to etc by running ```cp uwsgi.config /etc/uwsgi/apps-enabled/uwsgi.ini```
- Edit the uwsgi config file and change uid and guid to ```nobody``` and ```nogroup```
- Run ```chown -R 777 /var/www/mat2-web```
- Restart uwsgi by running ```systemctl restart uwsgi``` (there should be no errors)
- Restart apache2 by running ```systemctl restart apache2``` (there should be no errors)
- Now change the network settings of the VM to "Host Only Network'
- Reboot the VM
- Log into the VM and type ```ip a``` to note the IP address it was assigned.
- From the VM Host OS open a Browser and go to the IP of your Debian VM (for example http://192.168.1.55)
- You should now see a Mat2-Web website running smoothly
- Shutdown the Mat2 VM by running ```shutdown -h now```
- Take a snapshot of the VM within Virtualbox
- Restart the Mat2 VM and you are ready to use Mat2-web to remove metadata from most files
- After use, shut down the VM and revert to the snapshot to remove traces of the uploaded files
- This VM does not require any internet access unless you want to update it in which case you need to place it back on the NAT network and do the next steps.
- For updates of Debian, start the VM and run ```apt update``` followed by ```apt upgrade```
- For updates of mat2-web, go to /var/www/mat2-web and run ```git pull```
- After updates, shutdown, place it back on the Host Network, take a new snapshot, remove the earlier one.
This is very lightweight, and we recommend doing it from a VM (VM inside a VM) to benefit from Whonix Tor Gateway. While it is possible to put this VM directly behind a Whonix Gateway, Whonix will not easily allow communications between VMs on its network by default. You could also just leave it on Clearnet during the install process and then leave it on the Host-Only network later, or install it from a VM within a VM then move it to host OS for Host-Only usage like we show below:
1. Create a new machine with any name like **Mat2**.
2. Select **Linux** for the Type.
3. Select **Debian (64-bit)** as the Version.
4. Leave the default options and click **Create**.
5. Select the VM and click **Settings**.
6. Select **System** and disable the **Floppy disk** on the Motherboard tab.
7. Select the Processor tab and **enable PAE/NX**.
8. Select **Audio** and **disable Audio**.
9. Select **USB** and **disable the USB controller**.
10. Select **Storage** and select the CD drive to mount the Debian Netinst ISO.
11. Select **Network** and **Attach to NAT**.
12. Launch the VM.
13. Select **Install** (not Graphical install).
14. Select **Language**, **Location**, and **Keyboard layout** as you wish.
15. Wait for the network to configure (automatic DHCP). This takes a few seconds.
16. Pick a name like **Mat2**.
17. Leave the **domain** empty.
18. Set a **root** password as you wish (preferably a good one).
19. Create a new **user** and **password** as you wish (preferably a good one).
20. Select the **Time Zone** of your choice.
21. Select **Guided - Use the entire disk**.
22. Select the only disk available (**/dev/sda** in our case).
23. Select **All files in one partition**.
24. Confirm and write changes to the disk.
25. Select **No** to scan any other CD or DVD.
26. Select any region and any mirror of your choice and leave **proxy** blank.
27. Select **No** to take part in any survey.
28. Select **only System Standard Utilities**. Uncheck everything else using **space**.
29. Select **Yes** to install GRUB bootloader.
30. Select **/dev/sda** and continue.
31. Complete the install and reboot.
32. Log in with your **user** or **root**. You should never use root directly as a best security practice but in this case, it is okay.
33. Update your install by running ```apt upgrade```. It should be upgraded since it is a net install, but we're double checking.
34. Install the necessary packages for mat2 by running ```apt install ffmpeg uwsgi python3-pip uwsgi-plugin-python3 lib35rsvg2-dev git mat2 apache2 libapache2-mod-proxy-uwsgi```.
35. Go to the **/var/www** directory by running ```cd /var/www/```.
36. **Clone mat2-web** from the mat2-web repository by issuing ```git clone https://0xacab.org/jvoisin/mat2-web.git```.
37. **Create a directory for uploads** by running ```mkdir ./mat2-web/uploads/```.
38. **Give permissions to Apache2** to read the files by running ```chown -R www-data:www-data ./mat2-web```.
39. **Enable apache2 uwsgi proxy** by running ```/usr/sbin/a2enmod proxy_uwsgi```.
40. **Upgrade pip** by running ```python3 -m pip install pip --upgrade```.
41. **Install these Python modules** by running ```python3 -m pip install flasgger pyyaml flask-restful flask cerberus flask-cors jinja2```.
42. **Move to the config directory** of mat2 by running ```cd /var/www/mat2-web/config/```.
43. **Copy the apache2 config file** to **/etc** by running ```cp apache2.config /etc/apache2/sites-enabled/apache2.conf```.
44. **Remove the default config file** by running ```rm /etc/apache2/sites-enabled/000-default.conf```.
45. **Edit the apache2 config file** provided by mat2-web by running ```nano /etc/apache2/sites-enabled/apache2.conf```.
46. **Remove the first line** ```Listen 80``` by typing **Ctrl+K** to cut the line.
47. **Change the uwsgi path** from ```/var/www/mat2-web/mat2-web.sock``` to ```/run/uwsgi/uwsgi.sock``` and type **Ctrl+X** to exit, followed by **Y** then **Enter**.
48. **Copy the uwsgi config file** to **/etc** by running ```cp uwsgi.config /etc/uwsgi/apps-enabled/uwsgi.ini```.
49. **Edit the uwsgi config file** by typing ```nano /etc/uwsgi/apps-enabled/uwsgi.ini``` and change **uid** and **guid** to ```nobody``` and ```nogroup``` respectively. Save and exit with **Ctrl+X**, followed by **Y**, then **Enter**.
50. Run ```chown -R 777 /var/www/mat2-web``` to change ownership to **mat2-web**.
51. **Restart uwsgi** by running ```systemctl restart uwsgi```. There should be no errors.
52. **Restart apache2** by running ```systemctl restart apache2```. There should be no errors.
53. Now navigate to **Settings** > **Network** > **Attached to** and **select Host-only Adapter**. Click **OK** to save.
54. Reboot the VM via **Machine** > **Reset**. Confirm the reset.
55. Log into the VM as the **user** from **Step 19** and type ```ip a```. Note the IP address it was assigned under link/ether, the one that has **192.168.\*.\***.
56. From the VM Host OS, **open a Browser** and navigate to the IP of your Debian VM. It will be something like: **http://192.168.1.55**.
57. You should now see a Mat2-Web website running smoothly.
58. **Shutdown the Mat2 guest VM** by running ```shutdown -h now``` to halt the machine.
59. **Take a snapshot of the VM** within Virtualbox while the guest VM is shutdown.
**Restart the Mat2 VM* and you are ready to use Mat2-web to remove metadata from most files!**
After use, shut down the VM and revert to the snapshot to remove traces of the uploaded files. This VM does not require any internet access unless you want to update it, in which case, you need to place it back on the **NAT network** and do the next steps.
For updates of Debian, **start the VM** and run ```apt update``` followed by ```apt upgrade```.
For updates of mat2-web, type ```cd /var/www/mat2-web``` and run ```git pull```.
After updates, shutdown, change to the **Host-only Adapter**, take a new snapshot, remove the earlier one.
You are done.
Now you can just start this small mat2 VM when needed, browse to it from your Guest VM and use the interface to remove any metadata from most files.
After each use of this VM, you should revert to the Snapshot to erase all traces.
Now you can just start this small Mat2 VM when needed. Browse to it from your Guest VM and use the interface to remove any metadata from most files. After each use of this VM, you should revert to the Snapshot to erase all traces.
**Do not ever expose this VM to any network unless temporarily for updates. This web interface is not suitable for any direct external access.**
@ -10461,8 +10415,8 @@ There are three VPN companies recommended by PrivacyGuides.org (<https://www.pri
Here are their logging policies:
- Mullvad: <https://mullvad.net/en/help/no-logging-data-policy/> <sup>[[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/no-logging-data-policy/)</sup>
- iVPN: <https://www.ivpn.net/privacy/> <sup>[[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/no-logging-data-policy/](https://www.ivpn.net/privacy/)</sup>
- ProtonVPN: <https://protonvpn.com/support/no-logs-vpn/> <sup>[[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/no-logging-data-policy/](https://www.ivpn.net/privacy/)</sup>
- iVPN: <https://www.ivpn.net/privacy/> <sup>[[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/privacy/)</sup>
- ProtonVPN: <https://protonvpn.com/support/no-logs-vpn/> <sup>[[Archive.org]](https://web.archive.org/web/https://protonvpn.com/support/no-logs-vpn/)</sup>
In addition, we will also mention a newcomer to watch: Safing SPN <https://safing.io/> <sup>[[Archive.org]][621]</sup>) which (while still in the alpha stage at the time of this writing) which also accepts cash and has a very distinct new concept for a VPN which provides benefits similar to Tor Stream isolation with their "SPN"). Note that Safing SPN is not available on macOS at the moment. This possibility is "provisional" and at your own risk, but we think was worth mentioning.
@ -10656,7 +10610,7 @@ The process is simple:
Ideally, this should "not be an issue" since this guide provides multiple ways of hiding your origin IP using VPNs and Tor. But if you are in a situation where VPN and Tor are not an option, then this could be your only security.
# Appendix R: Installing a VPN on your VM or Host OS.
# Appendix R: Installing a VPN on your VM or Host OS
Download the VPN client installer of your cash paid VPN service and install it on Host OS (Tor over VPN, VPN over Tor over VPN) or the VM of your choice (VPN over Tor):
@ -11050,7 +11004,7 @@ If you are to resort to this, you should never do so from a monitored/known netw
# Appendix V: What browser to use in your Guest VM/Disposable VM
**Temporary Important Warning: Please see [Microarchitectural Side-channel Deanonymization Attacks:].**
**Temporary Important Warning: Please see [Microarchitectural Side-channel Deanonymization Attacks:] for all browsers except Tor Browser.**
There are 6 possibilities of browser to use on your guest/disposable VM:
@ -11788,8 +11742,6 @@ Hopefully, these bridges should be enough to get you connected even in a hostile
If not, consider [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option]
# Appendix Y: Installing and using desktop Tor Browser
**Temporary Important Warning: Please see [Microarchitectural Side-channel Deanonymization Attacks:].**
## Installation:
@ -11865,9 +11817,9 @@ But what if the service you want does not accept Monero but does accept a more m
**Bitcoin and other "mainstream cryptocurrencies" are not anonymous at all (Remember [Your Cryptocurrencies transactions][Your Cryptocurrencies transactions:]) and you should never ever purchase, for example, Bitcoin from an exchange and then use these directly for purchasing services anonymously. This will not work, and the transaction can be traced easily.**
- **Stay away from Crypto Mixers and Tumblers.** You might think this is a good idea but not only are they useless with cryptocurrencies such as BTC/ETH/LTC, but they are also dangerous as you might end up trading your currency for dirty currency from illicit activities. Use Monero to anonymize your crypto. Use a normal KYC-enabled Exchange to buy/sell your Monero (such as Kraken) or (at your own risk), use a service like LocalMonero.
- **Stay away from Crypto Mixer, Tumblers and Coinjoiners.** You might think this is a good idea but not only are they useless with cryptocurrencies such as BTC/ETH/LTC, but they are also dangerous as you might end up trading your currency for dirty currency from illicit activities. Use Monero to anonymize your crypto. Use a normal KYC-enabled Exchange to buy/sell your Monero (such as Kraken) or (at your own risk), use a service like LocalMonero.
- **Stay away from what are in my opinion risky private/anonymizing wallets such as <https://we.incognito.org>.** Use a safer method outlined below.
- **See [Warning about special tumbling, mixing, coinjoining privacy wallets and services].**
## Reasonably anonymous option:
@ -12236,6 +12188,8 @@ These recommendations are similar to the ones at the beginning of the guide and
Find it online at:
- Original: <https://anonymousplanet-ng.org>
- Tor Onion Mirror: <http://thgtoallkcxrdv37u6knsc3pumk6cq6lqmcqlw3j5vkmyahkxive4jyd.onion>
- Archive.org: <https://web.archive.org/web/https://anonymousplanet-ng.org>
@ -12394,26 +12348,28 @@ Also please consider reading: **<https://github.com/monero-project/monero/blob/m
Here are various threat modeling resources if you want to go deeper in threat modeling.
- (My personal favorite) LINDDUN <https://www.linddun.org/> <sup>[[Archive.org]][739]</sup>
- The one we recommend: LINDDUN (Linkability, Identifiability, Non-repudiation, Detectability, Disclosure of information, Unawareness, and Non-compliance) <https://www.linddun.org/> <sup>[[Archive.org]][739]</sup>.
- Researchers created an online tool to help make your threat model at <https://www.linddun.org/go><sup>[[Archive.org]](https://web.archive.org/web/https://www.linddun.org/go)</sup>.
- It is synergistic with STRIDE below.
- It is focused on privacy but is clearly perfectly suitable for anonymity.
- It is accessible to all skill levels including beginners (providing many tutorials) but also suitable for highly skilled readers.
- It is used in the making of the Threat Modeling Manifesto: <https://www.threatmodelingmanifesto.org/> <sup>[[Archive.org]][745]</sup>
![][1389]
(Illustration from [LINDDUN2015])
Here are alternative resources and models if LINDDUN doesn't suit you:
- Online Operations Security: [https://web.archive.org/web/20210711215728/https://github.com/devbret/online-OPSEC]
- STRIDE <https://en.wikipedia.org/wiki/STRIDE_%28security%29> <sup>[[Wikiless]][740]</sup> <sup>[[Archive.org]][741]</sup>
- PASTA <https://versprite.com/tag/pasta-threat-modeling/> <sup>[[Archive.org]][742]</sup>
And there are quite a few others too, see:
- <https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/> <sup>[[Archive.org]][743]</sup>
- <https://www.geeksforgeeks.org/threat-modelling/> <sup>[[Archive.org]][744]</sup>
You can find some introduction on these on these projects:
- Threat Modeling Manifesto: <https://www.threatmodelingmanifesto.org/> <sup>[[Archive.org]][745]</sup>
- OWASP: <https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeling_Cheat_Sheet.html> <sup>[[Archive.org]][746]</sup>
- Online Operations Security: [https://web.archive.org/web/20210711215728/https://github.com/devbret/online-OPSEC]
# Appendix B4: Important notes about evil-maid and tampering
Your context needs to be taken into account.
@ -12424,6 +12380,24 @@ On the other hand, allowing the attack but detecting it will not let your advers
See the [Some last OPSEC thoughts][Some last OPSEC thoughts:] section for some tips.
# Appendix B5: Types of CPU attacks:
Select security issues plague many Intel CPUs, such as transient execution attacks (formerly called speculative execution side channel methods). Here you can check your CPU against affected micro-processors with known bugs <https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html> <sup>[[Archive.org]](https://web.archive.org/web/20220814123250/https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html)</sup>.
The Advanced Programmable Interrupt Controller (APIC) is an integrated CPU component responsible for accepting, prioritizing, and dispatching interrupts to logical processors (LPs). The APIC can operate in xAPIC mode, also known as legacy mode, in which APIC configuration registers are exposed through a memory-mapped I/O (MMIO) page.
Enter AEPIC (stylized ÆPIC), the first architectural CPU bug that leaks stale data from the microarchitecture without using a side channel. It architecturally leaks stale data incorrectly returned by reading undefined APIC-register ranges. This novel method was revealed in the paper *ÆPIC Leak: Architecturally Leaking Uninitialized Data from the
Microarchitecture* which you can read here: [Borrello2022AEPIC](https://aepicleak.com/aepicleak.pdf) <sup>[[Archive.org]](https://web.archive.org/web/20220812101719/https://aepicleak.com/aepicleak.pdf)</sup>
Model-specific registers (MSRs) and their configuration bits can also be detected automatically on Intel and AMD CPUs: [Kogler2022](https://github.com/IAIK/msrevelio) <sup>[[Archive.org]](https://web.archive.org/web/20220814125349/https://andreaskogler.com/papers/msrtemplating.pdf)</sup>. This allows an attacker (with heavy knowledge of CPU functionality) to view information about the MSRs, which are essentially special CPU registers allowing interaction with low-level CPU features and advanced configuration of the CPU's behavior. Modern x86 CPUs have hundreds of these, which are usually documented very little and in increasingly less verbosity over the past few years.
#### Some other microarchitecture bugs:
- [PLATYPUS](https://platypusattack.com/) <sup>[[Archive.org]](https://web.archive.org/web/20220814132343/https://platypusattack.com/)</sup> - Software-based Power Side-Channel Attacks on x86, which shows how an unprivileged attacker can leak AES-NI keys from Intel SGX and the Linux kernel and break kernel address-space layout randomization (KASLR).
- [SQUIP](https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) <sup>[[Archive.org]](https://web.archive.org/web/20220812082548/https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/)</sup> - Scheduler Queue Usage via Interface Probing. All of AMD's Zen CPUs are vulnerable to a medium-severity flaw which can allow threat actors to run side-channel attacks.
- [Hertzbleed](https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) <sup>[[Archive.org]](https://web.archive.org/web/20220712000058/https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html)</sup> - Deducing cryptographic keys by analyzing power consumption has long been an attack, but its not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit.
- [Retbleed](https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) <sup>[[Archive.org]](https://web.archive.org/web/20220804151557/https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/)</sup> - Retbleed focuses on return instructions, which are part of the retpoline software mitigation against the speculative execution class of attacks that became known starting early 2018, with Spectre.
---
# References:
@ -13719,7 +13693,7 @@ See the [Some last OPSEC thoughts][Some last OPSEC thoughts:] section for some t
[Socks Proxy VPS:]: #socks-proxy-vps
[Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option]: #appendix-p-accessing-the-internet-as-safely-as-possible-when-tor-and-vpns-are-not-an-option
[Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance:]: #appendix-q-using-long-range-antenna-to-connect-to-public-wi-fis-from-a-safe-distance
[Appendix R: Installing a VPN on your VM or Host OS.]: #appendix-r-installing-a-vpn-on-your-vm-or-host-os.
[Appendix R: Installing a VPN on your VM or Host OS]: #appendix-r-installing-a-vpn-on-your-vm-or-host-os
[Appendix S: Check your network for surveillance/censorship using OONI]: #appendix-s-check-your-network-for-surveillancecensorship-using-ooni
[Appendix T: Checking files for malware]: #appendix-t-checking-files-for-malware
[Integrity (if available):]: #integrity-if-available
@ -13756,7 +13730,7 @@ See the [Some last OPSEC thoughts][Some last OPSEC thoughts:] section for some t
[Appendix Z: Online anonymous payments using cryptocurrencies]: #appendix-z-online-anonymous-payments-using-cryptocurrencies
[Reasonably anonymous option:]: #reasonably-anonymous-option
[Extra-Paranoid anonymous option:]: #extra-paranoid-anonymous-option
[Warning about special tumbling, mixing, coinjoining privacy wallets and services:]: #warning-about-special-tumbling-mixing-coinjoining-privacy-wallets-and-services
[Warning about special tumbling, mixing, coinjoining privacy wallets and services]: #warning-about-special-tumbling-mixing-coinjoining-privacy-wallets-and-services-wikiless-archiveorg
[When converting from BTC to Monero:]: #when-converting-from-btc-to-monero
[Appendix A1: Recommended VPS hosting providers]: #appendix-a1-recommended-vps-hosting-providers
[Appendix A2: Guidelines for passwords and passphrases]: #appendix-a2-guidelines-for-passwords-and-passphrases
@ -13791,8 +13765,10 @@ See the [Some last OPSEC thoughts][Some last OPSEC thoughts:] section for some t
[Appendix B2: Monero Disclaimer]: #appendix-b2-monero-disclaimer
[Appendix B3: Threat modeling resources]: #appendix-b3-threat-modeling-resources
[Appendix B4: Important notes about evil-maid and tampering]: #appendix-b4-important-notes-about-evil-maid-and-tampering
[Appendix B5: Types of CPU attacks:]: #appendix-b5-types-of-cpu-attacks
[References:]: #references
[cc-by-nc-4.0]: https://creativecommons.org/licenses/by-nc/4.0/
[LINDDUN2015]: https://lirias.kuleuven.be/retrieve/295669
[27]: https://web.archive.org/web/https://creativecommons.org/licenses/by-nc/4.0/
[https://matrix.to/#/#anonymity:matrix.org]: https://matrix.to/#/
[28]: https://nitter.net/AnonyPla
@ -13845,8 +13821,6 @@ See the [Some last OPSEC thoughts][Some last OPSEC thoughts:] section for some t
[75]: https://yewtu.be/watch?v=siCk4pGGcqA
[76]: https://yewtu.be/watch?v=mYsTBPqbya8
[77]: https://yewtu.be/watch?v=bKH5nGLgi08&t=2834s
[78]: https://wikiless.org/wiki/Transient_execution_CPU_vulnerability
[79]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability
[80]: https://web.archive.org/web/https://github.com/speed47/spectre-meltdown-checker
[81]: https://web.archive.org/web/https://www.grc.com/inspectre.htm
[82]: https://web.archive.org/web/https://www.whonix.org/wiki/Spectre_Meltdown
@ -14517,7 +14491,6 @@ See the [Some last OPSEC thoughts][Some last OPSEC thoughts:] section for some t
[743]: https://web.archive.org/web/https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/
[744]: https://web.archive.org/web/https://www.geeksforgeeks.org/threat-modelling/
[745]: https://web.archive.org/web/https://www.threatmodelingmanifesto.org/
[746]: https://web.archive.org/web/https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeling_Cheat_Sheet.html
[https://web.archive.org/web/20210711215728/https://github.com/devbret/online-OPSEC]: https://web.archive.org/web/20210711215728/https://github.com/devbret/online-opsec
[747]: https://web.archive.org/web/https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2016/02/Telemedia_Act__TMA_.pdf
[748]: https://wikiless.org/wiki/Don%27t_be_evil
@ -15157,3 +15130,4 @@ See the [Some last OPSEC thoughts][Some last OPSEC thoughts:] section for some t
[1385]: https://web.archive.org/web/20220516000616/https://officercia.mirror.xyz/WeAilwJ9V4GIVUkYa7WwBwV2II9dYwpdPTp3fNsPFjo
[1386]: https://web.archive.org/web/20220720023429/https://leakuidatorplusteam.github.io/
[1387]: https://web.archive.org/web/20220801151048/https://support.torproject.org/glossary/moat/
[1389]: media/image59.png

BIN
media/image59.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 109 KiB

16
sha256sum.txt
View File

@ -1,15 +1,15 @@
68f5517e1fb0874e898d6e7e7565f42b0e0c2251cf6958b34a2960c212053b22 about.md
aad986b3283d11626df711a9c9b41f3e200be7ea43bbe4f2edda6c1c514e11a5 about.md
6c65d21a15bcd581f33b5f7f2b02eb65d73b6990778c9df687c2aea47eee6907 briar.md
45649af14e8af188435d801b4174bc69c8686c0c1654f5ba0b6aa028fafefebd CHANGELOG.md
0d2ca2d1399126adaf4f5c46e2dc84f2b18e5f48456d02846701009c80d4136a chatrooms-rules.md
28ffb1a3435a87f1cfa4fed621148f9b56d4505982e3a76faa95558c16f4e552 CHANGELOG.md
6a4396d89b264f32a76a5060e0bb014bb809e2f6a4035c6b54b5388dc5f95e43 chatrooms-rules.md
bba42faffa2aad96ae527518b813b0b7122dc9bf19d75171cab646dc98dcb05f CODE_OF_CONDUCT.md
97ca04ae47ac0888ac0b82c2c895f75b9cf9ba04d2479a3ad092d86bf53809e8 CONTRIBUTING.md
aa0a4fd4e53f63c0f3d1f00526a2f0f88a63729cd86ea40a491443e555c9e1b8 donations.md
bbc747327afc4000a57c529e9d9733db0ea15900c8741879b52ca744152b03fc guide.md
2a1124e9aad599ae953bd4c2f0a64fa353e29db7bc974fb4c7f592bb1717b75b CONTRIBUTING.md
91acb1384465921fb498c16be5f0730608a76816d7fb97edf178cd4bc979bd47 donations.md
b9753a31b4dd19c79a25648c817931d780f57d2591dd57c8a1aee584fc8028d0 guide.md
ea84167b5d2771d3dac9b8aada1d126170ff397daeaffc14fbe7031ab6d06010 KEY_ROTATION.md
ca7931e201056dd44bc77959dc3e4298a1b5c712b6c249f19746d949d2079f49 legacy.md
db2e35513dbadcdc67f5819a3bfee2777786538dd3531620cd5fbd4b6ed6e538 LICENSE.md
a8b07275dbfc05063015dbd3082a8295091e74c7ecf4d993ce9d72a79c7addcb links.md
3ae461e550885fc3f4b1295a79cd07b6aacbb10c547a8b4ab6c79389d36ca752 links.md
64802d6754c2244b6a2d483f0e6d082e7cc4e3effab673a8a2b2ce15360f00d7 moderncrypto-rules.md
4f0ebc2c59283d4c14f684104b0bb986dba4aaa55bd1aa3a08fe3074f6a9366e README.md
47d14130f902a3f963f75b6197879e38e34055be04ed82edddf6dd36b1ec3063 README.md
2e95914919d10749fbb12f442764495e081f9318cd663d3858b4060b0e3f28fd verify.md

66
sha256sum.txt.asc
View File

@ -1,36 +1,36 @@
-----BEGIN PGP MESSAGE-----
owFFVGtslVUWbXmNUCqdClXR6lfTEZnRct4PMGhpC1zt9CoUM8zQac+zXIRWb1ve
BBRFBUIIoWZUBIYolCBGFIwmko6K6AgOdTQGrYqKxjeiQTSC1H0bjX9OvuxzvrX3
Xmvtvb5wYN6w/OFlc6adPpZK8ncP2msL22YbwkVbx7yK9oXt9tgVO4WKnGMZcLRI
SRaUVl4EGSQXPDJiUUCOEI5dFJorS5khWkAIE8SpJSRJjG3taK+Y54cJJ7gn2GBu
necKR0otjzICCAkW7iS1QmskpXLaR6GkIyYYJkMIAsJJYrMZk81BMS6YNhFDPXAq
xSj3CmHLsGTWCe2UUMIhhwVnkVuDrDAGERVNDDFYnyRVUyvrptTUpqfk4JAnzhCP
qdaYCONNhL8cE4F4pxgUiFWAbhWk9YDChEQYIciCPMNUmCRxs017trV1Xts12Y65
oS0Haq1hBBJGQ4zxWpjAieRYWYWpRVZiAujaRqw9hCV2xgomIKS8s4hHqDFdXdOY
ntxYla6rnlFVnwPV0hnETGDSOKSUgtMq4ohTGqjkVruooV3mCZPaUOORJl4JGzlV
SAeVA62rn5aaNKM+VdffO/BiWPQscBoFdShSjyNCHHggEUVIIagk2gEKaAFvNWaM
Bs650wFbQPStLaY909rya9dOMkmJNNExhJDh0nGig/ZaUurBL6C/RsiBmbCS2nKg
XjKGOdiARpckzR0ZH3JQwSiGhbRgGimxp94AXQq4NNiDTFiiGKmWHjwSo8Ms2iAR
xUCjRwIESpIba2Y2TkvXV9an0nU5RMikKQ4ELkFJz8ArUmquvaOBEa0MttyBMFY4
wjQoI0EQzbQnSOrIdJLMDc3GLcpheUsChdGAnox33gkZwdPAuY0hQMHgYgGke085
xYIgsHy0nlkRYH7gIklqU1U1ddNr+kVQFklwh7fRIY4ERRi+PUWKGEU0RxoHyZwM
LjKvNXXApyTQjZPGg12gsEzLrf0CCKYQ8UJyBnMJHYKMnikaUQBaFAnSORZoAFta
IalRhljiAuZUIJDdw5TNa/Uh2+Kyi25rb/3dzgwQLBiNa6KoZzm+BeiDGHjZaiWA
BmaM4dx6bMB5SMVAkYRXRlMhQpJMq6ms/mt/uyQA6RicpD2GJzpai0lkjEjBmOYB
wXIAoZTzQlBPFSwWBpKCeWiEIYbxnR+ymdivw30D6KC8/GF5pSVlgyb18d6HP/3P
vbtGvLnjt702eEBujeUNG1r0W2RKz4i+G4pOdx9kz5y8/+8Fz6/uHjSnaPSY0mMr
b2d1K2p6Vj74xcTNJ/ZtmtCV/u9dnUtHHSmb+NyeR3j5Dz3fPrnvuTXi8NIJFx27
NrX0pNv37t68hafeOxu/UwO3pqv3vjtyUccs+7fKTx5p+7x4YMHLkxdc/cLYj89N
bS7fZHff4ttSdxSVbVzz6ken3sg80PDA0VdW19650aw7rboGT+muKhxwyfC8/Muq
l8i5yz74/JsTe25J//j0wckNF0wceTfeX6BfbshkX1r2TO/0sW8V5FecqnxId3Uc
WHYuWzjqwKP6vt2X9x1cNX7OyJnH8dnzS8OJ8SuezWzY0VvX9fPCn3ou5V/e/9i2
wxXNxRvKxu1qH57q7Dwyd0fv0WUnb/rk/YrGcZc8UdvQ+dLZynVfH5HHXzvU/Pro
y/8w69C+N2csP3zz5uOzt3z/49izM4uHLL9j+tbrmp4u6YwfjAvvT//q+Z+Hbvrw
2YsH713fNL+5dMeE8gu6LpvZfV7h0II7rzyw50xT/bnuEY+l3ts59tGtC8pT2z/r
/eM1r69YPFCc/9OSx6+a/2XfjfuX/+v67oK7GuKLa8M9mb/sX8XGDJl6aVFpYfqr
C69+4e2ldmfJghNh2/bR5YuHpN84Pn7Nv89ccduW///v5hnFtX8ec+jWr3vO7N64
bu3gL5o+27V9fss/J/xjwHWH3KbGtd8fbSrpe6e0dMOoM7NObltx9+xzT/UWL/y2
4uMlizfk/ynklfwC
=DP7J
owFFlHtsVVUaxQu06hTkERUxE/BcUMHwcL8fQU1Ke4c2Lb2xXqhGTN3PUqblyqVF
0fjEzNQKM4CCQw0q0MiIjImKD2JUlCpURyiN03FEA4rSCDIJKIqNEb9bY/x3n73X
+dZav73XXDiiqHTYqNTiuu8PVyXD/lW80164bJEhXCxra5nVemerHdyVMsZrJSwl
inqMBRE+SoyNdtoyHGkgCNkgg2HU2sAiCd4b4bDjmAXYx5PE2Fxb66wWXyqc4J5g
g7l1nis4TS2PMhKLSLDwTVIrtEZSKqd9FEo6YkBZhhAELCeJzTeZfEGKqBgtNpRR
bpSM2EXDYvCCYMxU1JYLzzjiWpFAjRTRGM05Vw6LyALnJEnKK8tq56ZrMnOHJoPx
tfBKWyJYpASOGI4ECshahJm1CulAImxDlDthObOcKuUdj5oHRpPELTKt+VyuZdnM
fFtzWFYQtdYwEk2MhhRCFCZwIjlWVmFqkZWYEA8pRqw9LEvsjBVMwBLoWsQjzJip
SDdk/tRQnqmtmF+eHTJuMCYsaFDkWpugObWeORKRgckN5dCI9lZapyWLljkZuSbW
gr60ktuCaG22rmrO/GxV7ZB3jY2zmCrGBOzEcEYXcrKBRyQphKAgDYWFl9FqGXzE
UI9nhR9o+DW04nNLTGtTbsmvrrXk1FBsmfdYO6kLPDHlFJaaYi8Vilx6wjX2nkun
DDYhcMWiU4goj5Kksa3Jh4JUMIphIS1AIyX21BuIS4Fzgz0mAksUI9XSAyMxOgx2
g0QUQ4wexsYgVZ2+uaEuky3LVmVqC4rOFIYAZjECQjwDF1Jqrr2jgRENw1juoBgr
HGEampFQiGbaEyR1ZDpJmkOjcSsKWt4CW5xj6q3xzjsBSSusDbUxBBgYKBYAiffQ
CdwbBMhHyMsKwDTAhySpqSpP196YLohRE5jAQCZSikdHI7OYaA7jOo+kFQY6shg5
zqRRloFFSJYq7akATwWem5uW/HmoAAgbES8kByoIOBSGeKZoRAFigfsgnWOBBsDS
CkmNMsQSFzCnAkWEPPTZkvMhv8TlV9zemvsdZyY9ZpiiqBExNGpBI/AkICMldaAq
UIY4twGx4FXhGYAbDOaFxcEBRnBH6tJlFfOG7BLgVmOmAX2MJCQN5khkjEjBGNwo
BI8DFAWcCUE9VRw8Q6UWBRrh6vskWR7yTXGoh4eH0+KiYaVFE8eniuec44c2Dexu
f27MR9t+e9dKhheesaLSP4z9bWVj99iiZy84UDm6K599b9Hx/dOu2/doY/+rL56e
cPfAjFceyb55f3fpyLNXVn/709EfZ+7p+Povr71zGG+/pyr/3FdTd3Xt+c/5tzYd
Wv7Wg1d0Vg1kxve8uGXB6htefZqfPHdXB378kspb3pt+1eJjl/Yun/fljgXikqfe
Wfzy9aP6Zs3QvWHjo2uOobPFfWUTyzesOkIq3u/47J5GvmLS1cP2/XTL39+unjZ5
7/4fj00ZPEuuXL5n5wNHp+44LH6uO9B5xwfHyw9ctHf3ypNbnj9z3bedT4rcwot6
966gqbs7p1++8efta0e3p3oavnv8UH7plL7U+NnvlnyT9PSeGDW8NGTWDJzqoGfG
j+ie2PbRtf/95zPhk7aiwVOrbhazZ5732Lj6r9Off/rApZXrKj7/97QFaNecVHr/
ndfcl8ecXTb3dEfN+qVTe08OPLvZVc8e+f/XOv7xw6iyvpG5J3ZevLvkf/ULJ07H
9y78K927fsaR069PLt86ZsP8o0fPXX68enJXffMbdR/qa6a8fvbMuK252zpW7yiL
q/dVqvqVgxM225df6DzC55xYfMW2EalZDZuPv59d0H7V9n7X33PwpsFNEzifO60l
3bdxXH7tu3/csurjL14aSE7FR7Z90rxnZtfaSceKU/UThveXuUM3rFu0tfuH2bma
mhMHHxs9tWrppg8fype0djd+/OmYrs6Slns/OPj8F/3ZE5O2Pbiy/Zk3Z2Tq867n
YPvfVv4C
=RH/S
-----END PGP MESSAGE-----

6
sha256sum.txt.minisig
View File

@ -1,4 +1,4 @@
untrusted comment: signature from minisign secret key
RUSn9xivowlq/qZt+LqBXfCthiM3qvpOcdB93VE7Y+M4hhTFs8//zGrEFo1kMff7cIols3cIzbKhrFX8Jmw0kuqMLDQe+tmI6AM=
trusted comment: timestamp:1658790573 file:sha256sum.txt hashed
nDMD207tv4fuCr8ZJnGqqQXO4/9/Iqi0Z6r7Fc/5DYU+N3Wl4BSg7fcgsR9Hcl8rnodLz5dhh4JEOEPHt792DQ==
RUSn9xivowlq/mUtkDMLXlp08e6NheGfKmb38b54kqeNfYiirZzIJ/7aBYl53AEOOlq8tC53qWxEnAOtgKkHOlPRNeIyrid/IwM=
trusted comment: timestamp:1660598566 file:sha256sum.txt hashed
DIGPj2K8NpmAAsomqJeQaJVrUAcEwNjmmEXlTCHgeaFDw/a6lirra43yNL7QH/mD4ZG1GxYX+3u8AE4y39FABw==