Merge branch 'master' into Updates-to-Appendix-B3-about-Threat-Modeling

This commit is contained in:
TwoSixtyThreeFiftyFour 2022-08-09 10:07:58 +00:00 committed by GitHub
commit d98d84379c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 99 additions and 146 deletions

View File

@ -1,3 +1,18 @@
v1.1.6-pre1
- Update on Tor Browser route due to major changes
- Tor Project has condensed their settings and it is no longer
necessary to manually configure bridges.
- Fix out of date options/settings for Tor on Android
- Small grammar/spelling fixes
- Removal and fix of some bad links
- Removal of AnonArchive (down)
- "How to spot if someone has been searching your stuff" fixed
- PDF and ODT builds disabled temporarily
- Update to social links for SEO plugin
- Link to Qubes tutorial for installing Windows VMs
- Added link to Arkenfox/user.js
- Remove unnecessary addons
v1.1.5 v1.1.5
- Various spelling and grammar fixes - Various spelling and grammar fixes
- Fixed several numbering errors in references - Fixed several numbering errors in references

View File

@ -18,7 +18,7 @@ This guide is an open-source non-profit initiative, [licensed](LICENSE.html) und
- Raw [Markdown](https://github.com/Anon-Planet/thgtoa/raw/master/guide.md) (references do not work when viewing this way). - Raw [Markdown](https://github.com/Anon-Planet/thgtoa/raw/master/guide.md) (references do not work when viewing this way).
Mirrors: Mirrors:
- **Coming soon** - Tor Onion Mirror: <http://thgtoallkcxrdv37u6knsc3pumk6cq6lqmcqlw3j5vkmyahkxive4jyd.onion>
The guide and all the files are also readily available on Archive.org and Archive.today: The guide and all the files are also readily available on Archive.org and Archive.today:

View File

@ -26,6 +26,7 @@ github:
links_url: links.html links_url: links.html
twitter_url: https://twitter.com/AnonyPla twitter_url: https://twitter.com/AnonyPla
mastodon_url: https://mastodon.social/@anonymousplanet mastodon_url: https://mastodon.social/@anonymousplanet
tor_mirror_url: http://thgtoallkcxrdv37u6knsc3pumk6cq6lqmcqlw3j5vkmyahkxive4jyd.onion
defaults: defaults:
- -
scope: scope:

View File

@ -154,7 +154,7 @@ input:checked + .slider::before {
<h1>The Hitchhikers Guide to Online Anonymity</h1> <h1>The Hitchhikers Guide to Online Anonymity</h1>
</a> </a>
<h2>How I learned to start worrying and love <del>privacy</del> anonymity</h2> <h2>How I learned to start worrying and love <del>privacy</del> anonymity</h2>
<h4 class="project-version">The latest Version is v1.1.5 See the <a href="{{ site.github.changelog_url }}" style="color:#ff4700">changelog.</a></h4> <h4 class="project-version">The latest Version is v1.1.6-pre1 See the <a href="{{ site.github.changelog_url }}" style="color:#ff4700">changelog.</a></h4>
<section id="downloads"> <section id="downloads">
{% if page.url != "/" %} {% if page.url != "/" %}
<a href="{{ site.github.home_url }}" class="btn_small">Home</a> <a href="{{ site.github.home_url }}" class="btn_small">Home</a>

View File

@ -8,7 +8,7 @@ Follow or contact us on:
- Twitter: <https://twitter.com/AnonyPla> - Twitter: <https://twitter.com/AnonyPla>
- Mastodon: <https://mastodon.social/@anonymousplanet> - Mastodon: <https://mastodon.social/@anonymousplanet>
- Element/Matrix.org: <del>@anonypla:envs.net, @anonypla:tchncs.de, and @anonypla:matrix.org </del> (all deactivated permanently) - Element/Matrix.org: <del>@anonypla:envs.net, @anonypla:tchncs.de, and @anonypla:matrix.org </del> (all deactivated permanently)
- E-Mail: <contact@anonymousplanet-ng.org> - E-Mail: <anonypla@mailfence.com> (You may use our [PGP public signature](https://github.com/Anon-Planet/thgtoa/blob/master/42FF35DB9DE7C088AB0FD4A70C216A52F6DF4920.asc) to encrypt e-mails. Do not forget to attach your PGP public key if you want an encrypted answer)
Discussion Channels: Discussion Channels:
- Matrix room: ```#anonymity:matrix.org``` <https://matrix.to/#/#anonymity:matrix.org> - Matrix room: ```#anonymity:matrix.org``` <https://matrix.to/#/#anonymity:matrix.org>

223
guide.md
View File

@ -2,7 +2,7 @@
(Or "How I learned to start worrying and love ~~privacy~~ anonymity") (Or "How I learned to start worrying and love ~~privacy~~ anonymity")
Version 1.1.5, June 2022 by Anonymous Planet Version 1.1.6-pre1, August 2022 by Anonymous Planet
**Forever in memory of Lena, 1999-2022** **Forever in memory of Lena, 1999-2022**
@ -349,7 +349,7 @@ Finally note that this guide does mention and even recommends various commercial
- [Appendix Z: Online anonymous payments using cryptocurrencies] - [Appendix Z: Online anonymous payments using cryptocurrencies]
- [Reasonably anonymous option:] - [Reasonably anonymous option:]
- [Extra-Paranoid anonymous option:] - [Extra-Paranoid anonymous option:]
- [Warning about special tumbling, mixing, coinjoining privacy wallets and services:] - [Warning about special tumbling, mixing, coinjoining privacy wallets and services]
- [When converting from BTC to Monero:] - [When converting from BTC to Monero:]
- [Appendix A1: Recommended VPS hosting providers] - [Appendix A1: Recommended VPS hosting providers]
- [Appendix A2: Guidelines for passwords and passphrases] - [Appendix A2: Guidelines for passwords and passphrases]
@ -10253,147 +10253,81 @@ Download the latest Debian testing amd64 netinst ISO from <https://www.debian.or
**(Get testing to get the latest mat2 release, stable is a few versions back)** **(Get testing to get the latest mat2 release, stable is a few versions back)**
This is very lightweight, and we recommend doing it from a VM (VM inside a VM) to benefit from Whonix Tor Gateway. While it is possible to put this VM directly behind a Whonix Gateway. Whonix will not easily (AFAIK) allow communications between VMs on its network by default. This is very lightweight, and we recommend doing it from a VM (VM inside a VM) to benefit from Whonix Tor Gateway. While it is possible to put this VM directly behind a Whonix Gateway, Whonix will not easily allow communications between VMs on its network by default. You could also just leave it on Clearnet during the install process and then leave it on the Host-Only network later, or install it from a VM within a VM then move it to host OS for Host-Only usage like we show below:
You could also just leave it on Clearnet during the install process and then leave it on the Host-Only network later. 1. Create a new machine with any name like **Mat2**.
2. Select **Linux** for the Type.
Or install it from a VM within a VM then move it to host OS for Host-Only usage: 3. Select **Debian (64-bit)** as the Version.
4. Leave the default options and click **Create**.
- Create a new machine with any name like mat2 5. Select the VM and click **Settings**.
6. Select **System** and disable the **Floppy disk** on the Motherboard tab.
- Select Linux as Type 7. Select the Processor tab and **enable PAE/NX**.
8. Select **Audio** and **disable Audio**.
- Select Debian (64-bit) as Version 9. Select **USB** and **disable the USB controller**.
10. Select **Storage** and select the CD drive to mount the Debian Netinst ISO.
- Leave the default options and click create 11. Select **Network** and **Attach to NAT**.
12. Launch the VM.
- Select the VM and click Settings 13. Select **Install** (not Graphical install).
14. Select **Language**, **Location**, and **Keyboard layout** as you wish.
- Select System and disable the Floppy disk on the Motherboard tab 15. Wait for the network to configure (automatic DHCP). This takes a few seconds.
16. Pick a name like **Mat2**.
- Select the Processor tab and enable PAE/NX 17. Leave the **domain** empty.
18. Set a **root** password as you wish (preferably a good one).
- Select Audio and disable Audio 19. Create a new **user** and **password** as you wish (preferably a good one).
20. Select the **Time Zone** of your choice.
- Select USB and disable the USB controller 21. Select **Guided - Use the entire disk**.
22. Select the only disk available (**/dev/sda** in our case).
- Select Storage and select the CD drive to mount the Debian Netinst ISO 23. Select **All files in one partition**.
24. Confirm and write changes to the disk.
- Select Network and Attach to NAT 25. Select **No** to scan any other CD or DVD.
26. Select any region and any mirror of your choice and leave **proxy** blank.
- Launch the VM 27. Select **No** to take part in any survey.
28. Select **only System Standard Utilities**. Uncheck everything else using **space**.
- Select Install (not Graphical install) 29. Select **Yes** to install GRUB bootloader.
30. Select **/dev/sda** and continue.
- Select Language, Location, and Keyboard layout as you wish 31. Complete the install and reboot.
32. Log in with your **user** or **root**. You should never use root directly as a best security practice but in this case, it is okay.
- Wait for the network to configure (automatic DHCP) 33. Update your install by running ```apt upgrade```. It should be upgraded since it is a net install, but we're double checking.
34. Install the necessary packages for mat2 by running ```apt install ffmpeg uwsgi python3-pip uwsgi-plugin-python3 lib35rsvg2-dev git mat2 apache2 libapache2-mod-proxy-uwsgi```.
- Pick a name like "Mat2" 35. Go to the **/var/www** directory by running ```cd /var/www/```.
36. **Clone mat2-web** from the mat2-web repository by issuing ```git clone https://0xacab.org/jvoisin/mat2-web.git```.
- Leave the domain empty 37. **Create a directory for uploads** by running ```mkdir ./mat2-web/uploads/```.
38. **Give permissions to Apache2** to read the files by running ```chown -R www-data:www-data ./mat2-web```.
- Set a Root password as you wish (preferably a good one still) 39. **Enable apache2 uwsgi proxy** by running ```/usr/sbin/a2enmod proxy_uwsgi```.
40. **Upgrade pip** by running ```python3 -m pip install pip --upgrade```.
- Create a new user and password as you wish (preferably a good one still) 41. **Install these Python modules** by running ```python3 -m pip install flasgger pyyaml flask-restful flask cerberus flask-cors jinja2```.
42. **Move to the config directory** of mat2 by running ```cd /var/www/mat2-web/config/```.
- Select the Time Zone of your choice 43. **Copy the apache2 config file** to **/etc** by running ```cp apache2.config /etc/apache2/sites-enabled/apache2.conf```.
44. **Remove the default config file** by running ```rm /etc/apache2/sites-enabled/000-default.conf```.
- Select Guided - Use the entire disk 45. **Edit the apache2 config file** provided by mat2-web by running ```nano /etc/apache2/sites-enabled/apache2.conf```.
46. **Remove the first line** ```Listen 80``` by typing **Ctrl+K** to cut the line.
- Select the only ask available 47. **Change the uwsgi path** from ```/var/www/mat2-web/mat2-web.sock``` to ```/run/uwsgi/uwsgi.sock``` and type **Ctrl+X** to exit, followed by **Y** then **Enter**.
48. **Copy the uwsgi config file** to **/etc** by running ```cp uwsgi.config /etc/uwsgi/apps-enabled/uwsgi.ini```.
- Select All files in one partition 49. **Edit the uwsgi config file** by typing ```nano /etc/uwsgi/apps-enabled/uwsgi.ini``` and change **uid** and **guid** to ```nobody``` and ```nogroup``` respectively. Save and exit with **Ctrl+X**, followed by **Y**, then **Enter**.
50. Run ```chown -R 777 /var/www/mat2-web``` to change ownership to **mat2-web**.
- Confirm and write changes to the disk 51. **Restart uwsgi** by running ```systemctl restart uwsgi```. There should be no errors.
52. **Restart apache2** by running ```systemctl restart apache2```. There should be no errors.
- Select NO to scan any other CD or DVD 53. Now navigate to **Settings** > **Network** > **Attached to** and **select Host-only Adapter**. Click **OK** to save.
54. Reboot the VM via **Machine** > **Reset**. Confirm the reset.
- Select any region and any mirror of your choice and leave proxy blank 55. Log into the VM as the **user** from **Step 19** and type ```ip a```. Note the IP address it was assigned under link/ether, the one that has **192.168.\*.\***.
56. From the VM Host OS, **open a Browser** and navigate to the IP of your Debian VM. It will be something like: **http://192.168.1.55**.
- Select no to take part in any survey 57. You should now see a Mat2-Web website running smoothly.
58. **Shutdown the Mat2 guest VM** by running ```shutdown -h now``` to halt the machine.
- Select only System Standard Utilities (uncheck everything else) 59. **Take a snapshot of the VM** within Virtualbox while the guest VM is shutdown.
- Select Yes to install GRUB bootloader **Restart the Mat2 VM* and you are ready to use Mat2-web to remove metadata from most files!**
- Select /dev/sda and continue After use, shut down the VM and revert to the snapshot to remove traces of the uploaded files. This VM does not require any internet access unless you want to update it, in which case, you need to place it back on the **NAT network** and do the next steps.
- Complete the install and reboot For updates of Debian, **start the VM** and run ```apt update``` followed by ```apt upgrade```.
- Log in with your user or root (you should never use root directly as a best security practice but in this case, it is "okay") For updates of mat2-web, type ```cd /var/www/mat2-web``` and run ```git pull```.
- Update your install by running ```su apt upgrade``` (but it should be upgraded since it is a net install) After updates, shutdown, change to the **Host-only Adapter**, take a new snapshot, remove the earlier one.
- Install the necessary packages for mat2 by running ```su apt install ffmpeg uwsgi python3-pip uwsgi-plugin-python3 librsvg2-dev git mat2 apache2 libapache2-mod-proxy-uwsgi```
- Go to the /var/www directory by running ```cd /var/www/```
- Clone mat2-web from the mat2-web repository by issuing ```git clone https://0xacab.org/jvoisin/mat2-web.git```
- Create a directory for uploads by running ```mkdir ./mat2-web/uploads/```
- Give permissions to Apache2 to read the files by running ```chown -R www-data:www-data ./mat2-web```
- Enable apache2 uwsgi proxy by running ```/usr/sbin/a2enmod proxy_uwsgi```
- Upgrade pip by running ```python3 -m pip install pip --upgrade```
- Install some python modules by running ```python3 -m pip install flasgger pyyaml flask-restful flask cerberus flask-cors jinja2```
- Move to the config directory of mat2 by running ```cd /var/www/mat2-web/config/```
- Copy the apache2 config file to etc by running ```cp apache2.config /etc/apache2/sites-enabled/apache2.conf```
- Remove the default config file by running ```rm /etc/apache2/sites-enabled/000-default.conf```
- Edit the apache2 config file provided by mat2-web by running ```nano /etc/apache2/sites-enabled/apache2.conf```
- Remove the first line ```Listen 80```
- Change the uwsgi path from ```/var/www/mat2-web/mat2-web.sock``` to ```/run/uwsgi/uwsgi.sock``` and save/exit
- Copy the uwsgi config file to etc by running ```cp uwsgi.config /etc/uwsgi/apps-enabled/uwsgi.ini```
- Edit the uwsgi config file and change uid and guid to ```nobody``` and ```nogroup```
- Run ```chown -R 777 /var/www/mat2-web```
- Restart uwsgi by running ```systemctl restart uwsgi``` (there should be no errors)
- Restart apache2 by running ```systemctl restart apache2``` (there should be no errors)
- Now change the network settings of the VM to "Host Only Network'
- Reboot the VM
- Log into the VM and type ```ip a``` to note the IP address it was assigned.
- From the VM Host OS open a Browser and go to the IP of your Debian VM (for example http://192.168.1.55)
- You should now see a Mat2-Web website running smoothly
- Shutdown the Mat2 VM by running ```shutdown -h now```
- Take a snapshot of the VM within Virtualbox
- Restart the Mat2 VM and you are ready to use Mat2-web to remove metadata from most files
- After use, shut down the VM and revert to the snapshot to remove traces of the uploaded files
- This VM does not require any internet access unless you want to update it in which case you need to place it back on the NAT network and do the next steps.
- For updates of Debian, start the VM and run ```apt update``` followed by ```apt upgrade```
- For updates of mat2-web, go to /var/www/mat2-web and run ```git pull```
- After updates, shutdown, place it back on the Host Network, take a new snapshot, remove the earlier one.
You are done. You are done.
Now you can just start this small mat2 VM when needed, browse to it from your Guest VM and use the interface to remove any metadata from most files. Now you can just start this small Mat2 VM when needed. Browse to it from your Guest VM and use the interface to remove any metadata from most files. After each use of this VM, you should revert to the Snapshot to erase all traces.
After each use of this VM, you should revert to the Snapshot to erase all traces.
**Do not ever expose this VM to any network unless temporarily for updates. This web interface is not suitable for any direct external access.** **Do not ever expose this VM to any network unless temporarily for updates. This web interface is not suitable for any direct external access.**
@ -11860,9 +11794,9 @@ But what if the service you want does not accept Monero but does accept a more m
**Bitcoin and other "mainstream cryptocurrencies" are not anonymous at all (Remember [Your Cryptocurrencies transactions][Your Cryptocurrencies transactions:]) and you should never ever purchase, for example, Bitcoin from an exchange and then use these directly for purchasing services anonymously. This will not work, and the transaction can be traced easily.** **Bitcoin and other "mainstream cryptocurrencies" are not anonymous at all (Remember [Your Cryptocurrencies transactions][Your Cryptocurrencies transactions:]) and you should never ever purchase, for example, Bitcoin from an exchange and then use these directly for purchasing services anonymously. This will not work, and the transaction can be traced easily.**
- **Stay away from Crypto Mixers and Tumblers.** You might think this is a good idea but not only are they useless with cryptocurrencies such as BTC/ETH/LTC, but they are also dangerous as you might end up trading your currency for dirty currency from illicit activities. Use Monero to anonymize your crypto. Use a normal KYC-enabled Exchange to buy/sell your Monero (such as Kraken) or (at your own risk), use a service like LocalMonero. - **Stay away from Crypto Mixer, Tumblers and Coinjoiners.** You might think this is a good idea but not only are they useless with cryptocurrencies such as BTC/ETH/LTC, but they are also dangerous as you might end up trading your currency for dirty currency from illicit activities. Use Monero to anonymize your crypto. Use a normal KYC-enabled Exchange to buy/sell your Monero (such as Kraken) or (at your own risk), use a service like LocalMonero.
- **Stay away from what are in my opinion risky private/anonymizing wallets such as <https://we.incognito.org>.** Use a safer method outlined below. - **See [Warning about special tumbling, mixing, coinjoining privacy wallets and services].**
## Reasonably anonymous option: ## Reasonably anonymous option:
@ -12231,6 +12165,8 @@ These recommendations are similar to the ones at the beginning of the guide and
Find it online at: Find it online at:
- Original: <https://anonymousplanet-ng.org> - Original: <https://anonymousplanet-ng.org>
- Tor Onion Mirror: <http://thgtoallkcxrdv37u6knsc3pumk6cq6lqmcqlw3j5vkmyahkxive4jyd.onion>
- Archive.org: <https://web.archive.org/web/https://anonymousplanet-ng.org> - Archive.org: <https://web.archive.org/web/https://anonymousplanet-ng.org>
@ -13753,7 +13689,7 @@ See the [Some last OPSEC thoughts][Some last OPSEC thoughts:] section for some t
[Appendix Z: Online anonymous payments using cryptocurrencies]: #appendix-z-online-anonymous-payments-using-cryptocurrencies [Appendix Z: Online anonymous payments using cryptocurrencies]: #appendix-z-online-anonymous-payments-using-cryptocurrencies
[Reasonably anonymous option:]: #reasonably-anonymous-option [Reasonably anonymous option:]: #reasonably-anonymous-option
[Extra-Paranoid anonymous option:]: #extra-paranoid-anonymous-option [Extra-Paranoid anonymous option:]: #extra-paranoid-anonymous-option
[Warning about special tumbling, mixing, coinjoining privacy wallets and services:]: #warning-about-special-tumbling-mixing-coinjoining-privacy-wallets-and-services [Warning about special tumbling, mixing, coinjoining privacy wallets and services]: #warning-about-special-tumbling-mixing-coinjoining-privacy-wallets-and-services-wikiless-archiveorg
[When converting from BTC to Monero:]: #when-converting-from-btc-to-monero [When converting from BTC to Monero:]: #when-converting-from-btc-to-monero
[Appendix A1: Recommended VPS hosting providers]: #appendix-a1-recommended-vps-hosting-providers [Appendix A1: Recommended VPS hosting providers]: #appendix-a1-recommended-vps-hosting-providers
[Appendix A2: Guidelines for passwords and passphrases]: #appendix-a2-guidelines-for-passwords-and-passphrases [Appendix A2: Guidelines for passwords and passphrases]: #appendix-a2-guidelines-for-passwords-and-passphrases
@ -15156,3 +15092,4 @@ See the [Some last OPSEC thoughts][Some last OPSEC thoughts:] section for some t
[1386]: https://web.archive.org/web/20220720023429/https://leakuidatorplusteam.github.io/ [1386]: https://web.archive.org/web/20220720023429/https://leakuidatorplusteam.github.io/
[1387]: https://web.archive.org/web/20220801151048/https://support.torproject.org/glossary/moat/ [1387]: https://web.archive.org/web/20220801151048/https://support.torproject.org/glossary/moat/
[1389]: media/image59.png [1389]: media/image59.png