From 6f1b0cc7ebc385e3a4a65989b2238138d5199406 Mon Sep 17 00:00:00 2001 From: TwoSixtyThreeFiftyFour <108928957+TwoSixtyThreeFiftyFour@users.noreply.github.com> Date: Wed, 24 Aug 2022 18:23:49 +0000 Subject: [PATCH 1/8] Getting rid of Archive.org , Wikiless , Nitter , Invidious cross-references Getting rid of Archive.org , Wikiless , Nitter , Invidious cross-references --- guide.md | 3783 ++++++++++++++++++------------------------------------ 1 file changed, 1242 insertions(+), 2541 deletions(-) diff --git a/guide.md b/guide.md index 3c990b2..3d654de 100644 --- a/guide.md +++ b/guide.md @@ -28,7 +28,7 @@ The manual is here: , quick-start guide here: **Your experience may vary.** **Remember to check regularly for an updated version of this guide.** -This guide is a non-profit open-source initiative, licensed under Creative Commons **Attribution-NonCommercial** 4.0 International ([cc-by-nc-4.0][] [[Archive.org]][27]). +This guide is a non-profit open-source initiative, licensed under Creative Commons **Attribution-NonCommercial** 4.0 International ([cc-by-nc-4.0][] [[Archive.org]](https://web.archive.org/web/https://creativecommons.org/licenses/by-nc/4.0/)). - For mirrors see [Appendix A6: Mirrors] @@ -66,23 +66,23 @@ Precautions while reading this guide and accessing the various links: - **Documents/Files** have a **[Archive.org]** link next to them for accessing content through Archive.org for increased privacy and in case the content goes missing. Some links are not yet archived or outdated on archive.org in which case we encourage you to ask for a new save if possible. -- **YouTube Videos** have a **[Invidious]** link next to them for accessing content through an Invidious Instance (in this case yewtu.be hosted in the Netherlands) for increased privacy. It is recommended to use these links when possible. See [[Archive.org]][29] for more information. +- **YouTube Videos** have a **[Invidious]** link next to them for accessing content through an Invidious Instance (in this case yewtu.be hosted in the Netherlands) for increased privacy. It is recommended to use these links when possible. See [[Archive.org]](https://web.archive.org/web/https://github.com/iv-org/invidious) for more information. -- **Twitter** links have a **[Nitter]** link next to them for accessing content through a Nitter Instance (in this case nitter.net) for increased privacy. It is recommended to use these links when possible. See [[Archive.org]][30] for more information. +- **Twitter** links have a **[Nitter]** link next to them for accessing content through a Nitter Instance (in this case nitter.net) for increased privacy. It is recommended to use these links when possible. See [[Archive.org]](https://web.archive.org/web/https://github.com/zedeus/nitter) for more information. -- **Wikipedia** links have a **[Wikiless]** link next to them for accessing content through a Wikiless Instance (in this case Wikiless.org) for increased privacy. It is recommended to use these links when possible. See [[Archive.org]][31] for more information. +- **Wikipedia** links have a **[Wikiless]** link next to them for accessing content through a Wikiless Instance (in this case Wikiless.org) for increased privacy. It is recommended to use these links when possible. See [[Archive.org]](https://web.archive.org/web/https://codeberg.org/orenom/wikiless) for more information. -- **Medium** links have **[Scribe.rip]** link next to them for accessing content through a Scribe.rip Instance for increased privacy. Again, it is recommended to use these links when possible. See [[Archive.org]][32] for more information. +- **Medium** links have **[Scribe.rip]** link next to them for accessing content through a Scribe.rip Instance for increased privacy. Again, it is recommended to use these links when possible. See [[Archive.org]](https://web.archive.org/web/https://scribe.rip/) for more information. - If you are reading this in PDF or ODT format, you will notice plenty of \`\`\` in place of double quotes (""). These \`\`\` are there to ease conversion into Markdown/HTML format for online viewing of code blocks on the website. -If you do not want the hassle and use one of the browsers below, you could also just install the following extension on your browser: [[Archive.org]][33]: +If you do not want the hassle and use one of the browsers below, you could also just install the following extension on your browser: [[Archive.org]](https://web.archive.org/web/20220509220021/https://libredirect.github.io/): - Firefox: - Chromium-based browsers (Chrome, Brave, Edge): -**If you are having trouble accessing any of the many academic articles referenced in this guide due to paywalls, feel free to use Sci-Hub (** [[Wikiless]][34] [[Archive.org]][35]**) or LibGen (** [[Wikiless]][36] [[Archive.org]][37]**) for finding and reading them. Because Science should be free. All of it. If you are faced with a paywall accessing some resources, consider using .** +**If you are having trouble accessing any of the many academic articles referenced in this guide due to paywalls, feel free to use Sci-Hub (** [[Wikiless]](https://wikiless.org/wiki/Sci-Hub) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Sci-Hub)**) or LibGen (** [[Wikiless]](https://wikiless.org/wiki/Library_Genesis) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Library_Genesis)**) for finding and reading them. Because Science should be free. All of it. If you are faced with a paywall accessing some resources, consider using .** Finally note that this guide does mention and even recommends various commercial services (such as VPNs, CDNs, e-mail providers, hosting providers...) **but is not endorsed or sponsored by any of them in any way. There are no referral links and no commercial ties with any of these providers. This project is 100% non-profit and only relying on donations.** @@ -455,7 +455,7 @@ Here is a basic simplified threat model for this guide: Disclaimer: Jokes aside (magical amulet...). Of course, there are also advanced ways to mitigate attacks against such advanced and skilled adversaries but those are just out of the scope of this guide. It is crucially important that you understand the limits of the threat model of this guide. And therefore, this guide will not double in size to help with those advanced mitigations as this is just too complex and will require an exceedingly high knowledge and skill level that is not expected from the targeted audience of this guide. -The EFF provides a few security scenarios of what you should consider depending on your activity. While some of those tips might not be within the scope of this guide (more about Privacy than Anonymity), they are still worth reading as examples. See [[Archive.org]][41]. +The EFF provides a few security scenarios of what you should consider depending on your activity. While some of those tips might not be within the scope of this guide (more about Privacy than Anonymity), they are still worth reading as examples. See [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module-categories/security-scenarios). If you want to go deeper into threat modeling, see [Appendix B3: Threat modeling resources]. @@ -491,17 +491,17 @@ There are many ways you can be tracked besides browser cookies and ads, your e-m First, you could also consider these more general resources on privacy and security to learn more basics: -- The New Oil*: [[Archive.org]][42] +- The New Oil*: [[Archive.org]](https://web.archive.org/web/https://thenewoil.org/) -- Techlore videos*: [[Invidious]][43] +- Techlore videos*: [[Invidious]](https://yewtu.be/c/Techlore) -- Privacy Guides: [[Archive.org]][44] +- Privacy Guides: [[Archive.org]](https://web.archive.org/web/https://privacyguides.org/) -- Privacy Tools*: [[Archive.org]][45] +- Privacy Tools*: [[Archive.org]](https://web.archive.org/web/https://privacytools.io/) *Note that these websites could contain affiliate/sponsored content and/or merchandising. This guide does not endorse and is not sponsored by any commercial entity in any way.* -If you skipped those, you should really still consider viewing this YouTube playlist from the Techlore Go Incognito project ( [[Archive.org]][46]) as an introduction before going further: [[Invidious]][47]. This guide will cover many of the topics in the videos of this playlist with more details and references as well as some added topics not covered within that series. This will just take you 2 or 3 hours to watch it all. +If you skipped those, you should really still consider viewing this YouTube playlist from the Techlore Go Incognito project ( [[Archive.org]](https://web.archive.org/web/https://github.com/techlore-official/go-incognito)) as an introduction before going further: [[Invidious]](https://yewtu.be/playlist?list=PL3KeV6Ui_4CayDGHw64OFXEPHgXLkrtJO). This guide will cover many of the topics in the videos of this playlist with more details and references as well as some added topics not covered within that series. This will just take you 2 or 3 hours to watch it all. **Now, here is a non-exhaustive list of some of the many ways you could be tracked and de-anonymized:** @@ -571,7 +571,7 @@ DNS stands for "Domain Name System"[^31] and is a service used by your browser ( Every time your browser wants to access a certain service such as Google through www.google.com. Your Browser (Chrome or Firefox) will query a DNS service to find the IP addresses of the Google web servers. -Here is a video explaining DNS visually if you are already lost: [[Invidious]][48] +Here is a video explaining DNS visually if you are already lost: [[Invidious]](https://yewtu.be/watch?v=vrxwXXytEuI) Usually, the DNS service is provided by your ISP and automatically configured by the network you are connecting to. This DNS service could also be subject to data retention regulations or will just keep logs for other reasons (data collection for advertising purposes for instance). Therefore, this ISP will be capable of telling everything you did online just by looking at those logs which can, in turn, be provided to an adversary. Conveniently this is also the easiest way for many adversaries to apply censoring or parental control by using DNS blocking[^32]. The provided DNS servers will give you a different address (than their real one) for some websites (like redirecting thepiratebay.org to some government website). Such blocking is widely applied worldwide for certain sites[^33]. @@ -585,7 +585,7 @@ A solution to this is to use encrypted DNS using DoH (DNS over HTTPS[^36]), DoT Small in-between Disclaimer: **This guide does not necessarily endorse or recommend Cloudflare services even if it is mentioned several times in this section for technical understanding.** -Unfortunately, the TLS protocol used in most HTTPS connections in most Browsers (Chrome/Brave among them) will leak the Domain Name again through SNI[^39] handshakes (this can be checked here at Cloudflare: [[Archive.org]][49] ). **As of the writing of this guide, only Firefox-based browsers supports ECH (Encrypted Client Hello**[^40] **previously known as eSNI**[^41]**) on some websites which will encrypt everything end to end (in addition to using a secure private DNS over TLS/HTTPS) and will allow you to hide your DNS requests from a third party**[^42]**.** And this option is not enabled by default either so you will have to enable it yourself. +Unfortunately, the TLS protocol used in most HTTPS connections in most Browsers (Chrome/Brave among them) will leak the Domain Name again through SNI[^39] handshakes (this can be checked here at Cloudflare: [[Archive.org]](https://web.archive.org/web/https://www.cloudflare.com/ssl/encrypted-sni/) ). **As of the writing of this guide, only Firefox-based browsers supports ECH (Encrypted Client Hello**[^40] **previously known as eSNI**[^41]**) on some websites which will encrypt everything end to end (in addition to using a secure private DNS over TLS/HTTPS) and will allow you to hide your DNS requests from a third party**[^42]**.** And this option is not enabled by default either so you will have to enable it yourself. ![][50] @@ -617,7 +617,7 @@ Some countries like Russia[^45] and China[^46] might (unverified despite the art The issues do not end here. Part of the HTTPS TLS validation is called OCSP[^47] and this protocol used by Firefox-based browsers will leak metadata in the form of the serial number of the certificate of the website you are visiting. An adversary can then easily find which website you are visiting by matching the certificate number[^48]. This issue can be mitigated by using OCSP stapling[^49]. Unfortunately, this is enabled but not enforced by default in Firefox/Tor Browser. But the website you are visiting must also be supporting it and not all do. Chromium-based browsers on the other hand use a different system called CRLSets[^50]'[^51] which is arguably better. -Here is a list of how various browsers behave with OCSP: [[Archive.org]][51] +Here is a list of how various browsers behave with OCSP: [[Archive.org]](https://web.archive.org/web/https://www.ssl.com/blogs/how-do-browsers-handle-revoked-ssl-tls-certificates/) Here is an illustration of the issue you could encounter on Firefox-based browsers: @@ -625,14 +625,14 @@ Here is an illustration of the issue you could encounter on Firefox-based browse Finally, even if you use a custom encrypted DNS server (DoH or DoT) with ECH/eSNI support and OCSP stapling, it might still not be enough as traffic analysis studies[^52] have shown it is still possible to reliably fingerprint and block unwanted requests. Only DNS over Tor was able to show efficient DNS Privacy in recent studies but even that can still be defeated by other means (see [Your Anonymized Tor/VPN traffic][Your Anonymized Tor/VPN traffic:]). -One could also decide to use a Tor Hidden DNS Service or ODoH (Oblivious DNS over HTTPS[^53]) to further increase privacy/anonymity but **unfortunately**, as far as we know, these methods are only provided by Cloudflare as of this writing ( [[Archive.org]][53], [[Archive.org]][54]). These are workable and reasonably secure technical options but there is also a moral choice if you want to use Cloudflare or not (despite the risk posed by some researchers[^54]). +One could also decide to use a Tor Hidden DNS Service or ODoH (Oblivious DNS over HTTPS[^53]) to further increase privacy/anonymity but **unfortunately**, as far as we know, these methods are only provided by Cloudflare as of this writing ( [[Archive.org]](https://web.archive.org/web/https://blog.cloudflare.com/welcome-hidden-resolver/), [[Archive.org]](https://web.archive.org/web/https://blog.cloudflare.com/oblivious-dns/)). These are workable and reasonably secure technical options but there is also a moral choice if you want to use Cloudflare or not (despite the risk posed by some researchers[^54]). **Note that Oblivious DNS addresses an adversary that eavesdrops on one of the connections listed here but not all. It does not address a global passive adversary (GPA) who can eavesdrop on many or all of these connections**: - traffic between the client resolver and the recursive resolver - the recursive resolver and the ODNS resolver - the ODNS resolver and an authoritative server. -Lastly, there is also this new possibility called DoHoT which stands for DNS over HTTPS over Tor which could also further increase your privacy/anonymity and which you could consider if you are more skilled with Linux. See [[Archive.org]][55]. This guide will not help you with this one at this stage, but it might be coming soon. +Lastly, there is also this new possibility called DoHoT which stands for DNS over HTTPS over Tor which could also further increase your privacy/anonymity and which you could consider if you are more skilled with Linux. See [[Archive.org]](https://web.archive.org/web/https://github.com/alecmuffett/dohot). This guide will not help you with this one at this stage, but it might be coming soon. Here is an illustration showing the current state of DNS and HTTPS privacy based on our current knowledge. @@ -640,7 +640,7 @@ Here is an illustration showing the current state of DNS and HTTPS privacy based As for your normal daily use (non-sensitive), remember that only Firefox-based browsers support ECH (formerly eSNI) so far and that it is only useful with websites hosted behind Cloudflare CDN at this stage. If you prefer a Chrome-based version (which is understandable for some due to some better-integrated features like on-the-fly Translation), then we would recommend the use of Brave instead which supports all Chrome extensions and offers much better privacy than Chrome. -But the story does not stop there right. Now because after all this, even if you encrypt your DNS and use all possible mitigations. Simple IP requests to any server will probably allow an adversary to still detect which site you are visiting. And this is simply because the majority of websites have unique IPs tied to them as explained here: [[Archive.org]][57]. This means that an adversary can create a dataset of known websites for instance including their IPs and then match this dataset against the IP you ask for. In most cases, this will result in a correct guess of the website you are visiting. This means that despite OCSP stapling, despite ECH/eSNI, despite using Encrypted DNS ... An adversary can still guess the website you are visiting anyway. +But the story does not stop there right. Now because after all this, even if you encrypt your DNS and use all possible mitigations. Simple IP requests to any server will probably allow an adversary to still detect which site you are visiting. And this is simply because the majority of websites have unique IPs tied to them as explained here: [[Archive.org]](https://web.archive.org/web/https://blog.apnic.net/2019/08/23/what-can-you-learn-from-an-ip-address/). This means that an adversary can create a dataset of known websites for instance including their IPs and then match this dataset against the IP you ask for. In most cases, this will result in a correct guess of the website you are visiting. This means that despite OCSP stapling, despite ECH/eSNI, despite using Encrypted DNS ... An adversary can still guess the website you are visiting anyway. Therefore, to mitigate all these issues (as much as possible and as best as we can), this guide will later recommend two solutions: Using Tor and a virtualized (See [Appendix W: Virtualization][Appendix V1: Hardening your Browsers:]) multi-layered solution of VPN over Tor solution (DNS over VPN over Tor or DNS over TOR). Other options will also be explained (Tor over VPN, VPN only, No Tor/VPN) but are less recommended. @@ -670,7 +670,7 @@ But unfortunately, this is not limited to your smartphone, and you also probably While all these cannot be used to de-anonymize you from a remote online adversary, they can be used to narrow down a search if your approximate location at a certain time is known. For instance, you cannot rule out that some stores will effectively scan (and log) all RFID chips passing through the door. They might be looking for their loyalty cards but are also logging others along the way. Such RFID tags could be traced to your identity and allow for de-anonymization. -More information over at Wikipedia: [[Wikiless]][58] [[Archive.org]][59] and [[Wikiless]][58] [[Archive.org]][59] +More information over at Wikipedia: [[Wikiless]](https://wikiless.org/wiki/Radio-frequency_identification) [[Archive.org]](https://web.archive.org/web/https://web.archive.org/web/20220530073225/https://en.wikipedia.org/wiki/Radio-frequency_identification) and [[Wikiless]](https://wikiless.org/wiki/Radio-frequency_identification) [[Archive.org]](https://web.archive.org/web/https://web.archive.org/web/20220530073225/https://en.wikipedia.org/wiki/Radio-frequency_identification) The only way to mitigate this problem is to have no RFID tags on you or to shield them again using a type of Faraday cage. You could also use specialized wallets/pouches that specifically block RFID communications. Many of those are now made by well-known brands such as Samsonite[^57]. You should just not carry such RFID devices while conducting sensitive activities. @@ -686,9 +686,9 @@ This allows them to provide accurate locations even when GPS is off, but it also Note: If you have an Android smartphone, Google probably knows where it is no matter what you do. You cannot really trust the settings. The whole operating system is built by a company that wants your data. Remember that if it is free then you are the product. -But that is not what all those Wi-Fi access points can do. Recently developed techs could even allow someone to track your movements accurately just based on radio interferences. What this means is that it is possible to track your movement inside a room/building based on the radio signals passing through. This might seem like a tinfoil hat conspiracy theory claim but here are the references[^63] with demonstrations showing this tech in action: [[Archive.org]][60] and the video here: [[Invidious]][61] +But that is not what all those Wi-Fi access points can do. Recently developed techs could even allow someone to track your movements accurately just based on radio interferences. What this means is that it is possible to track your movement inside a room/building based on the radio signals passing through. This might seem like a tinfoil hat conspiracy theory claim but here are the references[^63] with demonstrations showing this tech in action: [[Archive.org]](https://web.archive.org/web/http://rfpose.csail.mit.edu/) and the video here: [[Invidious]](https://yewtu.be/watch?v=HgDdaMy8KNE) -Other researchers have found a way to count the people in a defined space using only Wi-Fi, see [[Archive.org]][62] +Other researchers have found a way to count the people in a defined space using only Wi-Fi, see [[Archive.org]](https://web.archive.org/web/https://www.news.ucsb.edu/2021/020392/dont-fidget-wifi-will-count-you) You could therefore imagine many use cases for such technologies like recording who enters specific buildings/offices (hotels, hospitals, or embassies for instance) and then discover who meets who and thereby tracking them from outside. Even if they have no smartphone on them. @@ -696,7 +696,7 @@ You could therefore imagine many use cases for such technologies like recording Again, such an issue could only be mitigated by being in a room/building that would act as a Faraday cage. -Here is another video of the same kind of tech in action: [[Invidious]][64] +Here is another video of the same kind of tech in action: [[Invidious]](https://yewtu.be/watch?v=FDZ39h-kCS8) See [Appendix N: Warning about smartphones and smart devices] @@ -710,7 +710,7 @@ Here are some videos explaining more about the topic: - HOPE 2020, -- YouTube, Hak5, Wi-Fi Pineapple Mark VII [[Invidious]][65] +- YouTube, Hak5, Wi-Fi Pineapple Mark VII [[Invidious]](https://yewtu.be/watch?v=7v3JR4Wlw4Q) These devices can fit in a small bag and can take over the Wi-Fi environment of any place within their range. For instance, a Bar/Restaurant/Café/Hotel Lobby. These devices can force Wi-Fi clients to disconnect from their current Wi-Fi (using de-authentication, disassociation attacks[^66]) while spoofing the normal Wi-Fi networks at the same location. They will continue to perform this attack until your computer, or you decide to try to connect to the rogue AP. @@ -728,7 +728,7 @@ How to mitigate those? If you do connect to a public wi-fi access point, use Tor Tor and VPNs are not silver bullets. Many advanced techniques have been developed and studied to de-anonymize encrypted Tor traffic over the years[^68]. Most of those techniques are Correlation attacks that will correlate your network traffic in one way or another to logs or datasets. Here are some examples: -- **Correlation Fingerprinting Attack:** As illustrated (simplified) below, this attack will fingerprint your encrypted Tor traffic (like the websites you visited) based on the analysis of your encrypted traffic without decrypting it. Some of those methods can do so with a 96% success rate **in a closed-world setting**. **The efficacy of those methods in a real open-world setting** **has not been demonstrated yet and would probably require tremendous resources computing power making it very unlikely that such techniques would be used by a local adversary in the near future.** Such techniques could however hypothetically be used by an advanced and probably global adversary with access to your source network to determine some of your activity. Examples of those attacks are described in several research papers[^69]'[^70]'[^71] as well as their limitations[^72]. The Tor Project itself published an article about these attacks with some mitigations: [[Archive.org]][66]. +- **Correlation Fingerprinting Attack:** As illustrated (simplified) below, this attack will fingerprint your encrypted Tor traffic (like the websites you visited) based on the analysis of your encrypted traffic without decrypting it. Some of those methods can do so with a 96% success rate **in a closed-world setting**. **The efficacy of those methods in a real open-world setting** **has not been demonstrated yet and would probably require tremendous resources computing power making it very unlikely that such techniques would be used by a local adversary in the near future.** Such techniques could however hypothetically be used by an advanced and probably global adversary with access to your source network to determine some of your activity. Examples of those attacks are described in several research papers[^69]'[^70]'[^71] as well as their limitations[^72]. The Tor Project itself published an article about these attacks with some mitigations: [[Archive.org]](https://web.archive.org/web/https://blog.torproject.org/new-low-cost-traffic-analysis-attacks-mitigations). ![][67] @@ -752,17 +752,17 @@ Be aware again that this might not be enough against a motivated global adversar Be also aware that all the other methods described in this guide such as Behavioral analysis can also be used to deanonymize Tor users indirectly (see further [Your Digital Fingerprint, Footprint, and Online Behavior][Your Digital Fingerprint, Footprint, and Online Behavior:]). -I also strongly recommend reading this very good, complete, and thorough (and more detailed) guide on most known Attack Vectors on Tor: [[Archive.org]][70] as well as this recent research publication [[Archive.org]][71] +I also strongly recommend reading this very good, complete, and thorough (and more detailed) guide on most known Attack Vectors on Tor: [[Archive.org]](https://web.archive.org/web/https://github.com/Attacks-on-Tor/Attacks-on-Tor) as well as this recent research publication [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/323627387_Shedding_Light_on_the_Dark_Corners_of_the_Internet_A_Survey_of_Tor_Research) -As well as this great series of blog posts: [[Archive.org]][72] +As well as this great series of blog posts: [[Archive.org]](https://web.archive.org/web/https://www.hackerfactor.com/blog/index.php?/archives/906-Tor-0day-The-Management-Vulnerability.html) -Recently, one of these attacks was attempted on the Tor Network with more information here: [[Archive.org]][73] +Recently, one of these attacks was attempted on the Tor Network with more information here: [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/information-technology/2014/07/active-attack-on-tor-network-tried-to-decloak-users-for-five-months/) Lastly, do remember that using Tor can already be considered suspicious activity[^76], and its use could be considered malicious by some[^77]. -This guide will later propose some mitigations to such attacks by changing your origin from the start (using public wi-fi's for instance). Remember that such attacks are usually carried by highly skilled, highly resourceful, and motivated adversaries and are out of scope from this guide. It is also recommended that you learn about practical correlation attacks, as performed by intelligence agencies: [[Archive.org]][1385] +This guide will later propose some mitigations to such attacks by changing your origin from the start (using public wi-fi's for instance). Remember that such attacks are usually carried by highly skilled, highly resourceful, and motivated adversaries and are out of scope from this guide. It is also recommended that you learn about practical correlation attacks, as performed by intelligence agencies: [[Archive.org]](https://web.archive.org/web/20220516000616/https://officercia.mirror.xyz/WeAilwJ9V4GIVUkYa7WwBwV2II9dYwpdPTp3fNsPFjo) -**Disclaimer: it should also be noted that Tor is not designed to protect against a global adversary. For more information see [[Archive.org]][74] and specifically, "Part 3. Design goals and assumptions.".** +**Disclaimer: it should also be noted that Tor is not designed to protect against a global adversary. For more information see [[Archive.org]](https://web.archive.org/web/https://svn-archive.torproject.org/svn/projects/design-paper/tor-design.pdf) and specifically, "Part 3. Design goals and assumptions.".** ### Some Devices can be tracked even when offline: @@ -770,7 +770,9 @@ This guide will later propose some mitigations to such attacks by changing your You have seen this in action/spy/Sci-Fi movies and shows, the protagonists always remove the battery of their phones to make sure it cannot be used. Most people would think that's overkill. Well, unfortunately, no, this is now becoming true at least for some devices: - iPhones and iPads (IOS 13 and above)[^78]'[^79] + - Samsung Phones (Android 10 and above)[^80] + - MacBooks (macOS 10.15 and above)[^81] Such devices will continue to broadcast identity information to nearby devices even when offline using Bluetooth Low-Energy[^82]. They do not have access to the devices directly (which are not connected to the internet) but instead use BLE to find them through other nearby devices[^83]. They are using peer-to-peer short-range Bluetooth communication to broadcast their status through nearby online devices. @@ -815,9 +817,9 @@ The IMEI and IMSI can be traced back to you in at least six ways: - ... -Here is also a good YouTube video on this topic: DEFCON Safe Mode - Cooper Quintin - Detecting Fake 4G Base Stations in Real-Time [[Invidious]][75] +Here is also a good YouTube video on this topic: DEFCON Safe Mode - Cooper Quintin - Detecting Fake 4G Base Stations in Real-Time [[Invidious]](https://yewtu.be/watch?v=siCk4pGGcqA) -**For these reasons, it is crucial to get dedicated an anonymous phone number and/or an anonymous burner phone with an anonymous pre-paid sim card that is not tied to you in any way (past or present) for conducting sensitive activities. It is also possible get an anonymous pre-paid but preferably dedicated number from specific free and paid online services accepting anonymous cryptocurrencies like Monero (Get more practical guidance here: [Getting an anonymous Phone number][Getting an anonymous Phone number:]).** +**For these reasons, it is crucial to get dedicated an anonymous phone number and/or an anonymous burner phone with an anonymous pre-paid sim card that is not tied to you in any way (past or present) for conducting sensitive activities (See more practical guidance in [Getting an anonymous Phone number][Getting an anonymous Phone number:] section).** While there are some smartphones manufacturers like Purism with their Librem series[^98] who claim to have your privacy in mind, they still do not allow IMEI randomization which we believe is a key anti-tracking feature that should be provided by such manufacturers. While this measure will not prevent IMSI tracking within the SIM card, it would at least allow you to keep the same "burner phone" and only switch SIM cards instead of having to switch both for privacy. @@ -855,25 +857,25 @@ See [Appendix N: Warning about smartphones and smart devices] All modern CPUs[^102] are now integrating hidden management platforms such as the now infamous Intel Management Engine[^103] and the AMD Platform Security Processor[^104]. -Those management platforms are small operating systems running directly on your CPU as long as they have power. These systems have full access to your computer's network and could be accessed by an adversary to de-anonymize you in various ways (using direct access or using malware for instance) as shown in this enlightening video: BlackHat, How to Hack a Turned-Off Computer, or Running Unsigned Code in Intel Management Engine [[Invidious]][76]. +Those management platforms are small operating systems running directly on your CPU as long as they have power. These systems have full access to your computer's network and could be accessed by an adversary to de-anonymize you in various ways (using direct access or using malware for instance) as shown in this enlightening video: BlackHat, How to Hack a Turned-Off Computer, or Running Unsigned Code in Intel Management Engine [[Invidious]](https://yewtu.be/watch?v=mYsTBPqbya8). These have already been affected by several security vulnerabilities in the past[^105] that allowed malware to gain control of target systems. These are also accused by many privacy actors including the EFF and Libreboot of being a backdoor into any system[^106]. There are some not so straightforward ways[^107] to disable the Intel IME on some CPUs and you should do so if you can. For some AMD laptops, you can disable it within the BIOS settings by disabling PSP. -Note that, to AMD's defense, there were no security vulnerabilities found for ASP and no backdoors either. See [[Invidious]][77]. In addition, AMD PSP does not provide any remote management capabilities contrary to Intel IME. +Note that, to AMD's defense, there were no security vulnerabilities found for ASP and no backdoors either. See [[Invidious]](https://yewtu.be/watch?v=bKH5nGLgi08&t=2834s). In addition, AMD PSP does not provide any remote management capabilities contrary to Intel IME. If you are feeling a bit more adventurous, you could install your own BIOS using Libreboot or Coreboot [^108] if your laptop supports it (be aware that Coreboot does contain some propriety code unlike its fork Libreboot). Check yourself: -- If you are using Linux you can check the vulnerability status of your CPU to Spectre/Meltdown attacks by using [[Archive.org]][80] which is available as a package for most Linux distros including Whonix. Spectre is a transient execution attack. There is also PoC code for Spectre v1 and v2 on iPhone devices here: [[Archive.org]](https://web.archive.org/web/20220814122148/https://github.com/cispa/BranchDifferent) and here [[Archive.org]](https://web.archive.org/web/20220814122652/https://misc0110.net/files/applespectre_dimva22.pdf) +- If you are using Linux you can check the vulnerability status of your CPU to Spectre/Meltdown attacks by using [[Archive.org]](https://web.archive.org/web/https://github.com/speed47/spectre-meltdown-checker) which is available as a package for most Linux distros including Whonix. Spectre is a transient execution attack. There is also PoC code for Spectre v1 and v2 on iPhone devices here: [[Archive.org]](https://web.archive.org/web/20220814122148/https://github.com/cispa/BranchDifferent) and here [[Archive.org]](https://web.archive.org/web/20220814122652/https://misc0110.net/files/applespectre_dimva22.pdf) -- If you are using Windows, you can check the vulnerability status of your CPU using inSpectre [[Archive.org]][81] +- If you are using Windows, you can check the vulnerability status of your CPU using inSpectre [[Archive.org]](https://web.archive.org/web/https://www.grc.com/inspectre.htm) Some CPUs have unfixable flaws (especially Intel CPUs) that could be exploited by various malware. Here is a good current list of such vulnerabilities affecting recent widespread CPUs: [[Wikiless]](https://wikiless.org/wiki/Transient_execution_CPU_vulnerability) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability) -Some of these can be avoided using Virtualization Software settings that can mitigate such exploits. See this guide for more information [[Archive.org]][82] (warning: these can severely impact the performance of your VMs). +Some of these can be avoided using Virtualization Software settings that can mitigate such exploits. See this guide for more information [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Spectre_Meltdown) (warning: these can severely impact the performance of your VMs). This guide won't go too deep into side-channel and microarchitecture attacks but we will highlight some issues with both Intel and AMD CPU architectures that will be mitigated throughout. It's important to recognize hardware is just as susceptible to bugs, and therefore exploitation, regardless of manufacturer. @@ -889,31 +891,31 @@ Here are good overviews of what is being collected by those five popular OSes in - Android/Google: - - Just have a read at their privacy policy [[Archive.org]][83] + - Just have a read at their privacy policy [[Archive.org]](https://web.archive.org/web/https://policies.google.com/privacy) - - School of Computer Science & Statistics, Trinity College Dublin, Ireland Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google [[Archive.org]][84] + - School of Computer Science & Statistics, Trinity College Dublin, Ireland Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google [[Archive.org]](https://web.archive.org/web/https://www.scss.tcd.ie/doug.leith/apple_google.pdf) - IOS/Apple: - - More information at [[Archive.org]][85] and [[Archive.org]][86] + - More information at [[Archive.org]](https://web.archive.org/web/https://www.apple.com/legal/privacy/en-ww/) and [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT202100) - - School of Computer Science & Statistics, Trinity College Dublin, Ireland Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google [[Archive.org]][84] + - School of Computer Science & Statistics, Trinity College Dublin, Ireland Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google [[Archive.org]](https://web.archive.org/web/https://www.scss.tcd.ie/doug.leith/apple_google.pdf) - Apple does claim[^109] that they anonymize this data using differential privacy[^110] but you will have to trust them on that. - Windows/Microsoft: - - Full list of required diagnostic data: [[Archive.org]][87] + - Full list of required diagnostic data: [[Archive.org]](https://web.archive.org/web/https://docs.microsoft.com/en-us/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004) - - Full list of optional diagnostic data: [[Archive.org]][88] + - Full list of optional diagnostic data: [[Archive.org]](https://web.archive.org/web/https://docs.microsoft.com/en-us/windows/privacy/windows-diagnostic-data) - macOS: - - More details on [[Archive.org]][89] + - More details on [[Archive.org]](https://web.archive.org/web/https://support.apple.com/guide/mac-help/share-analytics-information-mac-apple-mh27990/mac) - Ubuntu: - - Ubuntu despite being a Linux distribution also collects Telemetry Data nowadays. This data however is quite limited compared to the others. More details on [[Archive.org]][90] + - Ubuntu despite being a Linux distribution also collects Telemetry Data nowadays. This data however is quite limited compared to the others. More details on [[Archive.org]](https://web.archive.org/web/https://ubuntu.com/desktop/statistics) Not only are Operating Systems gathering telemetry services but so are Apps themselves like Browsers, Mail Clients, and Social Networking Apps installed on your system. @@ -989,7 +991,7 @@ The question is: Is there someone somewhere that would have both pieces of infor Have you heard of Edward Snowden[^134]? Now is the time to google him and read his book[^135]. Also read about XKEYSCORE[^136]'[^137], MUSCULAR[^138], SORM[^139], Tempora[^140] , and PRISM[^141]. -See "We kill people based on Metadata"[^142] or this famous tweet from the IDF [[Archive.org]][91] [[Nitter]][92]. +See "We kill people based on Metadata"[^142] or this famous tweet from the IDF [[Archive.org]](https://web.archive.org/web/https://twitter.com/idf/status/1125066395010699264) [[Nitter]](https://nitter.net/idf/status/1125066395010699264). See [Appendix N: Warning about smartphones and smart devices] @@ -1007,9 +1009,9 @@ While these methods are usually used for marketing purposes and advertising, the Here are some examples: -- Specialized companies are selling to, for example, law enforcement agencies products for analyzing social network activities such as [[Archive.org]][93] +- Specialized companies are selling to, for example, law enforcement agencies products for analyzing social network activities such as [[Archive.org]](https://web.archive.org/web/https://mediasonar.com/) -- For example, as a basis of authentication, a user's typing speed, keystroke depressions, patterns of error (say accidentally hitting an "l" instead of a "k" on three out of every seven transactions) and mouse movements establish that person's unique pattern of behavior[^152]. Some commercial services such as TypingDNA ( [[Archive.org]][94]) even offer such analysis as a replacement for two-factor authentications. +- For example, as a basis of authentication, a user's typing speed, keystroke depressions, patterns of error (say accidentally hitting an "l" instead of a "k" on three out of every seven transactions) and mouse movements establish that person's unique pattern of behavior[^152]. Some commercial services such as TypingDNA ( [[Archive.org]](https://web.archive.org/web/https://www.typingdna.com/)) even offer such analysis as a replacement for two-factor authentications. - This technology is also widely used in CAPTCHAS[^371] services to verify that you are "human" and can be used to fingerprint a user. @@ -1023,17 +1025,17 @@ Here is also a recent example just showing what Google Chrome collects on you: < Here are some other resources on the topic if you cannot see this documentary: -- 2017, Behavior Analysis in Social Networks, [[Archive.org]][95] +- 2017, Behavior Analysis in Social Networks, [[Archive.org]](https://web.archive.org/web/https://link.springer.com/10.1007/978-1-4614-7163-9_110198-1) -- 2017, Social Networks and Positive and Negative Affect [[Archive.today]][96] +- 2017, Social Networks and Positive and Negative Affect [[Archive.today]](https://archive.ph/iuowI) -- 2015, Using Social Networks Data for Behavior and Sentiment Analysis [[Archive.org]][97] +- 2015, Using Social Networks Data for Behavior and Sentiment Analysis [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/300562034_Using_Social_Networks_Data_for_Behavior_and_Sentiment_Analysis) -- 2016, A Survey on User Behavior Analysis in Social Networks [[Archive.org]][98] +- 2016, A Survey on User Behavior Analysis in Social Networks [[Archive.org]](https://web.archive.org/web/https://www.academia.edu/30936118/A_Survey_on_User_Behaviour_Analysis_in_Social_Networks) - 2017, DEF CON 25 presentation: [DEF CON 25 - Svea Eckert, Andreas Dewes - Dark Data](https://www.youtube.com/watch?v=1nvYGi7-Lxo) [[Invidious]](https://yewtu.be/watch?v=1nvYGi7-Lxo) -- 2019, Influence and Behavior Analysis in Social Networks and Social Media [[Archive.org]][99] +- 2019, Influence and Behavior Analysis in Social Networks and Social Media [[Archive.org]](https://web.archive.org/web/https://web.archive.org/web/https://sci-hub.se/10.1007/978-3-030-02592-2) So, how can you mitigate these? @@ -1063,13 +1065,13 @@ These are clues you might give over time that could point to your real identity. A real use and well-documented case of this was the arrest of the hacker Jeremy Hammond[^153] who shared over time several details about his past and was later discovered. -There are also a few cases involving OSINT at Bellingcat[^154]. Have a look at their very informative (but slightly outdated) toolkit here: [[Archive.org]][100] +There are also a few cases involving OSINT at Bellingcat[^154]. Have a look at their very informative (but slightly outdated) toolkit here: [[Archive.org]](https://web.archive.org/web/https://docs.google.com/spreadsheets/d/18rtqh8EG2q1xBo2cLNyhIDuK9jrPGwYr9DI2UncoqJQ/edit) **We have an OSINT discussion room in our Matrix community. Feel free to join at ```#OSINT:matrix.org```.** You can also view some convenient lists of some available OSINT tools here if you want to try them on yourself for example: -- [[Archive.org]][101] +- [[Archive.org]](https://web.archive.org/web/https://github.com/jivoi/awesome-osint) - @@ -1077,7 +1079,7 @@ You can also view some convenient lists of some available OSINT tools here if yo - -As well as this interesting Playlist on YouTube: [[Invidious]][102] +As well as this interesting Playlist on YouTube: [[Invidious]](https://yewtu.be/playlist?list=PLrFPX1Vfqk3ehZKSFeb9pVIHqxqrNW8Sy) As well as those interesting podcasts: @@ -1095,25 +1097,25 @@ If you are walking in a touristy place, you will most likely appear in someone's Here are a few resources for even trying this yourself: -- Bellingcat, Guide To Using Reverse Image Search For Investigations: [[Archive.org]][103] +- Bellingcat, Guide To Using Reverse Image Search For Investigations: [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2019/12/26/guide-to-using-reverse-image-search-for-investigations/) -- Bellingcat, Using the New Russian Facial Recognition Site SearchFace [[Archive.org]][104] +- Bellingcat, Using the New Russian Facial Recognition Site SearchFace [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2019/02/19/using-the-new-russian-facial-recognition-site-searchface-ru/) -- Bellingcat, Dali, Warhol, Boshirov: Determining the Time of an Alleged Photograph from Skripal Suspect Chepiga [[Archive.org]][105] +- Bellingcat, Dali, Warhol, Boshirov: Determining the Time of an Alleged Photograph from Skripal Suspect Chepiga [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2018/10/24/dali-warhol-boshirov-determining-time-alleged-photograph-skripal-suspect-chepiga/) -- Bellingcat, Advanced Guide on Verifying Video Content [[Archive.org]][106] +- Bellingcat, Advanced Guide on Verifying Video Content [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2017/06/30/advanced-guide-verifying-video-content/) -- Bellingcat, Using the Sun and the Shadows for Geolocation [[Archive.org]][107] +- Bellingcat, Using the Sun and the Shadows for Geolocation [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/2020/12/03/using-the-sun-and-the-shadows-for-geolocation/) -- Bellingcat, Navalny Poison Squad Implicated in Murders of Three Russian Activists [[Archive.org]][108] +- Bellingcat, Navalny Poison Squad Implicated in Murders of Three Russian Activists [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/news/uk-and-europe/2021/01/27/navalny-poison-squad-implicated-in-murders-of-three-russian-activists/) -- Bellingcat, Berlin Assassination: New Evidence on Suspected FSB Hitman Passed to German Investigators [[Archive.org]][109] +- Bellingcat, Berlin Assassination: New Evidence on Suspected FSB Hitman Passed to German Investigators [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/news/2021/03/19/berlin-assassination-new-evidence-on-suspected-fsb-hitman-passed-to-german-investigators/) -- Bellingcat, Digital Research Tutorial: Investigating a Saudi-Led Coalition Bombing of a Yemen Hospital [[Invidious]][110] +- Bellingcat, Digital Research Tutorial: Investigating a Saudi-Led Coalition Bombing of a Yemen Hospital [[Invidious]](https://yewtu.be/watch?v=cAVZaPiVArA) -- Bellingcat, Digital Research Tutorial: Using Facial Recognition in Investigations [[Invidious]][111] +- Bellingcat, Digital Research Tutorial: Using Facial Recognition in Investigations [[Invidious]](https://yewtu.be/watch?v=awY87q2Mr0E) -- Bellingcat, Digital Research Tutorial: Geolocating (Allegedly) Corrupt Venezuelan Officials in Europe [[Invidious]][112] +- Bellingcat, Digital Research Tutorial: Geolocating (Allegedly) Corrupt Venezuelan Officials in Europe [[Invidious]](https://yewtu.be/watch?v=bS6gYWM4kzY) ### Gait Recognition and Other Long-Range Biometrics @@ -1125,11 +1127,11 @@ Other things than can be used to identify you include your earlobes, which are a ![][113] -(Illustration from [[Archive.org]][114]) +(Illustration from [[Archive.org]](https://web.archive.org/web/https://www.nature.com/articles/s41598-020-79310-1.pdf)) ![][115] -(illustration from [[Archive.org]][116]) +(illustration from [[Archive.org]](https://web.archive.org/web/https://rd.springer.com/chapter/10.1007/978-3-030-42504-3_15)) Those platforms (Google/Facebook) already know who you are for a few reasons: @@ -1147,9 +1149,9 @@ Governments already know who you are because they have your ID/Passport/Driving Here are some resources detailing some techniques used by Law Enforcement today: -- CCC video explaining current Law Enforcement surveillance capabilities: [[Archive.org]][117] +- CCC video explaining current Law Enforcement surveillance capabilities: [[Archive.org]](https://web.archive.org/web/https://media.ccc.de/v/rc3-11406-spot_the_surveillance) -- EFF SLS: [[Archive.org]][118] +- EFF SLS: [[Archive.org]](https://web.archive.org/web/https://www.eff.org/sls) Apple is making FaceID mainstream and pushing its use to log you into many services including the Banking systems. @@ -1161,9 +1163,9 @@ Even your iris can be used for identification in some places[^190]. We can safely imagine a near future where you will not be able to create accounts or sign in anywhere without providing unique biometrics (A suitable time to re-watch Gattaca[^191], Person of Interest[^192] , and Minority Report[^193]). And you can safely imagine how useful these large biometrics databases could be to some interested third parties. -In addition, all this information can also be used against you (if you are already de-anonymized) using deepfake[^194] by crafting false information (Pictures, Videos, Voice Recordings[^195]...) and have already been used for such purposes[^196]'[^197]. There are even commercial services for this readily available such as [[Archive.org]][119] and [[Archive.org]][120]. +In addition, all this information can also be used against you (if you are already de-anonymized) using deepfake[^194] by crafting false information (Pictures, Videos, Voice Recordings[^195]...) and have already been used for such purposes[^196]'[^197]. There are even commercial services for this readily available such as [[Archive.org]](https://web.archive.org/web/https://www.respeecher.com/) and [[Archive.org]](https://web.archive.org/web/https://www.descript.com/overdub). -See this demo: [[Invidious]][121] +See this demo: [[Invidious]](https://yewtu.be/watch?v=t5yw5cR79VA) At this time, there are a few steps[^198] you can use to mitigate (and only mitigate) face recognition when conducting sensitive activities where CCTV might be present: @@ -1173,9 +1175,9 @@ At this time, there are a few steps[^198] you can use to mitigate (and only miti - Wear sunglasses in addition to the facemask and baseball cap to mitigate identification from your eye's features. -- Consider wearing special sunglasses (expensive, unfortunately) called "Reflectacles" [[Archive.org]][122]. There was a small study showing their efficiency against IBM and Amazon facial recognition[^201]. +- Consider wearing special sunglasses (expensive, unfortunately) called "Reflectacles" [[Archive.org]](https://web.archive.org/web/https://www.reflectacles.com/). There was a small study showing their efficiency against IBM and Amazon facial recognition[^201]. -- All that might still be useless because of gait recognition mentioned earlier but there might be hope here if you have a 3D Printer: [[Archive.org]][123] +- All that might still be useless because of gait recognition mentioned earlier but there might be hope here if you have a 3D Printer: [[Archive.org]](https://web.archive.org/web/https://gitlab.com/FG-01/fg-01) (see [Gait Recognition and Other Long-Range Biometrics]) @@ -1189,9 +1191,9 @@ A typical case is an adversary using a man-in-the-middle[^97] attack or a fake e Such attacks can also be used to de-anonymize someone by tricking them into downloading malware or revealing personal information over time. The only defense against those is not to fall for them and common sense. -These have been used countless times since the early days of the internet and the usual one is called the "419 scam" (see [[Wikiless]][124] [[Archive.org]][125]). +These have been used countless times since the early days of the internet and the usual one is called the "419 scam" (see [[Wikiless]](https://wikiless.org/wiki/Advance-fee_scam) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Advance-fee_scam)). -Here is a good video if you want to learn a bit more about phishing types: Black Hat, Ichthyology: Phishing as a Science [[Invidious]][126]. +Here is a good video if you want to learn a bit more about phishing types: Black Hat, Ichthyology: Phishing as a Science [[Invidious]](https://yewtu.be/watch?v=Z20XNp-luNA). ## Malware, exploits, and viruses: @@ -1207,9 +1209,9 @@ These could be exploiting a vulnerability in an outdated format or an outdated r See these good videos for more explanations on the matter: -- What is a File Format? [[Invidious]][127] +- What is a File Format? [[Invidious]](https://yewtu.be/watch?v=VVdmmN0su6E) -- Ange Albertini: Funky File Formats: [[Invidious]][128] +- Ange Albertini: Funky File Formats: [[Invidious]](https://yewtu.be/watch?v=hdCs6bPM4is) You should always use extreme caution. To mitigate these attacks, this guide will later recommend the use of virtualization (See [Appendix W: Virtualization][Appendix V1: Hardening your Browsers:]) to mitigate leaking any information even in case of opening such a malicious file. @@ -1239,13 +1241,13 @@ To reflect these recommendations, this guide will therefore later guide you in t There are readily available commercial and cheap "badUSB" [^213]devices that can take deploy malware, log your typing, geolocate you, listen to you or gain control of your laptop just by plugging them in. Here are some examples that you can already buy yourself: -- Hak5, USB Rubber Ducky [[Archive.org]][129] +- Hak5, USB Rubber Ducky [[Archive.org]](https://web.archive.org/web/https://shop.hak5.org/products/usb-rubber-ducky-deluxe) -- Hak5, O.MG Cable [[Invidious]][130] +- Hak5, O.MG Cable [[Invidious]](https://yewtu.be/watch?v=V5mBJHotZv0) -- Keelog [[Archive.org]][131] +- Keelog [[Archive.org]](https://web.archive.org/web/https://www.keelog.com/) -- AliExpress [[Archive.org]][132] +- AliExpress [[Archive.org]](https://web.archive.org/web/https://www.aliexpress.com/i/4000710369016.html) Such devices can be implanted anywhere (charging cable, mouse, keyboard, USB key ...) by an adversary and can be used to track you or compromise your computer or smartphone. The most notable example of such attacks is probably Stuxnet[^214] in 2005. @@ -1279,7 +1281,7 @@ Here is an example of EXIF data that could be on a picture: (Illustration from Wikipedia) -This also works for videos. Yes, videos too have geo-tagging, and many are very unaware of this. Here Is for instance a very convenient tool to geo-locate YouTube videos: [[Archive.org]][134] +This also works for videos. Yes, videos too have geo-tagging, and many are very unaware of this. Here Is for instance a very convenient tool to geo-locate YouTube videos: [[Archive.org]](https://web.archive.org/web/https://mattw.io/youtube-geofind/location) For this reason, you will always have to be incredibly careful when uploading files using your anonymous identities and check the metadata of those files. @@ -1293,7 +1295,7 @@ Pictures/Videos often contain visible watermarks indicating who is the owner/cre So, if you are a whistleblower and thinking about leaking some picture/audio/video file. Think twice. There are chances that those might contain invisible watermarking within them that would include information about you as a viewer. Such watermarks can be enabled with a simple switch in like Zoom (Video[^223] or Audio[^224]) or with extensions[^225] for popular apps such as Adobe Premiere Pro. These can be inserted by various content management systems. -For a recent example where someone leaking a Zoom meeting recording was caught because it was watermarked: [[Tor Mirror]][135] [[Archive.org]][136] +For a recent example where someone leaking a Zoom meeting recording was caught because it was watermarked: [[Tor Mirror]](https://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2021/01/18/leak-zoom-meeting/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2021/01/18/leak-zoom-meeting/) Such watermarks can be inserted by various products[^226]'[^227]'[^228]'[^229] using Steganography[^230] and can resist compression[^231] and re-encoding[^232]'[^233]. @@ -1307,15 +1309,15 @@ Be extremely careful when publishing videos/pictures/audio files from known comm Did you know your printer is most likely spying on you too? Even if it is not connected to any network? This is usually a known fact by many people in the IT community but few outside people. -Yes ... Your printers can be used to de-anonymize you as well as explained by the EFF here [[Archive.org]][137] +Yes ... Your printers can be used to de-anonymize you as well as explained by the EFF here [[Archive.org]](https://web.archive.org/web/https://www.eff.org/issues/printers) -With this (old but still relevant) video explaining how from the EFF as well: [[Invidious]][138] +With this (old but still relevant) video explaining how from the EFF as well: [[Invidious]](https://yewtu.be/watch?v=izMGMsIZK4U) Many printers will print an invisible watermark allowing for identification of the printer on every printed page. This is called Printer Steganography[^235]. There is no tangible way to mitigate this but to inform yourself on your printer and make sure it does not print any invisible watermark. This is important if you intend to print anonymously. -Here is an (old but still relevant) list of printers and brands who do not print such tracking dots provided by the EFF [[Archive.org]][139] +Here is an (old but still relevant) list of printers and brands who do not print such tracking dots provided by the EFF [[Archive.org]](https://web.archive.org/web/https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots) -Here are also some tips from the Whonix documentation ( [[Archive.org]][140]): +Here are also some tips from the Whonix documentation ( [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Printing_and_Scanning)): **Do not ever print in Color, usually, watermarks are not present without color toners/cartridges**[^236]**.** @@ -1325,21 +1327,21 @@ Did you ever see a document with blurred text? Did you ever make fun of those mo Well, there are techniques for recovering information from such documents, videos, and pictures. -Here is for example an open-source project you could use yourself for recovering text from some blurred images yourself: [[Archive.org]][141] +Here is for example an open-source project you could use yourself for recovering text from some blurred images yourself: [[Archive.org]](https://web.archive.org/web/https://github.com/beurtschipper/Depix) ![][142] This is of course an open-source project available for all to use. But you can imagine that such techniques have probably been used before by other adversaries. These could be used to reveal blurred information from published documents that could then be used to de-anonymize you. -There are also tutorials for using such techniques using Photo Editing tools such as GIMP such as [[Archive.org]][144] followed by [[Scribe.rip]][145] [[Archive.org]][146] +There are also tutorials for using such techniques using Photo Editing tools such as GIMP such as [[Archive.org]](https://web.archive.org/web/https://medium.com/@somdevsangwan/unblurring-images-for-osint-and-more-part-1-5ee36db6a70b) followed by [[Scribe.rip]](https://scribe.rip/@somdevsangwan/deblurring-images-for-osint-part-2-ba564af8eb5d) [[Archive.org]](https://web.archive.org/web/https://medium.com/@somdevsangwan/deblurring-images-for-osint-part-2-ba564af8eb5d) ![][147] -Finally, you will find plenty of deblurring resources here: [[Archive.org]][148] +Finally, you will find plenty of deblurring resources here: [[Archive.org]](https://web.archive.org/web/https://github.com/subeeshvasu/Awesome-Deblurring) Some online services could even help you do this automatically to some extent like MyHeritage.com enhance tool: - [[Archive.org]][149] + [[Archive.org]](https://web.archive.org/web/https://www.myheritage.com/photo-enhancer) Here is the result of the above image: @@ -1347,7 +1349,7 @@ Here is the result of the above image: Of course, this tool is more like "guessing" than really deblurring at this point, but it could be enough to find you using various reverse image searching services. -There are also techniques to deblur/depixelate parts in videos: see [[Archive.org]][1371] +There are also techniques to deblur/depixelate parts in videos: see [[Archive.org]](https://web.archive.org/web/https://positive.security/blog/video-depixelation) For this reason, it is always extremely important that you correctly redact and curate any document you might want to publish. Blurring is not enough, and you should always completely blacken/remove any sensitive data to avoid any attempt at recovering data from any adversary. Do not pixelized, do not blur, just put a hard black rectangle to redact information. @@ -1355,7 +1357,7 @@ For this reason, it is always extremely important that you correctly redact and Contrary to widespread belief, Crypto transactions (such as Bitcoin and Ethereum) are not anonymous[^237]. Most cryptocurrencies can be tracked accurately through various methods[^238]'[^239]. -Remember what they say on their page: [[Archive.org]][151] and [[Archive.org]][152]: "Bitcoin is not anonymous" +Remember what they say on their page: [[Archive.org]](https://web.archive.org/web/https://bitcoin.org/en/you-need-to-know) and [[Archive.org]](https://web.archive.org/web/https://bitcoin.org/en/protect-your-privacy): "Bitcoin is not anonymous" The main issue is not setting up a random Crypto wallet to receive some currency behind a VPN/Tor address (at this point, the wallet is anonymous). The issue is mainly when you want to convert Fiat money (Euros, Dollars ...) to Crypto and then when you want to cash in your Crypto. You will have few realistic options but to transfer those to an exchange (such as Coinbase/Kraken/Bitstamp/Binance). Those exchanges have known wallet addresses and will keep detailed logs (due to KYC[^240] financial regulations) and can then trace back those crypto transactions to you using the financial system[^241]. @@ -1381,13 +1383,13 @@ There are specialized commercial forensics solutions available (Magnet Axiom[^24 Notable Examples: -- Apple iCloud: [[Archive.org]][153] : "Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on**, your backup includes a copy of the key protecting your Messages**. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. ". +- Apple iCloud: [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT202303) : "Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on**, your backup includes a copy of the key protecting your Messages**. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. ". -- Google Drive and WhatsApp: [[Archive.org]][154]: "**Media and messages you back up aren't protected by WhatsApp end-to-end encryption while in Google Drive**. ". Do however note that Facebook/Whatsapp have announced the rollout of encrypted backups on October 14^th^ 2021 ( [[Archive.org]][155]) which should solve this issue. +- Google Drive and WhatsApp: [[Archive.org]](https://web.archive.org/web/https://faq.whatsapp.com/android/chats/about-google-drive-backups/): "**Media and messages you back up aren't protected by WhatsApp end-to-end encryption while in Google Drive**. ". Do however note that Facebook/Whatsapp have announced the rollout of encrypted backups on October 14^th^ 2021 ( [[Archive.org]](https://web.archive.org/web/https://about.fb.com/news/2021/10/end-to-end-encrypted-backups-on-whatsapp/)) which should solve this issue. -- Dropbox: [[Archive.org]][156] "To provide these and other features, **Dropbox accesses, stores, and scans Your Stuff**. You give us permission to do those things, and this permission extends to our affiliates and trusted third parties we work with". +- Dropbox: [[Archive.org]](https://web.archive.org/web/https://www.dropbox.com/privacy) "To provide these and other features, **Dropbox accesses, stores, and scans Your Stuff**. You give us permission to do those things, and this permission extends to our affiliates and trusted third parties we work with". -- Microsoft OneDrive: [[Archive.org]][157]: Productivity and communications products, "When you use OneDrive, we collect data about your usage of the service, as well as the content you store, to provide, improve, and protect the services. **Examples include indexing the contents of your OneDrive documents so that you can search for them later and using location information to enable you to search for photos based on where the photo was taken**". +- Microsoft OneDrive: [[Archive.org]](https://web.archive.org/web/https://privacy.microsoft.com/en-us/privacystatement): Productivity and communications products, "When you use OneDrive, we collect data about your usage of the service, as well as the content you store, to provide, improve, and protect the services. **Examples include indexing the contents of your OneDrive documents so that you can search for them later and using location information to enable you to search for photos based on where the photo was taken**". You should not trust cloud providers with your (not previously and locally encrypted) sensitive data and you should be wary of their privacy claims. In most cases, they can access your data and provide it to a third party if they want to[^250]. @@ -1399,15 +1401,15 @@ Your Browser and Device Fingerprints[^382] are set of properties/capabilities of You can find a lot of detailed information and publications about this on these resources: -- [[Archive.org]][158] +- [[Archive.org]](https://web.archive.org/web/https://amiunique.org/links) -- [[Archive.org]][159] +- [[Archive.org]](https://web.archive.org/web/https://brave.com/brave-fingerprinting-and-privacy-budgets/) Most of the time, those fingerprints will, unfortunately, be unique or nearly unique to your Browser/System. This means that even If you log out from a website and then log back in using a different username, your fingerprint might remain the same if you did not take precautionary measures. An adversary could then use such fingerprints to track you across multiple services even if you have no account on any of them and are using adblocking. These fingerprints could in turn be used to de-anonymize you if you keep the same fingerprint between services. -It should also be noted that while some browsers and extensions will offer some fingerprint resistance, this resistance in itself can also be used to fingerprint you as explained here [[Archive.org]][160] +It should also be noted that while some browsers and extensions will offer some fingerprint resistance, this resistance in itself can also be used to fingerprint you as explained here [[Archive.org]](https://web.archive.org/web/https://palant.info/2020/12/10/how-anti-fingerprinting-extensions-tend-to-make-fingerprinting-easier/) This guide will mitigate these issues by mitigating, obfuscating, and randomizing many of those fingerprinting identifiers by using Virtualization (See [Appendix W: Virtualization][Appendix V1: Hardening your Browsers:]), using specific recommendations (See [Appendix A5: Additional browser precautions with JavaScript enabled] and [Appendix V1: Hardening your Browsers][Appendix V1: Hardening your Browsers:]) and using by fingerprinting resistant Browsers (Brave and Tor Browser). @@ -1415,7 +1417,7 @@ This guide will mitigate these issues by mitigating, obfuscating, and randomizin There was an attack published that can deanonymize users if they have a known alias. For example, an attacker trying to track the activities of a journalist can use that journalist's public Twitter handle to link their anonymous identities with their public one. This breaks compartmentalization of identities and can lead to complete deanonymization, even of users who practice proper OPSEC. -The attack, published at [[Archive.org]][1386], can be mitigated using the well-known [NoScript](https://noscript.net/) extension and will be our preferred recommendation. +The attack, published at [[Archive.org]](https://web.archive.org/web/20220720023429/https://leakuidatorplusteam.github.io/), can be mitigated using the well-known [NoScript](https://noscript.net/) extension and will be our preferred recommendation. ## Tor Browser: @@ -1450,17 +1452,17 @@ Forensics techniques are now very advanced and can reveal a staggering amount of Here are some recent resources you should read about your smartphone: -- UpTurn, The Widespread Power of U.S. Law Enforcement to Search Mobile Phones [[Archive.org]][161] +- UpTurn, The Widespread Power of U.S. Law Enforcement to Search Mobile Phones [[Archive.org]](https://web.archive.org/web/https://www.upturn.org/reports/2020/mass-extraction/) -- New-York Times, The Police Can Probably Break Into Your Phone [[Archive.org]][162] +- New-York Times, The Police Can Probably Break Into Your Phone [[Archive.org]](https://web.archive.org/web/https://www.nytimes.com/2020/10/21/technology/iphone-encryption-police.html) -- Vice, Cops Around the Country Can Now Unlock iPhones, Records Show [[Archive.org]][163] +- Vice, Cops Around the Country Can Now Unlock iPhones, Records Show [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/vbxxxd/unlock-iphone-ios11-graykey-grayshift-police) I also highly recommend that you read some documents from a forensics examiner perspective such as: -- EnCase Forensic User Guide, [[Archive.org]][164] +- EnCase Forensic User Guide, [[Archive.org]](https://web.archive.org/web/http://encase-docs.opentext.com/documentation/encase/forensic/8.07/Content/Resources/External%20Files/EnCase%20Forensic%20v8.07%20User%20Guide.pdf) -- FTK Forensic Toolkit, [[Archive.org]][165] +- FTK Forensic Toolkit, [[Archive.org]](https://web.archive.org/web/https://accessdata.com/products-services/forensic-toolkit-ftk) - SANS Digital Forensics and Incident Response Videos, @@ -1502,7 +1504,7 @@ Cryptography is a complex topic and bad cryptography could easily lead to your d In the context of this guide,we recommend sticking to Apps/Services using well-established, published, and peer-reviewed methods. -So, what to prefer and what to avoid as of 2021? You will have to look up for yourself to get the technical details of each app and see if they are using "bad crypto" or "good crypto". Once you get the technical details, you could check this page for seeing what it is worth: [[Archive.org]][166] +So, what to prefer and what to avoid as of 2021? You will have to look up for yourself to get the technical details of each app and see if they are using "bad crypto" or "good crypto". Once you get the technical details, you could check this page for seeing what it is worth: [[Archive.org]](https://web.archive.org/web/https://latacora.micro.blog/2018/04/03/cryptographic-right-answers.html) Here are some examples: @@ -1549,7 +1551,7 @@ Here are some examples: - Prefer ECDSA (ed25519)+ECDH (ec25519) or RSA 4096 Bits* - - **Consider a more modern**[^270] **alternative to PGP/GPG: Minisign ** [[Archive.org]][167] + - **Consider a more modern**[^270] **alternative to PGP/GPG: Minisign ** [[Archive.org]](https://web.archive.org/web/https://jedisct1.github.io/minisign/) - Avoid: RSA 2048 bits @@ -1563,13 +1565,13 @@ Here are some examples: Here are some real cases of issues bad cryptography: -- Telegram: [[Archive.org]][168] +- Telegram: [[Archive.org]](https://web.archive.org/web/https://democratic-europe.eu/2021/07/20/cryptographers-uncover-four-vulnerabilities-in-telegram/) -- Telegram: [[Archive.org]][169] +- Telegram: [[Archive.org]](https://web.archive.org/web/https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/) - Cryptocat: -- Some other examples can be found here: [[Archive.org]][170] +- Some other examples can be found here: [[Archive.org]](https://web.archive.org/web/https://www.cryptofails.com/) Later this guide will not recommend "bad cryptography" and that should hopefully be enough to protect you? @@ -1613,55 +1615,55 @@ If the VPN provider knows nothing about you, it should mitigate any issue due to (Illustration: an excellent movie we highly recommend: Das Leben der Anderen[^286]) -Many advanced techniques can be used by skilled adversaries[^287] to bypass your security measures provided they already know where your devices are. Many of those techniques are detailed here [[Archive.org]][172] (Air-Gap Research Page, Cyber-Security Research Center, Ben-Gurion University of the Negev, Israel) but also in this report [[Archive.org]][173] (ESET, JUMPING THE AIR GAP: 15 years of nation-state effort) and include: +Many advanced techniques can be used by skilled adversaries[^287] to bypass your security measures provided they already know where your devices are. Many of those techniques are detailed here [[Archive.org]](https://web.archive.org/web/https://cyber.bgu.ac.il/advanced-cyber/airgap) (Air-Gap Research Page, Cyber-Security Research Center, Ben-Gurion University of the Negev, Israel) but also in this report [[Archive.org]](https://web.archive.org/web/https://www.welivesecurity.com/wp-content/uploads/2021/12/eset_jumping_the_air_gap_wp.pdf) (ESET, JUMPING THE AIR GAP: 15 years of nation-state effort) and include: - Attacks requiring malware implants: - - Exfiltration of Data through a Malware infected Router: [[Invidious]][174] + - Exfiltration of Data through a Malware infected Router: [[Invidious]](https://yewtu.be/watch?v=mSNt4h7EDKo) - - Exfiltration of Data through observation of Light variation in a Backlit keyboard with a compromised camera: [[Invidious]][175] + - Exfiltration of Data through observation of Light variation in a Backlit keyboard with a compromised camera: [[Invidious]](https://yewtu.be/watch?v=1kBGDHVr7x0) - - Exfiltration of Data through a compromised Security Camera (that could first use the previous attack) [[Invidious]][176] + - Exfiltration of Data through a compromised Security Camera (that could first use the previous attack) [[Invidious]](https://yewtu.be/watch?v=om5fNqKjj2M) - - Communication from outsider to compromised Security Cameras through IR light signals: [[Invidious]][177] + - Communication from outsider to compromised Security Cameras through IR light signals: [[Invidious]](https://yewtu.be/watch?v=auoYKSzdOj4) - - Exfiltration of data from a compromised air-gapped computer through acoustic analysis of the FAN noises with a smartphone [[Invidious]][178] + - Exfiltration of data from a compromised air-gapped computer through acoustic analysis of the FAN noises with a smartphone [[Invidious]](https://yewtu.be/watch?v=v2_sZIfZkDQ) - - Exfiltration of data from a malware-infected air-gapped computer through HD LEDs with a Drone [[Invidious]][179] + - Exfiltration of data from a malware-infected air-gapped computer through HD LEDs with a Drone [[Invidious]](https://yewtu.be/watch?v=4vIu8ld68fc) - - Exfiltration of data from a USB malware on an air-gapped computer through electromagnetic interferences [[Invidious]][180] + - Exfiltration of data from a USB malware on an air-gapped computer through electromagnetic interferences [[Invidious]](https://yewtu.be/watch?v=E28V1t-k8Hk) - - Exfiltration of data from a malware-infected HDD drive through covert acoustic noise [[Invidious]][181] + - Exfiltration of data from a malware-infected HDD drive through covert acoustic noise [[Invidious]](https://yewtu.be/watch?v=H7lQXmSLiP8) - - Exfiltration of data through GSM frequencies from a compromised (with malware) air-gapped computer [[Invidious]][182] + - Exfiltration of data through GSM frequencies from a compromised (with malware) air-gapped computer [[Invidious]](https://yewtu.be/watch?v=RChj7Mg3rC4) - - Exfiltration of data through electromagnetic emissions from a compromised Display device [[Invidious]][183] + - Exfiltration of data through electromagnetic emissions from a compromised Display device [[Invidious]](https://yewtu.be/watch?v=2OzTWiGl1rM&t=20s) - - Exfiltration of data through magnetic waves from a compromised air-gapped computer to a Smartphone stored inside a Faraday bag [[Invidious]][184] + - Exfiltration of data through magnetic waves from a compromised air-gapped computer to a Smartphone stored inside a Faraday bag [[Invidious]](https://yewtu.be/watch?v=yz8E5n1Tzlo) - - Communication between two compromised air-gapped computers using ultrasonic soundwaves [[Invidious]][184] + - Communication between two compromised air-gapped computers using ultrasonic soundwaves [[Invidious]](https://yewtu.be/watch?v=yz8E5n1Tzlo) - - Exfiltration of Bitcoin Wallet from a compromised air-gapped computer to a smartphone [[Invidious]][185] + - Exfiltration of Bitcoin Wallet from a compromised air-gapped computer to a smartphone [[Invidious]](https://yewtu.be/watch?v=2WtiHZNeveY) - - Exfiltration of Data from a compromised air-gapped computer using display brightness [[Invidious]][186] + - Exfiltration of Data from a compromised air-gapped computer using display brightness [[Invidious]](https://yewtu.be/watch?v=ZrkZUO2g4DE) - - Exfiltration of Data from a compromised air-gapped computer through vibrations [[Invidious]][187] + - Exfiltration of Data from a compromised air-gapped computer through vibrations [[Invidious]](https://yewtu.be/watch?v=XGD343nq1dg) - - Exfiltration of Data from a compromised air-gapped computer by turning RAM into a Wi-Fi emitter [[Invidious]][188] + - Exfiltration of Data from a compromised air-gapped computer by turning RAM into a Wi-Fi emitter [[Invidious]](https://yewtu.be/watch?v=vhNnc0ln63c) - - Exfiltration of Data from a compromised air-gapped computer through power lines [[Archive.org]][189] + - Exfiltration of Data from a compromised air-gapped computer through power lines [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/1804.04014.pdf) - **Attacks not requiring malware:** - - Observing a blank wall in a room from a distance to figure how many people are in a room and what they are doing[^288]. Publication with demonstration: [[Archive.org]][190] + - Observing a blank wall in a room from a distance to figure how many people are in a room and what they are doing[^288]. Publication with demonstration: [[Archive.org]](https://web.archive.org/web/http://wallcamera.csail.mit.edu/) - - Observing a reflective bag of snacks in a room from a distance to reconstruct the entire room[^289]. Publication with photographic examples: [[Archive.org]][191] + - Observing a reflective bag of snacks in a room from a distance to reconstruct the entire room[^289]. Publication with photographic examples: [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/2001.04642.pdf) - - Measuring floor vibrations to identify individuals and determine their health condition and mood[^290]. Publication with demonstration: [[Archive.org]][192] + - Measuring floor vibrations to identify individuals and determine their health condition and mood[^290]. Publication with demonstration: [[Archive.org]](https://web.archive.org/web/https://engineering.cmu.edu/news-events/news/2020/02/17-mauraders-map.html) - - Observing a light bulb from a distance to listen to the sound in the room[^291] **without any malware**: Demonstration: [[Invidious]][193]. It should be noted that this type of attack is not new at all and there have been articles about such techniques as far back as 2013[^292] and that you can even buy devices to perform this yourself such as here: [[Archive.org]][194] + - Observing a light bulb from a distance to listen to the sound in the room[^291] **without any malware**: Demonstration: [[Invidious]](https://yewtu.be/watch?v=t32QvpfOHqw). It should be noted that this type of attack is not new at all and there have been articles about such techniques as far back as 2013[^292] and that you can even buy devices to perform this yourself such as here: [[Archive.org]](https://web.archive.org/web/http://www.gcomtech.com/ccp0-prodshow/laser-surveillance-laser-listening.html) -Here is also a good video from the same authors to explain those topics: Black Hat, The Air-Gap Jumpers [[Invidious]][195] +Here is also a good video from the same authors to explain those topics: Black Hat, The Air-Gap Jumpers [[Invidious]](https://yewtu.be/watch?v=YKRtFgunyj4) **Realistically, this guide will be of little help against such adversaries as such malware could be implanted on the devices by a manufacturer, anyone in the middle**[^293]**, or by anyone with physical access to the air-gapped computer but there are still some ways to mitigate such techniques:** @@ -1681,53 +1683,53 @@ Here is also a good video from the same authors to explain those topics: Black H ## Some bonus resources: -- Have a look at the Whonix Documentation concerning Data Collection techniques here: [[Archive.org]][196] +- Have a look at the Whonix Documentation concerning Data Collection techniques here: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Data_Collection_Techniques) -- You might also enjoy looking at this service [[Archive.org]][197] (Terms of Services, Didn't Read) that will give you a good overview of the various ToS of many services. +- You might also enjoy looking at this service [[Archive.org]](https://web.archive.org/web/https://tosdr.org/) (Terms of Services, Didn't Read) that will give you a good overview of the various ToS of many services. -- Have a look at [[Archive.org]][198] for some more resources. +- Have a look at [[Archive.org]](https://web.archive.org/web/https://www.eff.org/issues/privacy) for some more resources. -- Have a look at [[Wikiless]][199] [[Archive.org]][200] to have an overview of all known mass-surveillance projects, current, and past. +- Have a look at [[Wikiless]](https://wikiless.org/wiki/List_of_government_mass_surveillance_projects) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/List_of_government_mass_surveillance_projects) to have an overview of all known mass-surveillance projects, current, and past. -- Have a look at [[Archive.org]][201] (even if you don't know about Death Note). +- Have a look at [[Archive.org]](https://web.archive.org/web/https://www.gwern.net/Death-Note-Anonymity) (even if you don't know about Death Note). - Consider finding and reading Michael Bazzell's book "Open-Source Intelligence Techniques" (eighth edition as of this writing to find out more about recent OSINT techniques) -- Finally, check [[Archive.org]][202] for the latest academic papers related to Online Anonymity. +- Finally, check [[Archive.org]](https://web.archive.org/web/https://www.freehaven.net/anonbib/date.html) for the latest academic papers related to Online Anonymity. ## Notes: If you still do not think such information can be used by various actors to track you, you can see some statistics for yourself for some platforms and keep in mind those are only accounting for the lawful data requests and will not count things like PRISM, MUSCULAR, SORM or XKEYSCORE explained earlier: -- Google Transparency Report [[Archive.org]][203] +- Google Transparency Report [[Archive.org]](https://web.archive.org/web/https://transparencyreport.google.com/user-data/overview) -- Facebook Transparency Report [[Archive.org]][204] +- Facebook Transparency Report [[Archive.org]](https://web.archive.org/web/https://transparency.facebook.com/) -- Apple Transparency Report [[Archive.org]][205] +- Apple Transparency Report [[Archive.org]](https://web.archive.org/web/https://www.apple.com/legal/transparency/) -- Cloudflare Transparency Report [[Archive.org]][206] +- Cloudflare Transparency Report [[Archive.org]](https://web.archive.org/web/https://www.cloudflare.com/transparency/) -- Snapchat Transparency Report [[Archive.org]][207] +- Snapchat Transparency Report [[Archive.org]](https://web.archive.org/web/https://www.snap.com/en-US/privacy/transparency) -- Telegram Transparency Report [[Archive.org]][208] (requires telegram installed) +- Telegram Transparency Report [[Archive.org]](https://web.archive.org/web/https://t.me/transparency) (requires telegram installed) -- Microsoft Transparency Report [[Archive.org]][209] +- Microsoft Transparency Report [[Archive.org]](https://web.archive.org/web/https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report) -- Amazon Transparency Report [[Archive.org]][210] +- Amazon Transparency Report [[Archive.org]](https://web.archive.org/web/https://www.amazon.com/gp/help/customer/display.html?nodeId=GYSDRGWQ2C2CRYEF) -- Dropbox Transparency Report [[Archive.org]][211] +- Dropbox Transparency Report [[Archive.org]](https://web.archive.org/web/https://www.dropbox.com/transparency) -- Discord Transparency Report [[Archive.org]][212] +- Discord Transparency Report [[Archive.org]](https://web.archive.org/web/20220812051950/https://discord.com/blog/discord-transparency-report-q1-2022) -- GitHub Transparency Report [[Archive.org]][213] +- GitHub Transparency Report [[Archive.org]](https://web.archive.org/web/https://github.blog/2021-02-25-2020-transparency-report/) -- Snapchat Transparency Report [[Archive.org]][214] +- Snapchat Transparency Report [[Archive.org]](https://web.archive.org/web/20220806141853/https://www.snap.com/en-US/privacy/transparency) -- TikTok Transparency Report [[Archive.org]][215] +- TikTok Transparency Report [[Archive.org]](https://web.archive.org/web/20220812054600/https://www.tiktok.com/transparency/en/information-requests-2021-2/) -- Reddit Transparency Report [[Archive.org]][216] +- Reddit Transparency Report [[Archive.org]](https://web.archive.org/web/20220812054736/https://www.redditinc.com/policies/transparency-report-2021) -- Twitter Transparency Report [[Archive.org]][217] +- Twitter Transparency Report [[Archive.org]](https://web.archive.org/web/20220812054839/https://transparency.twitter.com/) # General Preparations: @@ -1737,9 +1739,9 @@ Zero-Trust Security[^391] ("Never trust, always verify"). Here are some various resources about what Zero-Trust Security is: -- DEFCON, Zero Trust a Vision for Securing Cloud, [[Invidious]][218] +- DEFCON, Zero Trust a Vision for Securing Cloud, [[Invidious]](https://yewtu.be/watch?v=euSsqXO53GY) -- From the NSA themselves, Embracing a Zero Trust Security Model, [[Archive.org]][219] +- From the NSA themselves, Embracing a Zero Trust Security Model, [[Archive.org]](https://web.archive.org/web/https://media.defense.gov/2021/Feb/25/2002588479/-1/-1/0/CSI_EMBRACING_ZT_SECURITY_MODEL_UOO115131-21.PDF) ## Picking your route: @@ -1913,21 +1915,21 @@ Now that you know what is possible, you should also consider threats and adversa In all cases, you should read these two pages from the Whonix documentation that will give you in-depth insight into your choices: -- [[Archive.org]][221] +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Warning) -- [[Archive.org]][222] +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Dev/Threat_Model) -- [[Archive.org]][223] +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Comparison_with_Others) You might be asking yourself: "How do I know if I'm in a hostile online environment where activities are actively monitored and blocked?" -- First read more about it at the EFF here: [[Archive.org]][224] +- First read more about it at the EFF here: [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module/understanding-and-circumventing-network-censorship) - Check some data yourself here on the Tor Project OONI[^296] (Open Observatory of Network Interference) website: - Have a look at and see if they have data about your country. -- Specific to China, look at and [[Archive.org]][225] +- Specific to China, look at and [[Archive.org]](https://web.archive.org/web/https://www.usenix.org/system/files/sec21-hoang.pdf) - Test for yourself using OONI (this can be risky in a hostile environment). @@ -1951,7 +1953,7 @@ This is rather easy. Leave your smartphone on and at home. Have some cash and go We would recommend getting an old "dumbphone" with a removable battery (old Nokia if your mobile networks still allow those to connect as some countries phased out 1G-2G completely). This is to avoid the automatic sending/gathering of any telemetry/diagnostic data on the phone itself. You should never connect that phone to any Wi-Fi. -**Site Note: Be careful of some sellers as shown here ** [[Archive.org]][226] +**Site Note: Be careful of some sellers as shown here ** [[Archive.org]](https://web.archive.org/web/https://therecord.media/malware-found-preinstalled-in-classic-push-button-phones-sold-in-russia/) It will also be crucial not to power on that burner phone ever (not even without the SIM card) in any geographical location that could lead to you (at your home/work for instance) and never at the same location as your other known smartphone (because that one has an IMEI/IMSI that will easily lead to you). This might seem like a big burden, but it is not as these phones are only being used during the setup/sign-up process and for verification from time to time. @@ -1965,7 +1967,7 @@ When you are certain the phone is in working order, disable Bluetooth then power This is the hardest part of the whole guide. It is a SPOF (Single Point of Failure). The places where you can still buy prepaid SIM cards without ID registration are getting increasingly limited due to various KYC type regulations[^297]. -So here is a list of places where you can still get them now: [[Archive.org]][227] +So here is a list of places where you can still get them now: [[Archive.org]](https://web.archive.org/web/https://prepaid-data-sim-card.fandom.com/wiki/Registration_Policies_Per_Country) You should be able to find a place that is "not too far" and just go there physically to buy some pre-paid cards and top-up vouchers with cash. Do verify that no law was passed before going that would make registration mandatory (in case the above wiki was not updated). Try to avoid CCTV and cameras and do not forget to buy a Top-Up voucher with the SIM card (if it is not a package) as most pre-paid cards will require a top-up before use. @@ -1989,19 +1991,19 @@ To this date, we do not know any reputable service that would offer this service - **Recommended**: Do not require any identification (even e-mail): - - (Iceland based, accepts Monero) [[Tor Mirror]][228] [[Archive.org]][229] + - (Iceland based, accepts Monero) [[Tor Mirror]](http://cryptonx6nsmspsnpicuihgmbbz3qvro4na35od3eht4vojdo7glm6yd.onion) [[Archive.org]](https://web.archive.org/web/https://crypton.sh/) - - (Ukraine based, accepts Monero) [[Archive.org]][230] + - (Ukraine based, accepts Monero) [[Archive.org]](https://web.archive.org/web/https://virtualsim.net/) - Do require identification (valid e-mail): - - (US California based, accepts Monero) [[Archive.org]][231] + - (US California based, accepts Monero) [[Archive.org]](https://web.archive.org/web/https://mobilesms.io/) - - (Germany based, accepts Monero) [[Archive.org]][232] + - (Germany based, accepts Monero) [[Archive.org]](https://web.archive.org/web/https://www.sms77.io/) - - (Russia based, accepts Monero) [[Archive.org]][233] + - (Russia based, accepts Monero) [[Archive.org]](https://web.archive.org/web/https://onlinesim.ru/) -There are some other possibilities listed here [[Archive.org]][234]. **Use at your own risk.** +There are some other possibilities listed here [[Archive.org]](https://web.archive.org/web/https://cryptwerk.com/companies/sms/xmr/). **Use at your own risk.** Now, what if you have no money? Well, in that case, you will have to try your luck with free services and hope for the best. Here are some examples, **use at your own risk**: @@ -2021,7 +2023,7 @@ Therefore, it is just more convenient, cheaper, and less risky to just get a pre Get at least one or two decent size generic USB keys (at least 16GB but we would recommend 32GB). -Please do not buy or use gimmicky self-encrypting devices such as these: [[Archive.org]][235] +Please do not buy or use gimmicky self-encrypting devices such as these: [[Archive.org]](https://web.archive.org/web/https://syscall.eu/blog/2018/03/12/aigo_part1/) Some might be very efficient[^298] but many are gimmicky gadgets that offer no real protection[^299]. @@ -2049,9 +2051,9 @@ You could also consider connecting to these places from a safe distance for adde This part of the guide will help you in setting up the simplest and easiest way to browse the web anonymously. It is not necessarily the best method and there are more advanced methods below with (much) better security and (much) better mitigations against various adversaries. Yet, this is a straightforward way of accessing resources anonymously and quickly with no budget, no time, no skills, and limited usage. -So, what is Tor Browser? Tor Browser ( [[Archive.org]][236]) is a web browser like Safari/Firefox/Chrome/Edge/Brave designed with privacy and anonymity in mind. +So, what is Tor Browser? Tor Browser ( [[Archive.org]](https://web.archive.org/web/https://www.torproject.org/)) is a web browser like Safari/Firefox/Chrome/Edge/Brave designed with privacy and anonymity in mind. -This browser is different from other browsers as it will connect to the internet through the Tor Network using Onion Routing. We first recommend that you watch this very nice introduction video by the Tor Project themselves: [[Invidious]][237]. After that, you should probably head over to their page to read their quick overview here: [[Archive.org]][238]. Without going into too many technical details, Tor Browser is an easy and simple "fire and forget" solution to browse the web anonymously from pretty much any device. It is probably sufficient for most people and can be used from any computer or smartphone. +This browser is different from other browsers as it will connect to the internet through the Tor Network using Onion Routing. We first recommend that you watch this very nice introduction video by the Tor Project themselves: [[Invidious]](https://yewtu.be/watch?v=JWII85UlzKw). After that, you should probably head over to their page to read their quick overview here: [[Archive.org]](https://web.archive.org/web/https://2019.www.torproject.org/about/overview.html.en). Without going into too many technical details, Tor Browser is an easy and simple "fire and forget" solution to browse the web anonymously from pretty much any device. It is probably sufficient for most people and can be used from any computer or smartphone. Here are several ways to set it up for all main OSes. @@ -2071,7 +2073,7 @@ Please see [Appendix Y: Installing and using desktop Tor Browser]. - Play Store: - - F-Droid Store: It's not yet there but you can add it manually following the instructions at [[Archive.org]][239] + - F-Droid Store: It's not yet there but you can add it manually following the instructions at [[Archive.org]](https://web.archive.org/web/https://support.torproject.org/tormobile/tormobile-7/) - Install @@ -2103,7 +2105,7 @@ Please see [Appendix Y: Installing and using desktop Tor Browser]. Personally, if you need to use a Bridge (this is not necessary for a non-hostile environment), you should pick a Meek-Azure. Those will probably work even if you are in China and want to bypass the Great Firewall. It is probably the best option to obfuscate your Tor activities if needed and Microsoft servers are usually not blocked. -*Only available for Desktop Tor users: Recently, the Tor Project has made it incredibly simple to access Bridges with **Connection Assist**, and it is now automatically done in hostile or censored regions. Simply open the Tor Browser and the connection will be configured based on your needs on any hostile network. Previously, we had a list of options below this paragraph which were necessary to enable and configure bridges, but now that this is done automatically using [moat](https://support.torproject.org/glossary/moat/).* [[Archive.org]][1387] +*Only available for Desktop Tor users: Recently, the Tor Project has made it incredibly simple to access Bridges with **Connection Assist**, and it is now automatically done in hostile or censored regions. Simply open the Tor Browser and the connection will be configured based on your needs on any hostile network. Previously, we had a list of options below this paragraph which were necessary to enable and configure bridges, but now that this is done automatically using [moat](https://support.torproject.org/glossary/moat/).* [[Archive.org]](https://web.archive.org/web/20220801151048/https://support.torproject.org/glossary/moat/) - You are almost done @@ -2117,7 +2119,7 @@ As with the desktop version, you need to know there are safety levels in Tor Bro - Click **Security Settings**. -You will find details about each level here: [[Archive.org]][240] but here is a summary: +You will find details about each level here: [[Archive.org]](https://web.archive.org/web/https://tb-manual.torproject.org/security-settings/) but here is a summary: - Standard (the default): @@ -2147,8 +2149,6 @@ However, the Safer level should be used with some extra precautions while using Now, you are really done, and you can now surf the web anonymously from your Android device. -**Please see** [Warning for using Orbot on Android][Appendix B6: Warning for using Orbot on Android]. - ### iOS: **Disclaimer: Onion Browser, following a 2018 release on iOS, has had IP leaks via WebRTC. It is still the only officially endorsed browser for the Tor network for iOS. Users should exercise caution when using the browser and check for any DNS leaks.** @@ -2287,19 +2287,19 @@ It does however have some drawbacks: **Important Note: If your laptop is monitored/supervised and some local restrictions are in place, please read** [Appendix U: How to bypass (some) local restrictions on supervised computers]**.** -You should also read Tails Documentation, Warnings, and limitations, before going further [[Archive.org]][241] +You should also read Tails Documentation, Warnings, and limitations, before going further [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/doc/about/warnings/index.en.html) Taking all this into account and the fact that their documentation is great, we will just redirect you towards their well-made and well-maintained tutorial: - [[Archive.org]][242], pick your flavor and proceed. + [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/install/index.en.html), pick your flavor and proceed. -If you're having an issue accessing Tor due to censorship or other issues, you can try using Tor Bridges by following this Tails tutorial: [[Archive.org]][243] and find more information about these on Tor Documentation [[Archive.org]][244] +If you're having an issue accessing Tor due to censorship or other issues, you can try using Tor Bridges by following this Tails tutorial: [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/doc/anonymous_internet/tor/index.en.html) and find more information about these on Tor Documentation [[Archive.org]](https://web.archive.org/web/https://2019.www.torproject.org/docs/bridges) **If you think using Tor alone is dangerous/suspicious, see [Appendix P: Accessing the internet as safely as possible when Tor/VPN is not an option][Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option]** ### Tor Browser settings on Tails: -When using Tor Browser, you should click the little shield Icon (upper right, next to the Address bar) and select your Security level (see [[Archive.org]][240] for details). Basically, there are three. +When using Tor Browser, you should click the little shield Icon (upper right, next to the Address bar) and select your Security level (see [[Archive.org]](https://web.archive.org/web/https://tb-manual.torproject.org/security-settings/) for details). Basically, there are three. - Standard (the default): @@ -2331,7 +2331,7 @@ When you are done and have a working Tails on your laptop, go to the [Creating y ### Persistent Plausible Deniability using Whonix within Tails: -Consider checking the [[Archive.org]][245] project for Tails. +Consider checking the [[Archive.org]](https://web.archive.org/web/https://github.com/aforensics/HiddenVM) project for Tails. This project is a clever idea of a one-click self-contained VM solution that you could store on an encrypted disk using plausible deniability[^311] (see [The Whonix route:] first chapters and also for some explanations about Plausible deniability, as well as the [How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives:] section at the end of this guide for more understanding). @@ -2355,13 +2355,13 @@ In that case, as the project outlines it, there should be no traces of any of yo You might also wonder if this will result in a "Tor over Tor" setup, but it will not. The Whonix VMs will be accessing the network directly through clearnet and not through Tails Onion Routing. -In the future, this could also be supported by the Whonix project themselves as explained here: [[Archive.org]][247] but it is not yet recommended as of now for end-users. +In the future, this could also be supported by the Whonix project themselves as explained here: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Whonix-Host) but it is not yet recommended as of now for end-users. -Remember that encryption with or without plausible deniability is not a silver bullet and will be of little use in case of torture. As a matter a fact, depending on who your adversary would be (your threat model), it might be wise not to use Veracrypt (formerly TrueCrypt) at all as shown in this demonstration: [[Archive.org]][248] +Remember that encryption with or without plausible deniability is not a silver bullet and will be of little use in case of torture. As a matter a fact, depending on who your adversary would be (your threat model), it might be wise not to use Veracrypt (formerly TrueCrypt) at all as shown in this demonstration: [[Archive.org]](https://web.archive.org/web/https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm) **Plausible deniability is only effective against soft lawful adversaries that will not resort to physical means.** -**See ** [[Wikiless]][249] [[Archive.org]][250] +**See ** [[Wikiless]](https://wikiless.org/wiki/Rubber-hose_cryptanalysis) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis) CAUTION: Please see [**Appendix K: Considerations for using external SSD drives**][Appendix K: Considerations for using external SSD drives] and [**Understanding HDD vs SSD**][Understanding HDD vs SSD:] sections if you consider storing such hidden VMs on an external SSD drive: @@ -2375,9 +2375,9 @@ Here is my guide on how to achieve this: #### First Run: -- Download the latest HiddenVM release from [[Archive.org]][251] +- Download the latest HiddenVM release from [[Archive.org]](https://web.archive.org/web/https://github.com/aforensics/HiddenVM/releases) -- Download the latest Whonix XFCE release from [[Archive.org]][252] +- Download the latest Whonix XFCE release from [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/VirtualBox/XFCE) - Prepare a USB Key/Drive with Veracrypt @@ -2471,7 +2471,7 @@ This is because those business laptops usually offer better and more customizabl #### PC: -These settings can be accessed through the boot menu of your laptop. Here is a good tutorial from HP explaining all the ways to access the BIOS on various computers: [[Archive.org]][253] +These settings can be accessed through the boot menu of your laptop. Here is a good tutorial from HP explaining all the ways to access the BIOS on various computers: [[Archive.org]](https://web.archive.org/web/https://store.hp.com/us/en/tech-takes/how-to-enter-bios-setup-windows-pcs) Usually how to access it is by pressing a specific key (F1, F2, or Del) at boot (before your OS). @@ -2535,9 +2535,9 @@ What is Secure Boot **not** protecting you from? Additionally, several attacks could be possible against Secure Boot as explained (in-depth) in these technical videos: -- Defcon 22, [[Invidious]][254] +- Defcon 22, [[Invidious]](https://yewtu.be/watch?v=QDSlWa9xQuA) -- BlackHat 2016, [[Invidious]][255] +- BlackHat 2016, [[Invidious]](https://yewtu.be/watch?v=0fZdL3ufVOI) **So, it can be useful as an added measure against some adversaries but not all. Secure Boot in itself is not encrypting your hard drive. It is an added layer but that is it.** @@ -2545,9 +2545,9 @@ Additionally, several attacks could be possible against Secure Boot as explained #### Mac: -Take a moment to set a firmware password according to the tutorial here: [[Archive.org]][256] +Take a moment to set a firmware password according to the tutorial here: [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-au/HT204455) -You should also enable firmware password reset protection (available from Catalina) according to the documentation here: [[Archive.org]][257] +You should also enable firmware password reset protection (available from Catalina) according to the documentation here: [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-gb/guide/security/sec28382c9ca/web) This feature will mitigate the possibility for some adversaries to use hardware hacks to disable/bypass your firmware password. Note that this will also prevent Apple themselves from accessing the firmware in case of repair. @@ -2557,7 +2557,7 @@ At some point, you will inevitably leave this laptop alone somewhere. You will n It is important to know that it is trivially easy for some specialists to install a key logger in your laptop, or to just make a clone copy of your hard drive that could later allow them to detect the presence of encrypted data in it using forensic techniques (more on that later). -Here is a good cheap method to make your laptop tamper-proof using Nail Polish (with glitter) [[Archive.org]][258] [^309] (with pictures). +Here is a good cheap method to make your laptop tamper-proof using Nail Polish (with glitter) [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/how-tamper-protect-laptop/) [^309] (with pictures). While this is a good cheap method, it could also raise suspicions as it is quite "noticeable" and might just reveal that you "have something to hide". So, there are more subtle ways of achieving the same result. You could also for instance make a close-up macro photography of the back screws of your laptop or just use a small amount of candle wax within one of the screws that could just look like usual dirt. You could then check for tampering by comparing the photographs of the screws with new ones. Their orientation might have changed a bit if your adversary was not careful enough (Tightening them exactly the same way they were before). Or the wax within the bottom of a screw head might have been damaged compared to before. @@ -2591,7 +2591,7 @@ You could then reveal a password, but that password will only give access to "pl This feature can be used at the OS level (a plausible OS and a hidden OS) or at the files level where you will have an encrypted file container (similar to a zip file) where different files will be shown depending on the encryption password you use. -This also means you could set up your own advanced "plausible deniability" setup using any Host OS by storing for instance Virtual Machines on a Veracrypt hidden volume container (be careful of traces in the Host OS tho that would need to be cleaned if the host OS is persistent, see [Some additional measures against forensics][Some additional measures against forensics:] section later). There is a project for achieving this within Tails ( [[Archive.org]][245]) which would make your Host OS non-persistent and use plausible deniability within Tails. +This also means you could set up your own advanced "plausible deniability" setup using any Host OS by storing for instance Virtual Machines on a Veracrypt hidden volume container (be careful of traces in the Host OS tho that would need to be cleaned if the host OS is persistent, see [Some additional measures against forensics][Some additional measures against forensics:] section later). There is a project for achieving this within Tails ( [[Archive.org]](https://web.archive.org/web/https://github.com/aforensics/HiddenVM)) which would make your Host OS non-persistent and use plausible deniability within Tails. In the case of Windows, plausible deniability is also the reason you should ideally have Windows 10/11 Home (and not Pro). This is because Windows 10/11 Pro natively offers a full-disk encryption system (Bitlocker[^317]) where Windows 10/11 Home offers no full-disk encryption at all. You will later use third-party open-source software for encryption that will allow full-disk encryption on Windows 10/11 Home. This will give you a good (plausible) excuse to use this software. While using this software on Windows 10/11 Pro would be suspicious. @@ -2603,11 +2603,11 @@ Unfortunately, encryption is not magic and there are some risks involved: ##### **The 5$ Wrench:** -Remember that encryption with or without plausible deniability is not a silver bullet and will be of little use in case of torture. As a matter a fact, depending on who your adversary would be (your threat model), it might be wise not to use Veracrypt (formerly TrueCrypt) at all as shown in this demonstration: [[Archive.org]][248] +Remember that encryption with or without plausible deniability is not a silver bullet and will be of little use in case of torture. As a matter a fact, depending on who your adversary would be (your threat model), it might be wise not to use Veracrypt (formerly TrueCrypt) at all as shown in this demonstration: [[Archive.org]](https://web.archive.org/web/https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm) Plausible deniability is only effective against soft lawful adversaries that will not resort to physical means. **Avoid, if possible, the use of plausible deniability-capable software (such as Veracrypt) if your threat model includes hard adversaries. So, Windows users should in that case install Windows Pro as a Host OS and use Bitlocker instead.** -See [[Wikiless]][249] [[Archive.org]][250] +See [[Wikiless]](https://wikiless.org/wiki/Rubber-hose_cryptanalysis) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis) ##### Evil-Maid Attack: @@ -2633,25 +2633,25 @@ In the case of Plausible Deniability, there have been some forensics studies[^32 The same measures used to mitigate Evil Maid attacks should be in place for Cold Boot attacks with some added ones: -- If your OS or Encryption software allows it, you should consider encrypting the keys within RAM too (this is possible with Windows/Veracrypt and will be explained later). Again see [[Archive.org]][261] +- If your OS or Encryption software allows it, you should consider encrypting the keys within RAM too (this is possible with Windows/Veracrypt and will be explained later). Again see [[Archive.org]](https://web.archive.org/web/https://sourceforge.net/p/veracrypt/discussion/technical/thread/3961542951/) - Do enable the option to Wipe keys from memory if a device is inserted in Veracrypt. - You should limit the use of Sleep stand-by and instead use Shutdown or Hibernate to prevent the encryption keys from staying in RAM when your computer goes to sleep. This is because sleep will maintain power in your memory for resuming your activity faster. Only hibernation and shutdown will actually clear the key from the memory[^324]. -See also [[Archive.org]][262] and [[Archive.org]][263] +See also [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Cold_Boot_Attack_Defense) and [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Protection_Against_Physical_Attacks) Here are also some interesting tools to consider for Linux users to defend against these: -- [[Archive.org]][264] (unfortunately unmaintained it seems) +- [[Archive.org]](https://web.archive.org/web/https://github.com/0xPoly/Centry) (unfortunately unmaintained it seems) -- [[Archive.org]][266] (unfortunately unmaintained as well it seems) +- [[Archive.org]](https://web.archive.org/web/https://github.com/hephaest0s/usbkill) (unfortunately unmaintained as well it seems) -- [[Archive.org]][267] +- [[Archive.org]](https://web.archive.org/web/https://github.com/Lvl4Sword/Killer) -- [[Archive.org]][268] +- [[Archive.org]](https://web.archive.org/web/https://askubuntu.com/questions/153245/how-to-wipe-ram-on-shutdown-prevent-cold-boot-attacks) -- (Qubes OS, Intel CPU only) [[Archive.org]][269] +- (Qubes OS, Intel CPU only) [[Archive.org]](https://web.archive.org/web/https://github.com/QubesOS/qubes-antievilmaid) ##### About Sleep, Hibernation, and Shutdown: @@ -2679,7 +2679,7 @@ Here are some examples of such leaks: - Recent lists (aka Jump Lists) in Windows and various apps keeping traces of recently accessed documents[^327]. -- Many more traces in various logs, please see this convenient interesting poster for more insight: [[Archive.org]][270] +- Many more traces in various logs, please see this convenient interesting poster for more insight: [[Archive.org]](https://web.archive.org/web/https://www.sans.org/security-resources/posters/windows-forensic-analysis/170/download) ###### macOS: @@ -2735,7 +2735,7 @@ If you have no interest in OS-wide plausible deniability and want to learn to us **In all cases, the host OS should never be used to conduct sensitive activities directly. The host OS will only be used to connect to a public Wi-Fi Access Point. It will be left unused while you conduct sensitive activities and should ideally not be used for any of your day-to-day activities.** -Consider also reading **** [[Archive.org]][271] +Consider also reading **** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Full_Disk_Encryption) ### Linux Host OS: @@ -2743,7 +2743,7 @@ As mentioned earlier, we do not recommend using your daily laptop for sensitive I also recommend that you do the initial installation completely offline to avoid any data leak. -You should always remember that despite the reputation, Linux mainstream distributions (Ubuntu for instance) are not necessarily better at security than other systems such as macOS and Windows. See this reference to understand why [[Archive.org]][272]. +You should always remember that despite the reputation, Linux mainstream distributions (Ubuntu for instance) are not necessarily better at security than other systems such as macOS and Windows. See this reference to understand why [[Archive.org]](https://web.archive.org/web/https://madaidans-insecurities.github.io/linux.html). #### Full disk encryption: @@ -2753,13 +2753,13 @@ There are two routes here with Ubuntu or Debian based distros: - Without plausible deniability: - - (Recommended and easy) Encrypt as part of the installation process: [[Archive.org]][273] + - (Recommended and easy) Encrypt as part of the installation process: [[Archive.org]](https://web.archive.org/web/https://ubuntu.com/tutorials/install-ubuntu-desktop) - This process requires the full erasure of your entire drive (clean install). - Just check the "Encrypt the new Ubuntu installation for security" - - (Tedious but possible) Encrypt after installation: [[Archive.org]][274] + - (Tedious but possible) Encrypt after installation: [[Archive.org]](https://web.archive.org/web/https://help.ubuntu.com/community/ManualFullSystemEncryption) - With plausible deniability: See the next section [The Detached Headers Way] @@ -2775,7 +2775,7 @@ There are several ways to achieve plausible deniability on Linux[^329] and it is ##### The Detached Headers Way: -While not supported yet by this guide, it is possible to achieve a form of deniability on Linux using LUKS by using detached LUKS headers. For now, we will redirect you toward this page for more information: [[Archive.org]][275] +While not supported yet by this guide, it is possible to achieve a form of deniability on Linux using LUKS by using detached LUKS headers. For now, we will redirect you toward this page for more information: [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/title/Dm-crypt/Specialties#Encrypted_system_using_a_detached_LUKS_header) ##### The Veracrypt Way: @@ -2787,17 +2787,17 @@ The steps to achieve this are not yet integrated into this guide but can be foun - During the install, just make sure you do not allow any data collection if prompted. -- If you are not sure, just make sure you did not enable any telemetry and follow this tutorial if needed [[Archive.org]][276] +- If you are not sure, just make sure you did not enable any telemetry and follow this tutorial if needed [[Archive.org]](https://web.archive.org/web/https://vitux.com/how-to-force-ubuntu-to-stop-collecting-your-data-from-your-pc/) - Any other distro: You will need to document yourself and find out yourself how to disable telemetry if there is any. #### Disable anything unnecessary: -- Disable Bluetooth if enabled by following this guide [[Archive.org]][277] or issuing the following command: +- Disable Bluetooth if enabled by following this guide [[Archive.org]](https://web.archive.org/web/https://www.addictivetips.com/ubuntu-linux-tips/disable-bluetooth-in-ubuntu/) or issuing the following command: - ```sudo systemctl disable bluetooth.service --force``` -- Disable Indexing if enabled by default (Ubuntu >19.04) by following this guide [[Archive.org]][278] or issuing the following commands: +- Disable Indexing if enabled by default (Ubuntu >19.04) by following this guide [[Archive.org]](https://web.archive.org/web/https://www.linuxuprising.com/2019/07/how-to-completely-disable-tracker.html) or issuing the following commands: - ```sudo systemctl --user mask tracker-store.service tracker-miner-fs.service tracker-miner-rss.service tracker-extract.service tracker-miner-apps.service tracker-writeback.service``` @@ -2811,37 +2811,37 @@ As explained previously, you should not use the sleep features but shut down or Follow one of these tutorials to enable Hibernate: -- [[Archive.org]][279] +- [[Archive.org]](https://web.archive.org/web/https://www.how2shout.com/linux/how-to-hibernate-ubuntu-20-04-lts-focal-fossa/) -- [[Archive.org]][280] +- [[Archive.org]](https://web.archive.org/web/http://www.lorenzobettini.it/2020/07/enabling-hibernation-on-ubuntu-20-04/) -- [[Archive.org]][281] +- [[Archive.org]](https://web.archive.org/web/20211011215449/https://blog.ivansmirnov.name/how-to-set-up-hibernate-on-ubuntu-20-04/) -After Hibernate is enabled, change the behavior so that your laptop will hibernate when you close the lid by following this tutorial for Ubuntu 20.04 [[Archive.org]][282] and this tutorial for Ubuntu 18.04 [[Archive.org]][283]. There is no tutorial yet for Ubuntu 21.04 or 21.10 but the above for 20.04 should probably work too. +After Hibernate is enabled, change the behavior so that your laptop will hibernate when you close the lid by following this tutorial for Ubuntu 20.04 [[Archive.org]](https://web.archive.org/web/http://ubuntuhandbook.org/index.php/2020/05/lid-close-behavior-ubuntu-20-04/) and this tutorial for Ubuntu 18.04 [[Archive.org]](https://web.archive.org/web/https://tipsonubuntu.com/2018/04/28/change-lid-close-action-ubuntu-18-04-lts/). There is no tutorial yet for Ubuntu 21.04 or 21.10 but the above for 20.04 should probably work too. -Unfortunately, this will not clean the key from memory directly when hibernating. To avoid this at the cost of some performance, you might consider encrypting the swap file by following this tutorial: [[Archive.org]][284] +Unfortunately, this will not clean the key from memory directly when hibernating. To avoid this at the cost of some performance, you might consider encrypting the swap file by following this tutorial: [[Archive.org]](https://web.archive.org/web/https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap) These settings should mitigate cold boot attacks if you can hibernate fast enough. #### Enable MAC address randomization: -- Ubuntu, follow these steps [[Archive.org]][285]. +- Ubuntu, follow these steps [[Archive.org]](https://web.archive.org/web/https://help.ubuntu.com/community/AnonymizingNetworkMACAddresses). - Any other distro: you will have to find the documentation yourself, but it should be quite similar to the Ubuntu tutorial. -- Consider this tutorial which should still work: [[Archive.org]][286] +- Consider this tutorial which should still work: [[Archive.org]](https://web.archive.org/web/https://josh.works/shell-script-basics-change-mac-address) #### Hardening Linux: -As a light introduction for new Linux users, consider [[Invidious]][287] +As a light introduction for new Linux users, consider [[Invidious]](https://yewtu.be/watch?v=Sa0KqbpLye4) For more in-depth and advanced options, refer to: -- This excellent guide: [[Archive.org]][288] +- This excellent guide: [[Archive.org]](https://web.archive.org/web/https://madaidans-insecurities.github.io/guides/linux-hardening.html) -- This excellent wiki resource: [[Archive.org]][289] +- This excellent wiki resource: [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/title/Security) -- These excellent scripts are based on the guide and wiki above: [[Archive.org]][290] +- These excellent scripts are based on the guide and wiki above: [[Archive.org]](https://web.archive.org/web/https://codeberg.org/SalamanderSecurity/PARSEC) - These tools that can help you harden your Linux Kernel: @@ -2849,9 +2849,9 @@ For more in-depth and advanced options, refer to: - Kconfig-hardened-check: -- Consider the use of KickSecure when using Debian: [[Archive.org]][291] +- Consider the use of KickSecure when using Debian: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Kicksecure) -- This interesting article: [[Archive.org]][292] +- This interesting article: [[Archive.org]](https://web.archive.org/web/http://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html) #### Setting up a safe Browser: @@ -2879,18 +2879,18 @@ I also recommend that you do the initial installation completely offline to avoi #### Hardening macOS: -As a light introduction for new macOS users, consider [[Invidious]][293] +As a light introduction for new macOS users, consider [[Invidious]](https://yewtu.be/watch?v=lFx5icuE6Io) -Now to go more in-depth in securing and hardening your macOS, we recommend reading this guide which covers many of the issues: [[Archive.org]][294] +Now to go more in-depth in securing and hardening your macOS, we recommend reading this guide which covers many of the issues: [[Archive.org]](https://web.archive.org/web/https://www.bejarano.io/hardening-macos/) Here are the basic steps you should take after your offline installation: ##### Enable Firmware password with "disable-reset-capability" option: -First, you should set up a firmware password following this guide from Apple: [[Archive.org]][295] +First, you should set up a firmware password following this guide from Apple: [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT204455) -Unfortunately, some attacks are still possible and an adversary could disable this password so you should also follow this guide to prevent disabling the firmware password from anyone including Apple: [[Archive.org]][257] +Unfortunately, some attacks are still possible and an adversary could disable this password so you should also follow this guide to prevent disabling the firmware password from anyone including Apple: [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-gb/guide/security/sec28382c9ca/web) ##### Enable Hibernation instead of sleep: @@ -2926,19 +2926,19 @@ Disable some unnecessary settings within the settings: ##### Prevent Apple OCSP calls: -These are the infamous "unblockable telemetry" calls from macOS Big Sur disclosed here: [[Archive.org]][296] +These are the infamous "unblockable telemetry" calls from macOS Big Sur disclosed here: [[Archive.org]](https://web.archive.org/web/https://sneak.berlin/20201112/your-computer-isnt-yours/) You could block OCSP reporting by issuing the following command in Terminal: - ``` sudo sh -c 'echo "127.0.0.1 ocsp.apple.com" >> /etc/hosts'``` -But you should document yourself on the actual issue before acting. This page is a good place to start: [[Archive.org]][297] +But you should document yourself on the actual issue before acting. This page is a good place to start: [[Archive.org]](https://web.archive.org/web/https://blog.jacopo.io/en/post/apple-ocsp/) Up to you really. We would block it because we do not want any telemetry at all from my OS to the mothership without my specific consent. None. ##### Enable Full Disk encryption (Filevault): -You should enable full disk encryption on your Mac using Filevault according to this part of the guide: [[Archive.org]][294] +You should enable full disk encryption on your Mac using Filevault according to this part of the guide: [[Archive.org]](https://web.archive.org/web/https://www.bejarano.io/hardening-macos/) **Be careful when enabling. Do not store the recovery key at Apple if prompted (should not be an issue since you should be offline at this stage). You do not want a third party to have your recovery key.** @@ -2968,7 +2968,7 @@ I also recommend that you do the initial installation completely offline to avoi You should follow [Appendix A: Windows Installation] -As a light introduction, consider watching [[Invidious]][298] +As a light introduction, consider watching [[Invidious]](https://yewtu.be/watch?v=vNRics7tlqw) #### Enable MAC address randomization: @@ -2976,7 +2976,7 @@ You should randomize your MAC address as explained earlier in this guide: Go into Settings > Network & Internet > Wi-Fi > Enable Random hardware addresses -Alternatively, you could use this free piece of software: [[Archive.org]][299] +Alternatively, you could use this free piece of software: [[Archive.org]](https://web.archive.org/web/https://technitium.com/tmac/) #### Setting up a safe Browser: @@ -3002,11 +3002,11 @@ Veracrypt[^330] is the software we will recommend for full-disk encryption, file It is to my knowledge the only (convenient and usable by anyone) free, open-source, and openly audited[^331] encryption software that also provides plausible deniability for widespread use and it works with Windows Home Edition. -Go ahead and download and install Veracrypt from: [[Archive.org]][300] +Go ahead and download and install Veracrypt from: [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Downloads.html) After installation, please take a moment to review the following options that will help mitigate some attacks: -- Encrypt the memory with a Veracrypt option[^332] (settings > performance/driver options > encrypt RAM) at a cost of 5-15% performance. This setting will also disable hibernation (which does not actively clear the key when hibernating) and instead encrypt the memory altogether to mitigate some cold-boot attacks. More details about this feature here: [[Archive.org]][261] +- Encrypt the memory with a Veracrypt option[^332] (settings > performance/driver options > encrypt RAM) at a cost of 5-15% performance. This setting will also disable hibernation (which does not actively clear the key when hibernating) and instead encrypt the memory altogether to mitigate some cold-boot attacks. More details about this feature here: [[Archive.org]](https://web.archive.org/web/https://sourceforge.net/p/veracrypt/discussion/technical/thread/3961542951/) - Enable the Veracrypt option to wipe the keys from memory if a new device is inserted (system > settings > security > clear keys from memory if a new device is inserted). This could help in case your system is seized while still on (but locked). @@ -3024,7 +3024,7 @@ For this case, we will recommend the use of BitLocker instead of Veracrypt for t Normally, you should have installed Windows Pro in this case and the BitLocker setup is quite straightforward. -Basically, you can follow the instructions here: [[Archive.org]][301] +Basically, you can follow the instructions here: [[Archive.org]](https://web.archive.org/web/https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) But here are the steps: @@ -3110,7 +3110,7 @@ Again, as explained earlier. You should never use the sleep/stand-by feature to The reason is that Hibernation will actually shut down your laptop completely and clean the memory. Sleep on the other hand will leave the memory powered on (including your decryption key) and could leave your laptop vulnerable to cold-boot attacks. -By default, Windows 10/11 might not offer you this possibility so you should enable it by following this Microsoft tutorial: [[Archive.org]][302] +By default, Windows 10/11 might not offer you this possibility so you should enable it by following this Microsoft tutorial: [[Archive.org]](https://web.archive.org/web/https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/disable-and-re-enable-hibernation) - Open an administrator command prompt (right-click on Command Prompt and "Run as Administrator") @@ -3206,7 +3206,7 @@ Now you will have to pick your next step between two options: - No use with an SSD drive due to the requirement of disabling Trim[^339] Operations[^340]. This will severely degrade the performance/health of your SSD drive over time. -**As you can see, Route C only offers two privacy advantages over the others, and it will only be of use against a soft lawful adversary. Remember ** [[Wikiless]][249] [[Archive.org]][250]**.** +**As you can see, Route C only offers two privacy advantages over the others, and it will only be of use against a soft lawful adversary. Remember ** [[Wikiless]](https://wikiless.org/wiki/Rubber-hose_cryptanalysis) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis)**.** Deciding which route you will take is up to you. Route A is a minimum. @@ -3278,13 +3278,13 @@ There will be another section on creating encrypted file containers with Plausib **Your Hidden OS should not be activated (with an MS product key). Therefore, this route will recommend and guide you through a full clean installation that will wipe everything on your laptop.** -Read the Veracrypt Documentation [[Archive.org]][303] (Process of Creation of Hidden Operating System part) and [[Archive.org]][304] (Security Requirements and Precautions Pertaining to Hidden Volumes). +Read the Veracrypt Documentation [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt%20Hidden%20Operating%20System.html) (Process of Creation of Hidden Operating System part) and [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Security%20Requirements%20for%20Hidden%20Volumes.html) (Security Requirements and Precautions Pertaining to Hidden Volumes). This is how your system will look after this process is done: ![][305] -(Illustration from Veracrypt Documentation, [[Archive.org]][303]) +(Illustration from Veracrypt Documentation, [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt%20Hidden%20Operating%20System.html)) As you can see this process requires you to have two partitions on your hard drive from the start. @@ -3322,7 +3322,7 @@ See [Appendix B: Windows Additional Privacy Settings] ###### Step 4: Veracrypt installation and encryption process start (Hidden OS) -Remember to read [[Archive.org]][303] +Remember to read [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt%20Hidden%20Operating%20System.html) Do not connect this OS to your known Wi-Fi. You should download the Veracrypt installer from a different computer and copy the installer here using a USB key. Here are the steps: @@ -3444,7 +3444,7 @@ Time to test your setup: ###### Step 9: Changing the decoy data on your Outer Volume safely -Before going to the next step, you should learn the way to mount your Outer Volume safely for writing content on it. This is also explained in this official Veracrypt Documentation [[Archive.org]][307] +Before going to the next step, you should learn the way to mount your Outer Volume safely for writing content on it. This is also explained in this official Veracrypt Documentation [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Protection%20of%20Hidden%20Volumes.html) **You should do this from a safe trusted place.** @@ -3514,7 +3514,7 @@ Do not put anything suspicious on the Decoy OS such as: - **You encrypted the second Partition with a different password than the System because you do not want anyone in your entourage to see your stuff. And so, you did not want that data available to anyone.** -Take some time to read again the "Possible Explanations for Existence of Two Veracrypt Partitions on Single Drive" of the Veracrypt documentation here [[Archive.org]][303] +Take some time to read again the "Possible Explanations for Existence of Two Veracrypt Partitions on Single Drive" of the Veracrypt documentation here [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt%20Hidden%20Operating%20System.html) **Be careful:** @@ -3538,7 +3538,7 @@ This step and the following steps should be done from within the Host OS. This c In this route, you will make extensive use of the free Oracle Virtualbox[^348] software. This is a virtualization software in which you can create Virtual Machines that emulate a computer running a specific OS (if you want to use something else like Xen, Qemu, KVM, or VMWARE, feel free to do so but this part of the guide covers Virtualbox only for convenience). -So, you should be aware that Virtualbox is not the virtualization software with the best track record in terms of security and some of the reported issues[^349] have not been completely fixed to this date[^350] and if you are using Linux with a bit more technical skills, you should consider using KVM instead by following the guide available at Whonix here [[Archive.org]][308] and here [[Archive.org]][309] +So, you should be aware that Virtualbox is not the virtualization software with the best track record in terms of security and some of the reported issues[^349] have not been completely fixed to this date[^350] and if you are using Linux with a bit more technical skills, you should consider using KVM instead by following the guide available at Whonix here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/KVM) and here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/KVM#Why_Use_KVM_Over_VirtualBox.3F) Some steps should be taken in all cases: @@ -3598,7 +3598,7 @@ To mitigate this, you might have to consider the next option: VPN over Tor but c #### VPN/Proxy over Tor: -This solution can bring some benefits in some specific cases vs using Tor only where accessing the destination service would be impossible from a Tor Exit node. This is because many services will just outright ban, hinder, or block Tor Exit Nodes (see [[Archive.org]][312]). +This solution can bring some benefits in some specific cases vs using Tor only where accessing the destination service would be impossible from a Tor Exit node. This is because many services will just outright ban, hinder, or block Tor Exit Nodes (see [[Archive.org]](https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor)). This solution can be achieved in two ways: @@ -3620,7 +3620,7 @@ Stream isolation is a mitigation technique used to prevent some correlation atta ![][314] -(Illustration from Marcelo Martins, [[Archive.org]][315]) +(Illustration from Marcelo Martins, [[Archive.org]](https://web.archive.org/web/https://stakey.club/en/decred-via-tor-network/)) VPN/Proxy over Tor falls on the right-side[^352] meaning using a VPN/Proxy over Tor forces Tor to use one circuit for all activities instead of multiple circuits for each. This means that using a VPN/Proxy over Tor can reduce the effectiveness of Tor in some cases and should therefore be used only for some specific cases: @@ -3636,11 +3636,11 @@ Also, note that Stream Isolation does not necessarily change all the nodes in yo More information at: -- [[Archive.org]][316] +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation) -- [[Archive.org]][317] +- [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/contribute/design/stream_isolation/) -- [[Archive.org]][318] +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction#Comparison_Table) #### Tor over VPN: @@ -3662,7 +3662,7 @@ You might be wondering: Well, what about using Tor over VPN instead of VPN over Note, if you are having issues accessing the Tor Network due to blocking/censorship, you could try using Tor Bridges. See [Appendix X: Using Tor bridges in hostile environments]. -It is also possible to consider **VPN over Tor over VPN (User > VPN > Tor > VPN > Internet)** using two cash/Monero paid VPNs instead. This means that you will connect the Host OS to a first VPN from your Public Wi-Fi, then Whonix will connect to Tor, and finally, your VM will connect to a second VPN over Tor over VPN (see [[Archive.org]][319]). +It is also possible to consider **VPN over Tor over VPN (User > VPN > Tor > VPN > Internet)** using two cash/Monero paid VPNs instead. This means that you will connect the Host OS to a first VPN from your Public Wi-Fi, then Whonix will connect to Tor, and finally, your VM will connect to a second VPN over Tor over VPN (see [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor)). This will of course have a significant performance impact and might be quite slow, but Tor is necessary somewhere for achieving reasonable anonymity. @@ -3680,15 +3680,15 @@ Just using a VPN or even a VPN over VPN makes no sense as those can be traced ba For more info, please see the following references: -- [[Archive.org]][320] +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Comparison_Of_Tor_with_CGI_Proxies,_Proxy_Chains,_and_VPN_Services) -- [[Archive.org]][321] +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Why_does_Whonix_use_Tor) -- [[Archive.org]][322] +- [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_a_comparative_study) -- [[Archive.org]][323] +- [[Archive.org]](https://web.archive.org/web/https://gist.github.com/joepie91/5a9909939e6ce7d09e29) -- [[Archive.org]][324] +- [[Archive.org]](https://web.archive.org/web/https://schub.wtf/blog/2019/04/08/very-precarious-narrative.html) **In the context of this guide, Tor is required somewhere to achieve reasonable and safe anonymity and you should use it if you can.** @@ -3729,25 +3729,25 @@ Unfortunately, using Tor alone will raise the suspicion of many destinations' pl For more information, you can also see the discussions here that could help decide yourself: -- Tor Project: [[Archive.org]][325] +- Tor Project: [[Archive.org]](https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN) - Tails Documentation: - - [[Archive.org]][326] + - [[Archive.org]](https://web.archive.org/web/https://gitlab.tails.boum.org/tails/blueprints/-/wikis/vpn_support/) - - [[Archive.org]][327] + - [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/support/faq/index.en.html) - Whonix Documentation (in this order): - - [[Archive.org]][328] + - [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction) - - [[Archive.org]][329] + - [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN) - - [[Archive.org]][319] + - [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor) - Some papers on the matter: - - [[Archive.org]][322] + - [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_a_comparative_study) ### Getting an anonymous VPN/Proxy: @@ -3791,15 +3791,15 @@ This will allow you to turn your VMs into a kind of disposable "Live Operating S You should download a few things within the host OS: -- The latest version of the Virtualbox installer according to your Host OS [[Archive.org]][332] +- The latest version of the Virtualbox installer according to your Host OS [[Archive.org]](https://web.archive.org/web/https://www.virtualbox.org/wiki/Downloads) -- (Skip this if you cannot use Tor natively or through a VPN) The latest Whonix OVA file from [[Archive.org]][333] according to your preference (Linux/Windows, with a Desktop interface XFCE for simplicity or only with the text-client for advanced users) +- (Skip this if you cannot use Tor natively or through a VPN) The latest Whonix OVA file from [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Download) according to your preference (Linux/Windows, with a Desktop interface XFCE for simplicity or only with the text-client for advanced users) This will conclude the preparations and you should now be ready to start setting up the final environment that will protect your anonymity online. #### Virtualbox Hardening recommendations: -For ideal security, you should follow the recommendations provided here for each Virtualbox Virtual Machine [[Archive.org]][334] : +For ideal security, you should follow the recommendations provided here for each Virtualbox Virtual Machine [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Virtualization_Platform_Security) : - Disable Audio. @@ -3825,7 +3825,7 @@ For ideal security, you should follow the recommendations provided here for each - Disable the USB controller which is enabled by default. Set the Pointing Device to "PS/2 Mouse" or changes will revert. -Finally, also follow this recommendation to desync the clock you are your VM compared to your host OS [[Archive.org]][335] +Finally, also follow this recommendation to desync the clock you are your VM compared to your host OS [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Network_Time_Synchronization) This offset should be within a 60000-millisecond range and should be different for each VM and here are some examples (which can be later applied to any VM): @@ -3837,9 +3837,9 @@ This offset should be within a 60000-millisecond range and should be different f - ```VBoxManage modifyvm "Whonix-Workstation-XFCE" --biossystemtimeoffset +27931``` -Also, consider applying these mitigations from VirtualBox to mitigate Spectre[^356]/Meltdown[^357] vulnerabilities by running this command from the VirtualBox Program Directory. All of these are described here: [[Archive.org]][82] (be aware these can impact severely the performance of your VMs but should be done for best security). +Also, consider applying these mitigations from VirtualBox to mitigate Spectre[^356]/Meltdown[^357] vulnerabilities by running this command from the VirtualBox Program Directory. All of these are described here: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Spectre_Meltdown) (be aware these can impact severely the performance of your VMs but should be done for best security). -Finally, consider the security advice from Virtualbox themselves here [[Archive.org]][336] +Finally, consider the security advice from Virtualbox themselves here [[Archive.org]](https://web.archive.org/web/https://www.virtualbox.org/manual/ch13.html) ### Tor over VPN: @@ -3859,13 +3859,13 @@ See [Appendix R: Installing a VPN on your VM or Host OS][Appendix R: Installing - Start Virtualbox on your Host OS. -- Import Whonix file Into Virtualbox following the instructions on [[Archive.org]][252] +- Import Whonix file Into Virtualbox following the instructions on [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/VirtualBox/XFCE) - Start the Whonix VMs -Remember at this stage that if you are having issues connecting to Tor due to censorship or blocking, you should consider connecting using Bridges as explained in this tutorial [[Archive.org]][337]. +Remember at this stage that if you are having issues connecting to Tor due to censorship or blocking, you should consider connecting using Bridges as explained in this tutorial [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Bridges). -- Update the Whonix VMs by following the instructions on [[Archive.org]][338] +- Update the Whonix VMs by following the instructions on [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Operating_System_Software_and_Updates) - Shutdown the Whonix VMs @@ -3873,7 +3873,7 @@ Remember at this stage that if you are having issues connecting to Tor due to ce - Go to the next step -**Important Note: You should also read these very good recommendations over there ** [[Archive.org]][339] **as most of those principles will also apply to this guide. You should also read their general documentation here ** [[Archive.org]][340] **which will also provide tons of advice like this guide.** +**Important Note: You should also read these very good recommendations over there ** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/DoNot) **as most of those principles will also apply to this guide. You should also read their general documentation here ** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Documentation) **which will also provide tons of advice like this guide.** ### Pick your guest workstation Virtual Machine: @@ -3897,23 +3897,23 @@ Just use the provided Whonix Workstation VM. **It is the safest and most secure **It is also the only VM that will provide Stream Isolation pre-configured for most apps by default**[^358]**.** -If you want additional software on the Workstation (such as another Browser), follow their guide here [[Archive.org]][341] +If you want additional software on the Workstation (such as another Browser), follow their guide here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Install_Software) -Consider running Whonix in Live Mode if for extra malware protection, See [[Archive.org]][342] +Consider running Whonix in Live Mode if for extra malware protection, See [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Anti-Forensics_Precautions) Do not forget to apply the VM hardening recommendations here: [Virtualbox Hardening recommendations]. -Consider using AppArmor on your Whonix Workstations by following this guide: [[Archive.org]][343] +Consider using AppArmor on your Whonix Workstations by following this guide: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/AppArmor) #### Linux (any distro): -**Be careful, any customization you make to the non-Whonix guest VMs (keyboard layout, language, time zone, screen resolution, or other) could be used to fingerprint your VMs later. See ** [[Archive.org]][344] +**Be careful, any customization you make to the non-Whonix guest VMs (keyboard layout, language, time zone, screen resolution, or other) could be used to fingerprint your VMs later. See ** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/VM_Fingerprinting) ##### If you can use Tor (natively or over a VPN): Use the Linux Distro of your choice. We would recommend Ubuntu or Fedora for convenience but any other would work too. Be sure to not enable any telemetry. -Refer to this tutorial [[Archive.org]][345] for detailed instructions. +Refer to this tutorial [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Other_Operating_Systems) for detailed instructions. Consider hardening the VM as recommended in [Hardening Linux]. @@ -3931,7 +3931,7 @@ See [Appendix V1: Hardening your Browsers][Appendix V1: Hardening your Browsers: ### Windows 10/11 Virtual Machine: -**Be careful, any customization you make to the non-Whonix guest VMs (keyboard layout, language, time zone, screen resolution, or other) could be used to fingerprint your VMs later. See ** [[Archive.org]][344] +**Be careful, any customization you make to the non-Whonix guest VMs (keyboard layout, language, time zone, screen resolution, or other) could be used to fingerprint your VMs later. See ** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/VM_Fingerprinting) #### Windows 10 and 11 ISO download: @@ -3939,7 +3939,7 @@ Go with the Official Windows 10/11 Pro VM and harden it yourself: see [Appendix #### If you can use Tor (natively or over a VPN): -Refer to this tutorial [[Archive.org]][345] for detailed instructions. +Refer to this tutorial [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Other_Operating_Systems) for detailed instructions. ##### Install: @@ -4085,13 +4085,13 @@ Personally, We would recommend AnBox over Android-x86 but it requires Linux ##### AnBox: -Basically follow the tutorial here for installing AnBox on the Whonix Workstation: [[Archive.org]][347] for running Android Applications within an AnBox VM. +Basically follow the tutorial here for installing AnBox on the Whonix Workstation: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Anbox) for running Android Applications within an AnBox VM. Or follow the instructions here to install on any other VM **(Linux Only)** ##### Android-x86: -Basically, follow the tutorial here: [[Archive.org]][348] +Basically, follow the tutorial here: [[Archive.org]](https://web.archive.org/web/https://www.android-x86.org/documentation/virtualbox.html) - Download the ISO file of your choice @@ -4161,11 +4161,11 @@ Just use the tutorials as is and see [Appendix P: Accessing the internet as safe - Windows Host OS: - - Virtualbox Catalina Tutorial: [[Archive.org]][349] + - Virtualbox Catalina Tutorial: [[Archive.org]](https://web.archive.org/web/https://www.wikigain.com/install-macos-catalina-on-virtualbox-on-windows/) - - Virtualbox Big Sur Tutorial: [[Archive.org]][350] + - Virtualbox Big Sur Tutorial: [[Archive.org]](https://web.archive.org/web/https://www.wikigain.com/how-to-install-macos-big-sur-on-virtualbox-on-windows-pc/) - - Virtualbox Monterey Tutorial: [[Archive.org]][351] + - Virtualbox Monterey Tutorial: [[Archive.org]](https://web.archive.org/web/https://www.wikigain.com/install-macos-monterey-on-virtualbox/) - macOS Host OS: @@ -4175,7 +4175,7 @@ Just use the tutorials as is and see [Appendix P: Accessing the internet as safe - Just use the same tutorials as above but execute the various commands in the terminal. It should work without issue. -There are some drawbacks to running macOS on Virtual Machines. The main one is that they do not have a serial number (0 by default) and you will be unable to log in to any Apple-provided service (iCloud, iMessage...) without a genuine ID. You can set such IDs using this script: [[Archive.org]][352] but keep in mind that randomly generated IDs will not work and using the ID of someone else will break their Terms of Services and could count as impersonation (and therefore could be illegal). +There are some drawbacks to running macOS on Virtual Machines. The main one is that they do not have a serial number (0 by default) and you will be unable to log in to any Apple-provided service (iCloud, iMessage...) without a genuine ID. You can set such IDs using this script: [[Archive.org]](https://web.archive.org/web/https://github.com/myspaghetti/macos-virtualbox) but keep in mind that randomly generated IDs will not work and using the ID of someone else will break their Terms of Services and could count as impersonation (and therefore could be illegal). Note: We also ran in multiple issues with running these on AMD processors. This can be fixed so here is the configurationWeused which worked fine with Catalina, Big Sur and Monterey which will tell Virtualbox to emulate an Intel Processor instead: @@ -4217,25 +4217,25 @@ Here are the tutorials: - Tails: KeePassXC is integrated by default -- Whonix: [[Archive.org]][353] +- Whonix: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Keepassxc) - Linux: - - Download from [[Archive.org]][354] + - Download from [[Archive.org]](https://web.archive.org/web/https://keepassxc.org/download/) - - Follow the tutorial here [[Archive.org]][355] + - Follow the tutorial here [[Archive.org]](https://web.archive.org/web/https://keepassxc.org/docs/KeePassXC_GettingStarted.html) - Windows: - - Download from [[Archive.org]][354] + - Download from [[Archive.org]](https://web.archive.org/web/https://keepassxc.org/download/) - - Follow the tutorial here [[Archive.org]][355] + - Follow the tutorial here [[Archive.org]](https://web.archive.org/web/https://keepassxc.org/docs/KeePassXC_GettingStarted.html) - macOS: - - Download from [[Archive.org]][354] + - Download from [[Archive.org]](https://web.archive.org/web/https://keepassxc.org/download/) - - Follow the tutorial here [[Archive.org]][355] + - Follow the tutorial here [[Archive.org]](https://web.archive.org/web/https://keepassxc.org/docs/KeePassXC_GettingStarted.html) Test that KeePassXC is working before going to the next step. @@ -4778,27 +4778,27 @@ As they say on their website, Qubes OS is a reasonably secure, free, open-source Qubes OS is not a Linux distribution[^362] but a Xen distribution. It is different from Linux distributions because it will make extensive use of Virtualization and Compartmentalization so that any app will run in a different VM (Qube). As a bonus, Qubes OS integrates Whonix by default and allows for increased privacy and anonymity. It is highly recommended that you document yourself over Qubes OS principles before going this route. Here are some recommended resources: -- Qubes OS Introduction, [[Archive.org]][359] +- Qubes OS Introduction, [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/intro/) -- Qubes OS Video Tours, [[Archive.org]][360] +- Qubes OS Video Tours, [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/video-tours/) -- Qubes OS Getting Started, [[Archive.org]][361] +- Qubes OS Getting Started, [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/doc/getting-started/) -- YouTube, Life Behind the Tinfoil: A Look at Qubes and Copperhead - Konstantin Ryabitsev, The Linux Foundation [[Invidious]][362] +- YouTube, Life Behind the Tinfoil: A Look at Qubes and Copperhead - Konstantin Ryabitsev, The Linux Foundation [[Invidious]](https://yewtu.be/watch?v=8cU4hQg6GvU) -- YouTube, We used the reasonably-secure Qubes OS for 6 months and survived - Matty McFatty [@themattymcfatty] [[Invidious]][363] +- YouTube, We used the reasonably-secure Qubes OS for 6 months and survived - Matty McFatty [@themattymcfatty] [[Invidious]](https://yewtu.be/watch?v=sbN5Bz3v-uA) -- YouTube, Qubes OS: How it works, and a demo of this VM-centric OS [[Invidious]][364] +- YouTube, Qubes OS: How it works, and a demo of this VM-centric OS [[Invidious]](https://yewtu.be/watch?v=YPAvoFsvSbg) This OS is recommended by prominent figures such as Edward Snowden, PrivacyGuides.org. -Qubes is the best option in this guide for people who are more comfortable with Linux and tech in general. But it has some downsides such as the lack of OS-wide plausible deniability, its hardware requirements, and its hardware compatibility. While you can run this on 4GB of RAM as per their requirements [[Archive.org]][363], the recommended RAM is 16GB. We would recommend against using Qubes OS if you have less than 8GB of RAM. If you want a comfortable experience, you should have 16GB, if you want a particularly enjoyable experience, you should have 24GB or 32GB. +Qubes is the best option in this guide for people who are more comfortable with Linux and tech in general. But it has some downsides such as the lack of OS-wide plausible deniability, its hardware requirements, and its hardware compatibility. While you can run this on 4GB of RAM as per their requirements [[Archive.org]](https://yewtu.be/watch?v=sbN5Bz3v-uA), the recommended RAM is 16GB. We would recommend against using Qubes OS if you have less than 8GB of RAM. If you want a comfortable experience, you should have 16GB, if you want a particularly enjoyable experience, you should have 24GB or 32GB. The reason for this RAM requirement is that each app will run in a different VM and each of those VM will require and allocate a certain amount of memory that will not be available for other apps. If you are running native Windows apps within Qubes OS Qubes, the ram overhead will be significant. -You should also check their hardware compatibility here [[Archive.org]][365] before proceeding. Your mileage might vary, and you might experience several issues about hardware compatibility that you will have to troubleshoot and solve yourself. +You should also check their hardware compatibility here [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/hcl/) before proceeding. Your mileage might vary, and you might experience several issues about hardware compatibility that you will have to troubleshoot and solve yourself. -I think that if you can afford it and are comfortable with the idea of using Linux, you should go with this route as it is probably the best one in terms of security and privacy. The only disadvantage of this route is that it does not provide a way to enable OS-wide plausible deniability [[Archive.org]][311], unlike the Whonix route. +I think that if you can afford it and are comfortable with the idea of using Linux, you should go with this route as it is probably the best one in terms of security and privacy. The only disadvantage of this route is that it does not provide a way to enable OS-wide plausible deniability [[Archive.org]](media/image24.jpeg), unlike the Whonix route. ### Pick your connectivity method: @@ -4844,7 +4844,7 @@ To mitigate this, you might have to consider the next option: VPN over Tor but c #### VPN/Proxy over Tor: -This solution can bring some benefits in some specific cases vs using Tor only where accessing the destination service would be impossible from a Tor Exit node. This is because many services will just outright ban, hinder, or block Tor Exit Nodes (see [[Archive.org]][312]). +This solution can bring some benefits in some specific cases vs using Tor only where accessing the destination service would be impossible from a Tor Exit node. This is because many services will just outright ban, hinder, or block Tor Exit Nodes (see [[Archive.org]](https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor)). This solution can be achieved in two ways: @@ -4866,7 +4866,7 @@ Stream isolation is a mitigation technique used to prevent some correlation atta ![][314] -(Illustration from Marcelo Martins, [[Archive.org]][315]) +(Illustration from Marcelo Martins, [[Archive.org]](https://web.archive.org/web/https://stakey.club/en/decred-via-tor-network/)) VPN/Proxy over Tor falls on the right-side[^365] meaning using a VPN/Proxy over Tor forces Tor to use one circuit for all activities instead of multiple circuits for each. This means that using a VPN/Proxy over Tor can reduce the effectiveness of Tor in some cases and should therefore be used only for some specific cases: @@ -4878,11 +4878,11 @@ VPN/Proxy over Tor falls on the right-side[^365] meaning using a VPN/Proxy over More information at: -- [[Archive.org]][316] +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation) -- [[Archive.org]][317] +- [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/contribute/design/stream_isolation/) -- [[Archive.org]][318] +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction#Comparison_Table) #### Tor over VPN: @@ -4900,9 +4900,9 @@ You might be wondering: Well, what about using Tor over VPN instead of VPN over - This method also does not break Tor Stream isolation. -Note, if you're having issues accessing the Tor Network due to blocking/censorship, you could try using Tor Bridges (see Tor Documentation [[Archive.org]][244] and Whonix Documentation [[Archive.org]][337]). +Note, if you're having issues accessing the Tor Network due to blocking/censorship, you could try using Tor Bridges (see Tor Documentation [[Archive.org]](https://web.archive.org/web/https://2019.www.torproject.org/docs/bridges) and Whonix Documentation [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Bridges)). -It is also possible to consider **VPN over Tor over VPN (User > VPN > Tor > VPN > Internet)** using two cash/Monero paid VPNs instead. This means that you will connect the Host OS to a first VPN from your Public Wi-Fi, then Whonix will connect to Tor, and finally, your VM will connect to a second VPN over Tor over VPN (see [[Archive.org]][319]). +It is also possible to consider **VPN over Tor over VPN (User > VPN > Tor > VPN > Internet)** using two cash/Monero paid VPNs instead. This means that you will connect the Host OS to a first VPN from your Public Wi-Fi, then Whonix will connect to Tor, and finally, your VM will connect to a second VPN over Tor over VPN (see [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor)). This will of course have a significant performance impact and might be quite slow, but Tor is necessary somewhere for achieving reasonable anonymity. @@ -4920,15 +4920,15 @@ Just using a VPN or even a VPN over VPN makes no sense as those can be traced ba For more info, please see the following references: -- [[Archive.org]][320] +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Comparison_Of_Tor_with_CGI_Proxies,_Proxy_Chains,_and_VPN_Services) -- [[Archive.org]][321] +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Why_does_Whonix_use_Tor) -- [[Archive.org]][322] +- [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_a_comparative_study) -- [[Archive.org]][323] +- [[Archive.org]](https://web.archive.org/web/https://gist.github.com/joepie91/5a9909939e6ce7d09e29) -- [[Archive.org]][324] +- [[Archive.org]](https://web.archive.org/web/https://schub.wtf/blog/2019/04/08/very-precarious-narrative.html) **In the context of this guide, Tor is required somewhere to achieve reasonable and safe anonymity and you should use it if you can.** @@ -4969,25 +4969,25 @@ Unfortunately, using Tor alone will raise the suspicion of many destinations' pl For more information, you can also see the discussions here that could help decide yourself: -- Tor Project: [[Archive.org]][325] +- Tor Project: [[Archive.org]](https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN) - Tails Documentation: - - [[Archive.org]][326] + - [[Archive.org]](https://web.archive.org/web/https://gitlab.tails.boum.org/tails/blueprints/-/wikis/vpn_support/) - - [[Archive.org]][327] + - [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/support/faq/index.en.html) - Whonix Documentation (in this order): - - [[Archive.org]][328] + - [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction) - - [[Archive.org]][329] + - [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN) - - [[Archive.org]][319] + - [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor) - Some papers on the matter: - - [[Archive.org]][322] + - [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_a_comparative_study) ### Getting an anonymous VPN/Proxy: @@ -5001,9 +5001,9 @@ Qubes OS uses LUKS for full disk encryption and it is technically possible to ac ### Installation: -You will follow the instructions from their own guide [[Archive.org]][368]: +You will follow the instructions from their own guide [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/doc/installation-guide/): -(Secure Boot is not supported as per their FAQ: [[Archive.org]][369] so it should be disabled in the BIOS/UEFI settings.) +(Secure Boot is not supported as per their FAQ: [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/faq/) so it should be disabled in the BIOS/UEFI settings.) - Download the latest Qubes OS 4.1.x installation ISO according to their hardware compatibility list. @@ -5013,11 +5013,11 @@ You will follow the instructions from their own guide [[Archive.org]][337]) + - **If you want to use Tor or VPN over Tor: Check the** "**Enabling system and template updates over the Tor anonymity network using Whonix" during the last step. This will force all Qubes OS updates to go through Tor. While this will significantly reduce your update speed, it will increase your anonymity from the start.** (If you are having issues connecting to Tor due to censorship or blocking, consider using Tor Bridges as recommended earlier. Just follow the tutorial provided here: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Bridges)) - If you want to use Tor over VPN or cannot use any of those, leave it unchecked. - - Be absolutely sure that you are verifying the signature of the ISO, which you can find on this page: [[Archive.org]][1367]. Check by obtaining the fingerprint from multiple independent sources in several different ways as recommended. This is to ensure the image has not been tampered with. Do not skip this vital step even though you know you are getting the ISO from a trusted source, because it's possible for the Qubes website to be compromised. + - Be absolutely sure that you are verifying the signature of the ISO, which you can find on this page: [[Archive.org]](https://web.archive.org/web/20220511015546/https://www.qubes-os.org/security/verifying-signatures/). Check by obtaining the fingerprint from multiple independent sources in several different ways as recommended. This is to ensure the image has not been tampered with. Do not skip this vital step even though you know you are getting the ISO from a trusted source, because it's possible for the Qubes website to be compromised. - If you are prevented from using Tor, there is no point in installing the Whonix VM templates. You can disable Whonix installation during the post-installation, initial setup wizard. @@ -5025,7 +5025,7 @@ To be sure your Qubes ISO hasn't been tampered with, you should get the Qubes ma The Qubes master signing key fingerprint should match `427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494`. -*Remember to read the guide to verifying signatures on the Qubes website: [[Archive.org]][1367].* +*Remember to read the guide to verifying signatures on the Qubes website: [[Archive.org]](https://web.archive.org/web/20220511015546/https://www.qubes-os.org/security/verifying-signatures/).* ### Lid Closure Behavior: @@ -5043,11 +5043,11 @@ Before deciding to use this system, please read [Appendix B4: Important notes ab See the following links for more details and installation instructions: -- [[Archive.org]][1378] +- [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/doc/anti-evil-maid/) -- [[Archive.org]][1379] +- [[Archive.org]](https://web.archive.org/web/https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html) -- [[Archive.org]][1380] +- [[Archive.org]](https://web.archive.org/web/https://github.com/QubesOS/qubes-antievilmaid) ### Connect to a Public Wi-Fi: @@ -5067,7 +5067,7 @@ Remember this should be done from a safe place (see [Find some safe places with - Select Random to randomize your Mac Address - - **Warning: This setting should work in most cases but can be unreliable on some network adapters. Please refer to this documentation if you want to be sure: ** [[Archive.org]][370] + - **Warning: This setting should work in most cases but can be unreliable on some network adapters. Please refer to this documentation if you want to be sure: ** [[Archive.org]](https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/anonymizing-your-mac-address.md) - Save @@ -5087,7 +5087,7 @@ Remember this should be done from a safe place (see [Find some safe places with Personally, we wouldn't do it in-place and do a fresh install. -But if you really want to, it's technically possible by following this guide: [[Archive.org]][1372] +But if you really want to, it's technically possible by following this guide: [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/doc/upgrade/4.1/) ### Updating Qubes OS: @@ -5109,9 +5109,9 @@ After you are connected to a Wi-Fi you need to update Qubes OS and Whonix. You m ### Upgrading Whonix from version 15 to version 16: -Again, you should really do this ASAP. We would use a fresh install but it's technically possible to do it in-place, see [[Archive.org]][1376] +Again, you should really do this ASAP. We would use a fresh install but it's technically possible to do it in-place, see [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Release_Upgrade_Whonix_15_to_Whonix_16) -Follow the instructions on [[Archive.org]][371]. *If you're running Qubes 4.1.x, this is already done for you.* +Follow the instructions on [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Qubes/Install). *If you're running Qubes 4.1.x, this is already done for you.* ### Hardening Qubes OS: @@ -5133,31 +5133,31 @@ Basically, AppArmor[^367] is an application sandboxing system. By default, it is - About the Debian VMs: - - Head out and read [[Archive.org]][372] + - Head out and read [[Archive.org]](https://web.archive.org/web/https://wiki.debian.org/AppArmor) - About any other Linux VM: - Head out and read: - - [[Archive.org]][373] + - [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/title/AppArmor) - - [[Archive.org]][372] + - [[Archive.org]](https://web.archive.org/web/https://wiki.debian.org/AppArmor) - About the Whonix VMs, you should consider enabling and using AppArmor, especially on the Whonix VMs of Qubes OS: - - First, you should head out and read [[Archive.org]][343] + - First, you should head out and read [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/AppArmor) - - Secondly, you should head out again and read [[Archive.org]][374] + - Secondly, you should head out again and read [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Qubes/AppArmor) ##### SELinux: SELinux[^368] is similar to AppArmor. The differences between SELinux and AppArmor are technical details into which we will not get. -Here is a good explanation of what it is: [[Invidious]][375] +Here is a good explanation of what it is: [[Invidious]](https://yewtu.be/watch?v=_WOKRaM-HI4) In this guide and the context of Qubes OS, it is important to mention it as it is the recommended method by Fedora which is one of the default systems on Qubes OS. -So, head out and read [[Archive.org]][376] +So, head out and read [[Archive.org]](https://web.archive.org/web/https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/) You could make use of SELinux on your Fedora Templates. But this is up to you. Again, this is for advanced users. @@ -5167,9 +5167,9 @@ You could make use of SELinux on your Fedora Templates. But this is up to you. A This tutorial should also work with any OpenVPN provider (Mullvad, IVPN, Safing.io, or Proton VPN for instance). -This is based on the tutorial provided by Qubes OS themselves ( [[Archive.org]][377]). If you are familiar with this process, you can follow their tutorial. +This is based on the tutorial provided by Qubes OS themselves ( [[Archive.org]](https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md)). If you are familiar with this process, you can follow their tutorial. -Alternatively, Mullvad also have a help article that guides you through setting up a Proxy VM [[Archive.org]][1377]. +Alternatively, Mullvad also have a help article that guides you through setting up a Proxy VM [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/qubes-os-4-and-mullvad-vpn/). #### Create the ProxyVM: @@ -5200,7 +5200,7 @@ Alternatively, Mullvad also have a help article that guides you through setting - Usually when you connect to your VPN provider's website, it'll tell you whether your traffic is being properly routed through the VPN. - If you are going for Tor over VPN, the opposite should be done, the ProxyVM should have its networking set as "sys-tor" and the "sys-tor" VM should have "sys-vpn" for its networking. - - Test the VM connectivity to the internet by launching a Browser within the ProxyVM. Visit [[Archive.org]][378] (It should say you are connected to Tor) + - Test the VM connectivity to the internet by launching a Browser within the ProxyVM. Visit [[Archive.org]](https://web.archive.org/web/https://check.torproject.org/) (It should say you are connected to Tor) #### Download the VPN configuration from your cash/Monero paid VPN provider: @@ -5278,7 +5278,7 @@ When you are done downloading the configuration files within the Disposable Brow - ```ip6tables -I FORWARD -i eth0 -j DROP``` -> (These will block outbound traffic when the VPN is down, it is a kill switch, more information here [[Archive.org]][379] ) +> (These will block outbound traffic when the VPN is down, it is a kill switch, more information here [[Archive.org]](https://web.archive.org/web/https://linuxconfig.org/how-to-create-a-vpn-killswitch-using-iptables-on-linux) ) - ```iptables -A OUTPUT -d 10.8.0.1 -j ACCEPT``` @@ -5302,11 +5302,11 @@ When you are done downloading the configuration files within the Disposable Brow - Test the ProxyVM VPN connectivity by starting a Browser within it and going to your VPN provider test page. It should now say you are connected to a VPN: - - Mullvad: [[Archive.org]][380] + - Mullvad: [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/check/) - - IVPN: [[Archive.org]][381] (check the top banner) + - IVPN: [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/) (check the top banner) - - Proton VPN: Follow their instructions here [[Archive.org]][382] + - Proton VPN: Follow their instructions here [[Archive.org]](https://web.archive.org/web/https://protonvpn.com/support/vpn-ip-change/) #### VPN over Tor: @@ -5344,7 +5344,7 @@ Reconfigure your Whonix Gateway VM to use your ProxyVM as NetVM instead of sys-f - Click OK -- Create a Whonix Workstation Disposable VM (follow this tutorial [[Archive.org]][383]) +- Create a Whonix Workstation Disposable VM (follow this tutorial [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Qubes/DisposableVM)) - Launch a browser from the VM and Check that you have VPN connectivity, and it should work. @@ -5408,7 +5408,7 @@ Within the Applications Menu (upper left), Select the Fedora-36 template: - Launch a terminal from the VM -If you want to use Brave: apply the instructions from [[Archive.org]][384] and run the following commands: +If you want to use Brave: apply the instructions from [[Archive.org]](https://web.archive.org/web/https://brave.com/linux/) and run the following commands: - ```sudo dnf install dnf-plugins-core``` @@ -5423,7 +5423,7 @@ You should also consider hardening your browser, see [Appendix V1: Hardening you #### Whonix Disposable VM: -Edit the Whonix Disposable VM template and follow instructions here [[Archive.org]][341] +Edit the Whonix Disposable VM template and follow instructions here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Install_Software) #### Additional browser precautions: @@ -5435,7 +5435,7 @@ Edit the Whonix Disposable VM template and follow instructions here [[Archive.org]][385]) which works "well enough" with Qubes OS. More information can also be found at [[Archive.org]][347] +Since the Android-x86 does not work "well" with Qubes OS (my own experience). We will instead recommend using AnBox ( [[Archive.org]](https://web.archive.org/web/https://anbox.io/)) which works "well enough" with Qubes OS. More information can also be found at [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Anbox) #### If you can use Tor (natively or over a VPN): @@ -5471,7 +5471,7 @@ Basically, follow the tutorial here: - Start the Qube and open a Terminal -Now you will have to follow the instructions from here: [[Archive.org]][386]: +Now you will have to follow the instructions from here: [[Archive.org]](https://web.archive.org/web/https://github.com/anbox/anbox-modules): - Start by closing the AnBox Modules repository by running: @@ -5489,7 +5489,7 @@ Now you will have to follow the instructions from here: [[Archive.org]][387]: +Now you will follow their other tutorial from here: [[Archive.org]](https://web.archive.org/web/https://github.com/anbox/anbox/blob/master/docs/install.md): - Install AnBox by running: @@ -5571,7 +5571,7 @@ They are designed to separate bots from humans but are also clearly used to dete If you often use VPNs or Tor, you will quickly encounter many captchas everywhere[^376]. Quite often when using Tor, even if you succeed in solving all the puzzles (sometimes dozens in a row), you will still be denied after solving the puzzles. -See [[Archive.org]][312] +See [[Archive.org]](https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor) While most people think those puzzles are only about solving a little puzzle, it is important to understand that it is much more complex, and that modern Captchas uses advanced machine learning and risk analysis algorithms to check if you are human[^377]: @@ -5587,9 +5587,9 @@ Watch for example this DEF CON 25 presentation: [DEF CON 25 - Svea Eckert, Andre You will often experience several in a row (sometimes endlessly) and sometimes exceedingly difficult ones involving reading undecipherable characters or identifying various objects on endless pictures sets. You will also have more captchas if you use an ad-blocking system (uBlock for example) or if your account was flagged for any reason for using VPNs or Tor previously. -You will also have (in my experience) more Captchas (Google's reCAPTCHA) if you do not use a Chromium-based browser. But this can be mitigated by using a Chromium-based browsers such as Brave. There is also a Browser extension called Buster that could help you those [[Archive.org]][390]. +You will also have (in my experience) more Captchas (Google's reCAPTCHA) if you do not use a Chromium-based browser. But this can be mitigated by using a Chromium-based browsers such as Brave. There is also a Browser extension called Buster that could help you those [[Archive.org]](https://web.archive.org/web/https://github.com/dessant/buster). -As for Cloudflare (hCaptcha), you could also use their Accessibility solution here ( [[Archive.org]][391]) which would allow you to sign-up (with your anonymous identity created later) and set a cookie within your Browser that would allow you to bypass their captchas. Another solution to mitigate hCaptcha would be to use their own solution called "Privacy Pass"[^380] [[Archive.org]][392] in the form of a Browser extension you could install in your VM Browser. +As for Cloudflare (hCaptcha), you could also use their Accessibility solution here ( [[Archive.org]](https://web.archive.org/web/https://www.hcaptcha.com/accessibility)) which would allow you to sign-up (with your anonymous identity created later) and set a cookie within your Browser that would allow you to bypass their captchas. Another solution to mitigate hCaptcha would be to use their own solution called "Privacy Pass"[^380] [[Archive.org]](https://web.archive.org/web/https://privacypass.github.io/) in the form of a Browser extension you could install in your VM Browser. You should therefore deal with those carefully and force yourself to alter the way you are solving them (speed/movement/accuracy/...) to prevent "Captcha Fingerprinting". @@ -5633,7 +5633,7 @@ Due to the suspicious situation, this guide can no longer recommend them. *Also see: * -For the [[Tor Mirror]][393] (It has come to my attention that the site now, unfortunately, requires an invitation from a current registered user) +For the [[Tor Mirror]](http://vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion/) (It has come to my attention that the site now, unfortunately, requires an invitation from a current registered user) #### Protecting your anonymous online identities e-mails using Aliasing services: @@ -5689,7 +5689,7 @@ Many platforms' operators and administrators do not want traffic from these IPs Fortunately, those systems are not perfect, and you will (still) be able to get around those restrictions by switching identities (in the case of Tor) and looking trying to access the website each time until you find an Exit Node that is not block-listed (yet). -Sometimes some platforms will allow you to log in with a Tor IP but not sign-up (See [[Archive.org]][312]). Those platforms will keep a convenient permanent log of the IP you used during sign-up. And some will keep such logs indefinitely including all the IPs you used to log in (hi Facebook). +Sometimes some platforms will allow you to log in with a Tor IP but not sign-up (See [[Archive.org]](https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor)). Those platforms will keep a convenient permanent log of the IP you used during sign-up. And some will keep such logs indefinitely including all the IPs you used to log in (hi Facebook). The tolerance is much higher with VPNs as they are not considered "open proxies" but that will not stop many platforms from making them hard to use by forcing increasingly difficult captchas on most VPN users. @@ -5809,9 +5809,9 @@ In some cases, these verifications must be done from your Smartphone and with an Recently even platforms such as PornHub decided to implement similar measures in the future[^388]. -This verification is extremely hard to defeat but possible. A method to possibly defeat those would be to use "deep fake" technology software such as the open-source FaceSwap [[Archive.org]][397] to generate the required verification pictures using a randomly computer-generated face that would be swapped over the picture of a complicit model (or a stock photo). +This verification is extremely hard to defeat but possible. A method to possibly defeat those would be to use "deep fake" technology software such as the open-source FaceSwap [[Archive.org]](https://web.archive.org/web/https://github.com/deepfakes/faceswap) to generate the required verification pictures using a randomly computer-generated face that would be swapped over the picture of a complicit model (or a stock photo). -Unfortunately, some apps require direct access to a smartphone camera to process the verification. In that case, you will need to find a way to do such "face swaps" on the fly using a filter and another way to feed this into the camera used by the app. A possible approach would be similar to this impressive project [[Archive.org]][398]. +Unfortunately, some apps require direct access to a smartphone camera to process the verification. In that case, you will need to find a way to do such "face swaps" on the fly using a filter and another way to feed this into the camera used by the app. A possible approach would be similar to this impressive project [[Archive.org]](https://web.archive.org/web/https://github.com/iperov/DeepFaceLive). ### Manual reviews: @@ -5948,11 +5948,11 @@ We will help you bit by listing a few tips we learned while researching over the - Brave Browser (Chromium-based) with a Private Tor Tab has a better acceptance level than Tor Browser (Firefox based). You will experience fewer issues with captchas and online platforms[^383] if you use Brave than if you use Tor Browser (feel free to try this yourself). -- For every identity, you should have a matching profile picture associated with it. For this purpose, we recommend you just go to or * and generate a computer-generated profile picture (Do note that algorithms have been developed[^393]'[^394] to detect these and it might not work 100% of the time). You can also generate such pictures yourself from your computer if you prefer by using the open-source StyleGan project here [[Archive.org]][400]. Just refresh the page until you find a picture that matches your identity in all aspects (age, sex, and ethnicity) and save that picture. It would be even better to have several pictures associated with that identity, butWedo not have an "easy way" of doing that yet. +- For every identity, you should have a matching profile picture associated with it. For this purpose, we recommend you just go to or * and generate a computer-generated profile picture (Do note that algorithms have been developed[^393]'[^394] to detect these and it might not work 100% of the time). You can also generate such pictures yourself from your computer if you prefer by using the open-source StyleGan project here [[Archive.org]](https://web.archive.org/web/https://github.com/NVlabs/stylegan2). Just refresh the page until you find a picture that matches your identity in all aspects (age, sex, and ethnicity) and save that picture. It would be even better to have several pictures associated with that identity, butWedo not have an "easy way" of doing that yet. ***Warning:** https://generated.photos/face-generator requires JavaScript to function and does a lot of fingerprinting. Most of it is being sent to Microsoft Clarity. Even with uBlock installed and on safer level, Tor Browser wasn't efficient at blocking the fingerprinting. This obviously does not work on Safest level. On our tests, only Brave with agressive fingerprinting/ad shields did not send analytics. -- **Bonus**, you could also make it more real by using this service (with an anonymous identity) [[Archive.org]][401] to make a picture more lifelike. Here is an example: +- **Bonus**, you could also make it more real by using this service (with an anonymous identity) [[Archive.org]](https://web.archive.org/web/https://www.myheritage.com/deep-nostalgia) to make a picture more lifelike. Here is an example: - Original: @@ -5964,7 +5964,7 @@ We will help you bit by listing a few tips we learned while researching over the Slight issue tho: **MyHeritrage.com bans Tor Exit nodes so you might have again to consider VPN over Tor for this.** -You could also achieve the same result without using MyHeritage and by doing it yourself using for example [[Archive.org]][403] but this will require more manual operations (**and requires an NVIDIA GPU**). Other commercial products will soon be available such as: [[Archive.org]][404] with examples here: [[Invidious]][405]. +You could also achieve the same result without using MyHeritage and by doing it yourself using for example [[Archive.org]](https://web.archive.org/web/https://github.com/AliaksandrSiarohin/first-order-model) but this will require more manual operations (**and requires an NVIDIA GPU**). Other commercial products will soon be available such as: [[Archive.org]](https://web.archive.org/web/https://www.d-id.com/talkingheads/) with examples here: [[Invidious]](https://yewtu.be/channel/UCqyzLOHYamYX2tNXBNSHr1w/videos). Note: If you make several pictures of the same identity using some of the tools mentioned above, be sure to compare the similarities using the Microsoft Azure Face Verification tool at . @@ -5982,7 +5982,7 @@ Note: If you make several pictures of the same identity using some of the tools - Remember [Appendix A2: Guidelines for passwords and passphrases]. -Here is also a good guide on this specific topic: [[Archive.org]][406] +Here is also a good guide on this specific topic: [[Archive.org]](https://web.archive.org/web/https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual) Note: If you are having trouble finding an exit node in the country of your choice you can force using specific countries for Exit Nodes (and therefore exit countries) on Tor by editing the torrc file on the Whonix Gateway or even the Tor Browser: @@ -6004,7 +6004,7 @@ Once you are in the file, you can do the following: Always use uppercase letters for any setting. -**Please note that this is restricting Onion Routing could limit your Anonymity if you are too restrictive. You can see a visualized list of available Exit Nodes here: ** [[Archive.org]][407] +**Please note that this is restricting Onion Routing could limit your Anonymity if you are too restrictive. You can see a visualized list of available Exit Nodes here: ** [[Archive.org]](https://web.archive.org/web/https://www.bigdatacloud.com/insights/tor-exit-nodes) Here is the list of possibilities (this is a general list and many of those countries might not have Exit nodes at all): @@ -6084,27 +6084,27 @@ Unfortunately, not using your real identity is against the ToS (Terms of Service This does not mean that it is illegal in other places but that it might be a breach of their Terms of Services if you do not have the law on your side. **Remember this guide only endorses this for German users residing in Germany.** -On my side, we strongly condemn this type of real-name policy. See for instance this Wikipedia article giving some examples: [[Wikiless]][408] [[Archive.org]][409] +On my side, we strongly condemn this type of real-name policy. See for instance this Wikipedia article giving some examples: [[Wikiless]](https://wikiless.org/wiki/Facebook_real-name_policy_controversy) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Facebook_real-name_policy_controversy) Here are some more references about the German case for reference: -- [[Archive.org]][410] +- [[Archive.org]](https://web.archive.org/web/https://slate.com/technology/2018/02/why-some-americans-are-cheering-germany-for-taking-on-facebooks-real-name-policy.html) -- [[Archive.org]][411] +- [[Archive.org]](https://web.archive.org/web/https://www.theverge.com/2018/2/12/17005746/facebook-real-name-policy-illegal-german-court-rules) -- [[Archive.org]][412] +- [[Archive.org]](https://web.archive.org/web/https://www.pcmag.com/news/german-court-rules-facebooks-real-name-policy-is-illegal) -- [[Archive.org]][413] +- [[Archive.org]](https://web.archive.org/web/https://www.vzbv.de/sites/default/files/downloads/2018/02/14/18-02-12_vzbv_pm_facebook-urteil_en.pdf) -- [[Archive.org]][412] +- [[Archive.org]](https://web.archive.org/web/https://www.pcmag.com/news/german-court-rules-facebooks-real-name-policy-is-illegal) -- [[Archive.org]][414] +- [[Archive.org]](https://web.archive.org/web/https://www.reuters.com/article/us-germany-facebook/german-court-rules-facebook-use-of-personal-data-illegal-idUSKBN1FW1FI) Alternatively, you could be an adult resident of any other country where you can confirm and verify the legality of this yourself. Again, this is not legal advice, and we are not lawyers. **Do this at your own risk.** Other countries where this was ruled illegal: -- South Korea (see [[Wikiless]][415] [[Archive.org]][416]) +- South Korea (see [[Wikiless]](https://wikiless.org/wiki/Real-name_system) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Real-name_system)) - If you know any other, please let me know with references in the GitHub issues. @@ -6120,11 +6120,11 @@ If the service you intend to buy does not accept those but accepts Bitcoin (BTC) This section will show you an overview of the current various requirements on some platforms: -- **Consider using the recommended tools on ** [[Archive.org]][417] **for better privacy instead of the usual mainstream ones.** +- **Consider using the recommended tools on ** [[Archive.org]](https://web.archive.org/web/https://privacyguides.org) **for better privacy instead of the usual mainstream ones.** -- **Consider using the recommended tools on ** [[Archive.org]][340] **as well instead of the usual mainstream ones such as E-mail providers: ** [[Archive.org]][418] +- **Consider using the recommended tools on ** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Documentation) **as well instead of the usual mainstream ones such as E-mail providers: ** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/E-Mail#Anonymity_Friendly_Email_Provider_List) -**The following overview does not mention the privacy practices of those platforms but only their requirements for registering an account. If you want to use privacy-aware tools and platforms, head on to ** [[Archive.org]][44]**.** +**The following overview does not mention the privacy practices of those platforms but only their requirements for registering an account. If you want to use privacy-aware tools and platforms, head on to ** [[Archive.org]](https://web.archive.org/web/https://privacyguides.org/)**.** Legend: @@ -6615,7 +6615,7 @@ Legend: #### Amazon: -- Is this against their ToS? No, but yes [[Archive.org]][419] +- Is this against their ToS? No, but yes [[Archive.org]](https://web.archive.org/web/https://www.amazon.com/gp/help/customer/display.html?nodeId=202140280) "1. Amazon Services, Amazon Software @@ -6633,7 +6633,7 @@ So, AFAIK, it is not possible to create an anonymous Amazon account. #### Apple: -- Is this against their ToS? Yes [[Archive.org]][420] +- Is this against their ToS? Yes [[Archive.org]](https://web.archive.org/web/https://www.apple.com/legal/internet-services/icloud/en/terms.html) "IV. Your Use of the Service @@ -6649,7 +6649,7 @@ Note that this account will not allow you to set up an Apple mail account. For t #### Binance: -- Is this against their ToS? Yes [[Archive.org]][421] +- Is this against their ToS? Yes [[Archive.org]](https://web.archive.org/web/https://www.binance.com/en/terms) - Will they require a phone number? No, they do require an e-mail @@ -6657,7 +6657,7 @@ Note that this account will not allow you to set up an Apple mail account. For t #### Discord: -- Is this against their ToS? No [[Archive.org]][423] +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://discord.com/terms) - Will they require a phone number? No, but they do require an e-mail @@ -6669,7 +6669,7 @@ I suggest using the Discord Client app on a VM through Tor or ideally through VP #### Element: -- Is this against their ToS? No [[Archive.org]][424] +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://element.io/terms-of-service) - Will they require a phone number? No, they do not even require an e-mail @@ -6679,7 +6679,7 @@ Expect some Captchas during account creation on some homeservers. #### Facebook: -- Is this against their ToS? Yes [[Archive.org]][425] +- Is this against their ToS? Yes [[Archive.org]](https://web.archive.org/web/https://www.facebook.com/terms.php) "1. Who can use Facebook @@ -6731,7 +6731,7 @@ If you do file an appeal, you will have to wait for Facebook to review it (I do #### GitHub: -- Is this against their ToS? No [[Archive.org]][426] +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://docs.github.com/en/free-pro-team@latest/github/site-policy/github-terms-of-service) - Will they require a phone number? Nope, all good @@ -6743,7 +6743,7 @@ Be sure to go into Settings > E-Mail and make your e-mail private as well as blo #### GitLab: -- Is this against their ToS? No [[Archive.org]][427] +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://about.gitlab.com/handbook/legal/subscription-agreement/) - Will they require a phone number? Nope, all good @@ -6753,7 +6753,7 @@ GitLab is straightforward and requires no phone number. #### Google: -- Is this against their ToS? No [[Archive.org]][428] +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://policies.google.com/terms) - Will they require a phone number? Yes, they will. There is no escape here. @@ -6801,7 +6801,7 @@ It is also possible that Google will require an ID check through indirect financ #### Instagram: -- Is this against their ToS? **Maybe?** We are not sure [[Archive.org]][430] +- Is this against their ToS? **Maybe?** We are not sure [[Archive.org]](https://web.archive.org/web/https://help.instagram.com/581066165581870?ref=dp) "**You can't impersonate others or provide inaccurate information. You do not have to disclose your identity on Instagram, but you must provide us with accurate and up-to-date information (including registration information)**. **Also, you may not impersonate someone you are not, and you can't create an account for someone else unless you have their express permission".** @@ -6833,7 +6833,7 @@ After sign-up, do the following: #### Jami: -- Is this against their ToS? No [[Archive.org]][431] +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://jami.net/privacy-policy/) - Will they require a phone number? No, they do not even require an e-mail @@ -6841,7 +6841,7 @@ After sign-up, do the following: #### Kraken: -- Is this against their ToS? Yes [[Archive.org]][433] +- Is this against their ToS? Yes [[Archive.org]](https://web.archive.org/web/https://www.kraken.com/legal) - Will they require a phone number? No, they do require an e-mail @@ -6849,7 +6849,7 @@ After sign-up, do the following: #### LinkedIn: -- Is this against their ToS? Yes [[Archive.org]][434] +- Is this against their ToS? Yes [[Archive.org]](https://web.archive.org/web/https://www.linkedin.com/legal/user-agreement) "To use the Services, you agree that: (1) you must be the "*Minimum Age*" (described below) or older; (2) **you will only have one LinkedIn account, which must be in your real name**; and (3) you are not already restricted by LinkedIn from using the Services. **Creating an account with false information is a violation of our terms**, including accounts registered on behalf of others or persons under the age of sixteen. " @@ -6887,7 +6887,7 @@ As with Twitter and Google, you should do the following after signing up: #### Medium: -- Is this against their ToS? No, unless it is about crypto [[Archive.org]][435] +- Is this against their ToS? No, unless it is about crypto [[Archive.org]](https://web.archive.org/web/https://policy.medium.com/medium-terms-of-service-9db0094a1e0f) - Will they require a phone number? No, but they require an e-mail @@ -6897,7 +6897,7 @@ Signing-in does require an e-mail every time. #### Microsoft: -- Is this against their ToS? Yes [[Archive.org]][436] +- Is this against their ToS? Yes [[Archive.org]](https://web.archive.org/web/https://www.microsoft.com/en/servicesagreement/) "i. Creating an Account. You can create a Microsoft account by signing up online. **You agree not to use any false, inaccurate, or misleading information when signing up for your Microsoft account".** @@ -6913,7 +6913,7 @@ After signing up you should set up 2FA authentication within the security option #### OnlyFans: -- Is this against their ToS? No, it looks fine [[Archive.org]][439] +- Is this against their ToS? No, it looks fine [[Archive.org]](https://web.archive.org/web/https://onlyfans.com/terms) - Will they require a phone number? No, they do require an e-mail @@ -6923,7 +6923,7 @@ Unfortunately, you will be extremely limited with that account and to do anythin #### Proton: -- Is this against their ToS? No [[Archive.org]][440] +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://proton.me/legal/terms) - Will they require a phone number? Maybe. This depends on the IP you are coming from. If you come from Tor, it is likely. From a VPN, it is less likely. @@ -6941,7 +6941,7 @@ This e-mail account can be used for creating a Google/Gmail account. #### Reddit: -- Is this against their ToS? No [[Archive.org]][442] +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://www.redditinc.com/policies) - Will they require a phone number? No, they will not. @@ -6951,11 +6951,11 @@ Reddit is simple. All you need to register is a valid username and a password. N No issues whatsoever signing up over Tor or VPN besides the occasional Captchas. -Consider reading this reddit post: [[Archive.org]][443] +Consider reading this reddit post: [[Archive.org]](https://web.archive.org/web/https://old.reddit.com/r/ShadowBan/comments/8a2gpk/an_unofficial_guide_on_how_to_avoid_being/) #### Slashdot: -- Is this against their ToS? Yes [[Archive.org]][444] +- Is this against their ToS? Yes [[Archive.org]](https://web.archive.org/web/https://slashdotmedia.com/terms-of-use/) "8. Registration; Use of Secure Areas and Passwords @@ -6967,7 +6967,7 @@ Some areas of the Sites may require you to register with us. When and if you reg #### Telegram: -- Is this against their ToS? No [[Archive.org]][445] +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://telegram.org/tos) - Will they require a phone number? Yes unfortunately @@ -6981,7 +6981,7 @@ In most cases, we had no issues whether it was over Tor or VPN, but we had a few They provide an appeal process through e-mail, but we had no success with getting any answer. -Their appeal process is just sending an e-mail to [[Archive.org]][446] stating your phone number and issue and hope they answer. +Their appeal process is just sending an e-mail to [[Archive.org]](https://web.archive.org/web/mailto:recover@telegram.org) stating your phone number and issue and hope they answer. After signing up you should do the following: @@ -7005,7 +7005,7 @@ After signing up you should do the following: #### Tutanota: -- Is this against their ToS? No [[Archive.org]][447] +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://tutanota.com/terms/) - Will they require a phone number? No, but they do require an e-mail. @@ -7059,7 +7059,7 @@ After a few days, your account should get unsuspended "for good". No issues afte #### Twitch: -- Is this against their ToS? No [[Archive.org]][448] +- Is this against their ToS? No [[Archive.org]](https://web.archive.org/web/https://www.twitch.tv/p/en/legal/terms-of-service/) - Will they require a phone number? No, but they do require an e-mail. @@ -7069,7 +7069,7 @@ Note that you will not be able to enable 2FA on Twitch using only e-mail. This f #### WhatsApp: -- Is this against their ToS? **Yes** [[Archive.org]][449] +- Is this against their ToS? **Yes** [[Archive.org]](https://web.archive.org/web/https://www.whatsapp.com/legal/updates/terms-of-service-eea) "**Registration**. You must register for our Services **using accurate information**, provide your current mobile phone number, and, if you change it, update your mobile phone number using our in-app change number feature. You agree to receive text messages and phone calls (from us or our third-party providers) with codes to register for our Services". @@ -7103,11 +7103,11 @@ Ideally, you should find a way to buy/sell crypto with cash from an unknown pers There are only three ways of securely using those anonymously (that we would recommend). Using a VPN on your phone is not one of those ways. All of those are, unfortunately, "tedious" to say the least. -- Use an Android Emulator within the Windows VM and run the App through your multi-layer of Tor/VPN. The drawback is that such emulators are usually quite resource-hungry and will slow down your VM and use more battery. Here is also an (outdated) guide on this matter: [[Archive.org]][451]. As for myself, we will recommend the use of: +- Use an Android Emulator within the Windows VM and run the App through your multi-layer of Tor/VPN. The drawback is that such emulators are usually quite resource-hungry and will slow down your VM and use more battery. Here is also an (outdated) guide on this matter: [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2018/08/23/creating-android-open-source-research-device-pc/). As for myself, we will recommend the use of: - - Android-x86 on Virtualbox (see [[Archive.org]][348]) that you can also set up easily. + - Android-x86 on Virtualbox (see [[Archive.org]](https://web.archive.org/web/https://www.android-x86.org/documentation/virtualbox.html)) that you can also set up easily. - - AnBox ( [[Archive.org]][385]) that you can also set up rather easily including on the Whonix Workstation, see [[Archive.org]][347] + - AnBox ( [[Archive.org]](https://web.archive.org/web/https://anbox.io/)) that you can also set up rather easily including on the Whonix Workstation, see [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Anbox) - **Not recommended:** Using a non-official app (such as Wassapp for WhatsApp) to connect from the Windows VM to the app. Use at your own risk as you could get banned for violating the terms of services by using a non-official App. @@ -7161,7 +7161,7 @@ This has some user experience drawbacks like for instance, a new device could no **So, in short, Forward Secrecy protects past sessions against future compromises of keys or passwords.** -More on this topic on this YouTube video: [[Invidious]][452] +More on this topic on this YouTube video: [[Invidious]](https://yewtu.be/watch?v=zSQtyW_ywZc) Some providers and apps claiming to offer e2ee do not offer FS/PFS sometimes for usability reasons (group messaging for instance is more complex with PFS). It is therefore important to prefer open-source apps providing forward secrecy to those that do not. @@ -7723,51 +7723,51 @@ We will recommend these options in that order (as also recommend by Privacyguide - Native Tor Onion Routing Support (**preferred**): - - OnionShare version >2.3 ( [[Tor Mirror]][462] [[Archive.org]][463])** + - OnionShare version >2.3 ( [[Tor Mirror]](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/) [[Archive.org]](https://web.archive.org/web/https://onionshare.org/))** - - Cwtch ( [[Archive.org]][464] **warning, this is at the alpha/beta stage**)** + - Cwtch ( [[Archive.org]](https://web.archive.org/web/https://cwtch.im/) **warning, this is at the alpha/beta stage**)** - Non-Native Tor Support (needs additional steps for ideal anonymity to proxy it through Tor through Virtualization or Proxying): - - Element/Matrix.org ( [[Archive.org]][465]) + - Element/Matrix.org ( [[Archive.org]](https://web.archive.org/web/https://element.io/)) - - Jami ( [[Archive.org]][466])* + - Jami ( [[Archive.org]](https://web.archive.org/web/https://jami.net/))* - - Gajim/XMPP ( [[Archive.org]][467]) + - Gajim/XMPP ( [[Archive.org]](https://web.archive.org/web/https://gajim.org/)) - Windows: - Native Tor Onion Routing Support (**preferred**): - - OnionShare version >2.3 ( [[Tor Mirror]][462] [[Archive.org]][463])** + - OnionShare version >2.3 ( [[Tor Mirror]](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/) [[Archive.org]](https://web.archive.org/web/https://onionshare.org/))** - - Cwtch ( [[Archive.org]][464] **warning, this is at the alpha/beta stage**)** + - Cwtch ( [[Archive.org]](https://web.archive.org/web/https://cwtch.im/) **warning, this is at the alpha/beta stage**)** - Non-Native Tor Support (needs additional steps for ideal anonymity to proxy it through Tor through Virtualization or Proxying): - - Element/Matrix.org ( [[Archive.org]][465]) + - Element/Matrix.org ( [[Archive.org]](https://web.archive.org/web/https://element.io/)) - - Jami ( [[Archive.org]][466])* + - Jami ( [[Archive.org]](https://web.archive.org/web/https://jami.net/))* - - Gajim/XMPP ( [[Archive.org]][467]) + - Gajim/XMPP ( [[Archive.org]](https://web.archive.org/web/https://gajim.org/)) - Linux: - Native Tor Onion Routing Support (**preferred**): - - Briar ( [[Archive.org]][468])* + - Briar ( [[Archive.org]](https://web.archive.org/web/https://briarproject.org/))* - - OnionShare version >2.3 ( [[Tor Mirror]][462] [[Archive.org]][463])** + - OnionShare version >2.3 ( [[Tor Mirror]](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/) [[Archive.org]](https://web.archive.org/web/https://onionshare.org/))** - - Cwtch ( [[Archive.org]][464] **warning, this is at the alpha/beta stage**)** + - Cwtch ( [[Archive.org]](https://web.archive.org/web/https://cwtch.im/) **warning, this is at the alpha/beta stage**)** - Non-Native Tor Support (needs additional steps for ideal anonymity to proxy it through Tor through Virtualization or Proxying): - - Element/Matrix.org ( [[Archive.org]][465]) + - Element/Matrix.org ( [[Archive.org]](https://web.archive.org/web/https://element.io/)) - - Jami ( [[Archive.org]][466])* + - Jami ( [[Archive.org]](https://web.archive.org/web/https://jami.net/))* - - Gajim/XMPP ( [[Archive.org]][467]) + - Gajim/XMPP ( [[Archive.org]](https://web.archive.org/web/https://gajim.org/)) * Note that for Jami to work over Tor, you will have to enable the local DHTProxy option within Jami Settings. This will only work for text messages and not for calls/videos) @@ -7777,13 +7777,13 @@ Any safe options for mobile devices? **Yes, but these are not endorsed/recommend - Android: - - Briar ( [[Archive.org]][468]) + - Briar ( [[Archive.org]](https://web.archive.org/web/https://briarproject.org/)) - - Cwtch ( [[Archive.org]][464] **warning, this is at the alpha/beta stage**) + - Cwtch ( [[Archive.org]](https://web.archive.org/web/https://cwtch.im/) **warning, this is at the alpha/beta stage**) - iOS: - - Due to the lack of any better option and while it is **normally not recommended**: Session Messenger: [[Archive.org]][469]. Why is it not recommended these days within the privacy community? Well, it is because they recently[^418] dropped two key security features from their protocol: Perfect Forward Secrecy and Deniability which are considered rather essential in most other apps. Yet Session has been audited[^419] with satisfactory results but that audit does not mention these changes. We also currently lack sufficient information on LokiNet (the Onion Routing Network used by Session) to endorse it. Session is still recommended by some like Techlore[^420]. + - Due to the lack of any better option and while it is **normally not recommended**: Session Messenger: [[Archive.org]](https://web.archive.org/web/https://getsession.org/). Why is it not recommended these days within the privacy community? Well, it is because they recently[^418] dropped two key security features from their protocol: Perfect Forward Secrecy and Deniability which are considered rather essential in most other apps. Yet Session has been audited[^419] with satisfactory results but that audit does not mention these changes. We also currently lack sufficient information on LokiNet (the Onion Routing Network used by Session) to endorse it. Session is still recommended by some like Techlore[^420]. **Note that all the non-native Tor options must be used over Tor for safety (from Tails or a guest OS running behind the Whonix Gateway such as the Whonix Workstation or an Android-x86 VM).** @@ -7793,19 +7793,19 @@ The ones that are preferred are recommended due to their stance on privacy, thei You can also consult the following external resources for more comparisons: -- Wikipedia, [[Wikiless]][453] [[Archive.org]][454] +- Wikipedia, [[Wikiless]](https://wikiless.org/wiki/Comparison_of_instant_messaging_protocols) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Comparison_of_instant_messaging_protocols) -- Wikipedia, [[Wikiless]][455] [[Archive.org]][456] +- Wikipedia, [[Wikiless]](https://wikiless.org/wiki/Comparison_of_cross-platform_instant_messaging_clients) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Comparison_of_cross-platform_instant_messaging_clients) -- Secure Messaging Apps [[Archive.org]][457] +- Secure Messaging Apps [[Archive.org]](https://web.archive.org/web/https://www.securemessagingapps.com/) -- Proton Blog, [[Archive.org]][458] +- Proton Blog, [[Archive.org]](https://web.archive.org/web/20220531171438/https://proton.me/blog/whatsapp-alternatives) -- Whonix Documentation, Instant Messenger Chat [[Archive.org]][459] +- Whonix Documentation, Instant Messenger Chat [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Chat) -- Have a look at [[Archive.org]][460] which is also a good comparison table for messaging apps. +- Have a look at [[Archive.org]](https://web.archive.org/web/https://securechatguide.org/featuresmatrix.html) which is also a good comparison table for messaging apps. -- Messenger-Matrix.de at [[Archive.org]][461] +- Messenger-Matrix.de at [[Archive.org]](https://web.archive.org/web/https://www.messenger-matrix.de/messenger-matrix-en.html) **We do not endorse or recommend some mainstream platforms for anonymity including the much-praised Signal which to this date still requires a phone number to register and contact others. In the context of this guide, we strongly recommend against using Signal if possible.** @@ -7815,7 +7815,7 @@ You can also consult the following external resources for more comparisons: Consider the following platforms: -- Cryptpad.fr (): Free tier limited to 1GB total and recommended by PrivacyGuides.org at [[Archive.org]][470] +- Cryptpad.fr (): Free tier limited to 1GB total and recommended by PrivacyGuides.org at [[Archive.org]](https://web.archive.org/web/https://privacyguides.org/cloud/) - Proton Drive (): Paid. Requires users to have "Proton Unlimited" or "Mail Plus". Proton Drive is E2EE and recommended by PrivacyGuides.org - Like Proton and Proton VPN, it's not easy to sign up anonymously. When you try to register through Tor, they request verification either by phone number, or by providing a donation @@ -7962,11 +7962,11 @@ You might be interested in communicating information to some organization such a If you must do so, you should take some steps because you cannot trust any organization to protect your anonymity[^422]. See [Appendix B1: Checklist of things to verify before sharing information][Appendix B1: Checklist of things to verify before sharing information:]. -For this, we strongly recommend the use of SecureDrop[^423] ( [[Archive.org]][471]) which is an open-source project from the Freedom of the Press Foundation. +For this, we strongly recommend the use of SecureDrop[^423] ( [[Archive.org]](https://web.archive.org/web/https://securedrop.org/)) which is an open-source project from the Freedom of the Press Foundation. -- Do take a moment to their read their "source guide" here: [[Archive.org]][472] +- Do take a moment to their read their "source guide" here: [[Archive.org]](https://web.archive.org/web/https://docs.securedrop.org/en/stable/source.html) -- Ideally, you should use SecureDrop over Tor and you will find a curated list of those here [[Archive.org]][473] +- Ideally, you should use SecureDrop over Tor and you will find a curated list of those here [[Archive.org]](https://web.archive.org/web/https://github.com/alecmuffett/real-world-onion-sites#securedrop) If not SecureDrop is not available, you could consider any other means of communication, but you should privilege those that are encrypted end to end. **Do not ever do this from your real identity but only from a secure environment using an anonymous identity.** @@ -8014,7 +8014,7 @@ If you intend to break your anonymity to protect your safety: - Check your e-mail regularly for security checks and any other account notification. -- Check regularly the eventual appearance of compromise of any of your identities using [[Archive.org]][474] (obviously from a safe environment). +- Check regularly the eventual appearance of compromise of any of your identities using [[Archive.org]](https://web.archive.org/web/https://haveibeenpwned.com/) (obviously from a safe environment). # Backing up your work securely: @@ -8038,7 +8038,7 @@ For this purpose, we will recommend the use of Veracrypt on all platforms (Linux #### Normal File containers: -The process is fairly simple and all you will need is to follow Veracrypt tutorial here: [[Archive.org]][475] +The process is fairly simple and all you will need is to follow Veracrypt tutorial here: [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Beginner%27s%20Tutorial.html) In this container, you can then store sensitive data manually and or use any backup utility you want to backup files from the OS to that container. @@ -8060,11 +8060,11 @@ You can then mount your hidden volume and use it to store sensitive files normal **Be careful when mounting the Outer decoy volume to update its content. You should protect the hidden volume from being overwritten when doing this as working in the decoy volume could overwrite data in the hidden volume.** -To do this, when mounting the Decoy Volume, select Mount Options and Check the "Protect hidden volume" option and provide the hidden volume password on the same screen. Then mount the decoy volume. This will protect the hidden volume from being overwritten when changing the decoy files. This is also explained here in Veracrypt documentation: [[Archive.org]][307] +To do this, when mounting the Decoy Volume, select Mount Options and Check the "Protect hidden volume" option and provide the hidden volume password on the same screen. Then mount the decoy volume. This will protect the hidden volume from being overwritten when changing the decoy files. This is also explained here in Veracrypt documentation: [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Protection%20of%20Hidden%20Volumes.html) **Be extremely cautious with these file containers:** -- **Do not store multiple versions of them or store them anywhere where some versioning is being done (by the file system or the storage system). These file containers should be identical everywhere you store them. If you have a backup of such containers somewhere, it needs to be absolutely identical to the one you are using. If you do not take this precaution, an adversary could compare two different versions of this container and prove the existence of hidden data. Follow carefully the recommendations here ** [[Archive.org]][304]**. Remember the [Local Data Leaks and Forensics:] section.** +- **Do not store multiple versions of them or store them anywhere where some versioning is being done (by the file system or the storage system). These file containers should be identical everywhere you store them. If you have a backup of such containers somewhere, it needs to be absolutely identical to the one you are using. If you do not take this precaution, an adversary could compare two different versions of this container and prove the existence of hidden data. Follow carefully the recommendations here ** [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Security%20Requirements%20for%20Hidden%20Volumes.html)**. Remember the [Local Data Leaks and Forensics:] section.** - We strongly recommend storing such containers on external USB keys that you will only mount from your guest VMs and never from your Host OS. **After each modification to the files, you should clean the free space on the USB disk and make sure that any backup of such containers is absolutely identical on each key and your computer. See the [How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives][How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives:] section of this guide for help on doing this.** @@ -8126,7 +8126,7 @@ So, you should follow the steps in [Appendix E: Clonezilla] ##### QubesOS: -Qubes OS recommends using their own utility for backups as documented here [[Archive.org]][476]. But it is just a hassle and provides limited added value unless you just want to back up a single Qube. So instead, we are also recommending just making a full image with Clonezilla which will remove all the hassle and bring you back a working system in a few simple steps. +Qubes OS recommends using their own utility for backups as documented here [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/doc/backup-restore/). But it is just a hassle and provides limited added value unless you just want to back up a single Qube. So instead, we are also recommending just making a full image with Clonezilla which will remove all the hassle and bring you back a working system in a few simple steps. So, you should follow the steps in [Appendix E: Clonezilla] @@ -8148,11 +8148,11 @@ Follow the steps in [Appendix E: Clonezilla] #### macOS: -we would recommend just using the native Time Machine backup with encryption (and a strong passphrase that could be the same as your OS) as per the guides provided at Apple: [[Archive.org]][477] and [[Archive.org]][478]. +we would recommend just using the native Time Machine backup with encryption (and a strong passphrase that could be the same as your OS) as per the guides provided at Apple: [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-ie/guide/mac-help/mh21241/mac) and [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-ie/guide/mac-help/mh11421/11.0/mac/11.0). So, plug in an external drive and it should prompt you to use it as a Time Machine backup. -**You should however consider formatting this drive as exFAT so that it is also usable by other OSes conveniently (Windows/Linux) without added software using this guide: ** [[Archive.org]][479] +**You should however consider formatting this drive as exFAT so that it is also usable by other OSes conveniently (Windows/Linux) without added software using this guide: ** [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-ie/guide/disk-utility/dskutl1010/mac) It is just simpler and will work online while you work. You will be able to recover your data on any other Mac from the recovery options and you will be also able to use this disk for backing up other devices. @@ -8182,7 +8182,7 @@ Please also consider [Appendix B2: Monero Disclaimer]. For smaller files, consider: -- Cryptpad.fr (): Free tier limited to 1GB total and recommended by PrivacyGuides.org at [[Archive.org]][470] +- Cryptpad.fr (): Free tier limited to 1GB total and recommended by PrivacyGuides.org at [[Archive.org]](https://web.archive.org/web/https://privacyguides.org/cloud/) - Filen (): free tier limited to 10GB total @@ -8192,7 +8192,7 @@ If you do intend to store sensitive data on "mainstream platforms" (Dropbox, Goo ### Information: -If you just want to save information (text), we will recommend the use of secure and private pastebins[^425]. Mostly we will stick to the ones recommended by PrivacyGuides.org ( [[Archive.org]][480] ) : +If you just want to save information (text), we will recommend the use of secure and private pastebins[^425]. Mostly we will stick to the ones recommended by PrivacyGuides.org ( [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/productivity/#paste-services) ) : - @@ -8204,7 +8204,7 @@ Just create a pad, protect it with a password and write your info in it. Remembe ## Synchronizing your files between devices Online: -To that, the answer is very simple and a clear consensus for everyone: [[Archive.org]][481] +To that, the answer is very simple and a clear consensus for everyone: [[Archive.org]](https://web.archive.org/web/https://syncthing.net/) Just use SyncThing, it is the safest and most secure way to synchronize between devices, it is free and open-source, and it can easily be used in a portable way without install from a container that needs syncing. @@ -8254,7 +8254,7 @@ Here is an illustration from Wikipedia showing how it works on an SSD drive: ![][484] -As you can see in the above illustration, data (from a file) will be written to the four first pages of Block X. Later new data will be written to the remaining pages and the data from the first files will be marked as invalid (for instance by a Trim operation when deleting a file). As explained on [[Wikiless]][485] [[Archive.org]][486]; the erase operation can only be done on entire blocks (and not on single pages). +As you can see in the above illustration, data (from a file) will be written to the four first pages of Block X. Later new data will be written to the remaining pages and the data from the first files will be marked as invalid (for instance by a Trim operation when deleting a file). As explained on [[Wikiless]](https://wikiless.org/wiki/Trim_(computing)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Trim_(computing)); the erase operation can only be done on entire blocks (and not on single pages). In addition to marking files for deletion (on reputable SSD drives), Trim usually makes those unreadable using a method called "Deterministic Read After Trim" or "Deterministic Zeroes After Trim". This means that if an adversary tries to read data from a trimmed page/block and somehow manages to disable garbage collection, the controller will not return any meaningful data. @@ -8342,7 +8342,7 @@ So, you want to be sure. To achieve 100% secure deletion on an SSD drive, you wi 5. Throw away in separate places - - Bonus: See [[Invidious]][488] + - Bonus: See [[Invidious]](https://yewtu.be/watch?v=-bpX8YvNg6Y) For maximum overkill paranoia security, Sanitize Block Erase option should be preferred but Secure Erase is probably more than enough when considering your drive is already encrypted. Unfortunately, are no **free** easy (bootable with a graphical menu) all-in-one tools available and you will be left with either going with drive manufacturers provided tools, the free manual hdparm[^438] , and nvme-cli[^439] utilities or going with a commercial tool such as PartedMagic. @@ -8368,13 +8368,13 @@ If you can afford it, just buy Parted Magic for 11$ which provides an easy-to-us First please see [Appendix K: Considerations for using external SSD drives] -Trim should be sufficient in most cases and you could just use the blkdiscard command to force an entire device trim as explained here: [[Archive.org]][489] +Trim should be sufficient in most cases and you could just use the blkdiscard command to force an entire device trim as explained here: [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/Solid_state_drive) If your USB controller and USB SSD disk support Trim and ATA/NVMe secure erase, you could wipe them cautiously using hdparm using the same method as the System Disk above except you will not install Linux on it obviously. Keep in mind tho that this is not recommended (see Considerations above). If it does not support Trim and/or ATA secure erase, you could (not securely) wipe the drive normally (without passes like an HDD) and re-encrypt it completely using your utility of choice (LUKS or Veracrypt for instance). The full disk decryption and re-encryption process will overwrite the entirety of the SSD disk and should ensure a secure wipe. -Alternatively, you could also (not securely) wipe the disk normally and then fill it completely with pseudorandom data which should also ensure secure deletion (this can be done with BleachBit [[Archive.org]][490] or from the command line using secure-delete using this tutorial [[Archive.org]][491]). +Alternatively, you could also (not securely) wipe the disk normally and then fill it completely with pseudorandom data which should also ensure secure deletion (this can be done with BleachBit [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/download/linux) or from the command line using secure-delete using this tutorial [[Archive.org]](https://web.archive.org/web/https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux)). **Keep in mind all these options need to be applied on the entire physical drive and not on a specific partition/volume. If you do not, wear-leveling mechanisms might prevent this from working properly.** @@ -8390,15 +8390,15 @@ Alternatively, you could also (not securely) wipe the disk normally and then fil - Option A: Follow one of these tutorials: - - [[Archive.org]][492] + - [[Archive.org]](https://web.archive.org/web/https://linuxhint.com/completely_wipe_hard_drive_ubuntu/) - - [[Archive.org]][493] + - [[Archive.org]](https://web.archive.org/web/https://linoxide.com/linux-command/commands-wipe-disk-linux/) - - [[Archive.org]][494] + - [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/Securely_wipe_disk) I recommend using dd or shred for this purpose. -- Option B: Install and use BleachBit [[Archive.org]][490] or follow this EFF tutorial [[Archive.org]][495] +- Option B: Install and use BleachBit [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/download/linux) or follow this EFF tutorial [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-linux) - Option C: See [Appendix I: Using ShredOS to securely wipe an HDD drive][Appendix I: Using ShredOS to securely wipe an HDD drive:] @@ -8444,9 +8444,9 @@ Alternatively, you could also (not securely) wipe the disk normally and then fil - Option B: Use external tools such as: - - Eraser (open-source): [[Archive.org]][496] + - Eraser (open-source): [[Archive.org]](https://web.archive.org/web/https://eraser.heidi.ie/download/) - - KillDisk Free: [[Archive.org]][497] + - KillDisk Free: [[Archive.org]](https://web.archive.org/web/http://killdisk.com/killdisk-freeware.htm) - Option C: See [Appendix I: Using ShredOS to securely wipe an HDD drive][Appendix I: Using ShredOS to securely wipe an HDD drive:] @@ -8454,7 +8454,7 @@ Alternatively, you could also (not securely) wipe the disk normally and then fil #### System/Internal SSD: -Unfortunately, the macOS Recovery disk utility will not be able to perform a secure erase of your SSD drive as stated in Apple documentation [[Archive.org]][498]. +Unfortunately, the macOS Recovery disk utility will not be able to perform a secure erase of your SSD drive as stated in Apple documentation [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-gb/guide/disk-utility/dskutl14079/mac). In most cases, if your disk was encrypted with Filevault and you just perform a normal erase, it should be "enough" according to them. It is not according to me, so you have no option besides re-installing macOS again and re-encrypt it with Filevault again after re-installing. This should perform a "crypto erase" by overwriting your earlier install and encryption. This method will be quite slow, unfortunately. @@ -8468,9 +8468,9 @@ If your USB controller and USB SSD disk support Trim and ATA secure erase, and i If you are not sure about Trim support or want more certainty, you can (not securely) wipe it using macOS disk utility before fully re-encrypting them again using these two tutorials from Apple: -- [[Archive.org]][499] +- [[Archive.org]](https://web.archive.org/web/https://support.apple.com/guide/disk-utility/erase-and-reformat-a-storage-device-dskutl14079/mac) -- [[Archive.org]][500] or using Veracrypt full disk encryption. +- [[Archive.org]](https://web.archive.org/web/https://support.apple.com/guide/disk-utility/encrypt-protect-a-storage-device-password-dskutl35612/mac) or using Veracrypt full disk encryption. The full disk re-encryption process will overwrite the entirety of the SSD disk and should ensure a secure wipe. @@ -8478,7 +8478,7 @@ The full disk re-encryption process will overwrite the entirety of the SSD disk #### External HDD and Thumb Drives: -Follow this tutorial: [[Archive.org]][499] and use the secure erase option from Disk Utility which should work fine on HDD and Thumb drives. +Follow this tutorial: [[Archive.org]](https://web.archive.org/web/https://support.apple.com/guide/disk-utility/erase-and-reformat-a-storage-device-dskutl14079/mac) and use the secure erase option from Disk Utility which should work fine on HDD and Thumb drives. ## How to securely delete specific files/folders/data on your HDD/SSD and Thumb drives: @@ -8526,7 +8526,7 @@ The process is quite simple depending on the tool you picked from the Appendix: - PrivaZer: Delete without a trace - - BleachBit: Shred with BleachBit (or see this tutorial from the EFF [[Archive.org]][502]) + - BleachBit: Shred with BleachBit (or see this tutorial from the EFF [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-windows)) In the case of USB thumb drives, consider wiping free space using one of the above utilities after file deletion or wiping them completely using Eraser / KillDisk as instructed previously. @@ -8556,17 +8556,17 @@ If you do not want to wait for the periodic Trim (set to Weekly by default in Ub If you want more security and do not trust the Trim operation, then you will have no option but to either: -- Decrypt and re-encrypt (using LUKS for instance following this tutorial [[Archive.org]][503]) the whole drive to overwrite all free space after data deletion. This will ensure overwriting of all the free space. +- Decrypt and re-encrypt (using LUKS for instance following this tutorial [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption)) the whole drive to overwrite all free space after data deletion. This will ensure overwriting of all the free space. - Trim using ```fstrim --all``` and then fill up the entire free space of the disk using a utility such as: - - BleachBit [[Archive.org]][490] + - BleachBit [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/download/linux) - Install secure-delete package and use sfill on the root of the drive: - ```sudo sfill -l -l /``` for instance should do the trick (this will take a substantial amount of time) - - Use the old school dd method (taken from this answer [[Archive.org]][491]) run these commands on the drive you want to fill: + - Use the old school dd method (taken from this answer [[Archive.org]](https://web.archive.org/web/https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux)) run these commands on the drive you want to fill: - ```dd if=/dev/zero of=zero.small.file bs=1024 count=102400``` @@ -8582,9 +8582,9 @@ If you want more security and do not trust the Trim operation, then you will hav #### Internal/External HDD drive or a Thumb Drive: -- You can do this the graphical way with BleachBit following this tutorial from the EFF: [[Archive.org]][495] +- You can do this the graphical way with BleachBit following this tutorial from the EFF: [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-linux) -- Or you can do this from the command line following this tutorial: [[Archive.org]][492] (For this purpose we recommend wipe and shred). +- Or you can do this from the command line following this tutorial: [[Archive.org]](https://web.archive.org/web/https://linuxhint.com/completely_wipe_hard_drive_ubuntu/) (For this purpose we recommend wipe and shred). #### External SSD drive: @@ -8594,17 +8594,17 @@ If Trim is supported and enabled by your Linux Distribution for your external SS If Trim is not supported or you want to be sure, you might have to ensure secure data deletion by filling up the entire free space of the disk using a utility such as: -- Decrypt and re-encrypt (using LUKS using this tutorial [[Archive.org]][503] or Veracrypt from the graphical interface for instance) the whole drive to overwrite all free space after data deletion. This will ensure overwriting of all the free space. +- Decrypt and re-encrypt (using LUKS using this tutorial [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption) or Veracrypt from the graphical interface for instance) the whole drive to overwrite all free space after data deletion. This will ensure overwriting of all the free space. - Fill the free space using one of those methods: - - BleachBit [[Archive.org]][490] + - BleachBit [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/download/linux) - Install secure-delete package and use sfill on the root of the drive: - ```sudo sfill -l -l /``` for instance should do the trick (this will take a substantial amount of time) - - Use the old school dd method (taken from this answer [[Archive.org]][491]) run these commands: + - Use the old school dd method (taken from this answer [[Archive.org]](https://web.archive.org/web/https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux)) run these commands: - ```dd if=/dev/zero of=zero.small.file bs=1024 count=102400``` @@ -8624,21 +8624,21 @@ If Trim is not supported or you want to be sure, you might have to ensure secure As with other Linux distros, normal deletion and trim should be sufficient on most SSD drives. So just permanently delete the file (and empty any recycle bin) and it should be unrecoverable due to periodic Trim operations and garbage collection. -Please follow this documentation to Trim within Qubes OS: [[Archive.org]][504] +Please follow this documentation to Trim within Qubes OS: [[Archive.org]](https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/disk-trim.md) As with other Linux Systems, if you want more security and do not trust the Trim operation then you will have no option but to either: -- Decrypt and re-encrypt the whole drive to overwrite all free space after data deletion. This will ensure overwriting of all the free space. We didn't find a reliable tutorial on how to do this safely on Qubes OS but it is possible this tutorial could work: [[Archive.org]][503] (at your own risk, this has not been tested yet). +- Decrypt and re-encrypt the whole drive to overwrite all free space after data deletion. This will ensure overwriting of all the free space. We didn't find a reliable tutorial on how to do this safely on Qubes OS but it is possible this tutorial could work: [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption) (at your own risk, this has not been tested yet). -- Refer to this Documentation ( [[Archive.org]][504]) and then trim using "fstrim --all" and then fill up the entire free space of the disk using a utility such as: +- Refer to this Documentation ( [[Archive.org]](https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/disk-trim.md)) and then trim using "fstrim --all" and then fill up the entire free space of the disk using a utility such as: - - BleachBit [[Archive.org]][490] + - BleachBit [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/download/linux) - Install secure-delete package and use sfill on the root of the drive: - ```sudo sfill -l -l /``` for instance should do the trick (this will take a substantial amount of time) - - Use the old school dd method (taken from this answer [[Archive.org]][491]) run these commands on the drive you want to fill: + - Use the old school dd method (taken from this answer [[Archive.org]](https://web.archive.org/web/https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux)) run these commands on the drive you want to fill: - ```dd if=/dev/zero of=zero.small.file bs=1024 count=102400``` @@ -8656,29 +8656,29 @@ As with other Linux Systems, if you want more security and do not trust the Trim Use the same method as Linux from a Qube connected to that specific USB device -- You can do this the graphical way with BleachBit following this tutorial from the EFF: [[Archive.org]][495] +- You can do this the graphical way with BleachBit following this tutorial from the EFF: [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-linux) -- Or you can do this from the command line following this tutorial: [[Archive.org]][492] (For this purpose we recommend wipe and shred). +- Or you can do this from the command line following this tutorial: [[Archive.org]](https://web.archive.org/web/https://linuxhint.com/completely_wipe_hard_drive_ubuntu/) (For this purpose we recommend wipe and shred). #### External SSD drive: First please see [Appendix K: Considerations for using external SSD drives] -If Trim is supported and enabled by your Linux Distribution for your external SSD drive. There should be no issue in securely deleting data normally and just issue a "fstrim --all" from the terminal to trim the drive. Refer to this Documentation ( [[Archive.org]][504]) to enable trim on a drive. +If Trim is supported and enabled by your Linux Distribution for your external SSD drive. There should be no issue in securely deleting data normally and just issue a "fstrim --all" from the terminal to trim the drive. Refer to this Documentation ( [[Archive.org]](https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/disk-trim.md)) to enable trim on a drive. If Trim is not supported or you want to be sure, you might have to ensure secure data deletion by filling up the entire free space of the disk using a utility from a Qube connected to the USB device in question: -- Decrypt and re-encrypt (using LUKS using this tutorial [[Archive.org]][503] or Veracrypt from the graphical interface for instance) the whole drive to overwrite all free space after data deletion. This will ensure overwriting of all the free space. +- Decrypt and re-encrypt (using LUKS using this tutorial [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption) or Veracrypt from the graphical interface for instance) the whole drive to overwrite all free space after data deletion. This will ensure overwriting of all the free space. - Fill the free space using one of those methods: - - BleachBit [[Archive.org]][490] + - BleachBit [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/download/linux) - Install secure-delete package and use sfill on the root of the drive: - ```sudo sfill -l -l /``` for instance should do the trick (this will take a substantial amount of time) - - Use the old school dd method (taken from this answer [[Archive.org]][491]) run these commands: + - Use the old school dd method (taken from this answer [[Archive.org]](https://web.archive.org/web/https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux)) run these commands: - ```dd if=/dev/zero of=zero.small.file bs=1024 count=102400``` @@ -8708,7 +8708,7 @@ Just permanently delete the file (and empty recycle bin) and it should be unreco Yes. TRIM operations are issued asynchronously from when files are deleted or free space is reclaimed, which ensures that these operations are performed only after metadata changes are persisted to stable storage". -- If your file system is HFS+, you could run First Aid on your System Drive from the Disk Utility which should perform a Trim operation in the details ( [[Archive.org]][505]) +- If your file system is HFS+, you could run First Aid on your System Drive from the Disk Utility which should perform a Trim operation in the details ( [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT210898)) ![][506] @@ -8716,9 +8716,9 @@ Yes. TRIM operations are issued asynchronously from when files are deleted or fr Unfortunately, Apple has removed the secure erase options from the trash bin even for HDD drives[^444]. So, you are left with using other tools: -- Permanent Eraser [[Archive.org]][507] +- Permanent Eraser [[Archive.org]](https://web.archive.org/web/http://www.edenwaith.com/products/permanent%20eraser/) -- From the terminal, you can use the "rm --P filename" command which should erase the file and overwrite it as explained in this EFF tutorial [[Archive.org]][508]. +- From the terminal, you can use the "rm --P filename" command which should erase the file and overwrite it as explained in this EFF tutorial [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-macos). In the case of USB thumb drives, consider wiping them completely using Disk Utility as instructed previously. @@ -8742,19 +8742,19 @@ We are not aware of any 100% reliable method to delete single files selectively In addition, most of these measures here should not be needed since your whole drive should be encrypted and therefore your data should not be accessible for forensic analysis through SSD/HDD examination anyway. So, these are just "bonus measures" for weak/unskilled adversaries. -Consider also reading this documentation if you're going with Whonix [[Archive.org]][342] as well as their general hardening tutorial for all platforms here [[Archive.org]][509] +Consider also reading this documentation if you're going with Whonix [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Anti-Forensics_Precautions) as well as their general hardening tutorial for all platforms here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/System_Hardening_Checklist) ### Removing Metadata from Files/Documents/Pictures: #### Pictures and videos: -On Windows, macOS, and Linux we would recommend ExifTool ( [[Archive.org]][510]) and/or ExifCleaner ( [[Archive.org]][511]) that allows viewing and/or removing those properties. +On Windows, macOS, and Linux we would recommend ExifTool ( [[Archive.org]](https://web.archive.org/web/https://exiftool.org/)) and/or ExifCleaner ( [[Archive.org]](https://web.archive.org/web/https://exifcleaner.com/)) that allows viewing and/or removing those properties. **ExifTool is natively available on Tails and Whonix Workstation.** ##### ExifCleaner: -Just install it from [[Archive.org]][511], run and drag and drop the files into the GUI. +Just install it from [[Archive.org]](https://web.archive.org/web/https://exifcleaner.com/), run and drag and drop the files into the GUI. ##### ExifTool: @@ -8768,27 +8768,27 @@ It is actually simple, just install exiftool and run: ##### Windows Native tool: -Here is a tutorial to remove metadata from a Picture using OS provided tools: [[Archive.org]][512] +Here is a tutorial to remove metadata from a Picture using OS provided tools: [[Archive.org]](https://web.archive.org/web/https://www.purevpn.com/internet-privacy/how-to-remove-metadata-from-photos) ##### Cloaking/Obfuscating to prevent picture recognition: -Consider the use of Fawkes [[Archive.org]][513] ( [[Archive.org]][514]) to cloak the images from picture recognition tech on various platforms. +Consider the use of Fawkes [[Archive.org]](https://web.archive.org/web/https://sandlab.cs.uchicago.edu/fawkes/) ( [[Archive.org]](https://web.archive.org/web/https://github.com/Shawn-Shan/fawkes)) to cloak the images from picture recognition tech on various platforms. Or if you want online versions, consider: -- [[Archive.org]][515] +- [[Archive.org]](https://web.archive.org/web/https://lowkey.umiacs.umd.edu/) -- [[Archive.org]][516] +- [[Archive.org]](https://web.archive.org/web/https://adversarial.io/) #### PDF Documents: ##### PDFParanoia (Linux/Windows/macOS/QubesOS): -Consider using [[Archive.org]][517] which will remove metadata and watermarks on any PDF. +Consider using [[Archive.org]](https://web.archive.org/web/https://github.com/kanzure/pdfparanoia) which will remove metadata and watermarks on any PDF. ##### ExifCleaner (Linux/Windows/macOS/QubesOS): -Just install it from [[Archive.org]][511], run and drag and drop the files into the GUI. +Just install it from [[Archive.org]](https://web.archive.org/web/https://exifcleaner.com/), run and drag and drop the files into the GUI. ##### ExifTool (Linux/Windows/macOS/QubesOS): @@ -8800,13 +8800,13 @@ It is actually simple, just install exiftool and run: #### MS Office Documents: -First, here is a tutorial to remove metadata from Office documents: [[Archive.org]][518]. Make sure however that you do use the latest version of Office with the latest security updates. +First, here is a tutorial to remove metadata from Office documents: [[Archive.org]](https://web.archive.org/web/https://support.microsoft.com/en-us/office/remove-hidden-data-and-personal-information-by-inspecting-documents-presentations-or-workbooks-356b7b5d-77af-44fe-a07f-9aa4d085966f). Make sure however that you do use the latest version of Office with the latest security updates. -Alternatively, on Windows, macOS, Qubes OS, and Linux we would recommend ExifTool ( [[Archive.org]][510]) and/or ExifCleaner ( [[Archive.org]][511]) that allows viewing and/or removing those properties +Alternatively, on Windows, macOS, Qubes OS, and Linux we would recommend ExifTool ( [[Archive.org]](https://web.archive.org/web/https://exiftool.org/)) and/or ExifCleaner ( [[Archive.org]](https://web.archive.org/web/https://exifcleaner.com/)) that allows viewing and/or removing those properties ##### ExifCleaner: -Just install it from [[Archive.org]][511], run and drag and drop the files into the GUI. +Just install it from [[Archive.org]](https://web.archive.org/web/https://exifcleaner.com/), run and drag and drop the files into the GUI. ##### ExifTool: @@ -8848,11 +8848,11 @@ It is actually simple, just install exiftool and run: - "Remove personal information on saving" -In addition, on Windows, macOS, Qubes OS, and Linux we would recommend ExifTool ( [[Archive.org]][510]) and/or ExifCleaner ( [[Archive.org]][511]) that allows viewing and/or removing additional properties +In addition, on Windows, macOS, Qubes OS, and Linux we would recommend ExifTool ( [[Archive.org]](https://web.archive.org/web/https://exiftool.org/)) and/or ExifCleaner ( [[Archive.org]](https://web.archive.org/web/https://exifcleaner.com/)) that allows viewing and/or removing additional properties ##### ExifCleaner: -Just install it from [[Archive.org]][511], run and drag and drop the files into the GUI. +Just install it from [[Archive.org]](https://web.archive.org/web/https://exifcleaner.com/), run and drag and drop the files into the GUI. ##### ExifTool: @@ -8864,7 +8864,7 @@ It is actually simple, jut install exiftool and run: #### All-in-one Tool: -Another option good tool to remove metadata from various documents is the open-source mat2 recommended by privacyguides.org[^445] ( [[Archive.org]][519]) which you can use on Linux quite easily. I never managed to make it work properly within Windows due to various dependencies issues despite the provided instructions. It is however very straightforward to install and use on Linux. +Another option good tool to remove metadata from various documents is the open-source mat2 recommended by privacyguides.org[^445] ( [[Archive.org]](https://web.archive.org/web/https://0xacab.org/jvoisin/mat2)) which you can use on Linux quite easily. I never managed to make it work properly within Windows due to various dependencies issues despite the provided instructions. It is however very straightforward to install and use on Linux. So, we would suggest creating a small Debian VM within Virtualbox (behind your Whonix Gateway) which you can then use from your other VMs to analyze various files from a convenient web interface. For this see [Appendix L: Creating a mat2-web guest VM for removing metadata from files] @@ -8878,7 +8878,7 @@ Tails is great for this; you have nothing to worry about even if you use an SSD ### Whonix: -Note that it's possible to run Whonix in Live mode leaving no traces when you shut down the VMs, consider reading their documentation here [[Archive.org]][521] and here [[Archive.org]][221]. +Note that it's possible to run Whonix in Live mode leaving no traces when you shut down the VMs, consider reading their documentation here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/VM_Live_Mode) and here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Warning). ### macOS: @@ -8888,7 +8888,7 @@ Revert to an earlier snapshot on Virtualbox (or any other VM software you are us #### Host OS: -Most of the info from this section can also be found at this nice guide [[Archive.org]][294] +Most of the info from this section can also be found at this nice guide [[Archive.org]](https://web.archive.org/web/https://www.bejarano.io/hardening-macos/) ##### Quarantine Database (used by Gatekeeper and XProtect): @@ -8906,7 +8906,7 @@ Lastly, you can also disable Gatekeeper altogether by issuing the following comm - ```sudo spctl --master-disable``` -Refer to this section of this guide for further information [[Archive.org]][294] +Refer to this section of this guide for further information [[Archive.org]](https://web.archive.org/web/https://www.bejarano.io/hardening-macos/) In addition to this convenient database, each saved file will also carry detailed file system HFS+/APFS attributes showing for instance when it was downloaded, with what, and from where. @@ -8951,29 +8951,29 @@ Clearing the QuarantineEventsV2 is easy as explained above. Removing the attribu In addition, macOS keeps various logs of mounted devices, connected devices, known networks, analytics, documents revisions... -See this section of this guide for guidance on where to find and how to delete such artifacts: [[Archive.org]][294] +See this section of this guide for guidance on where to find and how to delete such artifacts: [[Archive.org]](https://web.archive.org/web/https://www.bejarano.io/hardening-macos/) -Many of those can be deleted using various commercial third-party tools but we would personally recommend using the free and well-known Onyx which you can find here: [[Archive.org]][522]. Unfortunately, it is closed-source, but it is notarized, signed, and has been trusted for many years. +Many of those can be deleted using various commercial third-party tools but we would personally recommend using the free and well-known Onyx which you can find here: [[Archive.org]](https://web.archive.org/web/https://www.titanium-software.fr/en/onyx.html). Unfortunately, it is closed-source, but it is notarized, signed, and has been trusted for many years. ##### Force a Trim operation after cleaning: - If your file system is APFS, you do not need to worry about Trim, it happens asynchronously as the OS writes data. -- If your file system is HFS+ (or any other than APFS), you could run First Aid on your System Drive from the Disk Utility which should perform a Trim operation in the details ( [[Archive.org]][505]). +- If your file system is HFS+ (or any other than APFS), you could run First Aid on your System Drive from the Disk Utility which should perform a Trim operation in the details ( [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT210898)). ![][506] ### Linux (Qubes OS): -Please consider their guidelines [[Archive.org]][523] +Please consider their guidelines [[Archive.org]](https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/security/security-guidelines.md) If you are using Whonix on Qubes OS, please consider following some of their guides: -- Whonix System Hardening guide [[Archive.org]][509] +- Whonix System Hardening guide [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/System_Hardening_Checklist) -- Enabling App Armor on Qubes [[Archive.org]][374] +- Enabling App Armor on Qubes [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Qubes/AppArmor) -- Also, consider the use of Linux Kernel Guard [[Archive.org]][524] +- Also, consider the use of Linux Kernel Guard [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG) ### Linux (non-Qubes): @@ -8985,11 +8985,11 @@ Revert to an earlier snapshot of the Guest VM on Virtualbox (or any other VM sof Normally you should not have traces to clean within the Host OS since you are doing everything from a VM if you follow this guide. -Nevertheless, you might want to clean some logs. Consider having a look this convenient (but unfortunately unmaintained) tool: [[Archive.org]][525] +Nevertheless, you might want to clean some logs. Consider having a look this convenient (but unfortunately unmaintained) tool: [[Archive.org]](https://web.archive.org/web/https://github.com/sundowndev/covermyass) After cleaning up, make sure you have the fstrim utility installed (should be by default on Fedora) and part of the ```util-linux``` package on Debian/Ubuntu. Then just run ```fstrim --all``` on the Host OS. This should be sufficient on SSD drives as explained earlier. -Consider the use of Linux Kernel Guard as an added measure [[Archive.org]][524] +Consider the use of Linux Kernel Guard as an added measure [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG) ### Windows: @@ -9059,7 +9059,7 @@ Now you should clean the history within any app that you used including Browser Now it is time to clear the history of the Wi-Fi you connect to. Unfortunately, Windows keeps storing a list of past Networks in the registry even if you "forgot" those in the Wi-Fi settings. As far as we know, no utilities clean those yet (BleachBit or PrivaZer for instance) so you will have to do it the manual way: -- Launch Regedit using this tutorial: [[Archive.org]][526] +- Launch Regedit using this tutorial: [[Archive.org]](https://web.archive.org/web/https://support.microsoft.com/en-us/windows/how-to-open-registry-editor-in-windows-10-deab38e6-91d6-e0aa-4b7c-8878d9e07b11) - Within Regedit, enter this to the address bar: ```Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles``` @@ -9071,7 +9071,7 @@ Now it is time to clear the history of the Wi-Fi you connect to. Unfortunately, As explained earlier, Shellbags are basically histories of accessed volumes/files on your computer. Remember that shellbags are exceptionally useful sources of information for forensics[^325] and you need to clean those. Especially if you mounted any "hidden volume" anywhere. Again, you should not do this on the Decoy OS: -- Download Shellbag Analyzer & Cleaner from [[Archive.org]][527] +- Download Shellbag Analyzer & Cleaner from [[Archive.org]](https://web.archive.org/web/https://privazer.com/en/download-shellbag-analyzer-shellbag-cleaner.php) - Launch it @@ -9105,7 +9105,7 @@ Please refer to [Appendix H: Windows Cleaning Tools] before continuing. Here are the steps for PrivaZer: -- Download and install PrivaZer from [[Archive.org]][528] +- Download and install PrivaZer from [[Archive.org]](https://web.archive.org/web/https://privazer.com/en/download.php) - Run PrivaZer after install @@ -9151,7 +9151,7 @@ Here are the steps for PrivaZer: Here are the steps for BleachBit: -- Get and install the latest version from BleachBit here [[Archive.org]][529] +- Get and install the latest version from BleachBit here [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/download) - Run BleachBit @@ -9175,7 +9175,7 @@ Here are the steps for BleachBit: With this Native Windows 10/11 utility, you can just trigger a Trim on your SSD which should be more than enough to securely clean all deleted files that somehow would have escaped Trim when deleting them. -Just open Windows Explorer, Right Click on your System Drive and click Properties. Select Tools. Click Optimize and Defragment. You are done as this will not defragment but only optimize. Meaning it will initiate a Trim operation ( [[Wikiless]][485] [[Archive.org]]). +Just open Windows Explorer, Right Click on your System Drive and click Properties. Select Tools. Click Optimize and Defragment. You are done as this will not defragment but only optimize. Meaning it will initiate a Trim operation ( [[Wikiless]](https://wikiless.org/wiki/Trim_(computing)) [[Archive.org]]). ![][501] @@ -9193,9 +9193,9 @@ Contrary to widespread belief, it is possible to have some but not all this info You can check some useful information about how to and get delete various accounts on these websites: -- [[Archive.org]][530] +- [[Archive.org]](https://web.archive.org/web/https://justdeleteme.xyz/) -- [[Archive.org]][531] +- [[Archive.org]](https://web.archive.org/web/https://justgetmydata.com/) When you are done with this part, you should now handle search engines and while you may not be able to have the information deleted, you can ask them to update/remove outdated information which could then remove some cached information. @@ -9203,7 +9203,7 @@ When you are done with this part, you should now handle search engines and while **Unfortunately, this will require you to have a Google account to request the update/removal (however this can be done with any Google account from anyone). There is no way around this except waiting.** -Go to their "Remove outdated content from Google Search" page here: [[Archive.org]][532] and submit a request accordingly. +Go to their "Remove outdated content from Google Search" page here: [[Archive.org]](https://web.archive.org/web/https://search.google.com/search-console/remove-outdated-content) and submit a request accordingly. If your profile/username was deleted/changed, they should re-index the content and update accordingly, and remove these traces. @@ -9213,7 +9213,7 @@ These requests might take several days to process. Be patient. **Unfortunately, this will require you to have a Microsoft account to request the update/removal (however this can be done with any Microsoft account from any identity). There is no way around this except waiting.** -Go to their "Content Removal" page here: [[Archive.org]][533] and submit a request accordingly. +Go to their "Content Removal" page here: [[Archive.org]](https://web.archive.org/web/https://www.bing.com/webmasters/tools/contentremoval) and submit a request accordingly. If your profile/username was deleted/changed, they should re-index the content and update accordingly, and remove these traces. @@ -9229,7 +9229,7 @@ In addition, DuckDuckGo source most of their searches from Bing (and not Google) **Unfortunately, this will require you to have a Yandex account to request removals (however this can be done with any Yandex account from any identity). There is no way around this except waiting.** -Once have your Yandex account, head to the Yandex Webmaster tools [[Archive.org]][534] and then select Tools and Delete URL [[Archive.org]][535] +Once have your Yandex account, head to the Yandex Webmaster tools [[Archive.org]](https://web.archive.org/web/https://webmaster.yandex.com/) and then select Tools and Delete URL [[Archive.org]](https://web.archive.org/web/https://webmaster.yandex.com/tools/del-url/) There you could input the URL that does not exist anymore if you had them deleted. @@ -9243,7 +9243,7 @@ As far as we know, there is no readily available tool to force this, and you wil ### Yahoo Search: -Yes, Yahoo Search still exists but as per their help page [[Archive.org]][536], there is no way to remove information or refresh information besides waiting. This could take 6 to 8 weeks. +Yes, Yahoo Search still exists but as per their help page [[Archive.org]](https://web.archive.org/web/https://help.yahoo.com/kb/SLN4530.html), there is no way to remove information or refresh information besides waiting. This could take 6 to 8 weeks. ### Baidu: @@ -9251,7 +9251,7 @@ As far asWeknow, there is no readily available tool to force this unless you con ### Wikipedia: -As far asWeknow, there is no way to remove information from Wikipedia articles themselves but if you just want to remove traces of your username from it (as a user that contributed), you can do so by following these steps: [[Wikiless]][537] [[Archive.org]][538] +As far asWeknow, there is no way to remove information from Wikipedia articles themselves but if you just want to remove traces of your username from it (as a user that contributed), you can do so by following these steps: [[Wikiless]](https://wikiless.org/wiki/Wikipedia:Courtesy_vanishing) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Wikipedia:Courtesy_vanishing) This will not remove any information about your online identities that could appear in other articles but only your own identity on Wikipedia as a user. @@ -9277,7 +9277,7 @@ Have a look at those websites: - -- [[Archive.org]][539] +- [[Archive.org]](https://web.archive.org/web/https://inteltechniques.com/workbook.html) # Some low-tech old-school tricks: @@ -9333,7 +9333,7 @@ You must live by the simple rule that "loose lips sink ships" - but also that th - Make sure you are not keeping a copy of this guide anywhere unsafe after. The sole presence of this guide will most likely defeat all your plausible deniability possibilities. -- OSINT "yourself" and your identities from time to time by looking for them yourself online using various search engines to monitor your online identities. You can even automate the process somewhat using various tools such as Google Alerts [[Archive.org]][541]. +- OSINT "yourself" and your identities from time to time by looking for them yourself online using various search engines to monitor your online identities. You can even automate the process somewhat using various tools such as Google Alerts [[Archive.org]](https://web.archive.org/web/https://www.google.com/alerts). - Do not ever use biometrics alone to safeguard your secrets. Biometrics can be used without your consent. @@ -9352,7 +9352,7 @@ You must live by the simple rule that "loose lips sink ships" - but also that th - Remember the [How to spot if someone has been searching your stuff][How to spot if someone has been searching your stuff:] section. -- Consider the use of Haven [[Archive.org]][540] on some old android phone to keep watch on your home/room while you are away. +- Consider the use of Haven [[Archive.org]](https://web.archive.org/web/https://guardianproject.github.io/haven/) on some old android phone to keep watch on your home/room while you are away. - Remember [Appendix N: Warning about smartphones and smart devices]. Do not forget your smart devices can compromise your anonymity. @@ -9366,41 +9366,41 @@ You must live by the simple rule that "loose lips sink ships" - but also that th - Keep plausible deniability as an option but remember it will not help against the 5$ wrench either. -- Never ever leave your laptop unattended/on/unlocked anywhere when conducting sensitive activities. Remember the story of Ross Ulbricht and his arrest [[Wikiless]][542] [[Archive.org]][543]. +- Never ever leave your laptop unattended/on/unlocked anywhere when conducting sensitive activities. Remember the story of Ross Ulbricht and his arrest [[Wikiless]](https://wikiless.org/wiki/Ross_Ulbricht) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Ross_Ulbricht). - Check for tampering regularly (not only your devices but also your home/room). -- If you can, do not talk to the police/authorities (at least if you are in the US) [[Invidious]][544] without a lawyer. Remain silent. +- If you can, do not talk to the police/authorities (at least if you are in the US) [[Invidious]](https://yewtu.be/watch?v=d-7o9xYp7eE) without a lawyer. Remain silent. - Know and always have at your disposal the details of a lawyer that could help you as a last resort in case things go wrong. - Keep your situation awareness high but not too high as to appear suspicious. -- Read those tips here [[Archive.org]][339] +- Read those tips here [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/DoNot) - **Have common sense, do not be dumb, look and learn from others' mistakes, watch/read these:** - - Medium.com, Darkweb Vendors and the Basic Opsec Mistakes They Keep Making [[Scribe.rip]][545] [[Archive.org]][546] + - Medium.com, Darkweb Vendors and the Basic Opsec Mistakes They Keep Making [[Scribe.rip]](https://scribe.rip/@c5/darkweb-vendors-and-the-basic-opsec-mistakes-they-keep-making-e54c285a488c) [[Archive.org]](https://web.archive.org/web/https://medium.com/@c5/darkweb-vendors-and-the-basic-opsec-mistakes-they-keep-making-e54c285a488c) - - 2020, Sinwindie, OSINT, and Dark Web Markets, Why OPSEC Still Matters [[Invidious]][547] + - 2020, Sinwindie, OSINT, and Dark Web Markets, Why OPSEC Still Matters [[Invidious]](https://yewtu.be/watch?v=IqZZU9lFlF4) - - 2020, RSA Conference 2020, When Cybercriminals with Good OpSec Attack [[Invidious]][548] + - 2020, RSA Conference 2020, When Cybercriminals with Good OpSec Attack [[Invidious]](https://yewtu.be/watch?v=zXmZnU2GdVk) - - 2015, DEF CON 22, Adrian Crenshaw, Dropping Docs on Darknets: How People Got Caught [[Invidious]][549] ([Slides][] [[Archive.org]][550]) + - 2015, DEF CON 22, Adrian Crenshaw, Dropping Docs on Darknets: How People Got Caught [[Invidious]](https://yewtu.be/watch?v=eQ2OZKitRwc) ([Slides][] [[Archive.org]](https://web.archive.org/web/https://www.defcon.org/images/defcon-22/dc-22-presentations/Crenshaw/DEFCON-22-Adrian-Crenshaw-Dropping-Docs-on-Darknets-How-People-Got-Caught-UPDATED.pdf)) - - 2017, Ochko123 - How the Feds Caught Russian Mega-Carder Roman Seleznev [[Invidious]][551] + - 2017, Ochko123 - How the Feds Caught Russian Mega-Carder Roman Seleznev [[Invidious]](https://yewtu.be/watch?v=6Chp12sEnWk) - 2017, [DEF CON 25 - Svea Eckert, Andreas Dewes - Dark Data](https://www.youtube.com/watch?v=1nvYGi7-Lxo) [[Invidious]](https://yewtu.be/watch?v=1nvYGi7-Lxo) - - 2015, DEF CON 22, Zoz, Don't Fuck It Up! [[Invidious]][552] + - 2015, DEF CON 22, Zoz, Don't Fuck It Up! [[Invidious]](https://yewtu.be/watch?v=J1q4Ir2J8P8) - - 2020, Bad Opsec, How Tor Users Got Caught, [[Invidious]][553] + - 2020, Bad Opsec, How Tor Users Got Caught, [[Invidious]](https://yewtu.be/watch?v=GR_U0G-QGA0) - - 2022, Master of OpSec Masters: A View Through the Prism of Time, [[Archive.org]][1383] - - 2022, How can you become a one-man-army OSINT specialist? [[Archive.org]][1384] + - 2022, Master of OpSec Masters: A View Through the Prism of Time, [[Archive.org]](https://web.archive.org/web/20220714213939/https://officercia.mirror.xyz/4x2-M4R2cSnID1wpsTO4CQNrMQ5JUFouR-rZ_N4xO-Q) + - 2022, How can you become a one-man-army OSINT specialist? [[Archive.org]](https://web.archive.org/web/20220718231735/https://officercia.mirror.xyz/5KSkJOTgMtvgC36v1GqZ987N-_Oj_zwvGatOk0A47Ws) -It is recommended that you learn about the common ways people mess up OPSEC [[Archive.org]][[1381]]. Whatever you do, take OPSEC seriously, and [Don't Fuck It Up!](https://www.youtube.com/watch?v=J1q4Ir2J8P8) +It is recommended that you learn about the common ways people mess up OPSEC [[Archive.org]](https://web.archive.org/web/20220717064253/https://dan-kir.github.io/2022/05/26/OPSEC-notes.html). Whatever you do, take OPSEC seriously, and [Don't Fuck It Up!](https://www.youtube.com/watch?v=J1q4Ir2J8P8) **FINAL OPSEC DISCLAIMER: KEEP YOUR ANONYMOUS IDENTITIES COMPLETELY SANDBOXED FROM YOUR NORMAL ENVIRONMENT AND REAL IDENTITY. DO NOT SHARE ANYTHING BETWEEN THE ANONYMOUS ENVIRONMENTS AND THE REAL IDENTITY ENVIRONMENT. KEEP THEM COMPLETELY COMPARTMENTALIZED ON EVERY LEVEL. MOST OPSEC FAILURES ARE DUE TO USERS ACCIDENTALLY LEAKING INFORMATION RATHER THAN TECHNICAL FAILURES.** @@ -9442,7 +9442,7 @@ It is recommended that you learn about the common ways people mess up OPSEC [[Wikiless]][554] [[Archive.org]][555] and this other visual resource with law references [[Archive.org]][556]. +Keep in mind that many countries have specific laws to compel you to reveal your passwords that could override your "right to remain silent". See this Wikipedia article: [[Wikiless]](https://wikiless.org/wiki/Key_disclosure_law) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Key_disclosure_law) and this other visual resource with law references [[Archive.org]](https://web.archive.org/web/https://www.gp-digital.org/world-map-of-encryption/). # A small final editorial note: @@ -9482,25 +9482,25 @@ If you want to give a hand to users facing censorship and oppression, please con - The Easiest: - - Using the Snowflake addon on your browser ( [[Archive.org]][563]) + - Using the Snowflake addon on your browser ( [[Archive.org]](https://web.archive.org/web/https://snowflake.torproject.org/)) - Slightly more work: - - Running a Tor relay node ( [[Archive.org]][564]) + - Running a Tor relay node ( [[Archive.org]](https://web.archive.org/web/https://community.torproject.org/relay/)) - See [Recommended VPS hosting providers] - - Additional Tutorial: [[Archive.org]][565] + - Additional Tutorial: [[Archive.org]](https://web.archive.org/web/https://torrelay.ca/) If you want a bit more challenge, you can also run a Tor Exit node anonymously using the recommended VPS providers above. -For this, see [[Archive.org]][566] +For this, see [[Archive.org]](https://web.archive.org/web/https://blog.torproject.org/tips-running-exit-node) This project for instance is running several Tor Exit nodes using donations to fund. You can see them here: # Acknowledgments: -- **Very Special Thanks to Edward Snowden and who inspired me to write this guide (buy and read his book please ** [[Wikiless]][567] [[Archive.org]][568]**)** +- **Very Special Thanks to Edward Snowden and who inspired me to write this guide (buy and read his book please ** [[Wikiless]](https://wikiless.org/wiki/Permanent_Record_(autobiography)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Permanent_Record_(autobiography))**)** - **Huge thanks to the people who donated to this project anonymously** @@ -9752,7 +9752,7 @@ DO NOT CONNECT WINDOWS TO ANY NETWORK DURING THE INSTALLATION PROCESS (This will DO NOT CONNECT WINDOWS TO ANY NETWORK DURING THE INSTALLATION PROCESS (This will allow us to create a Local Account and not use a Microsoft account and it will also prevent any telemetry from being sent out during the install process). -- (Only for VirtualBox VM Install) Go into the VirtualBox Machine Settings menu. Select network. Unplug the cable. For this task, you can also follow this excellent tutorial by Oracle [[Archive.org]][1375] +- (Only for VirtualBox VM Install) Go into the VirtualBox Machine Settings menu. Select network. Unplug the cable. For this task, you can also follow this excellent tutorial by Oracle [[Archive.org]](https://web.archive.org/web/https://blogs.oracle.com/virtualization/post/install-microsoft-windows-11-on-virtualbox) - Select your language, currency and keyboard layout @@ -9924,7 +9924,7 @@ Here are the steps in detail: > Do these steps from a different computer to not connect Windows 10/11 to the internet before those settings are applied. You can download and copy those to the USB key (for transfer onto a Windows 10/11 fresh installation) or if it is a VM, you can transfer them to the VM within Virtualbox (VM Settings > General > Advanced > Drag n Drop > Enable Host to Guest). -- (For more advanced users) Download and install W10Privacy from [[Archive.org]][569] +- (For more advanced users) Download and install W10Privacy from [[Archive.org]](https://web.archive.org/web/https://www.w10privacy.de/english-home/) - Open the app as Administrator (right-click > more > run as administrator) @@ -9934,7 +9934,7 @@ Here are the steps in detail: - Reboot -- Download and run WindowsSpyBlocker from [[Archive.org]][570] +- Download and run WindowsSpyBlocker from [[Archive.org]](https://web.archive.org/web/https://crazymax.dev/WindowsSpyBlocker/download/) - Type 1 and go into Telemetry @@ -9944,11 +9944,11 @@ Here are the steps in detail: - Reboot -- Also, consider using ShutUp10++ from [[Archive.org]][571] +- Also, consider using ShutUp10++ from [[Archive.org]](https://web.archive.org/web/https://www.oo-software.com/en/shutup10) - Enable at least all the recommended settings -- Finally, again for users with moderate skils, consider installing Safing portmaster from [[Archive.org]][1373] (Warning there might be some issues with VPNs (see [[Archive.org]][1374] +- Finally, again for users with moderate skils, consider installing Safing portmaster from [[Archive.org]](https://web.archive.org/web/https://safing.io/portmaster/) (Warning there might be some issues with VPNs (see [[Archive.org]](https://web.archive.org/web/https://safing.io/portmaster/https://docs.safing.io/portmaster/install/status/vpn-compatibility) - Go back one last time to the settings to delete Diagnostic and Delete all Data. @@ -9956,7 +9956,7 @@ These measures added to the settings during installation should be hopefully suf **You will need to update and re-run those utilities frequently and after any Windows major update as they tend to silently re-enable telemetry using those updates.** -**As a bonus, it could be interesting to also consider Hardening your Windows Host OS somewhat. See ** [[Archive.org]][572] (This is a security guide, not a privacy guide. If you use this guide, do not enable Hyper-V as it does not play well with Virtualbox, and do not enable features that were specifically disabled for privacy reasons earlier. Such as SmartScreen, cloud protection...) +**As a bonus, it could be interesting to also consider Hardening your Windows Host OS somewhat. See ** [[Archive.org]](https://web.archive.org/web/https://github.com/beerisgood/windows10_hardening) (This is a security guide, not a privacy guide. If you use this guide, do not enable Hyper-V as it does not play well with Virtualbox, and do not enable features that were specifically disabled for privacy reasons earlier. Such as SmartScreen, cloud protection...) # Appendix C: Windows Installation Media Creation (Windows 10) or Download (Windows 11) @@ -9964,7 +9964,7 @@ These measures added to the settings during installation should be hopefully suf These are the steps to create a Windows 10 (21H1) Installation Media using this tool and instructions: - [[Archive.org]][573] + [[Archive.org]](https://web.archive.org/web/https://www.microsoft.com/en-us/software-download/windows10) - Download the tool and execute it from your Download folder. @@ -9992,7 +9992,7 @@ These instructions are valid for all Operating Systems: - System Rescue: - - Create a System Rescue USB disk following these instructions [[Archive.org]][574] (download the ISO and write to a USB stick with Rufus). + - Create a System Rescue USB disk following these instructions [[Archive.org]](https://web.archive.org/web/https://www.system-rescue.org/Installing-SystemRescue-on-a-USB-memory-stick/) (download the ISO and write to a USB stick with Rufus). - Disable Secure Boot in your BIOS/UEFI settings and change the boot order to the USB disk (System Rescue bootloader is not signed and will not boot with secure boot enabled). @@ -10008,15 +10008,15 @@ These instructions are valid for all Operating Systems: - Follow one of these tutorials - - [[Archive.org]][575] + - [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_clearing) - - [[Archive.org]][576] + - [[Archive.org]](https://web.archive.org/web/https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase) - - [[Archive.org]][577] + - [[Archive.org]](https://web.archive.org/web/https://tinyapps.org/docs/wipe_drives_hdparm.html) - ATA Sanitize: - - Follow this tutorial [[Archive.org]][578] + - Follow this tutorial [[Archive.org]](https://web.archive.org/web/https://tinyapps.org/docs/ata_sanitize_hdparm.html) - NVMe SSD: @@ -10024,25 +10024,25 @@ These instructions are valid for all Operating Systems: - Follow one of these tutorials: - - [[Archive.org]][575] + - [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_clearing) - - [[Archive.org]][579] + - [[Archive.org]](https://web.archive.org/web/https://tinyapps.org/docs/nvme-secure-erase.html) - - [[Archive.org]][580] + - [[Archive.org]](https://web.archive.org/web/https://tinyapps.org/docs/nvme-sanitize.html) # Appendix E: Clonezilla -- Get Clonezilla by just following these instructions: [[Archive.org]][581] (I recommend the Alternative version AMD64 that should work with most recent laptops) +- Get Clonezilla by just following these instructions: [[Archive.org]](https://web.archive.org/web/https://clonezilla.org/liveusb.php) (I recommend the Alternative version AMD64 that should work with most recent laptops) - Boot from Clonezilla -- Follow these steps to make a backup: [[Archive.org]][582] +- Follow these steps to make a backup: [[Archive.org]](https://web.archive.org/web/https://clonezilla.org/show-live-doc-content.php?topic=clonezilla-live/doc/01_Save_disk_image) - **If you are backing up a disk with simple Encryption, encryption of the backup is not required since you are backing up an already encrypted disk, but you can still encrypt the backup anyway if you want additional security (and slower backup).** - **If you intend to back up a device with plausible deniability encryption, we strongly recommend against it as this backup image could be used to prove the existence of the hidden volume using forensics techniques as explained earlier. Do not make an image backup of the partition containing your hidden OS.** -- You are done, if you need to restore, follow these instructions: [[Archive.org]][583] +- You are done, if you need to restore, follow these instructions: [[Archive.org]](https://web.archive.org/web/https://clonezilla.org/show-live-doc-content.php?topic=clonezilla-live/doc/02_Restore_disk_image) Each backup could take a while depending on the speed of your laptop and the speed of your external drive. In my experience, expect about 1 hour per backup depending on the drive size and the write speed of your backup media (my tests were done backing up 256GB SSDs on a USB 3.0 7200rpm HDD). @@ -10078,13 +10078,13 @@ Diskpart can be run from any Windows environment using a command prompt. This in ## If you can use Tor: -This guide will **only recommend** using Tor Browser within the host OS because it has the best protection by default. The only other acceptable option in my opinion would be to use Brave Browser with a Tor tab **but keep in mind that Brave themselves recommend the use of Tor Browser if you feel your safety depends on being anonymous** [[Archive.org]][459]**: "If your personal safety depends on remaining anonymous, we highly recommend using Tor Browser instead of Brave Tor windows. ".** +This guide will **only recommend** using Tor Browser within the host OS because it has the best protection by default. The only other acceptable option in my opinion would be to use Brave Browser with a Tor tab **but keep in mind that Brave themselves recommend the use of Tor Browser if you feel your safety depends on being anonymous** [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Chat)**: "If your personal safety depends on remaining anonymous, we highly recommend using Tor Browser instead of Brave Tor windows. ".** This Browser on the host OS will only be used to download various utilities and will never be used for actual sensitive activities. Refer to [Appendix Y: Installing and using desktop Tor Browser]. -If you are experiencing issues connecting to Tor due to Censorship or Blocking, you might consider using Tor bridges as explained here: [[Archive.org]][584] +If you are experiencing issues connecting to Tor due to Censorship or Blocking, you might consider using Tor bridges as explained here: [[Archive.org]](https://web.archive.org/web/https://bridges.torproject.org/) **Use this browser for all the next steps within the host OS unless instructed otherwise.** @@ -10106,19 +10106,19 @@ In this guide we will recommend two-third native tools and two third-party tools - Native Tools: - - Windows 10/11 Disk Cleanup Utility: [[Archive.org]][585] + - Windows 10/11 Disk Cleanup Utility: [[Archive.org]](https://web.archive.org/web/https://support.microsoft.com/en-us/windows/disk-cleanup-in-windows-10-8a96ff42-5751-39ad-23d6-434b4d5b9a68) > This tool will clean up a bunch of things natively. It is not enough, and we instead recommend using the third-party tools below to clean more stuff. PrivaZer for instance will use the disk cleanup utility directly itself and BleachBit will use its own mechanisms. -- Windows 10/11 Optimize Utility (Defrag on HDD Drives): [[Archive.org]][586] (yes the tutorial is for Windows 10 but should work on 11 too) +- Windows 10/11 Optimize Utility (Defrag on HDD Drives): [[Archive.org]](https://web.archive.org/web/https://support.microsoft.com/en-us/windows/defragment-your-windows-10-pc-048aefac-7f1f-4632-d48a-9700c4ec702a) (yes the tutorial is for Windows 10 but should work on 11 too) > For security, this tool is particularly useful on SSD drives at this "Optimize" function will in fact force a Disk wide Trim operation to occur. This will most likely be more than enough to make sure any deleted data that was not trimmed before for any reason will be this time. Deleted data with Trim is very unlikely to be recovered as explained before in this guide. - Third-Party Tools: - - The open-source utility BleachBit [[Archive.org]][587] + - The open-source utility BleachBit [[Archive.org]](https://web.archive.org/web/https://www.bleachbit.org/) - - The closed-source utility PrivaZer [[Archive.org]][588] + - The closed-source utility PrivaZer [[Archive.org]](https://web.archive.org/web/https://privazer.com/) I prefer PrivaZer because it has more customization and smarter features, but we would understand if you do not trust them and prefer open-source software in which case we would recommend BleachBit which offers a bit less customization but similar functionalities. @@ -10142,19 +10142,19 @@ Both these utilities can delete files and can overwrite the free space after del # Appendix I: Using ShredOS to securely wipe an HDD drive: -Several utilities are recommended (like the old unmaintained DBAN[^463] or System Rescue CD ( [[Archive.org]][589])) for this but we will recommend the use of ShredOS. +Several utilities are recommended (like the old unmaintained DBAN[^463] or System Rescue CD ( [[Archive.org]](https://web.archive.org/web/https://www.system-rescue.org/))) for this but we will recommend the use of ShredOS. -Feel free to go with DBAN instead if you want (using this tutorial: [[Archive.org]][590]), the process is basically the same but will not work out of the box with UEFI laptops. +Feel free to go with DBAN instead if you want (using this tutorial: [[Archive.org]](https://web.archive.org/web/https://www.lifewire.com/how-to-erase-a-hard-drive-using-dban-2619148)), the process is basically the same but will not work out of the box with UEFI laptops. If you want to go with System-Rescue, just head to their website and follow the instructions. ## Windows: -- Download ShredOS from [[Archive.org]][591] +- Download ShredOS from [[Archive.org]](https://web.archive.org/web/https://github.com/PartialVolume/shredos.x86_64) - Unzip the ISO file -- Download Rufus from [[Archive.org]][592] +- Download Rufus from [[Archive.org]](https://web.archive.org/web/https://rufus.ie/) - Launch Rufus @@ -10168,7 +10168,7 @@ If you want to go with System-Rescue, just head to their website and follow the ## Linux: -- Follow instructions on [[Archive.org]][591] +- Follow instructions on [[Archive.org]](https://web.archive.org/web/https://github.com/PartialVolume/shredos.x86_64) - Reboot and boot the USB key @@ -10184,41 +10184,41 @@ Unfortunately, most of these tools are Windows only. ## Tools that provide a boot disk for wiping from boot: -- SanDisk DashBoard: [[Archive.org]][593] +- SanDisk DashBoard: [[Archive.org]](https://web.archive.org/web/https://kb.sandisk.com/app/answers/detail/a_id/15108/~/dashboard-support-information) -- Seagate SeaTools: [[Archive.org]][594] +- Seagate SeaTools: [[Archive.org]](https://web.archive.org/web/https://www.seagate.com/support/downloads/seatools/) -- Samsung Magican: [[Archive.org]][595] +- Samsung Magican: [[Archive.org]](https://web.archive.org/web/https://www.samsung.com/semiconductor/minisite/ssd/download/tools/) -- Kingston SSD Manager: [[Archive.org]][596] +- Kingston SSD Manager: [[Archive.org]](https://web.archive.org/web/https://www.kingston.com/unitedstates/en/support/technical/ssdmanager) - Lenovo: - Most likely native utility available within the BIOS/UEFI, please check - - Drive Erase Utility: [[Archive.org]][597] + - Drive Erase Utility: [[Archive.org]](https://web.archive.org/web/https://support.lenovo.com/us/en/downloads/ds019026-thinkpad-drive-erase-utility-for-resetting-the-cryptographic-key-and-erasing-the-solid-state-drive-thinkpad) -- Crucial Storage Executive: [[Archive.org]][598] +- Crucial Storage Executive: [[Archive.org]](https://web.archive.org/web/https://www.crucial.com/support/storage-executive) -- Western Digital Dashboard: [[Archive.org]][599] +- Western Digital Dashboard: [[Archive.org]](https://web.archive.org/web/https://support.wdc.com/downloads.aspx?p=279) -- HP: Follow instructions on [[Archive.org]][600] +- HP: Follow instructions on [[Archive.org]](https://web.archive.org/web/https://store.hp.com/us/en/tech-takes/how-to-secure-erase-ssd) -- Transcend SSD Scope: [[Archive.org]][601] +- Transcend SSD Scope: [[Archive.org]](https://web.archive.org/web/https://www.transcend-info.com/Support/Software-10/) - Dell: - - Most likely native utility available within the BIOS/UEFI, please check [[Archive.org]][602] + - Most likely native utility available within the BIOS/UEFI, please check [[Archive.org]](https://web.archive.org/web/https://www.dell.com/support/kbdoc/en-us/000134997/using-the-dell-bios-data-wipe-function-for-optiplex-precision-and-latitude-systems-built-after-november-2015?lwp=rt) ## Tools that provide only support from running OS (for external drives). -- Toshiba Storage Tools: [[Archive.org]][603] +- Toshiba Storage Tools: [[Archive.org]](https://web.archive.org/web/https://www.toshiba-storage.com/downloads/) # Appendix K: Considerations for using external SSD drives **I do not recommend using external SSDs due to the uncertainty about their support for Trim, ATA Secure Erase, and Sanitize options through USB controllers. Instead, we recommend using external HDD disks which can be cleaned/wiped safely and securely without hassle (albeit much slower than SSD drives).** -Please do not buy or use gimmicky self-encrypting devices such as these: [[Archive.org]][235] +Please do not buy or use gimmicky self-encrypting devices such as these: [[Archive.org]](https://web.archive.org/web/https://syscall.eu/blog/2018/03/12/aigo_part1/) Some might be very efficient[^464] but many are gimmicky gadgets. @@ -10246,7 +10246,7 @@ It is possible Windows will detect your external SSD properly and enable Trim by ### ATA/NVMe Operations (Secure Erase/Sanitize): -**Use the manufacturer-provided tools to check and perform these operations** ... It is pretty much the only way to be sure it is not only supported but actually works. Some utilities can tell you whether it is supported or not like CrystalDiskInfo [[Archive.org]][465] but will not actually check if it is working. See [Appendix J: Manufacturer tools for Wiping HDD and SSD drives][Appendix J: Manufacturer tools for Wiping HDD and SSD drives:]. +**Use the manufacturer-provided tools to check and perform these operations** ... It is pretty much the only way to be sure it is not only supported but actually works. Some utilities can tell you whether it is supported or not like CrystalDiskInfo [[Archive.org]](https://web.archive.org/web/https://element.io/) but will not actually check if it is working. See [Appendix J: Manufacturer tools for Wiping HDD and SSD drives][Appendix J: Manufacturer tools for Wiping HDD and SSD drives:]. If it does not work. Just decrypt and re-encrypt the whole drive or fill up the free space as instructed in the guide. There is no other way AFAIK. Besides booting up a System Rescue Linux CD and see the next section. @@ -10254,15 +10254,15 @@ If it does not work. Just decrypt and re-encrypt the whole drive or fill up the ### Trim Support: -Follow this good tutorial: [[Archive.org]][604] +Follow this good tutorial: [[Archive.org]](https://web.archive.org/web/https://www.glump.net/howto/desktop/enable-trim-on-an-external-ssd-on-linux) ### ATA/NVMe Operations (Secure Erase/Sanitize): -**It is not "recommended". Please read the disclaimers here ** [[Archive.org]][576] **and here ** [[Archive.org]][575] +**It is not "recommended". Please read the disclaimers here ** [[Archive.org]](https://web.archive.org/web/https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase) **and here ** [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_clearing) But this seems to be based on anecdotal experiences. So, if you are sure your external SSD supports Trim (see vendor documentation). You could just **try at your own risk** to use nvme-cli or hdparm to issue secure erases. -See also this tutorial [[Archive.org]][605] +See also this tutorial [[Archive.org]](https://web.archive.org/web/https://code.mendhak.com/securely-wipe-ssd/) **Your mileage may vary. Use at your own risk.** @@ -10274,9 +10274,9 @@ According to Apple Documentation[^455], Trim is supported on APFS (asynchronousl So, if it is supported (and enabled on your external SSD), you should be able to issue a Trim on a non-APFS drive using Disk Utility and First Aid which should issue a Trim. -If your disk supports it but it is not enabled in macOS. You could try issuing a "sudo trimforce enable" command from the Terminal and see if it enables Trim on your external SSD. And then again check the first aid command if it is not APFS (see this Tutorial for info [[Archive.org]][606]) +If your disk supports it but it is not enabled in macOS. You could try issuing a "sudo trimforce enable" command from the Terminal and see if it enables Trim on your external SSD. And then again check the first aid command if it is not APFS (see this Tutorial for info [[Archive.org]](https://web.archive.org/web/https://www.lifewire.com/enable-trim-for-ssd-in-os-x-yosemite-2260789)) -If it does not work, we are not aware of any reliable method to enable TRIM besides the commercial utility Trim Enabler here [[Archive.org]][607] which claims support for external drives. +If it does not work, we are not aware of any reliable method to enable TRIM besides the commercial utility Trim Enabler here [[Archive.org]](https://web.archive.org/web/https://cindori.org/trimenabler/) which claims support for external drives. ### ATA/NVMe Operations (Secure Erase/Sanitize): @@ -10290,7 +10290,7 @@ We are not aware of any method of doing so reliably and safely on macOS. So, you # Appendix L: Creating a mat2-web guest VM for removing metadata from files -Download the latest Debian testing amd64 netinst ISO from [[Archive.org]][608] +Download the latest Debian testing amd64 netinst ISO from [[Archive.org]](https://web.archive.org/web/https://www.debian.org/CD/netinst/) **(Get testing to get the latest mat2 release, stable is a few versions back)** @@ -10376,13 +10376,13 @@ Now you can just start this small Mat2 VM when needed. Browse to it from your Gu Here are some links on how to securely wipe your drive (HDD/SSD) from the BIOS for various brands: -- Lenovo ThinkPads: [[Archive.org]][609] +- Lenovo ThinkPads: [[Archive.org]](https://web.archive.org/web/https://support.lenovo.com/be/en/solutions/migr-68369) -- HP (all): [[Archive.org]][610] +- HP (all): [[Archive.org]](https://web.archive.org/web/https://support.hp.com/gb-en/document/c06204100) -- Dell (all): [[Archive.org]][611] +- Dell (all): [[Archive.org]](https://web.archive.org/web/https://www.dell.com/support/kbdoc/en-us/000146892/dell-data-wipe) -- Acer (Travelmate only): [[Archive.org]][612] +- Acer (Travelmate only): [[Archive.org]](https://web.archive.org/web/https://us.answers.acer.com/app/answers/detail/a_id/41567/~/how-to-use-disk-sanitizer-on-acer-travelmate-notebooks) - Asus: no option AFAIK except maybe for some ROG models. @@ -10396,15 +10396,13 @@ Here are some links on how to securely wipe your drive (HDD/SSD) from the BIOS f When conducting sensitive activities, remember that: -- **You should not bring your real smartphone or smart devices with you (even turned off).** Correlation attacks are possible on the Cell Networks to find which phone "turned off" before your burner phone "turned on". While this might not work the first time, after a few times, the net will tighten, and you will get compromised. It is better to leave your main smartphone at home online (see this article (Russian, use Google Translate link): [[Google Translate]][613] [[Archive.org]][614]**)** +- **You should not bring your real smartphone or smart devices with you (even turned off).** Correlation attacks are possible on the Cell Networks to find which phone "turned off" before your burner phone "turned on". While this might not work the first time, after a few times, the net will tighten, and you will get compromised. It is better to leave your main smartphone at home online (see this article (Russian, use Google Translate link): [[Google Translate]](https://translate.google.com/translate?hl=&sl=ru&tl=en&u=https%3A%2F%2Fbiboroda.livejournal.com%2F4894724.html&anno=2) [[Archive.org]](https://web.archive.org/web/https://biboroda.livejournal.com/4894724.html)**)** - **Again, do not take them with you unless it is absolutely necessary.** **If you really must,** you could consider powering it off and removing the battery or, if not possible, the use of a faraday cage[^466] bag to store your devices. There are many such faraday "signal blocking" bags available for sale and some of these have been studied[^467] for their effectiveness. If you cannot afford such bags, you can probably achieve a "decent result" with one or several sheets of aluminum foil (as shown in the previously linked study). - Warning: consider that sensor data itself can also be reliably used to track you[^468]'[^469]. -- Consider leaving your smart devices at home online and doing something (watching YouTube/Netflix or something similar) instead of taking them with you powered off. This will mitigate tracking efforts but also create digital traces that could indicate you were at home. - - - **This could also include your car which could for example have a cell network device (including at least an IMEI) and a functionality to call emergency services** +- **Consider leaving your smart devices at home online and doing something (watching YouTube/Netflix or something similar) instead of taking them with you powered off. This will mitigate tracking efforts but also create digital traces that could indicate you were at home.** Additionally, if using a smartphone as a burner, know that they send a lot of diagnostics by default. Enough to potentially identify you based on your device usage patterns (a technique known as biometric profiling). You should avoid using your burner unless absolutely necessary, to minimize the information that can be collected and used to identify you. @@ -10412,23 +10410,23 @@ Additionally, if using a smartphone as a burner, know that they send a lot of di **Note: Please do not consider commercial gimmicky all-in devices for anonymity. The only way to achieve proper OPSEC is by doing it yourself. See those examples to see why it is not a clever idea:** -- **AN0M: ** [[Archive.org]][615] +- **AN0M: ** [[Archive.org]](https://web.archive.org/web/https://www.theguardian.com/australia-news/2021/sep/11/inside-story-most-daring-surveillance-sting-in-history) -- **Encrochat: ** [[Wikiless]][616] [[Archive.org]][617] +- **Encrochat: ** [[Wikiless]](https://wikiless.org/wiki/EncroChat) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/EncroChat) -- **Sky ECC: ** [[Wikiless]][618] [[Archive.org]][619] +- **Sky ECC: ** [[Wikiless]](https://wikiless.org/wiki/Sky_ECC) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Sky_ECC) -**You should never rely on an external commercial service to ensure your first line of anonymity. But you will see that paid services can still be used later from an already anonymous identity if bought anonymously while observing good operational security.** +**You should never rely on some external commercial service to protect your anonymity.** # Appendix O: Getting an anonymous VPN/Proxy -If you follow our advice, you will also need a VPN subscription but this time you will need an anonymous one that cannot be tied to you by the financial system. Meaning you will need to buy a VPN subscription with cash or a reasonably private cryptocurrency (for example Monero). You will later be able to use this VPN to connect to various services anonymously but **never directly from your IP**. This VPN can never be used in any other non-anonymous context without jeopardzing your anonymity. +If you follow my advice, you will also need a VPN subscription but this time you will need an anonymous one that cannot be tied to you by the financial system. Meaning you will need to buy a VPN subscription with cash or a reasonably private cryptocurrency (Monero). You will later use this VPN to connect to the various services anonymously but never directly from your IP. There are, two viable options: ## Cash/Monero-Paid VPN: -There are three VPN companies recommended by PrivacyGuides.org ( [[Archive.org]][620]) that accept cash payments: Mullvad, iVPN, and Proton VPN. +There are three VPN companies recommended by PrivacyGuides.org ( [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/vpn/)) that accept cash payments: Mullvad, iVPN, and Proton VPN. Here are their logging policies: @@ -10436,7 +10434,7 @@ Here are their logging policies: - iVPN: [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/privacy/) - ProtonVPN: [[Archive.org]](https://web.archive.org/web/https://protonvpn.com/support/no-logs-vpn/) -In addition, we will also mention a newcomer to watch: Safing SPN [[Archive.org]][621]) which (while still in the alpha stage at the time of this writing) which also accepts cash and has a very distinct new concept for a VPN which provides benefits similar to Tor Stream isolation with their "SPN"). Note that Safing SPN is not available on macOS at the moment. This possibility is "provisional" and at your own risk, but we think was worth mentioning. +In addition, we will also mention a newcomer to watch: Safing SPN [[Archive.org]](https://web.archive.org/web/https://safing.io/)) which (while still in the alpha stage at the time of this writing) which also accepts cash and has a very distinct new concept for a VPN which provides benefits similar to Tor Stream isolation with their "SPN"). Note that Safing SPN is not available on macOS at the moment. This possibility is "provisional" and at your own risk, but we think was worth mentioning. Personally, for now, we would recommend Mullvad due to personal experience. @@ -10486,7 +10484,7 @@ The other alternative is setting up your own VPN/Proxy using a VPS (Virtual Priv **This will offer some advantages as the chances of your IP being block-listed somewhere are lower than known VPN providers.** -This does also offer some disadvantages as Monero is not perfect as explained earlier in this guide and some global adversaries could maybe still track you. You will need to get Monero from an Exchange using the normal financial system and then pick a hosting (list here [[Archive.org]][622]) or from a local reseller using cash from . +This does also offer some disadvantages as Monero is not perfect as explained earlier in this guide and some global adversaries could maybe still track you. You will need to get Monero from an Exchange using the normal financial system and then pick a hosting (list here [[Archive.org]](https://web.archive.org/web/https://www.getmonero.org/community/merchants/)) or from a local reseller using cash from . **Do not in any circumstance use this new VPS/VPN/Proxy using your known connections. Only access it through Tor using Whonix Workstation for instance (this is explained later). This VPN will only be used later within a Virtual Machin over the Tor Network in a secure way as we do not trust VPN providers' "no-logging policies". This VPN provider should never know your real origin IP.** @@ -10494,7 +10492,7 @@ Please see [Appendix A1: Recommended VPS hosting providers] ### VPN VPS: -There are plenty of tutorials on how to do this like this one [[Archive.org]][623] +There are plenty of tutorials on how to do this like this one [[Archive.org]](https://web.archive.org/web/https://proprivacy.com/vpn/guides/create-your-own-vpn-server) ### Socks Proxy VPS: @@ -10504,13 +10502,13 @@ It is probably the easiest thing to set up since you will just use the SSH conne Here are a few tutorials on how to do this very quickly: -- (Windows/Linux/macOS) [[Archive.org]][624] +- (Windows/Linux/macOS) [[Archive.org]](https://web.archive.org/web/https://linuxize.com/post/how-to-setup-ssh-socks-tunnel-for-private-browsing/) -- (Windows/Linux/macOS) [[Archive.org]][625] +- (Windows/Linux/macOS) [[Archive.org]](https://web.archive.org/web/https://www.digitalocean.com/community/tutorials/how-to-route-web-traffic-securely-without-a-vpn-using-a-socks-tunnel) -- (Windows) [[Archive.org]][626] +- (Windows) [[Archive.org]](https://web.archive.org/web/https://www.forwardproxy.com/2018/12/using-putty-to-setup-a-quick-socks-proxy/) -- (Linux/macOS) [[Archive.org]][627] +- (Linux/macOS) [[Archive.org]](https://web.archive.org/web/https://ma.ttias.be/socks-proxy-linux-ssh-bypass-content-filters/) Here is my basic tutorial: @@ -10546,7 +10544,7 @@ Here are the steps: - Get your anonymous VPS set-up -- Download and install Putty from [[Archive.org]][628] +- Download and install Putty from [[Archive.org]](https://web.archive.org/web/https://www.putty.org/) - Set the following options in Putty and connect to your server @@ -10568,7 +10566,7 @@ Now, there might also be situations where simply using Tor or a VPN alone could But you still want to do something anonymously without disclosing/leaking any information. -In that case, my last resort recommendation is to connect safely **from a distance** to a Public Wi-Fi (See [Find some safe places with decent public Wi-Fi][Find some safe places with decent public Wi-Fi:]) using your laptop and Tails "unsafe browser". See [[Archive.org]][630]. +In that case, my last resort recommendation is to connect safely **from a distance** to a Public Wi-Fi (See [Find some safe places with decent public Wi-Fi][Find some safe places with decent public Wi-Fi:]) using your laptop and Tails "unsafe browser". See [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/contribute/design/Unsafe_Browser/). **If Tor usage alone is suspicious or risky, you should NOT allow Tails to try establishing a Tor connection at start-up by doing the following:** @@ -10594,7 +10592,7 @@ You could also use the other routes (Whonix and Qubes OS without using Tor/VPN) **Be safe and extremely cautious. This is entirely at your own risk.** -Consider reading this older but still relevant guide [[Archive.org]][631] +Consider reading this older but still relevant guide [[Archive.org]](https://web.archive.org/web/https://archive.flossmanuals.net/bypassing-censorship/index.html) # Appendix Q: Using long-range Antenna to connect to Public Wi-Fis from a safe distance: @@ -10606,9 +10604,9 @@ These antennas are widely available on various online shops for a cheap price (A Such antennas need to be combined with specific USB adapters that have an external Antenna plug and sufficiently high power to use them. -**We would recommend the AWUS036 series in the Alfa brand of adapters (see ** [[Archive.org]][633]**).** But you could also go with some other brands if you want such as the TP-Link TL-WN722 (see [[Archive.org]][634]). +**We would recommend the AWUS036 series in the Alfa brand of adapters (see ** [[Archive.org]](https://web.archive.org/web/https://www.alfa.com.tw/)**).** But you could also go with some other brands if you want such as the TP-Link TL-WN722 (see [[Archive.org]](https://web.archive.org/web/https://www.tp-link.com/us/home-networking/usb-adapter/tl-wn722n/)). -See this post for a comparison of various adapters: [[Archive.org]][635] (Usually those antennas are used by Penetration Testers to probe Wi-Fis from a distance and are often discussed within the scope of the Kali Linux distribution). +See this post for a comparison of various adapters: [[Archive.org]](https://web.archive.org/web/https://www.wirelesshack.org/best-kali-linux-compatible-usb-adapter-dongles.html) (Usually those antennas are used by Penetration Testers to probe Wi-Fis from a distance and are often discussed within the scope of the Kali Linux distribution). The process is simple: @@ -10624,7 +10622,7 @@ The process is simple: - Connect to the Wi-Fi of your choice. -**Do not forget tho that this will only delay a motivated adversary. Your signal can be triangulated easily by a motivated adversary in a matter of minutes once they reach the physical location of the Wi-Fi you're connecting to (for instance using a device such as AirCheck ** [[Invidious]][636]**, also see their other products here ** [[Archive.org]][637]**). These products can easily be deployed on mobile units (in a Car for instance) and pinpoint your location in a matter of minutes.** +**Do not forget tho that this will only delay a motivated adversary. Your signal can be triangulated easily by a motivated adversary in a matter of minutes once they reach the physical location of the Wi-Fi you're connecting to (for instance using a device such as AirCheck ** [[Invidious]](https://yewtu.be/watch?v=8FV2QZ1BPnw)**, also see their other products here ** [[Archive.org]](https://web.archive.org/web/https://www.netally.com/products/)**). These products can easily be deployed on mobile units (in a Car for instance) and pinpoint your location in a matter of minutes.** Ideally, this should "not be an issue" since this guide provides multiple ways of hiding your origin IP using VPNs and Tor. But if you are in a situation where VPN and Tor are not an option, then this could be your only security. @@ -10632,37 +10630,37 @@ Ideally, this should "not be an issue" since this guide provides multiple ways o Download the VPN client installer of your cash paid VPN service and install it on Host OS (Tor over VPN, VPN over Tor over VPN) or the VM of your choice (VPN over Tor): -- Whonix Tutorial (should work with any VPN provider): [[Archive.org]][319] (use the Linux configurations below to get the necessary configuration files) +- Whonix Tutorial (should work with any VPN provider): [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor) (use the Linux configurations below to get the necessary configuration files) - Windows Tutorials: - - Mullvad: [[Archive.org]][638] + - Mullvad: [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/install-mullvad-app-windows/) - - iVPN: [[Archive.org]][639] + - iVPN: [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/apps-windows) - - Safing: [[Archive.org]][640] + - Safing: [[Archive.org]](https://web.archive.org/web/https://docs.safing.io/portmaster/install/windows) - - Proton VPN: [[Archive.org]][641] + - Proton VPN: [[Archive.org]](https://web.archive.org/web/https://protonvpn.com/support/protonvpn-windows-vpn-application/) - macOS: - - Mullvad: [[Archive.org]][642] + - Mullvad: [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/install-and-use-mullvad-app-macos/) - - IVPN: [[Archive.org]][643] + - IVPN: [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/apps-macos/) - Safing: Not available on macOS - - Proton VPN: [[Archive.org]][644] + - Proton VPN: [[Archive.org]](https://web.archive.org/web/https://protonvpn.com/support/protonvpn-mac-vpn-application/) - Linux: - - Mullvad: [[Archive.org]][645] + - Mullvad: [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/install-mullvad-app-linux/) - - iVPN: [[Archive.org]][646] + - iVPN: [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/apps-linux/) - - Safing: [[Archive.org]][647] + - Safing: [[Archive.org]](https://web.archive.org/web/https://docs.safing.io/portmaster/install/linux) - - Proton VPN: [[Archive.org]][648] + - Proton VPN: [[Archive.org]](https://web.archive.org/web/https://protonvpn.com/support/linux-vpn-setup/) **Important note: Tor does not support UDP, and you should use TCP instead with the VPN client in the Tor over VPN cases (on the VMs).** @@ -10672,11 +10670,11 @@ Here are some guides provided by the recommended VPN providers in this guide: - Windows: - - iVPN: [[Archive.org]][649] + - iVPN: [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/knowledgebase/general/do-you-offer-a-kill-switch-or-vpn-firewall/) - - Proton VPN: [[Archive.org]][650] + - Proton VPN: [[Archive.org]](https://web.archive.org/web/https://protonvpn.com/support/what-is-kill-switch/) - - Mullvad: [[Archive.org]][651] + - Mullvad: [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/using-mullvad-vpn-app/) - Whonix Workstation: Coming Soon, it is certainly possible, but we did not find a suitable and easy tutorial yet. It is also worth remembering that if your VPN stops on Whonix, you will still be behind the Tor Network. @@ -10686,23 +10684,23 @@ Here are some guides provided by the recommended VPN providers in this guide: - iVPN same as Windows, the option should be in the provided VPN client - - Proton VPN same as Windows with the client, the option should be in the provided VPN client [[Archive.org]][652] + - Proton VPN same as Windows with the client, the option should be in the provided VPN client [[Archive.org]](https://web.archive.org/web/https://protonvpn.com/blog/macos-vpn-kill-switch/) - Linux: - Mullvad: - - [[Archive.org]][653] + - [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/wireguard-and-mullvad-vpn/) - - [[Archive.org]][654] + - [[Archive.org]](https://web.archive.org/web/https://mullvad.net/en/help/linux-openvpn-installation/) - - Proton VPN: [[Archive.org]][655] + - Proton VPN: [[Archive.org]](https://web.archive.org/web/https://github.com/ProtonVPN/linux-cli/blob/master/USAGE.md) - iVPN: - - [[Archive.org]][656] + - [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/knowledgebase/linux/linux-wireguard-kill-switch/) - - [[Archive.org]][657] + - [[Archive.org]](https://web.archive.org/web/https://www.ivpn.net/knowledgebase/linux/linux-kill-switch-using-the-uncomplicated-firewall-ufw/) # Appendix S: Check your network for surveillance/censorship using OONI @@ -10728,7 +10726,7 @@ While this might not be important in a normal environment, this could put you at - **Only consider running these tests quickly from a Public Wi-Fi from a safe distance (see [Appendix P: Accessing the internet as safely as possible when Tor and VPNs are not an option]).** -The probe can be found here: [[Archive.org]][658] for various platforms (iOS, Android, Windows, macOS, and Linux). +The probe can be found here: [[Archive.org]](https://web.archive.org/web/https://ooni.org/install/) for various platforms (iOS, Android, Windows, macOS, and Linux). # Appendix T: Checking files for malware @@ -10788,9 +10786,9 @@ In essence: - Install GPG for your OS: - - Windows: gpg4win ( [[Archive.org]][659]) + - Windows: gpg4win ( [[Archive.org]](https://web.archive.org/web/https://www.gpg4win.org/)) - - macOS: GPGTools ( [[Archive.org]][660]) + - macOS: GPGTools ( [[Archive.org]](https://web.archive.org/web/https://gpgtools.org/)) - Linux: It should be pre-installed in most distributions @@ -10832,11 +10830,11 @@ In essence: For some other tutorials, please see: -- [[Archive.org]][661] +- [[Archive.org]](https://web.archive.org/web/https://support.torproject.org/tbb/how-to-verify-signature/) -- [[Archive.org]][662] (See Basic OpenPGP verification). +- [[Archive.org]](https://web.archive.org/web/https://tails.boum.org/install/vm/index.en.html) (See Basic OpenPGP verification). -- [[Archive.org]][663] +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Verify_the_Whonix_images) All these guides should also apply to any other file with any other key. @@ -10866,19 +10864,19 @@ My take on the matter is on the pragmatic side. There is still room for some AV - Do use Open-Source non-real-time offline Anti-Virus/Anti-Malware tools as an added measure to scan some files such as: - - Windows/Linux/macOS/Qubes OS: ClamAV ( [[Archive.org]][664]) + - Windows/Linux/macOS/Qubes OS: ClamAV ( [[Archive.org]](https://web.archive.org/web/https://www.clamav.net/)) - - Linux/Qubes OS: RFXN Linux Malware Detect ( [[Archive.org]][665]) + - Linux/Qubes OS: RFXN Linux Malware Detect ( [[Archive.org]](https://web.archive.org/web/https://github.com/rfxn/linux-malware-detect)) - - Linux/Qubes OS: Chkrootkit ( [[Archive.org]][666]) + - Linux/Qubes OS: Chkrootkit ( [[Archive.org]](https://web.archive.org/web/http://www.chkrootkit.org/)) - You could also use online services for **non-sensitive files*** such as VirusTotal () or Hybrid-analysis (). - - You could also just check the VirusTotal database for the hash of your file if you don't want to send it over (see [[Archive.org]][667] (See the [Integrity (if available):] section again for guidance on how to generate hashes). + - You could also just check the VirusTotal database for the hash of your file if you don't want to send it over (see [[Archive.org]](https://web.archive.org/web/https://developers.virustotal.com/v3.0/docs/search-by-hash) (See the [Integrity (if available):] section again for guidance on how to generate hashes). - - Other tools are also available for non-sensitive files and a convenient list is right here: [[Archive.org]][668] + - Other tools are also available for non-sensitive files and a convenient list is right here: [[Archive.org]](https://web.archive.org/web/https://github.com/rshipp/awesome-malware-analysis) -* **Please be aware that while VirusTotal might seem very practical for scanning various files, their "privacy policy" is problematic (see ** [[Archive.org]][669]**) and states:** +* **Please be aware that while VirusTotal might seem very practical for scanning various files, their "privacy policy" is problematic (see ** [[Archive.org]](https://web.archive.org/web/https://support.virustotal.com/hc/en-us/articles/115002168385-Privacy-Policy)**) and states:** "When you submit Samples to the Services, if you submit Samples to the Services, You will collect all of the information in the Sample itself and information about the act of submitting it". @@ -10900,7 +10898,7 @@ These methods require more tinkering but can be useful if you want to go the ext #### PDF files: -Again, regarding the PDFs of this guide and as explained in the README of my repository, you could check for anomalies using PDFID which you can download at [[Archive.org]][670]: +Again, regarding the PDFs of this guide and as explained in the README of my repository, you could check for anomalies using PDFID which you can download at [[Archive.org]](https://web.archive.org/web/https://blog.didierstevens.com/programs/pdf-tools/): - Install Python 3 (on Windows/Linux/macOS/Qubes OS) @@ -10934,25 +10932,25 @@ Again, regarding the PDFs of this guide and as explained in the README of my rep Now, what if you think the PDF is still suspicious? Fear not ... there are more things you can do to ensure it is not malicious: -- **Qubes OS:** Consider using [[Archive.org]][671] which will convert your PDF into a flattened image file. This should theoretically remove any malicious code in it. Note that this will also render the PDF formatting useless (such as links, headings, bookmarks, and references). +- **Qubes OS:** Consider using [[Archive.org]](https://web.archive.org/web/https://github.com/QubesOS/qubes-app-linux-pdf-converter) which will convert your PDF into a flattened image file. This should theoretically remove any malicious code in it. Note that this will also render the PDF formatting useless (such as links, headings, bookmarks, and references). -- **(Deprecated) Linux/Qubes OS** (or possibly macOS through Homebrew or Windows through Cygwin): Consider not using [[Archive.org]][672] which will also turn your PDF into a flattened image file. Again, this should theoretically remove any malicious code in it. Again, this will also render the PDF formatting useless (such as links, headings, bookmarks, and references). **Note that this tool is deprecated and relies on a library called "ImageMagick" which is known for several security issues**[^498]**. You should not use this tool even if it is recommended in some other guides.** +- **(Deprecated) Linux/Qubes OS** (or possibly macOS through Homebrew or Windows through Cygwin): Consider not using [[Archive.org]](https://web.archive.org/web/https://github.com/firstlookmedia/pdf-redact-tools) which will also turn your PDF into a flattened image file. Again, this should theoretically remove any malicious code in it. Again, this will also render the PDF formatting useless (such as links, headings, bookmarks, and references). **Note that this tool is deprecated and relies on a library called "ImageMagick" which is known for several security issues**[^498]**. You should not use this tool even if it is recommended in some other guides.** -- **Windows/Linux/Qubes/OS/macOS:** Consider using [[Archive.org]][673] which was inspired by Qubes PDF Converted above and does the same but is well maintained and works on all OSes. This tool also works with Images, ODF files, and Office files (Warning: On Windows, this tool requires Docker-Desktop installed and this might (will) interfere with Virtualbox and other Virtualization software because it requires enabling Hyper-V. VirtualBox and Hyper-V do not play nice together[^499]. Consider installing this within a Linux VM for convenience instead of a Windows OS). +- **Windows/Linux/Qubes/OS/macOS:** Consider using [[Archive.org]](https://web.archive.org/web/https://github.com/firstlookmedia/dangerzone) which was inspired by Qubes PDF Converted above and does the same but is well maintained and works on all OSes. This tool also works with Images, ODF files, and Office files (Warning: On Windows, this tool requires Docker-Desktop installed and this might (will) interfere with Virtualbox and other Virtualization software because it requires enabling Hyper-V. VirtualBox and Hyper-V do not play nice together[^499]. Consider installing this within a Linux VM for convenience instead of a Windows OS). #### Other types of files: Here are some various resources for this purpose where you will find what tool to use for what type: -- **For Documents/Pictures:** Consider using [[Archive.org]][673] which was inspired by Qubes PDF Converted above and does the same but is well maintained and works on all OSes. This tool also works with Images, ODF files, and Office files (Warning: On Windows, this tool requires Docker-Desktop installed and this might (will) interfere with Virtualbox and other Virtualization software because it requires enabling Hyper-V. VirtualBox and Hyper-V do not play nice together[^500]. Consider installing this within a Linux VM for convenience instead of a Windows OS). +- **For Documents/Pictures:** Consider using [[Archive.org]](https://web.archive.org/web/https://github.com/firstlookmedia/dangerzone) which was inspired by Qubes PDF Converted above and does the same but is well maintained and works on all OSes. This tool also works with Images, ODF files, and Office files (Warning: On Windows, this tool requires Docker-Desktop installed and this might (will) interfere with Virtualbox and other Virtualization software because it requires enabling Hyper-V. VirtualBox and Hyper-V do not play nice together[^500]. Consider installing this within a Linux VM for convenience instead of a Windows OS). -- **For Videos:** Be extremely careful, use an up-to-date player in a sandboxed environment. Remember [[Archive.org]][674] +- **For Videos:** Be extremely careful, use an up-to-date player in a sandboxed environment. Remember [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez) -- This practical cheat sheet from SANS: [[Archive.org]][675] (warning, many of those tools might be harder to use on Windows and you might consider using them from a Linux OS such as Tails, Whonix Workstation, or a Linux distribution of your choice as explained later in this guide. There are also other guides out there[^501] that might be of use). +- This practical cheat sheet from SANS: [[Archive.org]](https://web.archive.org/web/https://digital-forensics.sans.org/media/analyzing-malicious-document-files.pdf) (warning, many of those tools might be harder to use on Windows and you might consider using them from a Linux OS such as Tails, Whonix Workstation, or a Linux distribution of your choice as explained later in this guide. There are also other guides out there[^501] that might be of use). -- This GitHub repository with various resources on malware analysis: [[Archive.org]][668] +- This GitHub repository with various resources on malware analysis: [[Archive.org]](https://web.archive.org/web/https://github.com/rshipp/awesome-malware-analysis) -- This interesting PDF detailing which tool to use for which file type [[Archive.org]][676] +- This interesting PDF detailing which tool to use for which file type [[Archive.org]](https://web.archive.org/web/https://www.winitor.com/pdf/Malware-Analysis-Fundamentals-Files-Tools.pdf) **Even with all those resources, keep in mind you might still get advanced malware if those are not detected by those various tools. Be careful and remember to handle these files within isolated Virtual Machines, if possible, to limit the attack surface and vectors.** @@ -11114,7 +11112,7 @@ Here is a comparison table of one fingerprinting test of various browsers with t - *: macOS only. **: Windows only. -Another useful resource to be considered for comparing browsers is: [[Archive.org]][677] +Another useful resource to be considered for comparing browsers is: [[Archive.org]](https://web.archive.org/web/https://privacytests.org/) ## Brave: @@ -11132,9 +11130,9 @@ Why Brave despite the controversies[^504]? - Security of Chromium-based Browser is arguably better and more secure than Firefox[^508]'[^509]. Within the context of this guide, security should be privileged to prevent any vulnerability or exploit from gaining access to the VM. -- Comparison of both by Mozilla: [[Archive.org]][678] +- Comparison of both by Mozilla: [[Archive.org]](https://web.archive.org/web/https://www.mozilla.org/en-US/firefox/browsers/compare/brave/) -- Comparison of both by Techlore: [[Invidious]][679] +- Comparison of both by Techlore: [[Invidious]](https://yewtu.be/watch?v=qkJGF3syQy4) - The whole traffic will be routed over a VPN over Tor anyway. So even if you mistakenly opt-in for some telemetry, it is not so important. Remember that in this anonymity threat model, we are mostly after anonymity and security. The privacy of our online identities does not matter that much unless the privacy issue is also a security issue that could help deanonymize you. @@ -11230,7 +11228,7 @@ The following are the recommended safest routes for each browser according to th ## Brave: -- Download and install Brave browser from [[Archive.org]][680] +- Download and install Brave browser from [[Archive.org]](https://web.archive.org/web/https://brave.com/download/) - Open Brave Browser @@ -11519,9 +11517,9 @@ Consider [Arkenfox/user.js](https://github.com/arkenfox/user.js/), a heavily mai Those settings are explained on the following resources in order of recommendation if you want more details about what each setting does: -1. [[Archive.org]][681] **(most recommended)** +1. [[Archive.org]](https://web.archive.org/web/https://wiki.archlinux.org/title/Firefox/Privacy) **(most recommended)** -2. [[Archive.org]][682] +2. [[Archive.org]](https://web.archive.org/web/https://proprivacy.com/privacy-service/guides/firefox-privacy-security-guide) Here are most of the steps combined from the sources above (some have been omitted due to the extensions recommended later below): @@ -11691,9 +11689,9 @@ Here are most of the steps combined from the sources above (some have been omitt Here are also two recent guides to harden Firefox: -- [[Archive.org]][683] +- [[Archive.org]](https://web.archive.org/web/https://chrisx.xyz/blog/yet-another-firefox-hardening-guide/) -- [[Archive.org]][684] +- [[Archive.org]](https://web.archive.org/web/https://ebin.city/~werwolf/posts/firefox-hardening-guide/) # Appendix W: Virtualization @@ -11717,11 +11715,11 @@ Each Virtual Machine is a sandbox. Remember the reasons for using them are to pr In some environments, your ISPs might be trying to prevent you from accessing Tor. Or accessing Tor openly might be a safety risk. -In those cases, it might be necessary to use Tor bridges to connect to the Tor network (see Tor Documentation [[Archive.org]][244] and Whonix Documentation [[Archive.org]][337]). Optionally, if you are able, you should (seriously!) consider running a bridge [[Archive.org]](https://web.archive.org/web/20220708014922/https://blog.torproject.org/run-tor-bridges-defend-open-internet/) yourself, as this would greatly help reduce the amount of censorship in the world. +In those cases, it might be necessary to use Tor bridges to connect to the Tor network (see Tor Documentation [[Archive.org]](https://web.archive.org/web/https://2019.www.torproject.org/docs/bridges) and Whonix Documentation [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Bridges)). Optionally, if you are able, you should (seriously!) consider running a bridge [[Archive.org]](https://web.archive.org/web/20220708014922/https://blog.torproject.org/run-tor-bridges-defend-open-internet/) yourself, as this would greatly help reduce the amount of censorship in the world. Bridges are special Tor entry nodes that are not listed on the Tor public directory. Some of those are running on people running the Snowflake Browser extension[^520] while others are running on various servers around the world. Most of those bridges are running some type of obfuscation method called obfs4[^521]. -*Only available for Desktop Tor users: Recently, the Tor Project has made it incredibly simple to access Bridges with **Connection Assist**, and it is now automatically done in hostile or censored regions. Simply open the Tor Browser and the connection will be configured based on your needs on any hostile network. Previously, we had a list of options below this paragraph which were necessary to enable and configure bridges, but now that this is done automatically using [moat](https://support.torproject.org/glossary/moat/).* [[Archive.org]][1387] +*Only available for Desktop Tor users: Recently, the Tor Project has made it incredibly simple to access Bridges with **Connection Assist**, and it is now automatically done in hostile or censored regions. Simply open the Tor Browser and the connection will be configured based on your needs on any hostile network. Previously, we had a list of options below this paragraph which were necessary to enable and configure bridges, but now that this is done automatically using [moat](https://support.torproject.org/glossary/moat/).* [[Archive.org]](https://web.archive.org/web/20220801151048/https://support.torproject.org/glossary/moat/) Here is the definition from the Tor Browser Manual[^523]: "obfs4 makes Tor traffic look random and prevents censors from finding bridges by Internet scanning. obfs4 bridges are less likely to be blocked than its predecessor, obfs3 bridges". @@ -11729,9 +11727,9 @@ Some of those are called "Meek" bridges and are using a technique called "Domain As per their definition from their manual: "meek transports make it look like you are browsing a major web site instead of using Tor. meek-azure makes it look like you are using a Microsoft web site". Snowflake bridges make it appear like your connections are phone calls to random internet users. This is a type of "domain fronting" [^524]. See ["domain fronting"](https://www.bamsoftware.com/papers/fronting/#sec:introduction) from the link in the previous paragraph for a detailed explanation of these types of secret "bridges". -Lastly, there are also bridges called Snowflake bridges that rely on users running the snowflake extension in their browser to become themselves entry nodes. See [[Archive.org]][563]. +Lastly, there are also bridges called Snowflake bridges that rely on users running the snowflake extension in their browser to become themselves entry nodes. See [[Archive.org]](https://web.archive.org/web/https://snowflake.torproject.org/). -First, you should proceed with the following checklist to make sure you cannot circumvent Tor Blocking (double-check) and try to use Tor Bridges ( [[Archive.org]][584]): +First, you should proceed with the following checklist to make sure you cannot circumvent Tor Blocking (double-check) and try to use Tor Bridges ( [[Archive.org]](https://web.archive.org/web/https://bridges.torproject.org/)): - (Recommended if blocked but **safe**) Try to get an obfs4 bridge in the Tor connection options. @@ -11765,7 +11763,7 @@ If not, consider [Appendix P: Accessing the internet as safely as possible when This is valid for Windows, Linux, and macOS. -- Download and install Tor Browser according to the instructions from [[Archive.org]][687] +- Download and install Tor Browser according to the instructions from [[Archive.org]](https://web.archive.org/web/https://www.torproject.org/download/) - Open Tor Browser @@ -11779,7 +11777,7 @@ This is valid for Windows, Linux, and macOS. ![][686] -- At this point, still before connecting, you should click the little shield Icon (upper right, next to the Address bar) and select your Security level (see [[Archive.org]][240] for details). Basically, there are three. +- At this point, still before connecting, you should click the little shield Icon (upper right, next to the Address bar) and select your Security level (see [[Archive.org]](https://web.archive.org/web/https://tb-manual.torproject.org/security-settings/) for details). Basically, there are three. ![][689] @@ -11867,7 +11865,7 @@ The origin of those BTC cannot be traced back to your real identity due to the u ## Extra-Paranoid anonymous option: -**As explained in the disclaimer, If you feel extra paranoid,** you could consider using an additional conversion step using a different privacy/anonymity-focused cryptocurrency such as Zcash ( [[Archive.org]][691]). +**As explained in the disclaimer, If you feel extra paranoid,** you could consider using an additional conversion step using a different privacy/anonymity-focused cryptocurrency such as Zcash ( [[Archive.org]](https://web.archive.org/web/https://z.cash/)). For example, here are two possibilities: @@ -11895,7 +11893,7 @@ For example, here are two possibilities: **Buying Zcash first option:** -1. Buy Zcash (see [[Archive.org]][692]) +1. Buy Zcash (see [[Archive.org]](https://web.archive.org/web/https://z.cash/exchanges/)) 2. Transfer your Zcash from the to a VM Zcash Wallet (see [Appendix A9: Installing a Zcash wallet][Appendix A9: Installing a Zcash wallet:]). @@ -11945,11 +11943,11 @@ We will only recommend providers that accept Monero as payment and here is my pe Also consider these lists: -- Tor Project: [[Archive.org]][694] +- Tor Project: [[Archive.org]](https://web.archive.org/web/https://community.torproject.org/relay/community-resources/good-bad-isps/) -- PrivacyGuides.org: [[Archive.org]][695] +- PrivacyGuides.org: [[Archive.org]](https://web.archive.org/web/https://privacyguides.org/providers/hosting/) -Lastly, you could pick one (at your own risk) from the list here that does accept Monero: [[Archive.org]][622] +Lastly, you could pick one (at your own risk) from the list here that does accept Monero: [[Archive.org]](https://web.archive.org/web/https://www.getmonero.org/community/merchants/) **Please do read [Appendix B2: Monero Disclaimer].** @@ -11959,7 +11957,7 @@ If the service does not accept Monero but does accept BTC, consider the followin My opinion (and the one of many[^528]'[^529]'[^530]'[^531]'[^532]'[^533]) is that passphrases are generally better than passwords. So instead of thinking of better passwords, forget them altogether and use passphrases instead (when possible). Or just use a password manager with very long passwords (such as KeePassXC, the preferred password manager in this guide). -The well-known shown-below XKCD [[Archive.org]][696] is still valid despite some people disputing it (See [[Archive.org]][697]). Yes, it is quite old now and is a little bit outdated and might be misinterpreted. But generally, it is still valid and a good argument for using passphrases instead of passwords. +The well-known shown-below XKCD [[Archive.org]](https://web.archive.org/web/https://xkcd.com/936/) is still valid despite some people disputing it (See [[Archive.org]](https://web.archive.org/web/https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength)). Yes, it is quite old now and is a little bit outdated and might be misinterpreted. But generally, it is still valid and a good argument for using passphrases instead of passwords. ![][698] @@ -11983,7 +11981,7 @@ Here are some recommendations (based on Wikipedia[^534]): Here is a nice website showing you some examples and guidelines: -Watch this insightful video by Computerphile: [[Invidious]][699] +Watch this insightful video by Computerphile: [[Invidious]](https://yewtu.be/watch?v=3NjQ9b3pgIg) **Use a different one for each service/device if possible. Do not make it easy for an adversary to access all your information because you used the same passphrase everywhere.** @@ -11993,7 +11991,7 @@ Watch this insightful video by Computerphile: [[Archive.org]][700]). +We will not go into too many details. Just pick one from PrivacyGuides.org ( [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/search-engines/)). Personally, my favorites are: @@ -12035,7 +12033,7 @@ Stylometry is our personal and unique writing style. No matter who you are, you You might think that this is not something that an adversary pays attention to? Think again! There have been multiple cases where adversaries such as law enforcement have used Writeprint techniques to help catch and sentence people. Here are some examples: -- The OxyMonster case ( [[Archive.org]][701]): +- The OxyMonster case ( [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/tech-policy/2018/06/dark-web-vendor-oxymonster-turns-out-to-be-a-frenchman-with-luscious-beard/)): - Public data revealed that Vallerius (a.k.a OxyMonster) has Instagram and Twitter accounts. Agents compared the writing style of "OxyMonster" on the Dream Market forum while in a senior Moderator role to the writing style of Vallerius on his public Instagram and Twitter accounts. Agents discovered many similarities in the use of words and punctuation to including the word "cheers;'' double exclamation marks; frequent use of quotation marks; and intermittent French post. @@ -12137,37 +12135,37 @@ Understand that altering your writing style for such purposes can ultimately cha Proofread yourself at least one time after you are done writing anything to verify you made no mistakes in your process. Trust (yourself) but verify anyway. -You might also consider the use of something like AnonyMouth [[Archive.org]][1365] which is a tool that you can use to anonymize your documents, developed by PSAL, Drexel University's Privacy, Security, and Automation Laboratory [[Archive.org]][1366]. Such tools can prove invaluable. +You might also consider the use of something like AnonyMouth [[Archive.org]](https://web.archive.org/web/https://github.com/psal/anonymouth) which is a tool that you can use to anonymize your documents, developed by PSAL, Drexel University's Privacy, Security, and Automation Laboratory [[Archive.org]](https://web.archive.org/web/https://psal.cs.drexel.edu/index.php/Main_Page). Such tools can prove invaluable. ## Bonus links: - [[Archive.org]](https://web.archive.org/web/https://seirdy.one/posts/2022/07/09/stylometric-fingerprinting-redux/): Stylometric fingerprinting redux -- [[Archive.org]][702]: Whonix documentation about stylometry. +- [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Surfing_Posting_Blogging#Stylometry): Whonix documentation about stylometry. -- [[Wikiless]][703] [[Archive.org]][704]: Gives a brief rundown of the basics of forensic linguistics, not too informative. +- [[Wikiless]](https://wikiless.org/wiki/Forensic_linguistics) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Forensic_linguistics): Gives a brief rundown of the basics of forensic linguistics, not too informative. -- [[Wikiless]][705] [[Archive.org]][706]: Gives a brief and informative rundown of forensic linguistics applied to internet investigations. +- [[Wikiless]](https://wikiless.org/wiki/Writeprint) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Writeprint): Gives a brief and informative rundown of forensic linguistics applied to internet investigations. -- [[Wikiless]][707] [[Archive.org]][708]: Gives a brief overview of Stylometry. +- [[Wikiless]](https://wikiless.org/wiki/Stylometry) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Stylometry): Gives a brief overview of Stylometry. -- [[Wikiless]][709] [[Archive.org]][710]: We would recommend reading this, quite informative. +- [[Wikiless]](https://wikiless.org/wiki/Content_similarity_detection) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Content_similarity_detection): We would recommend reading this, quite informative. -- [[Wikiless]][711] [[Archive.org]][712]: Read through this as well if you are interested in this topic. +- [[Wikiless]](https://wikiless.org/wiki/Author_profiling) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Author_profiling): Read through this as well if you are interested in this topic. -- [[Wikiless]][713] [[Archive.org]][714]: This is less important if you use a translator, but if you do not use a translator to communicate on forums that are not in your native language, consider giving this a quick read through. +- [[Wikiless]](https://wikiless.org/wiki/Native-language_identification) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Native-language_identification): This is less important if you use a translator, but if you do not use a translator to communicate on forums that are not in your native language, consider giving this a quick read through. -- [[Wikiless]][715] [[Archive.org]][716]: Only read through this if this topic is interesting to you. +- [[Wikiless]](https://wikiless.org/wiki/Computational_linguistics) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Computational_linguistics): Only read through this if this topic is interesting to you. -- [[Archive.org]][717]: Explains how authorities used forensic linguistics to help arrest OxyMonster (pages 13 -- 14). +- [[Archive.org]](https://web.archive.org/web/https://regmedia.co.uk/2017/09/27/gal_vallerius.pdf): Explains how authorities used forensic linguistics to help arrest OxyMonster (pages 13 -- 14). -- [[Wikiless]][718] [[Archive.org]][719]: May have an IQ of 167, but he was caught primarily based on forensic linguistics. +- [[Wikiless]](https://wikiless.org/wiki/Ted_Kaczynski#After_publication) [[Archive.org]](https://web.archive.org/web/https://wikipedia.org/wiki/Ted_Kaczynski#After_publication): May have an IQ of 167, but he was caught primarily based on forensic linguistics. -- [[Archive.org]][720]: Explains how your writing style can be used to track you, we highly recommend reading through these slides, or watching the accompanying presentation on YouTube. +- [[Archive.org]](https://web.archive.org/web/https://i.blackhat.com/USA-19/Wednesday/us-19-Wixey-Im-Unique-Just-Like-You-Human-Side-Channels-And-Their-Implications-For-Security-And-Privacy.pdf): Explains how your writing style can be used to track you, we highly recommend reading through these slides, or watching the accompanying presentation on YouTube. -- [[Archive.org]][721]: Explains how your writing style can be used to track you, we highly recommend reading through these slides, or watching the accompanying presentation on YouTube, this is quite similar to the last presentation. +- [[Archive.org]](https://web.archive.org/web/https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/DEFCON-26-Matt-Wixey-Betrayed-by-the-Keyboard-Updated.pdf): Explains how your writing style can be used to track you, we highly recommend reading through these slides, or watching the accompanying presentation on YouTube, this is quite similar to the last presentation. -- [[Archive.org]][722]: This goes over how to potentially spot deception through the internet, and presents a checklist to see how trustworthy someone is. We would advise reading the slides or watching the presentation on YouTube. +- [[Archive.org]](https://web.archive.org/web/https://i.blackhat.com/us-18/Wed-August-8/us-18-Wixey-Every-ROSE-Has-Its-Thorn-The-Dark-Art-Of-Remote-Online-Social-Engineering.pdf): This goes over how to potentially spot deception through the internet, and presents a checklist to see how trustworthy someone is. We would advise reading the slides or watching the presentation on YouTube. # Appendix A5: Additional browser precautions with JavaScript enabled @@ -12175,17 +12173,17 @@ To avoid Browser and User Fingerprinting through JavaScript but while keeping Ja These recommendations are similar to the ones at the beginning of the guide and especially valid for certain websites. Mostly, the recommendation is to use privacy-friendly front-end instances and alternative services for a variety of services: -- For YouTube links, use an Invidious instance ( [[Archive.org]][29]) +- For YouTube links, use an Invidious instance ( [[Archive.org]](https://web.archive.org/web/https://github.com/iv-org/invidious)) - We recommend [https://yewtu.be] -- For Twitter links, use a Nitter instance ( [[Archive.org]][30]) +- For Twitter links, use a Nitter instance ( [[Archive.org]](https://web.archive.org/web/https://github.com/zedeus/nitter)) - We recommend [https://nitter.net] -- For Wikipedia links, use a Wikiless instance ( [[Archive.org]][31]) +- For Wikipedia links, use a Wikiless instance ( [[Archive.org]](https://web.archive.org/web/https://codeberg.org/orenom/wikiless)) -- For Reddit, use a LibReddit instance ( [[Archive.org]][723]) +- For Reddit, use a LibReddit instance ( [[Archive.org]](https://web.archive.org/web/https://github.com/spikecodes/libreddit)) - For Maps, consider using @@ -12199,7 +12197,7 @@ These recommendations are similar to the ones at the beginning of the guide and - SearX () instances: list available here: -**(Optional)** Consider the use of the [[Archive.org]][33] extension to automate the use of the above services. +**(Optional)** Consider the use of the [[Archive.org]](https://web.archive.org/web/20220509220021/https://libredirect.github.io/) extension to automate the use of the above services. # Appendix A6: Mirrors @@ -12217,9 +12215,9 @@ Find it online at: Offline versions of this guide are temporarily unavailable. -- PDF: [[Archive.org]][726] [[Tor Mirror]][727] +- PDF: [[Archive.org]](https://web.archive.org/web/https://anonymousplanet.org/export/guide.pdf) [[Tor Mirror]](http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion/guide.pdf) -- OpenDocument Text (ODT) version at: (temporarily disabled) [[Archive.org]][732] [[Tor Mirror]][733] +- OpenDocument Text (ODT) version at: (temporarily disabled) [[Archive.org]](https://web.archive.org/web/https://anonymousplanet.org/export/guide.odt) [[Tor Mirror]](http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion/guide.odt) # Appendix A7: Comparing versions @@ -12232,7 +12230,7 @@ If you want to compare an older version of the PDF with a newer version, conside - -If you want to compare the older version of the ODT format with a newer version, use the LibreWriter compare features as explained here: [[Archive.org]][734] +If you want to compare the older version of the ODT format with a newer version, use the LibreWriter compare features as explained here: [[Archive.org]](https://web.archive.org/web/https://help.libreoffice.org/7.1/en-US/text/shared/guide/redlining_doccompare.html) # Appendix A8: Crypto Swapping Services without Registration and KYC @@ -12342,7 +12340,7 @@ Here is a checklist of things to verify before sharing information to anyone: - Check any writing for possible forensics analysis: see [Appendix A4: Counteracting Forensic Linguistics] -- Have a look at this part of the Whonix documentation: [[Archive.org]][735] +- Have a look at this part of the Whonix documentation: [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Surfing_Posting_Blogging#Anonymous_File_Sharing) - Carefully assess the potential consequences and risks of communicating any sensitive information for you and others (legally, ethically, and morally). Remember ... Do not be evil. Legal is not necessarily Good. @@ -12350,13 +12348,13 @@ Here is a checklist of things to verify before sharing information to anyone: # Appendix B2: Monero Disclaimer -First, please read this small introduction video to Monero: [[Invidious]][736] +First, please read this small introduction video to Monero: [[Invidious]](https://yewtu.be/watch?v=H33ggs7bh8M) The anonymity of Monero depends on its crypto algorithms. If you do use Monero from a KYC Exchange. You can be almost certain that you are safe today. But you might not be in the long-term future if Monero algorithms are ever broken[^535] (think Quantum Computing). Do keep in mind that KYC regulations might force operators (such as Crypto Exchanges) to keep your financial records for up to 10 years and that you, therefore, need Monero algorithms to not be broken for the next 10 years as well. -You may want to watch this insightful video for more details: [**https://www.youtube.com/watch?v=j02QoI4ZlnU**][] [[Invidious]][737] +You may want to watch this insightful video for more details: [**https://www.youtube.com/watch?v=j02QoI4ZlnU**][] [[Invidious]](https://yewtu.be/watch?v=j02QoI4ZlnU) -Also please consider reading: **** [[Archive.org]][738] +Also please consider reading: **** [[Archive.org]](https://web.archive.org/web/https://github.com/monero-project/monero/blob/master/docs/ANONYMITY_NETWORKS.md#privacy-limitations) **If you feel extra paranoid and want the highest safety level possible,** see the [Extra-Paranoid anonymous option][Extra-Paranoid anonymous option:]. @@ -12366,13 +12364,12 @@ Also please consider reading: ** [[Archive.org]][739]. +- The one we recommend: LINDDUN (Linkability, Identifiability, Non-repudiation, Detectability, Disclosure of information, Unawareness, and Non-compliance) [[Archive.org]](https://web.archive.org/web/https://www.linddun.org/). - Researchers created an online tool to help make your threat model at [[Archive.org]](https://web.archive.org/web/https://www.linddun.org/go). - It is synergistic with STRIDE below. - It is focused on privacy but is clearly perfectly suitable for anonymity. - It is accessible to all skill levels including beginners (providing many tutorials) but also suitable for highly skilled readers. - - It is used in the making of the Threat Modeling Manifesto: [[Archive.org]][745] - - Here is a video **endorsed and recommended** by LINDDUN designers to help understanding: [[Invidious]](https://yewtu.be/zI4SFyq_Xjw) + - It is used in the making of the Threat Modeling Manifesto: [[Archive.org]](https://web.archive.org/web/https://www.threatmodelingmanifesto.org/) ![][1389] (Illustration from [LINDDUN2015]) @@ -12381,13 +12378,13 @@ Here are alternative resources and models if LINDDUN doesn't suit you: - Online Operations Security: [https://web.archive.org/web/20210711215728/https://github.com/devbret/online-OPSEC] -- STRIDE [[Wikiless]][740] [[Archive.org]][741] +- STRIDE [[Wikiless]](https://wikiless.org/wiki/STRIDE_%28security%29) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/STRIDE_%28security%29) -- PASTA [[Archive.org]][742] +- PASTA [[Archive.org]](https://web.archive.org/web/https://versprite.com/tag/pasta-threat-modeling/) -- [[Archive.org]][743] +- [[Archive.org]](https://web.archive.org/web/https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/) -- [[Archive.org]][744] +- [[Archive.org]](https://web.archive.org/web/https://www.geeksforgeeks.org/threat-modelling/) # Appendix B4: Important notes about evil-maid and tampering @@ -12417,1089 +12414,1073 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte - [Hertzbleed](https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) [[Archive.org]](https://web.archive.org/web/20220712000058/https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) - Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit. - [Retbleed](https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) [[Archive.org]](https://web.archive.org/web/20220804151557/https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) - Retbleed focuses on return instructions, which are part of the retpoline software mitigation against the speculative execution class of attacks that became known starting early 2018, with Spectre. -# Appendix B6: Warning for using Orbot on Android - -While this is often misunderstood, Orbot on Android does not make your "Tor-Enabled Apps" go through Tor if you add them to the list. Orbot is acting as a device-wide VPN or (also known as a transparent proxy). The list of apps using Orbot is a whitelist. This list will not make some apps magically use Tor and unchecked ones use the clear-net. This only ensures the device-wide VPN is using Tor to route traffic. This means that Orbot can only control what app can access the VPN it creates. Other apps will lose connectivity. - -What is important to know is that, if you launch an app (or Android does it automatically) while Orbot is not running, the app will just use the normal network, without involving Orbot (with the exception of some apps supporting a proxy Orbot). - -Additionally, you should not be surprised by Tor Browser not working when using Orbot in VPN mode, as the Tor design does not allow "Tor over Tor" (you cannot re-enter the Tor network from a Tor exit node). - -This is explained rather well by Alexander Færøy, who is a core developer at the Tor Project, in their [TorifyHOWTO: Tor over Tor](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorifyHOWTO#tor-over-tor). - -"When using a transparent proxy, it is possible to start a Tor session from the client as well as from the transparent proxy (read the warning!), creating a "Tor over Tor" scenario. Doing so produces undefined and potentially unsafe behavior. In theory, however, you can get six hops instead of three, but it is not guaranteed that you'll get three different hops - you could end up with the same hops, maybe in reverse or mixed order. It is not clear if this is safe. It has never been discussed. You can choose an entry/exit point, but you get the best security that Tor can provide when you leave the route selection to Tor; overriding the entry / exit nodes can mess up your anonymity in ways we don't understand. Therefore Tor over Tor usage is highly discouraged." - -And from [a post](https://tor.stackexchange.com/questions/427/is-running-tor-over-tor-dangerous) on the Tor Stack Exchange: - -"The danger (beyond the performance hit) which keeps me from running Tor over Tor has to do with timing and congestion measurements. Adversaries watching your traffic at the exit(s) of your circuits have a better chance of linking your Whonix activity with your [Tor Browser Bundle] activity when those shared circuits slow down or drop packets at the same time. This can happen without Tor over Tor when your instances use a common upstream link. The linkage will be made tighter and more explicit if you run the Whonix Tor traffic through your TBB SOCKS5 Tor circuits. This tighter linkage raises the danger of successful correlation." - --- # References: -[^1]: English translation of German Telemedia Act [[Archive.org]][747]. Section 13, Article 6, "The service provider must enable the use of Telemedia and payment for them to occur anonymously or via a pseudonym where this is technically possible and reasonable. The recipient of the service is to be informed about this possibility. ". +[^1]: English translation of German Telemedia Act [[Archive.org]](https://web.archive.org/web/https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2016/02/Telemedia_Act__TMA_.pdf). Section 13, Article 6, "The service provider must enable the use of Telemedia and payment for them to occur anonymously or via a pseudonym where this is technically possible and reasonable. The recipient of the service is to be informed about this possibility. ". -[^2]: Wikipedia, Real-Name System Germany [[Wikiless]][415] [[Archive.org]][416] +[^2]: Wikipedia, Real-Name System Germany [[Wikiless]](https://wikiless.org/wiki/Real-name_system) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Real-name_system) -[^3]: Wikipedia, Don't be evil [[Wikiless]][748] [[Archive.org]][749] +[^3]: Wikipedia, Don't be evil [[Wikiless]](https://wikiless.org/wiki/Don%27t_be_evil) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Don%27t_be_evil) -[^4]: YouTube, WarGames - "The Only Winning Move" [[Invidious]][750] +[^4]: YouTube, WarGames - "The Only Winning Move" [[Invidious]](https://yewtu.be/watch?v=6DGNZnfKYnU) -[^5]: Wikipedia, OSINT [[Wikiless]][751] [[Archive.org]][752] +[^5]: Wikipedia, OSINT [[Wikiless]](https://wikiless.org/wiki/Open-source_intelligence) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Open-source_intelligence) -[^6]: YouTube Internet Historian Playlist, HWNDU [[Invidious]][753] +[^6]: YouTube Internet Historian Playlist, HWNDU [[Invidious]](https://yewtu.be/playlist?list=PLna1KTNJu3y09Tu70U6yPn28sekaNhOMY) -[^7]: Wikipedia, 4chan [[Wikiless]][754] [[Archive.org]][755] +[^7]: Wikipedia, 4chan [[Wikiless]](https://wikiless.org/wiki/4chan) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/4chan) -[^8]: PIA, See this good article on the matter [[Archive.org]][756] (disclaimer: this is not an endorsement or recommendation for this commercial service). +[^8]: PIA, See this good article on the matter [[Archive.org]](https://web.archive.org/web/https://www.privateinternetaccess.com/blog/how-does-privacy-differ-from-anonymity-and-why-are-both-important/) (disclaimer: this is not an endorsement or recommendation for this commercial service). -[^9]: Medium.com, Privacy, Blockchain and Onion Routing [[Scribe.rip]][757] [[Archive.org]][758] +[^9]: Medium.com, Privacy, Blockchain and Onion Routing [[Scribe.rip]](https://scribe.rip/unitychain/privacy-blockchain-and-onion-routing-d5609c611841) [[Archive.org]](https://web.archive.org/web/https://medium.com/unitychain/privacy-blockchain-and-onion-routing-d5609c611841) -[^10]: This World of Ours, James Mickens [[Archive.org]][759] +[^10]: This World of Ours, James Mickens [[Archive.org]](https://web.archive.org/web/https://scholar.harvard.edu/files/mickens/files/thisworldofours.pdf) -[^11]: XKCD, Security [[Archive.org]][760] +[^11]: XKCD, Security [[Archive.org]](https://web.archive.org/web/https://xkcd.com/538/) -[^12]: Wikipedia, Threat Model [[Wikiless]][761] [[Archive.org]][762] +[^12]: Wikipedia, Threat Model [[Wikiless]](https://wikiless.org/wiki/Threat_model) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Threat_model) -[^13]: Bellingcat [[Archive.org]][763] +[^13]: Bellingcat [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/) -[^14]: Wikipedia, Doxing [[Wikiless]][764] [[Archive.org]][765] +[^14]: Wikipedia, Doxing [[Wikiless]](https://wikiless.org/wiki/Doxing) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Doxing) -[^15]: YouTube, Internet Historian, The Bikelock Fugitive of Berkeley [[Invidious]][766] +[^15]: YouTube, Internet Historian, The Bikelock Fugitive of Berkeley [[Invidious]](https://yewtu.be/watch?v=muoR8Td44UE) -[^16]: BBC News, Tor Mirror [[Archive.org]][767] +[^16]: BBC News, Tor Mirror [[Archive.org]](https://web.archive.org/web/https://www.bbc.com/news/technology-50150981) -[^17]: GitHub, Real World Onion websites [[Archive.org]][768] (updated extremely often) +[^17]: GitHub, Real World Onion websites [[Archive.org]](https://web.archive.org/web/https://github.com/alecmuffett/real-world-onion-sites) (updated extremely often) -[^18]: Tor Project, Who Uses Tor [[Archive.org]][769] +[^18]: Tor Project, Who Uses Tor [[Archive.org]](https://web.archive.org/web/https://2019.www.torproject.org/about/torusers.html.en) -[^19]: Whonix Documentation, The importance of Anonymity [[Archive.org]][770] +[^19]: Whonix Documentation, The importance of Anonymity [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Anonymity) -[^20]: Geek Feminism [[Archive.org]][771] +[^20]: Geek Feminism [[Archive.org]](https://web.archive.org/web/https://geekfeminism.wikia.org/wiki/Who_is_harmed_by_a_%22Real_Names%22_policy%3F) -[^21]: Tor Project, Tor Users [[Archive.org]][769] +[^21]: Tor Project, Tor Users [[Archive.org]](https://web.archive.org/web/https://2019.www.torproject.org/about/torusers.html.en) -[^22]: PrivacyHub, Internet Privacy in the Age of Surveillance [[Archive.org]][772] +[^22]: PrivacyHub, Internet Privacy in the Age of Surveillance [[Archive.org]](https://web.archive.org/web/https://www.cyberghostvpn.com/privacyhub/internet-privacy-surveillance/) -[^23]: PIA Blog, 50 Key Stats About Freedom of the Internet Around the World [[Archive.org]][773] +[^23]: PIA Blog, 50 Key Stats About Freedom of the Internet Around the World [[Archive.org]](https://web.archive.org/web/https://www.privateinternetaccess.com/blog/internet-freedom-around-the-world-in-50-stats/) -[^24]: Wikipedia, IANAL [[Wikiless]][774] [[Archive.org]][775] +[^24]: Wikipedia, IANAL [[Wikiless]](https://wikiless.org/wiki/IANAL) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/IANAL) -[^25]: Wikipedia, Trust but verify [[Wikiless]][776] [[Archive.org]][777] +[^25]: Wikipedia, Trust but verify [[Wikiless]](https://wikiless.org/wiki/Trust,_but_verify) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Trust,_but_verify) -[^26]: Wikipedia, IP Address [[Wikiless]][778] [[Archive.org]][779] +[^26]: Wikipedia, IP Address [[Wikiless]](https://wikiless.org/wiki/IP_address) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/IP_address) -[^27]: Wikipedia; Data Retention [[Wikiless]][780] [[Archive.org]][781] +[^27]: Wikipedia; Data Retention [[Wikiless]](https://wikiless.org/wiki/Data_retention) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Data_retention) -[^28]: Wikipedia, Tor Anonymity Network [[Wikiless]][782] [[Archive.org]][783] +[^28]: Wikipedia, Tor Anonymity Network [[Wikiless]](https://wikiless.org/wiki/Tor_(anonymity_network)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Tor_(anonymity_network)) -[^29]: Wikipedia, VPN [[Wikiless]][784] [[Archive.org]][785] +[^29]: Wikipedia, VPN [[Wikiless]](https://wikiless.org/wiki/Virtual_private_network) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Virtual_private_network) -[^30]: Ieee.org, Anonymity Trilemma: Strong Anonymity, Low Bandwidth Overhead, Low Latency - Choose Two [[Archive.org]][786] +[^30]: Ieee.org, Anonymity Trilemma: Strong Anonymity, Low Bandwidth Overhead, Low Latency - Choose Two [[Archive.org]](https://web.archive.org/web/https://ieeexplore.ieee.org/document/8418599) -[^31]: Wikipedia, DNS [[Wikiless]][787] [[Archive.org]][788] +[^31]: Wikipedia, DNS [[Wikiless]](https://wikiless.org/wiki/Domain_Name_System) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Domain_Name_System) -[^32]: Wikipedia, DNS Blocking [[Wikiless]][789] [[Archive.org]][790] +[^32]: Wikipedia, DNS Blocking [[Wikiless]](https://wikiless.org/wiki/DNS_blocking) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/DNS_blocking) -[^33]: CensoredPlanet [[Archive.org]][791] +[^33]: CensoredPlanet [[Archive.org]](https://web.archive.org/web/https://censoredplanet.org/) -[^34]: ArXiv, Characterizing Smart Home IoT Traffic in the Wild [[Archive.org]][792] +[^34]: ArXiv, Characterizing Smart Home IoT Traffic in the Wild [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/2001.08288.pdf) -[^35]: Labzilla.io, Your Smart TV is probably ignoring your Pi-Hole [[Archive.org]][793] +[^35]: Labzilla.io, Your Smart TV is probably ignoring your Pi-Hole [[Archive.org]](https://web.archive.org/web/https://labzilla.io/blog/force-dns-pihole) -[^36]: Wikipedia, DNS over HTTPS: [[Wikiless]][794] [[Archive.org]][795] +[^36]: Wikipedia, DNS over HTTPS: [[Wikiless]](https://wikiless.org/wiki/DNS_over_HTTPS) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/DNS_over_HTTPS) -[^37]: Wikipedia, DNS over TLS, [[Wikiless]][796] [[Archive.org]][797] +[^37]: Wikipedia, DNS over TLS, [[Wikiless]](https://wikiless.org/wiki/DNS_over_TLS) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/DNS_over_TLS) -[^38]: Wikipedia, Pi-Hole [[Wikiless]][798] [[Archive.org]][799] +[^38]: Wikipedia, Pi-Hole [[Wikiless]](https://wikiless.org/wiki/Pi-hole) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Pi-hole) -[^39]: Wikipedia, SNI [[Wikiless]][800] [[Archive.org]][801] +[^39]: Wikipedia, SNI [[Wikiless]](https://wikiless.org/wiki/Server_Name_Indication) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Server_Name_Indication) -[^40]: Wikipedia, ECH [[Wikiless]][800] [[Archive.org]][801] +[^40]: Wikipedia, ECH [[Wikiless]](https://wikiless.org/wiki/Server_Name_Indication) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Server_Name_Indication) -[^41]: Wikipedia, eSNI [[Wikiless]][800] [[Archive.org]][801] +[^41]: Wikipedia, eSNI [[Wikiless]](https://wikiless.org/wiki/Server_Name_Indication) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Server_Name_Indication) -[^42]: Usenix.org, On the Importance of Encrypted-SNI (ESNI) to Censorship Circumvention [[Archive.org]][802] +[^42]: Usenix.org, On the Importance of Encrypted-SNI (ESNI) to Censorship Circumvention [[Archive.org]](https://web.archive.org/web/https://www.usenix.org/system/files/foci19-paper_chai_0.pdf) -[^43]: Wikipedia, CDN [[Wikiless]][803] [[Archive.org]][804] +[^43]: Wikipedia, CDN [[Wikiless]](https://wikiless.org/wiki/Content_delivery_network) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Content_delivery_network) -[^44]: Cloudflare, Good-bye ESNI, hello ECH! [[Archive.org]][805] +[^44]: Cloudflare, Good-bye ESNI, hello ECH! [[Archive.org]](https://web.archive.org/web/https://blog.cloudflare.com/encrypted-client-hello/) -[^45]: ZDNET, Russia wants to ban the use of secure protocols such as TLS 1.3, DoH, DoT, ESNI [[Archive.org]][806] +[^45]: ZDNET, Russia wants to ban the use of secure protocols such as TLS 1.3, DoH, DoT, ESNI [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/russia-wants-to-ban-the-use-of-secure-protocols-such-as-tls-1-3-doh-dot-esni/) -[^46]: ZDNET, China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI [[Archive.org]][807] +[^46]: ZDNET, China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/) -[^47]: Wikipedia, OCSP [[Wikiless]][808] [[Archive.org]][809] +[^47]: Wikipedia, OCSP [[Wikiless]](https://wikiless.org/wiki/Online_Certificate_Status_Protocol) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol) -[^48]: Madaidans Insecurities, Why encrypted DNS is ineffective [[Archive.org]][810] +[^48]: Madaidans Insecurities, Why encrypted DNS is ineffective [[Archive.org]](https://web.archive.org/web/https://madaidans-insecurities.github.io/encrypted-dns.html) -[^49]: Wikipedia, OCSP Stapling [[Wikiless]][811] [[Archive.org]][812] +[^49]: Wikipedia, OCSP Stapling [[Wikiless]](https://wikiless.org/wiki/OCSP_stapling) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/OCSP_stapling) -[^50]: Chromium Documentation, CRLSets [[Archive.org]][813] +[^50]: Chromium Documentation, CRLSets [[Archive.org]](https://web.archive.org/web/https://dev.chromium.org/Home/chromium-security/crlsets) -[^51]: ZDNet, Chrome does certificate revocation better [[Archive.org]][814] +[^51]: ZDNet, Chrome does certificate revocation better [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/chrome-does-certificate-revocation-better/) -[^52]: KUL, Encrypted DNS=⇒Privacy? A Traffic Analysis Perspective [[Archive.org]][815] +[^52]: KUL, Encrypted DNS=⇒Privacy? A Traffic Analysis Perspective [[Archive.org]](https://web.archive.org/web/https://www.esat.kuleuven.be/cosic/publications/article-3153.pdf) -[^53]: ResearchGate, Oblivious DNS: Practical Privacy for DNS Queries [[Archive.org]][816] +[^53]: ResearchGate, Oblivious DNS: Practical Privacy for DNS Queries [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/332893422_Oblivious_DNS_Practical_Privacy_for_DNS_Queries) -[^54]: Nymity.ch, The Effect of DNS on Tor's Anonymity [[Archive.org]][817] +[^54]: Nymity.ch, The Effect of DNS on Tor's Anonymity [[Archive.org]](https://web.archive.org/web/https://nymity.ch/tor-dns/) -[^55]: Wikipedia, RFID [[Wikiless]][58] [[Archive.org]][59] +[^55]: Wikipedia, RFID [[Wikiless]](https://wikiless.org/wiki/Radio-frequency_identification) [[Archive.org]](https://web.archive.org/web/https://web.archive.org/web/20220530073225/https://en.wikipedia.org/wiki/Radio-frequency_identification) -[^56]: Wikipedia, NFC [[Wikiless]][818] [[Archive.org]][819] +[^56]: Wikipedia, NFC [[Wikiless]](https://wikiless.org/wiki/Near-field_communication) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Near-field_communication) -[^57]: Samsonite Online Shop, RFID accessories [[Archive.org]][820] +[^57]: Samsonite Online Shop, RFID accessories [[Archive.org]](https://web.archive.org/web/https://shop.samsonite.com/accessories/rfid-accessories/) -[^58]: Google Android Help, Android Location Services [[Archive.org]][821] +[^58]: Google Android Help, Android Location Services [[Archive.org]](https://web.archive.org/web/https://support.google.com/accounts/answer/3467281?hl=en) -[^59]: Apple Support, Location Services and Privacy [[Archive.org]][822] +[^59]: Apple Support, Location Services and Privacy [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT207056) -[^60]: 2016 International Conference on Indoor Positioning and Indoor Navigation, Wi-Fi probes as digital crumbs for crowd localization [[Archive.org]][823] +[^60]: 2016 International Conference on Indoor Positioning and Indoor Navigation, Wi-Fi probes as digital crumbs for crowd localization [[Archive.org]](https://web.archive.org/web/http://fly.isti.cnr.it/pub/papers/pdf/Wifi-probes-IPIN16.pdf) -[^61]: Southeast University of Nanjing, Probe Request Based Device Identification Attack and Defense [[Archive.org]][824] +[^61]: Southeast University of Nanjing, Probe Request Based Device Identification Attack and Defense [[Archive.org]](https://web.archive.org/web/https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7472341/) -[^62]: Medium.com, The Perils of Probe Requests [[Scribe.rip]][825] [[Archive.org]][826] +[^62]: Medium.com, The Perils of Probe Requests [[Scribe.rip]](https://scribe.rip/@brannondorsey/wi-fi-is-broken-3f6054210fa5) [[Archive.org]](https://web.archive.org/web/https://medium.com/@brannondorsey/wi-fi-is-broken-3f6054210fa5) -[^63]: State University of New York, Towards 3D Human Pose Construction Using Wi-Fi [[Archive.org]][827] +[^63]: State University of New York, Towards 3D Human Pose Construction Using Wi-Fi [[Archive.org]](https://web.archive.org/web/https://cse.buffalo.edu/~lusu/papers/MobiCom2020.pdf) -[^64]: Digi.Ninja, Jasager [[Archive.org]][828] +[^64]: Digi.Ninja, Jasager [[Archive.org]](https://web.archive.org/web/https://digi.ninja/jasager/) -[^65]: Hak5 Shop, Wi-Fi Pineapple [[Archive.org]][829] +[^65]: Hak5 Shop, Wi-Fi Pineapple [[Archive.org]](https://web.archive.org/web/https://shop.hak5.org/products/wifi-pineapple) -[^66]: Wikipedia, Deautentication Attack [[Wikiless]][830] [[Archive.org]][831] +[^66]: Wikipedia, Deautentication Attack [[Wikiless]](https://wikiless.org/wiki/Wi-Fi_deauthentication_attack) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack) -[^67]: Wikipedia, Capture Portal [[Wikiless]][832] [[Archive.org]][833] +[^67]: Wikipedia, Capture Portal [[Wikiless]](https://wikiless.org/wiki/Captive_portal) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Captive_portal) -[^68]: HackerFactor Blog, Deanonymizing Tor Circuits [[Archive.org]][834] +[^68]: HackerFactor Blog, Deanonymizing Tor Circuits [[Archive.org]](https://web.archive.org/web/https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html) -[^69]: KU Leuven, Website Fingerprinting through Deep Learning [[Archive.org]][835] +[^69]: KU Leuven, Website Fingerprinting through Deep Learning [[Archive.org]](https://web.archive.org/web/https://distrinet.cs.kuleuven.be/software/tor-wf-dl/) -[^70]: KU Leuven, Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning [[Archive.org]][836] +[^70]: KU Leuven, Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning [[Archive.org]](https://web.archive.org/web/https://homes.esat.kuleuven.be/~mjuarezm/index_files/pdf/ccs18.pdf) -[^71]: Internet Society, Website Fingerprinting at Internet Scale [[Archive.org]][837] +[^71]: Internet Society, Website Fingerprinting at Internet Scale [[Archive.org]](https://web.archive.org/web/20160617040428/https://www.internetsociety.org/sites/default/files/blogs-media/website-fingerprinting-internet-scale.pdf) -[^72]: KU Leuven, A Critical Evaluation of Website Fingerprinting Attacks [[Archive.org]][838] +[^72]: KU Leuven, A Critical Evaluation of Website Fingerprinting Attacks [[Archive.org]](https://web.archive.org/web/https://www.esat.kuleuven.be/cosic/publications/article-2456.pdf) -[^73]: DailyDot, How Tor helped catch the Harvard bomb threat suspect [[Archive.org]][839] +[^73]: DailyDot, How Tor helped catch the Harvard bomb threat suspect [[Archive.org]](https://web.archive.org/web/https://www.dailydot.com/unclick/tor-harvard-bomb-suspect/) -[^74]: ArsTechnica, How the NSA can break trillions of encrypted Web and VPN connections [[Archive.org]][840] +[^74]: ArsTechnica, How the NSA can break trillions of encrypted Web and VPN connections [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/information-technology/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/) -[^75]: Wikipedia, Sybil Attack [[Wikiless]][841] [[Archive.org]][842] +[^75]: Wikipedia, Sybil Attack [[Wikiless]](https://wikiless.org/wiki/Sybil_attack) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Sybil_attack) -[^76]: ArsTechnica, Does Tor provide more benefit or harm? New paper says it depends [[Archive.org]][843] +[^76]: ArsTechnica, Does Tor provide more benefit or harm? New paper says it depends [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/gadgets/2020/11/does-tor-provide-more-benefit-or-harm-new-paper-says-it-depends/) -[^77]: ResearchGate, The potential harms of the Tor anonymity network cluster disproportionately in free countries [[Archive.org]][844] +[^77]: ResearchGate, The potential harms of the Tor anonymity network cluster disproportionately in free countries [[Archive.org]](https://web.archive.org/web/https://www.pnas.org/content/early/2020/11/24/2011893117) -[^78]: CryptoEngineering, How does Apple (privately) find your offline devices? [[Archive.org]][845] +[^78]: CryptoEngineering, How does Apple (privately) find your offline devices? [[Archive.org]](https://web.archive.org/web/https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/) -[^79]: Apple Support [[Archive.org]][846] +[^79]: Apple Support [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT210515) -[^80]: XDA, Samsung's Find My Mobile app can locate Galaxy devices even when they're offline [[Archive.org]][847] +[^80]: XDA, Samsung's Find My Mobile app can locate Galaxy devices even when they're offline [[Archive.org]](https://web.archive.org/web/https://www.xda-developers.com/samsung-find-my-mobile-app-locate-galaxy-devices-offline/) -[^81]: Apple Support, If your Mac is lost or stolen [[Archive.org]][848] +[^81]: Apple Support, If your Mac is lost or stolen [[Archive.org]](https://web.archive.org/web/https://support.apple.com/en-us/HT204756) -[^82]: Wikipedia, BLE [[Wikiless]][849] [[Archive.org]][850] +[^82]: Wikipedia, BLE [[Wikiless]](https://wikiless.org/wiki/Bluetooth_Low_Energy) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Bluetooth_Low_Energy) -[^83]: Cryptography Engineering Blog, How does Apple (privately) find your offline devices? [[Archive.org]][845] +[^83]: Cryptography Engineering Blog, How does Apple (privately) find your offline devices? [[Archive.org]](https://web.archive.org/web/https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/) -[^84]: Wikipedia, IMEI [[Wikiless]][851] [[Archive.org]][852] +[^84]: Wikipedia, IMEI [[Wikiless]](https://wikiless.org/wiki/International_Mobile_Equipment_Identity) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity) -[^85]: Wikipedia, IMSI [[Wikiless]][853] [[Archive.org]][854] +[^85]: Wikipedia, IMSI [[Wikiless]](https://wikiless.org/wiki/International_mobile_subscriber_identity) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/International_mobile_subscriber_identity) -[^86]: Android Documentation, Device Identifiers [[Archive.org]][855] +[^86]: Android Documentation, Device Identifiers [[Archive.org]](https://web.archive.org/web/https://source.android.com/devices/tech/config/device-identifiers) -[^87]: Google Privacy Policy, Look for IMEI [[Archive.org]][856] +[^87]: Google Privacy Policy, Look for IMEI [[Archive.org]](https://web.archive.org/web/https://policies.google.com/privacy/embedded?hl=en-US) -[^88]: Wikipedia, IMEI and the Law [[Wikiless]][851] [[Archive.org]][852] +[^88]: Wikipedia, IMEI and the Law [[Wikiless]](https://wikiless.org/wiki/International_Mobile_Equipment_Identity) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity) -[^89]: Bellingcat, The GRU Globetrotters: Mission London [[Archive.org]][857] +[^89]: Bellingcat, The GRU Globetrotters: Mission London [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/news/uk-and-europe/2019/06/28/the-gru-globetrotters-mission-london/) -[^90]: Bellingcat,"V" For "Vympel": FSB's Secretive Department "V" Behind Assassination Of Georgian Asylum Seeker In Germany [[Archive.org]][858] +[^90]: Bellingcat,"V" For "Vympel": FSB's Secretive Department "V" Behind Assassination Of Georgian Asylum Seeker In Germany [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/news/uk-and-europe/2020/02/17/v-like-vympel-fsbs-secretive-department-v-behind-assassination-of-zelimkhan-khangoshvili/) -[^91]: Wikipedia, CCTV [[Wikiless]][859] [[Archive.org]][860] +[^91]: Wikipedia, CCTV [[Wikiless]](https://wikiless.org/wiki/Closed-circuit_television) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Closed-circuit_television) -[^92]: Apple, Transparency Report, Device Requests [[Archive.org]][861] +[^92]: Apple, Transparency Report, Device Requests [[Archive.org]](https://web.archive.org/web/https://www.apple.com/legal/transparency/device-requests.html) -[^93]: The Intercept, How Cops Can Secretly Track Your Phone [[Tor Mirror]][862] [[Archive.org]][863] +[^93]: The Intercept, How Cops Can Secretly Track Your Phone [[Tor Mirror]](https://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/) -[^94]: Wikipedia, IMSI Catcher [[Wikiless]][864] [[Archive.org]][865] +[^94]: Wikipedia, IMSI Catcher [[Wikiless]](https://wikiless.org/wiki/IMSI-catcher) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/IMSI-catcher) -[^95]: Wikipedia, Stingray [[Wikiless]][866] [[Archive.org]][867] +[^95]: Wikipedia, Stingray [[Wikiless]](https://wikiless.org/wiki/Stingray_phone_tracker) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Stingray_phone_tracker) -[^96]: Gizmodo, Cops Turn to Canadian Phone-Tracking Firm After Infamous 'Stingrays' Become 'Obsolete' [[Archive.org]][868] +[^96]: Gizmodo, Cops Turn to Canadian Phone-Tracking Firm After Infamous 'Stingrays' Become 'Obsolete' [[Archive.org]](https://web.archive.org/web/https://gizmodo.com/american-cops-turns-to-canadian-phone-tracking-firm-aft-1845442778) -[^97]: Wikipedia, MITM [[Wikiless]][869] [[Archive.org]][870] +[^97]: Wikipedia, MITM [[Wikiless]](https://wikiless.org/wiki/Man-in-the-middle_attack) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Man-in-the-middle_attack) -[^98]: Purism, Librem 5 [[Archive.org]][871] +[^98]: Purism, Librem 5 [[Archive.org]](https://web.archive.org/web/https://shop.puri.sm/shop/librem-5/) -[^99]: Wikipedia, MAC Address [[Wikiless]][872] [[Archive.org]][873] +[^99]: Wikipedia, MAC Address [[Wikiless]](https://wikiless.org/wiki/MAC_address) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/MAC_address) -[^100]: Acyclica Road Trend Product Sheet, [[Archive.org]][874] +[^100]: Acyclica Road Trend Product Sheet, [[Archive.org]](https://web.archive.org/web/https://amsignalinc.com/data-sheets/Acyclica/Acyclica-RoadTrend-Product-Sheet.pdf) -[^101]: ResearchGate, Tracking Anonymized Bluetooth Devices [[Archive.org]][875] +[^101]: ResearchGate, Tracking Anonymized Bluetooth Devices [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/334590931_Tracking_Anonymized_Bluetooth_Devices/fulltext/5d3308db92851cd04675a469/Tracking-Anonymized-Bluetooth-Devices.pdf) -[^102]: Wikipedia, CPU [[Wikiless]][876] [[Archive.org]][877] +[^102]: Wikipedia, CPU [[Wikiless]](https://wikiless.org/wiki/Central_processing_unit) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Central_processing_unit) -[^103]: Wikipedia, Intel Management Engine [[Wikiless]][878] [[Archive.org]][879] +[^103]: Wikipedia, Intel Management Engine [[Wikiless]](https://wikiless.org/wiki/Intel_Management_Engine) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Intel_Management_Engine) -[^104]: Wikipedia, AMD Platform Security Processor [[Wikiless]][880] [[Archive.org]][881] +[^104]: Wikipedia, AMD Platform Security Processor [[Wikiless]](https://wikiless.org/wiki/AMD_Platform_Security_Processor) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor) -[^105]: Wikipedia, IME, Security Vulnerabilities [[Wikiless]][878] [[Archive.org]][879] +[^105]: Wikipedia, IME, Security Vulnerabilities [[Wikiless]](https://wikiless.org/wiki/Intel_Management_Engine) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Intel_Management_Engine) -[^106]: Wikipedia, IME, Assertions that ME is a backdoor [[Wikiless]][878] [[Archive.org]][879] +[^106]: Wikipedia, IME, Assertions that ME is a backdoor [[Wikiless]](https://wikiless.org/wiki/Intel_Management_Engine) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Intel_Management_Engine) -[^107]: Wikipedia, IME, Disabling the ME [[Wikiless]][878] [[Archive.org]][879] +[^107]: Wikipedia, IME, Disabling the ME [[Wikiless]](https://wikiless.org/wiki/Intel_Management_Engine) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Intel_Management_Engine) -[^108]: Libreboot, [[Archive.org]][882] / Coreboot, [[Archive.org]](https://web.archive.org/web/20220501042320/https://www.coreboot.org/) +[^108]: Libreboot, [[Archive.org]](https://web.archive.org/web/https://libreboot.org/) / Coreboot, [[Archive.org]](https://web.archive.org/web/20220501042320/https://www.coreboot.org/) -[^109]: Apple, Differential Privacy White Paper [[Archive.org]][883] +[^109]: Apple, Differential Privacy White Paper [[Archive.org]](https://web.archive.org/web/https://www.apple.com/privacy/docs/Differential_Privacy_Overview.pdf) -[^110]: Wikipedia, Differential Privacy [[Wikiless]][884] [[Archive.org]][885] +[^110]: Wikipedia, Differential Privacy [[Wikiless]](https://wikiless.org/wiki/Differential_privacy) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Differential_privacy) -[^111]: Continuing Ed, The All-Seeing "i": Apple Just Declared War on Your Privacy [[Archive.org]][886] +[^111]: Continuing Ed, The All-Seeing "i": Apple Just Declared War on Your Privacy [[Archive.org]](https://web.archive.org/web/https://edwardsnowden.substack.com/p/all-seeing-i) -[^112]: Trinity College Dublin, Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google [[Archive.org]][84] +[^112]: Trinity College Dublin, Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google [[Archive.org]](https://web.archive.org/web/https://www.scss.tcd.ie/doug.leith/apple_google.pdf) -[^113]: Reuters, Exclusive: Apple dropped plan for encrypting backups after FBI complained -- sources [[Archive.org]][887] +[^113]: Reuters, Exclusive: Apple dropped plan for encrypting backups after FBI complained -- sources [[Archive.org]](https://web.archive.org/web/https://www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT) -[^114]: ZDnet, I asked Apple for all my data. Here's what was sent back [[Archive.org]][888] +[^114]: ZDnet, I asked Apple for all my data. Here's what was sent back [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/apple-data-collection-stored-request/) -[^115]: De Correspondent, Here's how we found the names and addresses of soldiers and secret agents using a simple fitness app [[Archive.org]][889] +[^115]: De Correspondent, Here's how we found the names and addresses of soldiers and secret agents using a simple fitness app [[Archive.org]](https://web.archive.org/web/https://decorrespondent.nl/8481/heres-how-we-found-the-names-and-addresses-of-soldiers-and-secret-agents-using-a-simple-fitness-app/412999257-6756ba27) -[^116]: Website Planet, Report: Fitness Tracker Data Breach Exposed 61 Million Records and User Data Online [[Archive.org]][890] +[^116]: Website Planet, Report: Fitness Tracker Data Breach Exposed 61 Million Records and User Data Online [[Archive.org]](https://web.archive.org/web/https://www.websiteplanet.com/blog/gethealth-leak-report/) -[^117]: Wired, The Strava Heat Map and the End of Secrets [[Archive.org]][891] +[^117]: Wired, The Strava Heat Map and the End of Secrets [[Archive.org]](https://web.archive.org/web/https://www.wired.com/story/strava-heat-map-military-bases-fitness-trackers-privacy/) -[^118]: Bellingcat, How to Use and Interpret Data from Strava's Activity Map [[Archive.org]][892] +[^118]: Bellingcat, How to Use and Interpret Data from Strava's Activity Map [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2018/01/29/strava-interpretation-guide/) -[^119]: The Guardian, Fitness tracking app Strava gives away location of secret US army bases [[Archive.org]][893] +[^119]: The Guardian, Fitness tracking app Strava gives away location of secret US army bases [[Archive.org]](https://web.archive.org/web/https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases) -[^120]: Telegraph, Running app reveals locations of secret service agents in MI6 and GCHQ [[Archive.org]][894] +[^120]: Telegraph, Running app reveals locations of secret service agents in MI6 and GCHQ [[Archive.org]](https://web.archive.org/web/https://www.telegraph.co.uk/technology/2018/07/08/running-app-exposes-mi6-gchq-workers-whereabouts/) -[^121]: Washington Post, Alexa has been eavesdropping on you this whole time [[Archive.org]][895] +[^121]: Washington Post, Alexa has been eavesdropping on you this whole time [[Archive.org]](https://web.archive.org/web/https://www.washingtonpost.com/technology/2019/05/06/alexa-has-been-eavesdropping-you-this-whole-time/?itid=lk_interstitial_manual_59) -[^122]: Washington Post, What does your car know about you? We hacked a Chevy to find out [[Archive.org]][896] +[^122]: Washington Post, What does your car know about you? We hacked a Chevy to find out [[Archive.org]](https://web.archive.org/web/https://www.washingtonpost.com/technology/2019/12/17/what-does-your-car-know-about-you-we-hacked-chevy-find-out/) -[^123]: Using Metadata to find Paul Revere ( [[Archive.org]][897]) +[^123]: Using Metadata to find Paul Revere ( [[Archive.org]](https://web.archive.org/web/https://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/)) -[^124]: Wikipedia, Google SensorVault, [[Wikiless]][898] [[Archive.org]][899] +[^124]: Wikipedia, Google SensorVault, [[Wikiless]](https://wikiless.org/wiki/Sensorvault) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Sensorvault) -[^125]: NRKBeta, My Phone Was Spying on Me, so I Tracked Down the Surveillants [[Archive.org]][900] +[^125]: NRKBeta, My Phone Was Spying on Me, so I Tracked Down the Surveillants [[Archive.org]](https://web.archive.org/web/https://nrkbeta.no/2020/12/03/my-phone-was-spying-on-me-so-i-tracked-down-the-surveillants/) -[^126]: New York Times [[Archive.org]][901] +[^126]: New York Times [[Archive.org]](https://web.archive.org/web/https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html) -[^127]: Sophos, Google data puts innocent man at the scene of a crime [[Archive.org]][902] +[^127]: Sophos, Google data puts innocent man at the scene of a crime [[Archive.org]](https://web.archive.org/web/https://nakedsecurity.sophos.com/2020/03/10/google-data-puts-innocent-man-at-the-scene-of-a-crime/) -[^128]: Wikipedia, Geofence Warrant [[Wikiless]][903] [[Archive.org]][904] +[^128]: Wikipedia, Geofence Warrant [[Wikiless]](https://wikiless.org/wiki/Geo-fence_warrant) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Geo-fence_warrant) -[^129]: Vice.com, Military Unit That Conducts Drone Strikes Bought Location Data From Ordinary Apps [[Archive.org]][905] +[^129]: Vice.com, Military Unit That Conducts Drone Strikes Bought Location Data From Ordinary Apps [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/y3g97x/location-data-apps-drone-strikes-iowa-national-guard) -[^130]: TechCrunch, Google says geofence warrants make up one-quarter of all US demands [[Archive.org]][906] +[^130]: TechCrunch, Google says geofence warrants make up one-quarter of all US demands [[Archive.org]](https://web.archive.org/web/https://techcrunch.com/2021/08/19/google-geofence-warrants/) -[^131]: TechDirt, Google Report Shows 'Reverse Warrants' Are Swiftly Becoming Law Enforcement's Go-To Investigative Tool [[Archive.org]][907] +[^131]: TechDirt, Google Report Shows 'Reverse Warrants' Are Swiftly Becoming Law Enforcement's Go-To Investigative Tool [[Archive.org]](https://web.archive.org/web/https://www.techdirt.com/articles/20210821/10494847401/google-report-shows-reverse-warrants-are-swiftly-becoming-law-enforcements-go-to-investigative-tool.shtml) -[^132]: Vice.com, Here's the FBI's Internal Guide for Getting Data from AT&T, T-Mobile, Verizon [[Archive.org]][908] +[^132]: Vice.com, Here's the FBI's Internal Guide for Getting Data from AT&T, T-Mobile, Verizon [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/m7vqkv/how-fbi-gets-phone-data-att-tmobile-verizon) -[^133]: Wikipedia, Room 641A [[Wikiless]][909] [[Archive.org]][910] +[^133]: Wikipedia, Room 641A [[Wikiless]](https://wikiless.org/wiki/Room_641A) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Room_641A) -[^134]: Wikipedia, Edward Snowden [[Wikiless]][911] [[Archive.org]][912] +[^134]: Wikipedia, Edward Snowden [[Wikiless]](https://wikiless.org/wiki/Edward_Snowden) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Edward_Snowden) -[^135]: Wikipedia, Permanent Record [[Wikiless]][567] [[Archive.org]][568] +[^135]: Wikipedia, Permanent Record [[Wikiless]](https://wikiless.org/wiki/Permanent_Record_(autobiography)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Permanent_Record_(autobiography)) -[^136]: Wikipedia, XKEYSCORE [[Wikiless]][913] [[Archive.org]][914] +[^136]: Wikipedia, XKEYSCORE [[Wikiless]](https://wikiless.org/wiki/XKeyscore) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/XKeyscore) -[^137]: ElectroSpaces, Danish military intelligence uses XKEYSCORE to tap cables in cooperation with the NSA [[Archive.org]][915] +[^137]: ElectroSpaces, Danish military intelligence uses XKEYSCORE to tap cables in cooperation with the NSA [[Archive.org]](https://web.archive.org/web/https://www.electrospaces.net/2020/10/danish-military-intelligence-uses.html) -[^138]: Wikipedia, MUSCULAR [[Archive.org]][916] +[^138]: Wikipedia, MUSCULAR [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/MUSCULAR_(surveillance_program)) -[^139]: Wikipedia, SORM [[Wikiless]][917] [[Archive.org]][918] +[^139]: Wikipedia, SORM [[Wikiless]](https://wikiless.org/wiki/SORM) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/SORM) -[^140]: Wikipedia, Tempora [[Wikiless]][919] [[Archive.org]][920] +[^140]: Wikipedia, Tempora [[Wikiless]](https://wikiless.org/wiki/Tempora) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Tempora) -[^141]: Wikipedia, PRISM [[Wikiless]][921] [[Archive.org]][922] +[^141]: Wikipedia, PRISM [[Wikiless]](https://wikiless.org/wiki/PRISM_(surveillance_program)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/PRISM_(surveillance_program)) -[^142]: Justsecurity, General Hayden [[Archive.org]][923] +[^142]: Justsecurity, General Hayden [[Archive.org]](https://web.archive.org/web/https://www.justsecurity.org/10318/video-clip-director-nsa-cia-we-kill-people-based-metadata/) -[^143]: IDMB, The Social Dilemma [[Archive.org]][924] +[^143]: IDMB, The Social Dilemma [[Archive.org]](https://web.archive.org/web/https://www.imdb.com/title/tt11464826/) -[^144]: ArsTechnica, How the way you type can shatter anonymity---even on Tor [[Archive.org]][925] +[^144]: ArsTechnica, How the way you type can shatter anonymity---even on Tor [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/information-technology/2015/07/how-the-way-you-type-can-shatter-anonymity-even-on-tor/) -[^145]: Wikipedia, Stylometry [[Wikiless]][707] [[Archive.org]][926] +[^145]: Wikipedia, Stylometry [[Wikiless]](https://wikiless.org/wiki/Stylometry) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Stylometry) -[^146]: Paul Moore Blog, Behavioral Profiling: The password you can't change. [[Archive.org]][927] +[^146]: Paul Moore Blog, Behavioral Profiling: The password you can't change. [[Archive.org]](https://web.archive.org/web/https://paul.reviews/behavioral-profiling-the-password-you-cant-change/) -[^147]: Wikipedia, Sentiment Analysis [[Wikiless]][928] [[Archive.org]][929] +[^147]: Wikipedia, Sentiment Analysis [[Wikiless]](https://wikiless.org/wiki/Sentiment_analysis) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Sentiment_analysis) -[^148]: EFF, CoverYourTracks [[Archive.org]][930] +[^148]: EFF, CoverYourTracks [[Archive.org]](https://web.archive.org/web/https://coveryourtracks.eff.org/) -[^149]: Berkeley.edu, On the Feasibility of Internet-Scale Author Identification [[Archive.org]][931] +[^149]: Berkeley.edu, On the Feasibility of Internet-Scale Author Identification [[Archive.org]](https://web.archive.org/web/https://people.eecs.berkeley.edu/~dawnsong/papers/2012%20On%20the%20Feasibility%20of%20Internet-Scale%20Author%20Identification.pdf) -[^150]: Forbes, Exclusive: Government Secretly Orders Google To Identify Anyone Who Searched A Sexual Assault Victim's Name, Address And Telephone Number [[Archive.org]][932] +[^150]: Forbes, Exclusive: Government Secretly Orders Google To Identify Anyone Who Searched A Sexual Assault Victim's Name, Address And Telephone Number [[Archive.org]](https://web.archive.org/web/https://www.forbes.com/sites/thomasbrewster/2021/10/04/google-keyword-warrants-give-us-government-data-on-search-users) -[^151]: FingerprintJS, Demo: Disabling JavaScript Won't Save You from Fingerprinting [[Archive.org]][933] +[^151]: FingerprintJS, Demo: Disabling JavaScript Won't Save You from Fingerprinting [[Archive.org]](https://web.archive.org/web/https://fingerprintjs.com/blog/disabling-javascript-wont-stop-fingerprinting/) -[^152]: SecuredTouch Blog, Behavioral Biometrics 101: Behavioral Biometrics vs. Behavioral Analytics [[Archive.org]][934] +[^152]: SecuredTouch Blog, Behavioral Biometrics 101: Behavioral Biometrics vs. Behavioral Analytics [[Archive.org]](https://web.archive.org/web/https://blog.securedtouch.com/behavioral-biometrics-101-an-in-depth-look-at-behavioral-biometrics-vs-behavioral-analytics) -[^153]: ArsTechnica, Stakeout: how the FBI tracked and busted a Chicago Anon [[Archive.org]][935] +[^153]: ArsTechnica, Stakeout: how the FBI tracked and busted a Chicago Anon [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/tech-policy/2012/03/stakeout-how-the-fbi-tracked-and-busted-a-chicago-anon/) -[^154]: Bellingcat MH17 - Russian GRU Commander 'Orion' Identified as Oleg Ivannikov [[Archive.org]][936] +[^154]: Bellingcat MH17 - Russian GRU Commander 'Orion' Identified as Oleg Ivannikov [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/news/uk-and-europe/2018/05/25/mh17-russian-gru-commander-orion-identified-oleg-ivannikov/) -[^155]: Facebook Research, Deepface [[Archive.org]][937] +[^155]: Facebook Research, Deepface [[Archive.org]](https://web.archive.org/web/https://research.fb.com/publications/deepface-closing-the-gap-to-human-level-performance-in-face-verification/) -[^156]: Privacy News Online, Putting the "face" in Facebook: how Mark Zuckerberg is building a world without public anonymity [[Archive.org]][938] +[^156]: Privacy News Online, Putting the "face" in Facebook: how Mark Zuckerberg is building a world without public anonymity [[Archive.org]](https://web.archive.org/web/https://www.privateinternetaccess.com/blog/putting-face-facebook-mark-zuckerberg-building-world-without-public-anonymity/) -[^157]: CNBC, "Facebook has mapped populations in 23 countries as it explores satellites to expand internet" [[Archive.org]][939] +[^157]: CNBC, "Facebook has mapped populations in 23 countries as it explores satellites to expand internet" [[Archive.org]](https://web.archive.org/web/https://www.cnbc.com/2017/09/01/facebook-has-mapped-human-population-building-internet-in-space.html) -[^158]: MIT Technology Review, This is how we lost control of our faces, [[Archive.org]][940] +[^158]: MIT Technology Review, This is how we lost control of our faces, [[Archive.org]](https://web.archive.org/web/https://www.technologyreview.com/2021/02/05/1017388/ai-deep-learning-facial-recognition-data-history/) -[^159]: Bellingcat, Shadow of a Doubt: Crowdsourcing Time Verification of the MH17 Missile Launch Photo [[Archive.org]][941] +[^159]: Bellingcat, Shadow of a Doubt: Crowdsourcing Time Verification of the MH17 Missile Launch Photo [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/case-studies/2015/08/07/shadow-of-a-doubt/) -[^160]: Brown Institute, Open-Source Investigation, [[Archive.org]][942] +[^160]: Brown Institute, Open-Source Investigation, [[Archive.org]](https://web.archive.org/web/https://brown.columbia.edu/open-source-investigation/) -[^161]: NewScientist, Facebook can recognize you in photos even if you're not looking [[Archive.org]][943] +[^161]: NewScientist, Facebook can recognize you in photos even if you're not looking [[Archive.org]](https://web.archive.org/web/https://www.newscientist.com/article/dn27761-facebook-can-recognise-you-in-photos-even-if-youre-not-looking/) -[^162]: Google Patent, Techniques for emotion detection and content delivery [[Archive.org]][944] +[^162]: Google Patent, Techniques for emotion detection and content delivery [[Archive.org]](https://web.archive.org/web/https://patents.google.com/patent/US20150242679) -[^163]: APNews, Chinese 'gait recognition' tech IDs people by how they walk [[Archive.org]][945] +[^163]: APNews, Chinese 'gait recognition' tech IDs people by how they walk [[Archive.org]](https://web.archive.org/web/https://apnews.com/article/bf75dd1c26c947b7826d270a16e2658a) -[^164]: The Sun, New CCTV technology could now identify you just by the WAY you walk and your body shape [[Archive.org]][946] +[^164]: The Sun, New CCTV technology could now identify you just by the WAY you walk and your body shape [[Archive.org]](https://web.archive.org/web/https://www.thesun.co.uk/news/7684204/cctv-technology-identify-body-shape-way-walk/) -[^165]: City Security Magazine, Gait recognition: a useful identification tool [[Archive.org]][947] +[^165]: City Security Magazine, Gait recognition: a useful identification tool [[Archive.org]](https://web.archive.org/web/https://citysecuritymagazine.com/security-management/gait-recognition-identification-tool/) -[^166]: Vice.com, Tech Companies Are Training AI to Read Your Lips [[Archive.org]][948] +[^166]: Vice.com, Tech Companies Are Training AI to Read Your Lips [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/bvzvdw/tech-companies-are-training-ai-to-read-your-lips) -[^167]: New Atlas, Eye tracking can reveal an unbelievable amount of information about you [[Archive.org]][949] +[^167]: New Atlas, Eye tracking can reveal an unbelievable amount of information about you [[Archive.org]](https://web.archive.org/web/https://newatlas.com/science/science/eye-tracking-privacy/) -[^168]: TechCrunch, Facial recognition reveals political party in troubling new research [[Archive.org]][950] +[^168]: TechCrunch, Facial recognition reveals political party in troubling new research [[Archive.org]](https://web.archive.org/web/https://techcrunch.com/2021/01/13/facial-recognition-reveals-political-party-in-troubling-new-research/) -[^169]: Nature.com, Facial recognition technology can expose political orientation from naturalistic facial images [[Archive.org]][114] +[^169]: Nature.com, Facial recognition technology can expose political orientation from naturalistic facial images [[Archive.org]](https://web.archive.org/web/https://www.nature.com/articles/s41598-020-79310-1.pdf) -[^170]: Slate [[Archive.org]][951] +[^170]: Slate [[Archive.org]](https://web.archive.org/web/https://slate.com/technology/2018/04/facebook-collects-data-on-non-facebook-users-if-they-want-to-delete-it-they-have-to-sign-up.html) -[^171]: The Conversation [[Archive.org]][952] +[^171]: The Conversation [[Archive.org]](https://web.archive.org/web/https://theconversation.com/shadow-profiles-facebook-knows-about-you-even-if-youre-not-on-facebook-94804) -[^172]: The Verge [[Archive.org]][953] +[^172]: The Verge [[Archive.org]](https://web.archive.org/web/https://www.theverge.com/2018/4/11/17225482/facebook-shadow-profiles-zuckerberg-congress-data-privacy) -[^173]: ZDNET [[Archive.org]][954] +[^173]: ZDNET [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/anger-mounts-after-facebooks-shadow-profiles-leak-in-bug/) -[^174]: CNET [[Archive.org]][955] +[^174]: CNET [[Archive.org]](https://web.archive.org/web/https://www.cnet.com/news/shadow-profiles-facebook-has-information-you-didnt-hand-over/) -[^175]: Oosto [[Archive.org]][956] +[^175]: Oosto [[Archive.org]](https://web.archive.org/web/https://oosto.com/) -[^176]: BuzzFeed.news, Surveillance Nation [[Archive.org]][957] +[^176]: BuzzFeed.news, Surveillance Nation [[Archive.org]](https://web.archive.org/web/https://www.buzzfeednews.com/article/ryanmac/clearview-ai-local-police-facial-recognition) -[^177]: Wired, Clearview AI Has New Tools to Identify You in Photos [[Archive.org]][958] +[^177]: Wired, Clearview AI Has New Tools to Identify You in Photos [[Archive.org]](https://web.archive.org/web/https://www.wired.com/story/clearview-ai-new-tools-identify-you-photos/) -[^178]: NEC, Neoface [[Archive.org]][959] +[^178]: NEC, Neoface [[Archive.org]](https://web.archive.org/web/https://www.nec.com/en/global/solutions/biometrics/face/neofacewatch.html) -[^179]: The Guardian, Met police deploy live facial recognition technology [[Archive.org]][960] +[^179]: The Guardian, Met police deploy live facial recognition technology [[Archive.org]](https://web.archive.org/web/https://www.theguardian.com/uk-news/2020/feb/11/met-police-deploy-live-facial-recognition-technology) -[^180]: YouTube, The Economist, China: facial recognition and state control [[Invidious]][961] +[^180]: YouTube, The Economist, China: facial recognition and state control [[Invidious]](https://yewtu.be/watch?v=lH2gMNrUuEY) -[^181]: CNN, Want your unemployment benefits? You may have to submit to facial recognition first [[Archive.org]][962] +[^181]: CNN, Want your unemployment benefits? You may have to submit to facial recognition first [[Archive.org]](https://web.archive.org/web/https://edition.cnn.com/2021/07/23/tech/idme-unemployment-facial-recognition/index.html) -[^182]: Washington Post, Huawei tested AI software that could recognize Uighur minorities and alert police, report says [[Archive.org]][963] +[^182]: Washington Post, Huawei tested AI software that could recognize Uighur minorities and alert police, report says [[Archive.org]](https://web.archive.org/web/https://www.washingtonpost.com/technology/2020/12/08/huawei-tested-ai-software-that-could-recognize-uighur-minorities-alert-police-report-says/) -[^183]: The Intercept, How a Facial Recognition Mismatch Can Ruin Your Life [[Tor Mirror]][964] [[Archive.org]][965] +[^183]: The Intercept, How a Facial Recognition Mismatch Can Ruin Your Life [[Tor Mirror]](https://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2016/10/13/how-a-facial-recognition-mismatch-can-ruin-your-life/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2016/10/13/how-a-facial-recognition-mismatch-can-ruin-your-life/) -[^184]: Vice, Facial Recognition Failures Are Locking People Out of Unemployment Systems [[Archive.org]][966] +[^184]: Vice, Facial Recognition Failures Are Locking People Out of Unemployment Systems [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/5dbywn/facial-recognition-failures-are-locking-people-out-of-unemployment-systems) -[^185]: BBC, WhatsApp photo drug dealer caught by 'groundbreaking' work [[Archive.org]][967] +[^185]: BBC, WhatsApp photo drug dealer caught by 'groundbreaking' work [[Archive.org]](https://web.archive.org/web/https://www.bbc.com/news/uk-wales-43711477) -[^186]: CNN, Drug dealer jailed after sharing a photo of cheese that included his fingerprints [[Archive.org]][968] +[^186]: CNN, Drug dealer jailed after sharing a photo of cheese that included his fingerprints [[Archive.org]](https://web.archive.org/web/https://edition.cnn.com/2021/05/25/uk/drug-dealer-cheese-sentenced-scli-gbr-intl/index.html) -[^187]: Vice.com, Cops Got a Drug Dealer's Fingerprints From Photos of His Hand on WhatsApp [[Archive.org]][969] +[^187]: Vice.com, Cops Got a Drug Dealer's Fingerprints From Photos of His Hand on WhatsApp [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/evqk9e/photo-of-fingerprints-used-to-arrest-drug-dealers) -[^188]: Kraken Blog, [[Archive.org]][970] +[^188]: Kraken Blog, [[Archive.org]](https://web.archive.org/web/https://blog.kraken.com/post/11905/your-fingerprint-can-be-hacked-for-5-heres-how/) -[^189]: JUSTIA Patent, Identification of taste attributes from an audio signal [[Archive.org]][971] +[^189]: JUSTIA Patent, Identification of taste attributes from an audio signal [[Archive.org]](https://web.archive.org/web/https://patents.justia.com/patent/10891948) -[^190]: PYMNTS, Iris Scan Serves As Traveler ID At Dubai Airport [[Archive.org]][972] +[^190]: PYMNTS, Iris Scan Serves As Traveler ID At Dubai Airport [[Archive.org]](https://web.archive.org/web/https://www.pymnts.com/news/biometrics/2021/iris-scan-traveler-identification-dubai-airport/) -[^191]: IMDB, Gattaca 1997, [[Archive.org]][973] +[^191]: IMDB, Gattaca 1997, [[Archive.org]](https://web.archive.org/web/https://www.imdb.com/title/tt0119177/) -[^192]: IMDB, Person of Interest 2011 [[Archive.org]][974] +[^192]: IMDB, Person of Interest 2011 [[Archive.org]](https://web.archive.org/web/https://www.imdb.com/title/tt1839578) -[^193]: IMDB, Minority Report 2002, [[Archive.org]][975] +[^193]: IMDB, Minority Report 2002, [[Archive.org]](https://web.archive.org/web/https://www.imdb.com/title/tt0181689) -[^194]: Wikipedia, Deepfake [[Wikiless]][976] [[Archive.org]][977] +[^194]: Wikipedia, Deepfake [[Wikiless]](https://wikiless.org/wiki/Deepfake) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Deepfake) -[^195]: Econotimes, Deepfake Voice Technology: The Good. The Bad. The Future [[Archive.org]][978] +[^195]: Econotimes, Deepfake Voice Technology: The Good. The Bad. The Future [[Archive.org]](https://web.archive.org/web/https://www.econotimes.com/Deepfake-Voice-Technology-The-Good-The-Bad-The-Future-1601278) -[^196]: Wikipedia, Deepfake Events [[Wikiless]][976] [[Archive.org]][977] +[^196]: Wikipedia, Deepfake Events [[Wikiless]](https://wikiless.org/wiki/Deepfake) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Deepfake) -[^197]: Forbes, A Voice Deepfake Was Used To Scam A CEO Out Of $243,000 [[Archive.org]][979] +[^197]: Forbes, A Voice Deepfake Was Used To Scam A CEO Out Of $243,000 [[Archive.org]](https://web.archive.org/web/https://www.forbes.com/sites/jessedamiani/2019/09/03/a-voice-deepfake-was-used-to-scam-a-ceo-out-of-243000/) -[^198]: Joseph Steinberg, How To Prevent Facial Recognition Technology From Identifying You [[Archive.org]][980] +[^198]: Joseph Steinberg, How To Prevent Facial Recognition Technology From Identifying You [[Archive.org]](https://web.archive.org/web/https://josephsteinberg.com/how-to-prevent-facial-recognition-technology-from-identifying-you/) -[^199]: NIST, Face recognition accuracy with masks using pre-COVID-19 algorithms [[Archive.org]][981] +[^199]: NIST, Face recognition accuracy with masks using pre-COVID-19 algorithms [[Archive.org]](https://web.archive.org/web/https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8311.pdf) -[^200]: BBC, Facial recognition identifies people wearing masks [[Archive.org]][982] +[^200]: BBC, Facial recognition identifies people wearing masks [[Archive.org]](https://web.archive.org/web/https://www.bbc.com/news/technology-55573802) -[^201]: University of Wisconsin, Exploring Reflectacles As Anti-Surveillance Glasses and for Adversarial Machine Learning in Computer Vision [[Archive.org]][983] +[^201]: University of Wisconsin, Exploring Reflectacles As Anti-Surveillance Glasses and for Adversarial Machine Learning in Computer Vision [[Archive.org]](https://web.archive.org/web/http://diglib.uwgb.edu/digital/api/collection/p17003coll4/id/71/download) -[^202]: Wikipedia, Phishing [[Wikiless]][984] [[Archive.org]][985] +[^202]: Wikipedia, Phishing [[Wikiless]](https://wikiless.org/wiki/Phishing) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Phishing) -[^203]: Wikipedia, Social Engineering [[Wikiless]][986] [[Archive.org]][987] +[^203]: Wikipedia, Social Engineering [[Wikiless]](https://wikiless.org/wiki/Social_engineering_(security)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Social_engineering_(security)) -[^204]: BBC, Spy pixels in emails have become endemic [[Archive.org]][988] +[^204]: BBC, Spy pixels in emails have become endemic [[Archive.org]](https://web.archive.org/web/https://www.bbc.com/news/technology-56071437) -[^205]: Vice, Facebook Helped the FBI Hack a Child Predator [[Archive.org]][674] +[^205]: Vice, Facebook Helped the FBI Hack a Child Predator [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez) -[^206]: Wikipedia, Exploit [[Wikiless]][989] [[Archive.org]][990] +[^206]: Wikipedia, Exploit [[Wikiless]](https://wikiless.org/wiki/Exploit_(computer_security)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Exploit_(computer_security)) -[^207]: Wikipedia, Freedom Hosting [[Wikiless]][991] [[Archive.org]][992] +[^207]: Wikipedia, Freedom Hosting [[Wikiless]](https://wikiless.org/wiki/Freedom_Hosting) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Freedom_Hosting) -[^208]: Wired, 2013 FBI Admits It Controlled Tor Servers Behind Mass Malware Attack [[Archive.org]][993] +[^208]: Wired, 2013 FBI Admits It Controlled Tor Servers Behind Mass Malware Attack [[Archive.org]](https://web.archive.org/web/https://www.wired.com/2013/09/freedom-hosting-fbi/) -[^209]: Wikipedia, 2020 United States federal government data breach [[Wikiless]][994] [[Archive.org]][995] +[^209]: Wikipedia, 2020 United States federal government data breach [[Wikiless]](https://wikiless.org/wiki/2020_United_States_federal_government_data_breach) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/2020_United_States_federal_government_data_breach) -[^210]: BBC, China social media: WeChat and the Surveillance State [[Archive.org]][996] +[^210]: BBC, China social media: WeChat and the Surveillance State [[Archive.org]](https://web.archive.org/web/https://www.bbc.com/news/blogs-china-blog-48552907) -[^211]: The Intercept, Revealed: Massive Chinese Police Database [[Tor Mirror]][997] [[Archive.org]][998] +[^211]: The Intercept, Revealed: Massive Chinese Police Database [[Tor Mirror]](https://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2021/01/29/china-uyghur-muslim-surveillance-police/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2021/01/29/china-uyghur-muslim-surveillance-police/) -[^212]: Wikipedia, Sandbox [[Wikiless]][999] [[Archive.org]][1000] +[^212]: Wikipedia, Sandbox [[Wikiless]](https://wikiless.org/wiki/Sandbox_(computer_security)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Sandbox_(computer_security)) -[^213]: Wired, Why the Security of USB Is Fundamentally Broken [[Archive.org]][1001] +[^213]: Wired, Why the Security of USB Is Fundamentally Broken [[Archive.org]](https://web.archive.org/web/https://www.wired.com/2014/07/usb-security/) -[^214]: Wikipedia, Stuxnet [[Wikiless]][1002] [[Archive.org]][1003] +[^214]: Wikipedia, Stuxnet [[Wikiless]](https://wikiless.org/wiki/Stuxnet) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Stuxnet) -[^215]: Superuser.com, How do I safely investigate a USB stick found in the parking lot at work? [[Archive.org]][1004] +[^215]: Superuser.com, How do I safely investigate a USB stick found in the parking lot at work? [[Archive.org]](https://web.archive.org/web/https://superuser.com/questions/1206321/how-do-i-safely-investigate-a-usb-stick-found-in-the-parking-lot-at-work) -[^216]: The Guardian, Glenn Greenwald: how the NSA tampers with US-made internet routers [[Archive.org]][1005] +[^216]: The Guardian, Glenn Greenwald: how the NSA tampers with US-made internet routers [[Archive.org]](https://web.archive.org/web/https://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden) -[^217]: Wikipedia, Rootkit [[Wikiless]][1006] [[Archive.org]][1007] +[^217]: Wikipedia, Rootkit [[Wikiless]](https://wikiless.org/wiki/Rootkit) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Rootkit) -[^218]: Wikipedia, Userspace [[Wikiless]][1008] [[Archive.org]][1009] +[^218]: Wikipedia, Userspace [[Wikiless]](https://wikiless.org/wiki/User_space) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/User_space) -[^219]: Wikipedia, Firmware [[Wikiless]][1010] [[Archive.org]][1011] +[^219]: Wikipedia, Firmware [[Wikiless]](https://wikiless.org/wiki/Firmware) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Firmware) -[^220]: Wikipedia, BIOS [[Wikiless]][1012] [[Archive.org]][1013] +[^220]: Wikipedia, BIOS [[Wikiless]](https://wikiless.org/wiki/BIOS) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/BIOS) -[^221]: Wikipedia, UEFI [[Wikiless]][1014] [[Archive.org]][1015] +[^221]: Wikipedia, UEFI [[Wikiless]](https://wikiless.org/wiki/Unified_Extensible_Firmware_Interface) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface) -[^222]: Bellingcat, Joseph Mifsud: Rush for the EXIF [[Archive.org]][1016] +[^222]: Bellingcat, Joseph Mifsud: Rush for the EXIF [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/news/americas/2018/10/26/joseph-mifsud-rush-exif/) -[^223]: Zoom Support, Adding a watermark [[Archive.org]][1017] +[^223]: Zoom Support, Adding a watermark [[Archive.org]](https://web.archive.org/web/https://support.zoom.us/hc/en-us/articles/209605273-Adding-a-Watermark) -[^224]: Zoom Support, Audio Watermark [[Archive.org]][1018] +[^224]: Zoom Support, Audio Watermark [[Archive.org]](https://web.archive.org/web/https://support.zoom.us/hc/en-us/articles/360021839031-Audio-Watermark) -[^225]: CreativeCloud Extension, IMATAG [[Archive.org]][1019] +[^225]: CreativeCloud Extension, IMATAG [[Archive.org]](https://web.archive.org/web/https://exchange.adobe.com/creativecloud.details.101789.imatag-invisible-watermark-and-image-monitoring.html) -[^226]: NexGuard, [[Archive.org]][1020] +[^226]: NexGuard, [[Archive.org]](https://web.archive.org/web/https://dtv.nagra.com/nexguard-forensic-watermarking) -[^227]: Vobile Solutions, [[Archive.org]][1021] +[^227]: Vobile Solutions, [[Archive.org]](https://web.archive.org/web/https://www.vobilegroup.com) -[^228]: Cinavia, [[Archive.org]][1022] +[^228]: Cinavia, [[Archive.org]](https://web.archive.org/web/https://www.cinavia.com/languages/english/pages/technology.html) -[^229]: Imatag, [[Archive.org]][1023] +[^229]: Imatag, [[Archive.org]](https://web.archive.org/web/https://www.imatag.com/) -[^230]: Wikipedia, Steganography [[Wikiless]][1024] [[Archive.org]][1025] +[^230]: Wikipedia, Steganography [[Wikiless]](https://wikiless.org/wiki/Steganography) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Steganography) -[^231]: IEEExplore, A JPEG compression resistant steganography scheme for raster graphics images [[Archive.org]][1026] +[^231]: IEEExplore, A JPEG compression resistant steganography scheme for raster graphics images [[Archive.org]](https://web.archive.org/web/https://ieeexplore.ieee.org/document/4428921) -[^232]: ScienceDirect, Robust audio watermarking using perceptual masking [[Archive.org]][1027] +[^232]: ScienceDirect, Robust audio watermarking using perceptual masking [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/256994444_Robust_Audio_Watermarking_Using_Perceptual_Masking) -[^233]: IEEExplore, Spread-spectrum watermarking of audio signals [[Archive.org]][1028] +[^233]: IEEExplore, Spread-spectrum watermarking of audio signals [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/3318571_Spread-Spectrum_Watermarking_of_Audio) -[^234]: Google Scholar, source camera identification [[Archive.org]][1029] +[^234]: Google Scholar, source camera identification [[Archive.org]](https://web.archive.org/web/https://scholar.google.com/scholar?q=source+camera+identification) -[^235]: Wikipedia, Printing Steganography [[Wikiless]][1030] [[Archive.org]][1031] +[^235]: Wikipedia, Printing Steganography [[Wikiless]](https://wikiless.org/wiki/Machine_Identification_Code) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Machine_Identification_Code) -[^236]: MIT, SeeingYellow, [[Archive.org]][1032] +[^236]: MIT, SeeingYellow, [[Archive.org]](https://web.archive.org/web/https://web.archive.org/web/20220224174025/http://seeingyellow.com/) -[^237]: arXiv, An Analysis of Anonymity in the Bitcoin System [[Archive.org]][1033] +[^237]: arXiv, An Analysis of Anonymity in the Bitcoin System [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/1107.4524.pdf) -[^238]: Bellingcat, How To Track Illegal Funding Campaigns Via Cryptocurrency, [[Archive.org]][1034] +[^238]: Bellingcat, How To Track Illegal Funding Campaigns Via Cryptocurrency, [[Archive.org]](https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2019/03/26/how-to-track-illegal-funding-campaigns-via-cryptocurrency/) -[^239]: CoinDesk, Leaked Slides Show How Chainalysis Flags Crypto Suspects for Cops [[Archive.org]][1035] +[^239]: CoinDesk, Leaked Slides Show How Chainalysis Flags Crypto Suspects for Cops [[Archive.org]](https://web.archive.org/web/https://www.coindesk.com/business/2021/09/21/leaked-slides-show-how-chainalysis-flags-crypto-suspects-for-cops/) -[^240]: Wikipedia, KYC [[Wikiless]][1036] [[Archive.org]][1037] +[^240]: Wikipedia, KYC [[Wikiless]](https://wikiless.org/wiki/Know_your_customer) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Know_your_customer) -[^241]: arXiv.org, Probing the Mystery of Cryptocurrency Theft: An Investigation into Methods for Taint Analysis [[Archive.org]][1038] +[^241]: arXiv.org, Probing the Mystery of Cryptocurrency Theft: An Investigation into Methods for Taint Analysis [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/1906.05754.pdf) -[^242]: YouTube, Breaking Monero [[Invidious]][1039] +[^242]: YouTube, Breaking Monero [[Invidious]](https://yewtu.be/playlist?list=PLsSYUeVwrHBnAUre2G_LYDsdo-tD0ov-y) -[^243]: Monero, Monero vs Princeton Researchers, [[Archive.org]][1040] +[^243]: Monero, Monero vs Princeton Researchers, [[Archive.org]](https://web.archive.org/web/https://monero.org/monero-vs-princeton-researchers/) -[^244]: Wikipedia, Cryptocurrency Tumbler [[Wikiless]][1041] [[Archive.org]][1042] +[^244]: Wikipedia, Cryptocurrency Tumbler [[Wikiless]](https://wikiless.org/wiki/Cryptocurrency_tumbler) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Cryptocurrency_tumbler) -[^245]: Wikipedia, Security Through Obscurity [[Wikiless]][1043] [[Archive.org]][1044] +[^245]: Wikipedia, Security Through Obscurity [[Wikiless]](https://wikiless.org/wiki/Security_through_obscurity) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Security_through_obscurity) -[^246]: ArXiv, Tracking Mixed Bitcoins [[Archive.org]][1045] +[^246]: ArXiv, Tracking Mixed Bitcoins [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/2009.14007.pdf) -[^247]: SSRN, The Cryptocurrency Tumblers: Risks, Legality and Oversight [[Archive.org]][1046] +[^247]: SSRN, The Cryptocurrency Tumblers: Risks, Legality and Oversight [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/321786355_The_Cryptocurrency_Tumblers_Risks_Legality_and_Oversight) -[^248]: Magnet Forensics, Magnet AXIOM [[Archive.org]][1047] +[^248]: Magnet Forensics, Magnet AXIOM [[Archive.org]](https://web.archive.org/web/https://www.magnetforensics.com/products/magnet-axiom/cloud/) -[^249]: Cellebrite, Unlock cloud-based evidence to solve the case sooner [[Archive.org]][1048] +[^249]: Cellebrite, Unlock cloud-based evidence to solve the case sooner [[Archive.org]](https://web.archive.org/web/https://www.cellebrite.com/en/ufed-cloud/) -[^250]: Property of the People, Lawful Access to Secure Messaging Apps Data, [[Archive.org]][1049] +[^250]: Property of the People, Lawful Access to Secure Messaging Apps Data, [[Archive.org]](https://web.archive.org/web/https://propertyofthepeople.org/document-detail/?doc-id=21114562) -[^251]: Chromium Documentation, Technical analysis of client identification mechanisms [[Archive.org]][1050] +[^251]: Chromium Documentation, Technical analysis of client identification mechanisms [[Archive.org]](https://web.archive.org/web/https://sites.google.com/a/chromium.org/dev/Home/chromium-security/client-identification-mechanisms) -[^252]: Mozilla Wiki, Fingerprinting [[Archive.org]][1051] +[^252]: Mozilla Wiki, Fingerprinting [[Archive.org]](https://web.archive.org/web/https://wiki.mozilla.org/Fingerprinting) -[^253]: Grayshift, [[Archive.org]][1052] +[^253]: Grayshift, [[Archive.org]](https://web.archive.org/web/https://www.grayshift.com/) -[^254]: Securephones.io, Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions [[Archive.org]][1053] +[^254]: Securephones.io, Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions [[Archive.org]](https://web.archive.org/web/https://securephones.io/main.pdf) -[^255]: Loup-Vaillant.fr, Rolling Your Own Crypto [[Archive.org]][1054] +[^255]: Loup-Vaillant.fr, Rolling Your Own Crypto [[Archive.org]](https://web.archive.org/web/https://loup-vaillant.fr/articles/rolling-your-own-crypto) -[^256]: Dhole Moments, Crackpot Cryptography and Security Theater [[Archive.org]][1055] +[^256]: Dhole Moments, Crackpot Cryptography and Security Theater [[Archive.org]](https://web.archive.org/web/https://soatok.blog/2021/02/09/crackpot-cryptography-and-security-theater/) -[^257]: Vice.com, Why You Don't Roll Your Own Crypto [[Archive.org]][1056] +[^257]: Vice.com, Why You Don't Roll Your Own Crypto [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/wnx8nq/why-you-dont-roll-your-own-crypto) -[^258]: arXiv, MIT, You Really Shouldn't Roll Your Own Crypto: An Empirical Study of Vulnerabilities in Cryptographic Libraries [[Archive.org]][1057] +[^258]: arXiv, MIT, You Really Shouldn't Roll Your Own Crypto: An Empirical Study of Vulnerabilities in Cryptographic Libraries [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/2107.04940.pdf) -[^259]: YouTube, Great Crypto Failures [[Invidious]][1058] +[^259]: YouTube, Great Crypto Failures [[Invidious]](https://yewtu.be/watch?v=loy84K3AJ5Q) -[^260]: Cryptography Dispatches, The Most Backdoor-Looking Bug I've Ever Seen [[Archive.org]][169] +[^260]: Cryptography Dispatches, The Most Backdoor-Looking Bug I've Ever Seen [[Archive.org]](https://web.archive.org/web/https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/) -[^261]: Citizenlab.ca, Move Fast and Roll Your Own Crypto [[Archive.org]][1059] +[^261]: Citizenlab.ca, Move Fast and Roll Your Own Crypto [[Archive.org]](https://web.archive.org/web/https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/) -[^262]: Jack Poon, The myth of military grade encryption [[Scribe.rip]][1060] [[Archive.org]][1061] +[^262]: Jack Poon, The myth of military grade encryption [[Scribe.rip]](https://scribe.rip/@atcipher/the-myth-of-military-grade-encryption-292313ae6369) [[Archive.org]](https://web.archive.org/web/https://medium.com/@atcipher/the-myth-of-military-grade-encryption-292313ae6369) -[^263]: Congruent Labs, Stop calling it "Military-Grade Encryption" [[Archive.org]][1062] +[^263]: Congruent Labs, Stop calling it "Military-Grade Encryption" [[Archive.org]](https://web.archive.org/web/https://blog.congruentlabs.co/military-grade-encryption/) -[^264]: IronCoreLabs Blog, "Military Grade Encryption" [[Archive.org]][1063] +[^264]: IronCoreLabs Blog, "Military Grade Encryption" [[Archive.org]](https://web.archive.org/web/https://blog.ironcorelabs.com/military-grade-encryption-69aae0145588) -[^265]: Wikipedia, BLAKE2, [[Wikiless]][1064] [[Archive.org]][1065] +[^265]: Wikipedia, BLAKE2, [[Wikiless]](https://wikiless.org/wiki/BLAKE_(hash_function)#BLAKE2) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/BLAKE_(hash_function)#BLAKE2) -[^266]: Wikipedia, AES Instruction Set, [[Wikiless]][1066] [[Archive.org]][1067] +[^266]: Wikipedia, AES Instruction Set, [[Wikiless]](https://wikiless.org/wiki/AES_instruction_set) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/AES_instruction_set) -[^267]: Wikipedia, ChaCha Variants, [[Wikiless]][1068] [[Archive.org]][1069] +[^267]: Wikipedia, ChaCha Variants, [[Wikiless]](https://wikiless.org/wiki/Salsa20#ChaCha_variant) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Salsa20#ChaCha_variant) -[^268]: Wikipedia, Serpent, [[Wikiless]][1070] [[Archive.org]][1071] +[^268]: Wikipedia, Serpent, [[Wikiless]](https://wikiless.org/wiki/Serpent_(cipher)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Serpent_(cipher)) -[^269]: Wikipedia, TwoFish, [[Wikiless]][1072] [[Archive.org]][1073] +[^269]: Wikipedia, TwoFish, [[Wikiless]](https://wikiless.org/wiki/Twofish) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Twofish) -[^270]: Lacatora, The PGP Problem [[Archive.org]][1074] +[^270]: Lacatora, The PGP Problem [[Archive.org]](https://web.archive.org/web/https://latacora.singles/2019/07/16/the-pgp-problem.html) -[^271]: Wikipedia, Shor's Algorithm, [[Wikiless]][1075] [[Archive.org]][1076] +[^271]: Wikipedia, Shor's Algorithm, [[Wikiless]](https://wikiless.org/wiki/Shor%27s_algorithm) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Shor%27s_algorithm) -[^272]: Wikipedia, Gag Order, [[Wikiless]][1077] [[Archive.org]][1078] +[^272]: Wikipedia, Gag Order, [[Wikiless]](https://wikiless.org/wiki/Gag_order) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Gag_order) -[^273]: Wikipedia, National Security Letter [[Wikiless]][1079] [[Archive.org]][1080] +[^273]: Wikipedia, National Security Letter [[Wikiless]](https://wikiless.org/wiki/National_security_letter) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/National_security_letter) -[^275]: ArsTechnica, VPN servers seized by Ukrainian authorities weren't encrypted [[Archive.org]][1082] +[^275]: ArsTechnica, VPN servers seized by Ukrainian authorities weren't encrypted [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/gadgets/2021/07/vpn-servers-seized-by-ukrainian-authorities-werent-encrypted/) -[^276]: BleepingComputer, DoubleVPN servers, logs, and account info seized by law enforcement [[Archive.org]][1083] +[^276]: BleepingComputer, DoubleVPN servers, logs, and account info seized by law enforcement [[Archive.org]](https://web.archive.org/web/https://www.bleepingcomputer.com/news/security/doublevpn-servers-logs-and-account-info-seized-by-law-enforcement/) -[^277]: CyberScoop, Court rules encrypted email provider Tutanota must monitor messages in blackmail case [[Archive.org]][1084] +[^277]: CyberScoop, Court rules encrypted email provider Tutanota must monitor messages in blackmail case [[Archive.org]](https://web.archive.org/web/https://www.cyberscoop.com/court-rules-encrypted-email-tutanota-monitor-messages/) -[^278]: Heise Online (German), [[Archive.org]][1085] +[^278]: Heise Online (German), [[Archive.org]](https://web.archive.org/web/https://www.heise.de/news/Gericht-zwingt-Mailprovider-Tutanota-zu-Ueberwachungsfunktion-4972460.html) -[^279]: PCMag, Did PureVPN Cross a Line When It Disclosed User Information? [[Archive.org]][1086] +[^279]: PCMag, Did PureVPN Cross a Line When It Disclosed User Information? [[Archive.org]](https://web.archive.org/web/https://www.pcmag.com/opinions/did-purevpn-cross-a-line-when-it-disclosed-user-information) -[^280]: Internet Archive, Wipeyourdata, "No logs" EarthVPN user arrested after police finds logs [[Archive.org]][1087] +[^280]: Internet Archive, Wipeyourdata, "No logs" EarthVPN user arrested after police finds logs [[Archive.org]](https://web.archive.org/web/https://archive.is/XNuVw) -[^281]: Wikipedia, Lavabit Suspension and Gag order, [[Wikiless]][1088] [[Archive.org]][1089] +[^281]: Wikipedia, Lavabit Suspension and Gag order, [[Wikiless]](https://wikiless.org/wiki/Lavabit) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Lavabit) [^282]: Internet Archive, Invisibler, What Everybody Ought to Know About HideMyAss -[^283]: Wikipedia, Warrant Canary [[Wikiless]][1090] [[Archive.org]][1091] +[^283]: Wikipedia, Warrant Canary [[Wikiless]](https://wikiless.org/wiki/Warrant_canary) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Warrant_canary) -[^284]: Washington Post, The intelligence coup of the century [[Archive.org]][1092] +[^284]: Washington Post, The intelligence coup of the century [[Archive.org]](https://web.archive.org/web/https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/) -[^285]: Swissinfo.ch, Second Swiss firm allegedly sold encrypted spying devices [[Archive.org]][1093] +[^285]: Swissinfo.ch, Second Swiss firm allegedly sold encrypted spying devices [[Archive.org]](https://web.archive.org/web/https://www.swissinfo.ch/eng/second-swiss-firm-allegedly-sold-encrypted-spying-devices/46186432) -[^286]: Wikipedia, Das Leben der Anderen [[Wikiless]][1094] [[Archive.org]][1095] +[^286]: Wikipedia, Das Leben der Anderen [[Wikiless]](https://wikiless.org/wiki/The_Lives_of_Others) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/The_Lives_of_Others) -[^287]: Wired, Mind the Gap: This Researcher Steals Data With Noise, Light, and Magnets [[Archive.org]][1096] +[^287]: Wired, Mind the Gap: This Researcher Steals Data With Noise, Light, and Magnets [[Archive.org]](https://web.archive.org/web/https://www.wired.com/story/air-gap-researcher-mordechai-guri/) -[^288]: Scientific American, A Blank Wall Can Show How Many People Are in a Room and What They're Doing [[Archive.org]][1097] +[^288]: Scientific American, A Blank Wall Can Show How Many People Are in a Room and What They're Doing [[Archive.org]](https://web.archive.org/web/https://www.scientificamerican.com/article/a-blank-wall-can-show-how-many-people-are-in-a-room-and-what-theyre-doing/) -[^289]: Scientific American, A Shiny Snack Bag's Reflections Can Reconstruct the Room around It [[Archive.org]][1098] +[^289]: Scientific American, A Shiny Snack Bag's Reflections Can Reconstruct the Room around It [[Archive.org]](https://web.archive.org/web/https://www.scientificamerican.com/article/a-shiny-snack-bags-reflections-can-reconstruct-the-room-around-it/) -[^290]: Scientific American, Footstep Sensors Identify People by Gait [[Archive.org]][1099] +[^290]: Scientific American, Footstep Sensors Identify People by Gait [[Archive.org]](https://web.archive.org/web/https://www.scientificamerican.com/article/footstep-sensors-identify-people-by-gait/) -[^291]: Ben Nassi, Lamphone [[Archive.org]][1100] +[^291]: Ben Nassi, Lamphone [[Archive.org]](https://web.archive.org/web/https://www.nassiben.com/lamphone) -[^292]: The Guardian, Laser spying: is it really practical? [[Archive.org]][1101] +[^292]: The Guardian, Laser spying: is it really practical? [[Archive.org]](https://web.archive.org/web/https://www.theguardian.com/world/2013/aug/22/gchq-warned-laser-spying-guardian-offices) -[^293]: ArsTechnica, Photos of an NSA "upgrade" factory show Cisco router getting implant [[Archive.org]][1102] +[^293]: ArsTechnica, Photos of an NSA "upgrade" factory show Cisco router getting implant [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/) -[^294]: Wikipedia, Rubber-hose Cryptanalysis [[Archive.org]][1364] +[^294]: Wikipedia, Rubber-hose Cryptanalysis [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis) -[^295]: Defuse.ca, TrueCrypt's Plausible Deniability is Theoretically Useless [[Archive.org]][248] +[^295]: Defuse.ca, TrueCrypt's Plausible Deniability is Theoretically Useless [[Archive.org]](https://web.archive.org/web/https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm) -[^296]: Wikipedia, OONI, [[Wikiless]][1103] [[Archive.org]][1104] +[^296]: Wikipedia, OONI, [[Wikiless]](https://wikiless.org/wiki/OONI) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/OONI) -[^297]: Privacy International, Timeline of SIM Card Registration Laws [[Archive.org]][1105] +[^297]: Privacy International, Timeline of SIM Card Registration Laws [[Archive.org]](https://web.archive.org/web/https://privacyinternational.org/long-read/3018/timeline-sim-card-registration-laws) -[^298]: NYTimes, Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes [[Archive.org]][1106] +[^298]: NYTimes, Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes [[Archive.org]](https://web.archive.org/web/https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html) -[^299]: Usenix.org, Shedding too much Light on a Microcontroller's Firmware Protection [[Archive.org]][1107] +[^299]: Usenix.org, Shedding too much Light on a Microcontroller's Firmware Protection [[Archive.org]](https://web.archive.org/web/https://www.usenix.org/system/files/conference/woot17/woot17-paper-obermaier.pdf) -[^300]: TorProject.org, Can I run Tor Browser on an iOS device? [[Archive.org]][1108] +[^300]: TorProject.org, Can I run Tor Browser on an iOS device? [[Archive.org]](https://web.archive.org/web/https://support.torproject.org/tormobile/tormobile-3/) -[^301]: Wikipedia, Tails [[Wikiless]][1109] [[Archive.org]][1110] +[^301]: Wikipedia, Tails [[Wikiless]](https://wikiless.org/wiki/Tails_(operating_system)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Tails_(operating_system)) -[^302]: Vice.com, Facebook Helped the FBI Hack a Child Predator [[Archive.org]][674] +[^302]: Vice.com, Facebook Helped the FBI Hack a Child Predator [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez) -[^303]: Veracrypt Documentation, Trim Operations [[Archive.org]][1111] +[^303]: Veracrypt Documentation, Trim Operations [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Trim%20Operation.html) -[^304]: YouTube, 36C3 - Uncover, Understand, Own - Regaining Control Over Your AMD CPU [[Invidious]][77] +[^304]: YouTube, 36C3 - Uncover, Understand, Own - Regaining Control Over Your AMD CPU [[Invidious]](https://yewtu.be/watch?v=bKH5nGLgi08&t=2834s) -[^305]: Qubes OS, Anti-Evil Maid, [[Archive.org]][269] +[^305]: Qubes OS, Anti-Evil Maid, [[Archive.org]](https://web.archive.org/web/https://github.com/QubesOS/qubes-antievilmaid) -[^306]: QubesOS FAQ, [[Archive.org]][369] +[^306]: QubesOS FAQ, [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/faq/) -[^307]: Wikipedia, Secure Boot [[Wikiless]][1014] [[Archive.org]][1015] +[^307]: Wikipedia, Secure Boot [[Wikiless]](https://wikiless.org/wiki/Unified_Extensible_Firmware_Interface) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface) -[^308]: Wikipedia, Booting [[Wikiless]][1112] [[Archive.org]][1113] +[^308]: Wikipedia, Booting [[Wikiless]](https://wikiless.org/wiki/Booting) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Booting) -[^309]: Wired, Don't Want Your Laptop Tampered With? Just Add Glitter Nail Polish [[Archive.org]][1114] +[^309]: Wired, Don't Want Your Laptop Tampered With? Just Add Glitter Nail Polish [[Archive.org]](https://web.archive.org/web/https://www.wired.com/2013/12/better-data-security-nail-polish/) -[^310]: Wikipedia, Virtual Machine [[Wikiless]][1115] [[Archive.org]][1116] +[^310]: Wikipedia, Virtual Machine [[Wikiless]](https://wikiless.org/wiki/Virtual_machine) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Virtual_machine) -[^311]: Wikipedia, Plausible Deniability [[Wikiless]][1117] [[Archive.org]][1118] +[^311]: Wikipedia, Plausible Deniability [[Wikiless]](https://wikiless.org/wiki/Plausible_deniability) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Plausible_deniability) -[^312]: Wikipedia, Deniable Encryption [[Wikiless]][1119] [[Archive.org]][1120] +[^312]: Wikipedia, Deniable Encryption [[Wikiless]](https://wikiless.org/wiki/Deniable_encryption) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Deniable_encryption) -[^313]: PrivacyGuides.org, Don't use Windows 10 - It's a privacy nightmare [[Archive.org]][1121] +[^313]: PrivacyGuides.org, Don't use Windows 10 - It's a privacy nightmare [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/tools/#operating-systems) -[^314]: Wikipedia, Deniable Encryption [[Wikiless]][1119] [[Archive.org]][1120] +[^314]: Wikipedia, Deniable Encryption [[Wikiless]](https://wikiless.org/wiki/Deniable_encryption) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Deniable_encryption) -[^315]: Wikipedia, Key Disclosure Laws [[Wikiless]][554] [[Archive.org]][555] +[^315]: Wikipedia, Key Disclosure Laws [[Wikiless]](https://wikiless.org/wiki/Key_disclosure_law) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Key_disclosure_law) -[^316]: GP Digital, World map of encryption laws and policies [[Archive.org]][556] +[^316]: GP Digital, World map of encryption laws and policies [[Archive.org]](https://web.archive.org/web/https://www.gp-digital.org/world-map-of-encryption/) -[^317]: Wikipedia, Bitlocker [[Wikiless]][1122] [[Archive.org]][1123] +[^317]: Wikipedia, Bitlocker [[Wikiless]](https://wikiless.org/wiki/BitLocker) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/BitLocker) -[^318]: Wikipedia, Evil Maid Attack [[Wikiless]][1124] [[Archive.org]][1125] +[^318]: Wikipedia, Evil Maid Attack [[Wikiless]](https://wikiless.org/wiki/Evil_maid_attack) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Evil_maid_attack) -[^319]: Wikipedia, Cold Boot Attack [[Wikiless]][1126] [[Archive.org]][1127] +[^319]: Wikipedia, Cold Boot Attack [[Wikiless]](https://wikiless.org/wiki/Cold_boot_attack) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Cold_boot_attack) -[^320]: CITP 2008 () [[Invidious]][1128] +[^320]: CITP 2008 () [[Invidious]](https://yewtu.be/watch?v=JDaicPIgn9U) -[^321]: ResearchGate, Defeating Plausible Deniability of VeraCrypt Hidden Operating Systems [[Archive.org]][1129] +[^321]: ResearchGate, Defeating Plausible Deniability of VeraCrypt Hidden Operating Systems [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/318155607_Defeating_Plausible_Deniability_of_VeraCrypt_Hidden_Operating_Systems) -[^322]: SANS.org, Mission Implausible: Defeating Plausible Deniability with Digital Forensics [[Archive.org]][1130] +[^322]: SANS.org, Mission Implausible: Defeating Plausible Deniability with Digital Forensics [[Archive.org]](https://web.archive.org/web/https://www.sans.org/reading-room/whitepapers/forensics/mission-implausible-defeating-plausible-deniability-digital-forensics-39500) -[^323]: SourceForge, Veracrypt Forum [[Archive.org]][1131] +[^323]: SourceForge, Veracrypt Forum [[Archive.org]](https://web.archive.org/web/https://sourceforge.net/p/veracrypt/discussion/technical/thread/53f33faf/) -[^324]: Microsoft, BitLocker Countermeasures [[Archive.org]][1132] +[^324]: Microsoft, BitLocker Countermeasures [[Archive.org]](https://web.archive.org/web/https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures) -[^325]: SANS, Windows ShellBag Forensics in-depth [[Archive.org]][1133] +[^325]: SANS, Windows ShellBag Forensics in-depth [[Archive.org]](https://web.archive.org/web/https://www.sans.org/reading-room/whitepapers/forensics/windows-shellbag-forensics-in-depth-34545) -[^326]: University of York, Forensic data recovery from the Windows Search Database [[Archive.org]][1134] +[^326]: University of York, Forensic data recovery from the Windows Search Database [[Archive.org]](https://web.archive.org/web/https://eprints.whiterose.ac.uk/75046/1/Forensic_Data_Recovery_From_The_Windows_Search_Database_preprint_DIIN328.pdf) -[^327]: A forensic insight into Windows 10 Jump Lists [[Archive.org]][1135] +[^327]: A forensic insight into Windows 10 Jump Lists [[Archive.org]](https://web.archive.org/web/https://cyberforensicator.com/wp-content/uploads/2017/01/1-s2.0-S1742287616300202-main.2-14.pdf) -[^328]: Wikipedia, Gatekeeper [[Wikiless]][1136] [[Archive.org]][1137] +[^328]: Wikipedia, Gatekeeper [[Wikiless]](https://wikiless.org/wiki/Gatekeeper_(macOS)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Gatekeeper_(macOS)) -[^329]: Alpine Linux Wiki, Setting up a laptop [[Archive.org]][1138] +[^329]: Alpine Linux Wiki, Setting up a laptop [[Archive.org]](https://web.archive.org/web/https://wiki.alpinelinux.org/wiki/Setting_up_a_laptop) -[^330]: Wikipedia Veracrypt [[Wikiless]][1139] [[Archive.org]][1140] +[^330]: Wikipedia Veracrypt [[Wikiless]](https://wikiless.org/wiki/VeraCrypt) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/VeraCrypt) [^331]: OSTIF Veracrypt Audit, 2016 -[^332]: Veracrypt Documentation, Unencrypted Data in RAM [[Archive.org]][1141] +[^332]: Veracrypt Documentation, Unencrypted Data in RAM [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Unencrypted%20Data%20in%20RAM.html) -[^333]: Veracrypt Documentation, Data Leaks [[Archive.org]][1142] +[^333]: Veracrypt Documentation, Data Leaks [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/code/VeraCrypt/plain/doc/html/Data%20Leaks.html) -[^334]: Dolos Group, From Stolen Laptop to Inside the Company Network [[Archive.org]][1143] +[^334]: Dolos Group, From Stolen Laptop to Inside the Company Network [[Archive.org]](https://web.archive.org/web/https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network) -[^335]: Trammell Hudson's Projects, Understanding TPM Sniffing Attacks [[Archive.org]][1144] +[^335]: Trammell Hudson's Projects, Understanding TPM Sniffing Attacks [[Archive.org]](https://web.archive.org/web/https://trmm.net/tpm-sniffing/) -[^336]: Jon Aubrey, attacking laptops that are protected by Microsoft Bitlocker drive encryption [[Nitter]][1145] +[^336]: Jon Aubrey, attacking laptops that are protected by Microsoft Bitlocker drive encryption [[Nitter]](https://nitter.net/SecurityJon/status/1445020885472235524) -[^337]: F-Secure Labs, Sniff, there leaks my BitLocker key [[Archive.org]][1146] +[^337]: F-Secure Labs, Sniff, there leaks my BitLocker key [[Archive.org]](https://web.archive.org/web/https://labs.f-secure.com/blog/sniff-there-leaks-my-bitlocker-key/) -[^338]: Microsoft, BitLocker Countermeasures, Attacker countermeasures [[Archive.org]][1132] +[^338]: Microsoft, BitLocker Countermeasures, Attacker countermeasures [[Archive.org]](https://web.archive.org/web/https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures) -[^339]: Wikipedia, Trim [[Wikiless]][485] [[Archive.org]][486] +[^339]: Wikipedia, Trim [[Wikiless]](https://wikiless.org/wiki/Trim_(computing)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Trim_(computing)) -[^340]: Veracrypt Documentation, Trim Operations [[Archive.org]][1111] +[^340]: Veracrypt Documentation, Trim Operations [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/Trim%20Operation.html) -[^341]: Veracrypt Documentation, Rescue Disk [[Archive.org]][1147] +[^341]: Veracrypt Documentation, Rescue Disk [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt%20Rescue%20Disk.html) -[^342]: St Cloud State University, Forensic Research on Solid State Drives using Trim Analysis [[Archive.org]][1148] +[^342]: St Cloud State University, Forensic Research on Solid State Drives using Trim Analysis [[Archive.org]](https://web.archive.org/web/20211009021236/https://repository.stcloudstate.edu/cgi/viewcontent.cgi?article=1141&context=msia_etds) -[^343]: WindowsCentral, Trim Tutorial [[Archive.org]][1149] +[^343]: WindowsCentral, Trim Tutorial [[Archive.org]](https://web.archive.org/web/https://www.windowscentral.com/how-ensure-trim-enabled-windows-10-speed-ssd-performance) -[^344]: Veracrypt Documentation, Trim Operation [[Archive.org]][1150] +[^344]: Veracrypt Documentation, Trim Operation [[Archive.org]](https://web.archive.org/web/https://veracrypt.eu/en/docs/trim-operation/) -[^345]: Black Hat 2018, Perfectly Deniable Steganographic Disk Encryption [[Archive.org]][1151] +[^345]: Black Hat 2018, Perfectly Deniable Steganographic Disk Encryption [[Archive.org]](https://web.archive.org/web/https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Schaub-Perfectly-Deniable-Steganographic-Disk-Encryption.pdf) -[^346]: Milan Broz's Blog, TRIM & dm-crypt ... problems? [[Archive.org]][1152] +[^346]: Milan Broz's Blog, TRIM & dm-crypt ... problems? [[Archive.org]](https://web.archive.org/web/http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html) -[^347]: Veracrypt Documentation, Rescue Disk [[Archive.org]][1147] +[^347]: Veracrypt Documentation, Rescue Disk [[Archive.org]](https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt%20Rescue%20Disk.html) -[^348]: Wikipedia, Virtualbox [[Wikiless]][1153] [[Archive.org]][1154] +[^348]: Wikipedia, Virtualbox [[Wikiless]](https://wikiless.org/wiki/VirtualBox) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/VirtualBox) -[^349]: VirtualBox Ticket 17987 [[Archive.org]][1155] +[^349]: VirtualBox Ticket 17987 [[Archive.org]](https://web.archive.org/web/https://www.virtualbox.org/ticket/17987) -[^350]: Whonix Documentation, Spectre Meltdown [[Archive.org]][82] +[^350]: Whonix Documentation, Spectre Meltdown [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Spectre_Meltdown) -[^351]: Whonix Documentation, Stream Isolation [[Archive.org]][316] +[^351]: Whonix Documentation, Stream Isolation [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation) -[^352]: Whonix Documentation, Tunnels Comparison Table [[Archive.org]][318] +[^352]: Whonix Documentation, Tunnels Comparison Table [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction#Comparison_Table) -[^353]: Wikipedia, Whonix [[Wikiless]][1156] [[Archive.org]][1157] +[^353]: Wikipedia, Whonix [[Wikiless]](https://wikiless.org/wiki/Whonix) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Whonix) -[^354]: Oracle Virtualbox Manual, Snapshots [[Archive.org]][1158] +[^354]: Oracle Virtualbox Manual, Snapshots [[Archive.org]](https://web.archive.org/web/https://docs.oracle.com/en/virtualization/virtualbox/6.0/user/snapshots.html) [^355]: Utica College, Forensic Recovery Of Evidence From Deleted Oracle Virtualbox Virtual Machines -[^356]: Wikipedia, Spectre [[Wikiless]][1159] [[Archive.org]][1160] +[^356]: Wikipedia, Spectre [[Wikiless]](https://wikiless.org/wiki/Spectre_(security_vulnerability)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)) -[^357]: Wikipedia, Meltdown [[Wikiless]][1161] [[Archive.org]][1162] +[^357]: Wikipedia, Meltdown [[Wikiless]](https://wikiless.org/wiki/Meltdown_(security_vulnerability)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)) -[^358]: Whonix Documentation, Stream Isolation, By Settings [[Archive.org]][1163] +[^358]: Whonix Documentation, Stream Isolation, By Settings [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation#By_Settings) -[^359]: Wikipedia, TOTP [[Wikiless]][1164] [[Archive.org]][1165] +[^359]: Wikipedia, TOTP [[Wikiless]](https://wikiless.org/wiki/Time-based_One-time_Password_algorithm) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm) -[^360]: Wikipedia, Multi-Factor Authentication [[Wikiless]][1166] [[Archive.org]][1167] +[^360]: Wikipedia, Multi-Factor Authentication [[Wikiless]](https://wikiless.org/wiki/Multi-factor_authentication) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Multi-factor_authentication) -[^361]: Whonix Documentation, Bridged Adapters Warning [[Archive.org]][1168] +[^361]: Whonix Documentation, Bridged Adapters Warning [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Whonix-Gateway_Security#Warning:_Bridged_Networking) -[^362]: Qubes OS, FAQ, [[Archive.org]][1169] +[^362]: Qubes OS, FAQ, [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/faq/#is-qubes-just-another-linux-distribution) -[^363]: Qubes OS, System Requirements [[Archive.org]][1170] +[^363]: Qubes OS, System Requirements [[Archive.org]](https://web.archive.org/web/https://www.qubes-os.org/doc/system-requirements/) -[^364]: Whonix Documentation, Stream Isolation [[Archive.org]][316] +[^364]: Whonix Documentation, Stream Isolation [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation) -[^365]: Whonix Documentation, Tunnels Comparison Table [[Archive.org]][318] +[^365]: Whonix Documentation, Tunnels Comparison Table [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction#Comparison_Table) -[^366]: Qubes OS Issues, Simulate Hibernation / Suspend-To-Disk (Issue #2414) [[Archive.org]][1171] +[^366]: Qubes OS Issues, Simulate Hibernation / Suspend-To-Disk (Issue #2414) [[Archive.org]](https://web.archive.org/web/https://github.com/QubesOS/qubes-issues/issues/2414) -[^367]: Wikipedia, AppArmor [[Wikiless]][1172] [[Archive.org]][1173] +[^367]: Wikipedia, AppArmor [[Wikiless]](https://wikiless.org/wiki/AppArmor) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/AppArmor) -[^368]: Wikipedia, SELinux [[Wikiless]][1174] [[Archive.org]][1175] +[^368]: Wikipedia, SELinux [[Wikiless]](https://wikiless.org/wiki/Security-Enhanced_Linux) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Security-Enhanced_Linux) -[^369]: Wikipedia, TOTP [[Wikiless]][1164] [[Archive.org]][1165] +[^369]: Wikipedia, TOTP [[Wikiless]](https://wikiless.org/wiki/Time-based_One-time_Password_algorithm) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm) -[^370]: Wikipedia, Multi-Factor Authentication [[Wikiless]][1166] [[Archive.org]][1167] +[^370]: Wikipedia, Multi-Factor Authentication [[Wikiless]](https://wikiless.org/wiki/Multi-factor_authentication) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Multi-factor_authentication) -[^371]: Wikipedia, Captcha [[Wikiless]][1176] [[Archive.org]][1177] +[^371]: Wikipedia, Captcha [[Wikiless]](https://wikiless.org/wiki/CAPTCHA) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/CAPTCHA) -[^372]: Wikipedia, Turing Test [[Wikiless]][1178] [[Archive.org]][1179] +[^372]: Wikipedia, Turing Test [[Wikiless]](https://wikiless.org/wiki/Turing_test) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Turing_test) -[^373]: Google reCAPTCHA [[Archive.org]][1180] +[^373]: Google reCAPTCHA [[Archive.org]](https://web.archive.org/web/https://www.google.com/recaptcha/about/) -[^374]: hCaptcha [[Archive.org]][1181] +[^374]: hCaptcha [[Archive.org]](https://web.archive.org/web/https://www.hcaptcha.com/) -[^375]: hCaptcha, hCaptcha Is Now the Largest Independent CAPTCHA Service, Runs on 15% Of The Internet [[Archive.org]][1182] +[^375]: hCaptcha, hCaptcha Is Now the Largest Independent CAPTCHA Service, Runs on 15% Of The Internet [[Archive.org]](https://web.archive.org/web/https://www.hcaptcha.com/post/hcaptcha-now-the-largest-independent-captcha-service) -[^376]: Nearcyan.com, You (probably) don't need ReCAPTCHA [[Archive.org]][1183] +[^376]: Nearcyan.com, You (probably) don't need ReCAPTCHA [[Archive.org]](https://web.archive.org/web/https://nearcyan.com/you-probably-dont-need-recaptcha/) -[^377]: ArsTechnica, "Google's reCAPTCHA turns "invisible," will separate bots from people without challenges" [[Archive.org]][1184] +[^377]: ArsTechnica, "Google's reCAPTCHA turns "invisible," will separate bots from people without challenges" [[Archive.org]](https://web.archive.org/web/https://arstechnica.com/gadgets/2017/03/googles-recaptcha-announces-invisible-background-captchas/) -[^378]: BlackHat Asia 2016, "I'm not a human: Breaking the Google reCAPTCHA" [[Archive.org]][1185] +[^378]: BlackHat Asia 2016, "I'm not a human: Breaking the Google reCAPTCHA" [[Archive.org]](https://web.archive.org/web/https://www.blackhat.com/docs/asia-16/materials/asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf) -[^379]: Google Blog [[Archive.org]][1186] +[^379]: Google Blog [[Archive.org]](https://web.archive.org/web/https://security.googleblog.com/2014/12/are-you-robot-introducing-no-captcha.html) -[^380]: Cloudflare Blog, Cloudflare supports Privacy Pass [[Archive.org]][1187] +[^380]: Cloudflare Blog, Cloudflare supports Privacy Pass [[Archive.org]](https://web.archive.org/web/https://blog.cloudflare.com/cloudflare-supports-privacy-pass/) -[^381]: Privacy International, Timeline of SIM Card Registration Laws [[Archive.org]][1105] +[^381]: Privacy International, Timeline of SIM Card Registration Laws [[Archive.org]](https://web.archive.org/web/https://privacyinternational.org/long-read/3018/timeline-sim-card-registration-laws) -[^382]: Wikipedia, Device Fingerprinting [[Wikiless]][1188] [[Archive.org]][1189] +[^382]: Wikipedia, Device Fingerprinting [[Wikiless]](https://wikiless.org/wiki/Device_fingerprint) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Device_fingerprint) -[^383]: Developers Google Blog, Guidance to developers affected by our effort to block less secure browsers and applications [[Archive.org]][1190] +[^383]: Developers Google Blog, Guidance to developers affected by our effort to block less secure browsers and applications [[Archive.org]](https://web.archive.org/web/https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html) -[^384]: Google Help, Access age-restricted content & features [[Archive.org]][1191] +[^384]: Google Help, Access age-restricted content & features [[Archive.org]](https://web.archive.org/web/https://support.google.com/accounts/answer/10071085) -[^385]: Wikipedia, Dark Pattern [[Wikiless]][1192] [[Archive.org]][1193] +[^385]: Wikipedia, Dark Pattern [[Wikiless]](https://wikiless.org/wiki/Dark_pattern) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Dark_pattern) -[^386]: The Verge, Tinder will give you a verified blue check mark if you pass its catfishing test [[Archive.org]][1194] +[^386]: The Verge, Tinder will give you a verified blue check mark if you pass its catfishing test [[Archive.org]](https://web.archive.org/web/https://www.theverge.com/2020/1/23/21077423/tinder-photo-verification-blue-checkmark-safety-center-launch-noonlight) -[^387]: DigitalInformationWorld, Facebook will now require you to Create a Video Selfie for Identity Verification [[Archive.org]][1195] +[^387]: DigitalInformationWorld, Facebook will now require you to Create a Video Selfie for Identity Verification [[Archive.org]](https://web.archive.org/web/https://www.digitalinformationworld.com/2020/03/facebook-is-now-demanding-some-users-to-create-a-video-selfie-for-identity-verification.html) -[^388]: Vice.com, PornHub Announces 'Biometric Technology' to Verify Users [[Archive.org]][1196] +[^388]: Vice.com, PornHub Announces 'Biometric Technology' to Verify Users [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/m7a4eq/pornhub-new-verification-policy-biometric-id) -[^389]: Variety, China Launches Hotline to Report Online Comments That 'Distort' History or 'Deny' Its Cultural Excellence [[Archive.org]][1197] +[^389]: Variety, China Launches Hotline to Report Online Comments That 'Distort' History or 'Deny' Its Cultural Excellence [[Archive.org]](https://web.archive.org/web/https://variety.com/2021/digital/news/china-censorship-hotline-historical-nihilism-1234950554/) -[^390]: Wikipedia, Trust but verify [[Wikiless]][776] [[Archive.org]][777] +[^390]: Wikipedia, Trust but verify [[Wikiless]](https://wikiless.org/wiki/Trust,_but_verify) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Trust,_but_verify) -[^391]: Wikipedia, Zero-trust Security Model [[Wikiless]][1198] [[Archive.org]][1199] +[^391]: Wikipedia, Zero-trust Security Model [[Wikiless]](https://wikiless.org/wiki/Zero_trust_security_model) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Zero_trust_security_model) -[^392]: Wikipedia, Espionage, Organization [[Wikiless]][1200] [[Archive.org]][1201] +[^392]: Wikipedia, Espionage, Organization [[Wikiless]](https://wikiless.org/wiki/Espionage) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Espionage) -[^393]: Medium.com, Kyle McDonald, How to recognize fake AI-generated images [[Scribe.rip]][1202] [[Archive.org]][1203] +[^393]: Medium.com, Kyle McDonald, How to recognize fake AI-generated images [[Scribe.rip]](https://scribe.rip/@kcimc/how-to-recognize-fake-ai-generated-images-4d1f6f9a2842) [[Archive.org]](https://web.archive.org/web/https://kcimc.medium.com/how-to-recognize-fake-ai-generated-images-4d1f6f9a2842) -[^394]: Jayway Blog, Using ML to detect fake face images created by AI [[Archive.org]][1204] +[^394]: Jayway Blog, Using ML to detect fake face images created by AI [[Archive.org]](https://web.archive.org/web/https://blog.jayway.com/2020/03/06/using-ml-to-detect-fake-face-images-created-by-ai/) -[^395]: Wikipedia, Sim Swapping [[Wikiless]][1205] [[Archive.org]][1206] +[^395]: Wikipedia, Sim Swapping [[Wikiless]](https://wikiless.org/wiki/SIM_swap_scam) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/SIM_swap_scam) -[^396]: Whonix Documentation, Tor Configuration [[Archive.org]][1207] +[^396]: Whonix Documentation, Tor Configuration [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Tor) -[^397]: Tor Browser Documentation, Editing Torrc [[Archive.org]][1208] +[^397]: Tor Browser Documentation, Editing Torrc [[Archive.org]](https://web.archive.org/web/https://support.torproject.org/tbb/tbb-editing-torrc/) [^398]: Facebook Onion Website -[^399]: Google Help [[Archive.org]][1209] +[^399]: Google Help [[Archive.org]](https://web.archive.org/web/https://support.google.com/accounts/answer/114129?hl=en) -[^400]: Google Help, Customer Matching Process [[Archive.org]][1210] +[^400]: Google Help, Customer Matching Process [[Archive.org]](https://web.archive.org/web/https://support.google.com/google-ads/answer/7474263?hl=en) -[^401]: Google, Your account is disabled [[Archive.org]][1211] +[^401]: Google, Your account is disabled [[Archive.org]](https://web.archive.org/web/https://support.google.com/accounts/answer/40695) -[^402]: Google, Request to restore the account [[Archive.org]][1212] +[^402]: Google, Request to restore the account [[Archive.org]](https://web.archive.org/web/https://support.google.com/accounts/contact/disabled2) -[^403]: Google Help, Update your account to meet age requirements [[Archive.org]][1213] +[^403]: Google Help, Update your account to meet age requirements [[Archive.org]](https://web.archive.org/web/https://support.google.com/accounts/answer/1333913?hl=en) -[^404]: Jumio, ID verification features [[Archive.org]][1214] +[^404]: Jumio, ID verification features [[Archive.org]](https://web.archive.org/web/https://www.jumio.com/features/) -[^405]: Privacyguides.org recommended E-mail Providers [[Archive.org]][1215] +[^405]: Privacyguides.org recommended E-mail Providers [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/email/) -[^406]: Proton Registration Human Verification [[Archive.org]][1216] +[^406]: Proton Registration Human Verification [[Archive.org]](https://web.archive.org/web/https://proton.me/support/human-verification) [^407]: Twitter Appeal Form -[^408]: KnowYourMeme, Good Luck, I'm Behind 7 Proxies [[Archive.org]][1217] +[^408]: KnowYourMeme, Good Luck, I'm Behind 7 Proxies [[Archive.org]](https://web.archive.org/web/https://knowyourmeme.com/memes/good-luck-im-behind-7-proxies) -[^409]: Wikipedia, end-to-end encryption [[Wikiless]][1218] [[Archive.org]][1219] +[^409]: Wikipedia, end-to-end encryption [[Wikiless]](https://wikiless.org/wiki/End-to-end_encryption) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/End-to-end_encryption) -[^410]: Wikipedia, Forward Secrecy [[Wikiless]][1220] [[Archive.org]][1221] +[^410]: Wikipedia, Forward Secrecy [[Wikiless]](https://wikiless.org/wiki/Forward_secrecy) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Forward_secrecy) -[^411]: Proton Blog, What is zero-access encryption? [[Archive.org]][1222] +[^411]: Proton Blog, What is zero-access encryption? [[Archive.org]](https://web.archive.org/web/https://proton.me/blog/zero-access-encryption/) -[^412]: Wikipedia, Cambridge Analytica Scandal [[Wikiless]][1223] [[Archive.org]][1224] +[^412]: Wikipedia, Cambridge Analytica Scandal [[Wikiless]](https://wikiless.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal) -[^413]: Signal Blog, Technology preview: Sealed sender for Signal [[Archive.org]][1225] +[^413]: Signal Blog, Technology preview: Sealed sender for Signal [[Archive.org]](https://web.archive.org/web/https://signal.org/blog/sealed-sender/) -[^414]: Signal Blog, Private Contact Discovery [[Archive.org]][1226] +[^414]: Signal Blog, Private Contact Discovery [[Archive.org]](https://web.archive.org/web/https://signal.org/blog/private-contact-discovery/) -[^415]: Signal Blog, Private Group System [[Archive.org]][1227] +[^415]: Signal Blog, Private Group System [[Archive.org]](https://web.archive.org/web/https://signal.org/blog/signal-private-group-system/) -[^416]: Privacyguides.org, File-Sharing [[Archive.org]][1228] +[^416]: Privacyguides.org, File-Sharing [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/file-sharing/) -[^417]: Privacyguides.org, Real-Time Communication [[Archive.org]][1229] +[^417]: Privacyguides.org, Real-Time Communication [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/real-time-communication/) -[^418]: GetSession.org, The Session Protocol: What's changing --- and why [[Archive.org]][1230] +[^418]: GetSession.org, The Session Protocol: What's changing --- and why [[Archive.org]](https://web.archive.org/web/https://getsession.org/session-protocol-explained/) -[^419]: Quarkslab, Audit of Session Secure Messaging Application [[Archive.org]][1231] +[^419]: Quarkslab, Audit of Session Secure Messaging Application [[Archive.org]](https://web.archive.org/web/https://blog.quarkslab.com/audit-of-session-secure-messaging-application.html) -[^420]: Techlore, Top 5 BEST Messengers For Privacy [[Invidious]][1232] +[^420]: Techlore, Top 5 BEST Messengers For Privacy [[Invidious]](https://yewtu.be/watch?v=aVwl892hqb4) -[^421]: Wikipedia, IPFS [[Wikiless]][1233] [[Archive.org]][1234] +[^421]: Wikipedia, IPFS [[Wikiless]](https://wikiless.org/wiki/InterPlanetary_File_System) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/InterPlanetary_File_System) -[^422]: Praxis Films, Open Letter from Laura Poitras [[Archive.org]][1235] +[^422]: Praxis Films, Open Letter from Laura Poitras [[Archive.org]](https://web.archive.org/web/https://www.praxisfilms.org/open-letter-from-laura-poitras/) -[^423]: Wikipedia, SecureDrop [[Wikiless]][1236] [[Archive.org]][1237] +[^423]: Wikipedia, SecureDrop [[Wikiless]](https://wikiless.org/wiki/SecureDrop) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/SecureDrop) -[^424]: Wikipedia, TPM [[Wikiless]][1238] [[Archive.org]][1239] +[^424]: Wikipedia, TPM [[Wikiless]](https://wikiless.org/wiki/Trusted_Platform_Module) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Trusted_Platform_Module) -[^425]: Wikipedia, Pastebin [[Wikiless]][1240] [[Archive.org]][1241] +[^425]: Wikipedia, Pastebin [[Wikiless]](https://wikiless.org/wiki/Pastebin) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Pastebin) -[^426]: Wikipedia, Wear Leveling [[Wikiless]][1242] [[Archive.org]][1243] +[^426]: Wikipedia, Wear Leveling [[Wikiless]](https://wikiless.org/wiki/Wear_leveling) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Wear_leveling) -[^427]: Wikipedia, Trim [[Wikiless]][1244] [[Archive.org]][1245] +[^427]: Wikipedia, Trim [[Wikiless]](https://wikiless.org/wiki/Write_amplification) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Write_amplification) -[^428]: Wikipedia, Write Amplification [[Wikiless]][1244] [[Archive.org]][1245] +[^428]: Wikipedia, Write Amplification [[Wikiless]](https://wikiless.org/wiki/Write_amplification) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Write_amplification) -[^429]: Wikipedia, Trim Disadvantages [[Wikiless]][485] [[Archive.org]][486] +[^429]: Wikipedia, Trim Disadvantages [[Wikiless]](https://wikiless.org/wiki/Trim_(computing)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Trim_(computing)) -[^430]: Wikipedia, Garbage Collection [[Wikiless]][1244] [[Archive.org]][1245] +[^430]: Wikipedia, Garbage Collection [[Wikiless]](https://wikiless.org/wiki/Write_amplification) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Write_amplification) -[^431]: Techgage, Too TRIM? When SSD Data Recovery is Impossible [[Archive.org]][1246] +[^431]: Techgage, Too TRIM? When SSD Data Recovery is Impossible [[Archive.org]](https://web.archive.org/web/https://techgage.com/article/too_trim_when_ssd_data_recovery_is_impossible/) -[^432]: ResearchGate, Live forensics method for acquisition on the Solid-State Drive (SSD) NVMe TRIM function [[Archive.org]][1247] +[^432]: ResearchGate, Live forensics method for acquisition on the Solid-State Drive (SSD) NVMe TRIM function [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/341761017_Live_forensics_method_for_acquisition_on_the_Solid_State_Drive_SSD_NVMe_TRIM_function) -[^433]: ElcomSoft, Life after Trim: Using Factory Access Mode for Imaging SSD Drives [[Archive.org]][1248] +[^433]: ElcomSoft, Life after Trim: Using Factory Access Mode for Imaging SSD Drives [[Archive.org]](https://web.archive.org/web/https://blog.elcomsoft.com/2019/01/life-after-trim-using-factory-access-mode-for-imaging-ssd-drives/) -[^434]: Forensic Focus, Forensic Acquisition Of Solid State Drives With Open Source Tools [[Archive.org]][1249] +[^434]: Forensic Focus, Forensic Acquisition Of Solid State Drives With Open Source Tools [[Archive.org]](https://web.archive.org/web/https://www.forensicfocus.com/articles/forensic-acquisition-of-solid-state-drives-with-open-source-tools/) -[^435]: ResearchGate, Solid State Drive Forensics: Where Do We Stand? [[Archive.org]][1250] +[^435]: ResearchGate, Solid State Drive Forensics: Where Do We Stand? [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/325976653_Solid_State_Drive_Forensics_Where_Do_We_Stand) -[^436]: BleepingComputer, Firmware attack can drop persistent malware in hidden SSD area [[Archive.org]][1251] +[^436]: BleepingComputer, Firmware attack can drop persistent malware in hidden SSD area [[Archive.org]](https://web.archive.org/web/https://www.bleepingcomputer.com/news/security/firmware-attack-can-drop-persistent-malware-in-hidden-ssd-area/) -[^437]: Wikipedia, Parted Magic [[Wikiless]][1252] [[Archive.org]][1253] +[^437]: Wikipedia, Parted Magic [[Wikiless]](https://wikiless.org/wiki/Parted_Magic) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Parted_Magic) -[^438]: Wikipedia, hdparm [[Wikiless]][1254] [[Archive.org]][1255] +[^438]: Wikipedia, hdparm [[Wikiless]](https://wikiless.org/wiki/Hdparm) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Hdparm) -[^439]: GitHub, nvme-cli [[Archive.org]][1256] +[^439]: GitHub, nvme-cli [[Archive.org]](https://web.archive.org/web/https://github.com/linux-nvme/nvme-cli) -[^440]: PartedMagic Secure Erase [[Archive.org]][1257] +[^440]: PartedMagic Secure Erase [[Archive.org]](https://web.archive.org/web/https://partedmagic.com/secure-erase/) -[^441]: Partedmagic NVMe Secure Erase [[Archive.org]][1258] +[^441]: Partedmagic NVMe Secure Erase [[Archive.org]](https://web.archive.org/web/https://partedmagic.com/nvme-secure-erase/) -[^442]: UFSExplorer, Can I recover data from an encrypted storage? [[Archive.org]][1259] +[^442]: UFSExplorer, Can I recover data from an encrypted storage? [[Archive.org]](https://web.archive.org/web/https://www.ufsexplorer.com/solutions/data-recovery-on-encrypted-storage.php) -[^443]: Apple Developer Documentation [[Archive.org]][1260] +[^443]: Apple Developer Documentation [[Archive.org]](https://web.archive.org/web/https://developer.apple.com/library/archive/documentation/FileManagement/Conceptual/APFS_Guide/FAQ/FAQ.html) -[^444]: EFF, How to: Delete Your Data Securely on macOS [[Archive.org]][508] +[^444]: EFF, How to: Delete Your Data Securely on macOS [[Archive.org]](https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-macos) -[^445]: Privacyguides.org, Productivity tools [[Archive.org]][1261] +[^445]: Privacyguides.org, Productivity tools [[Archive.org]](https://web.archive.org/web/https://privacyguides.org/productivity/) -[^446]: Whonix Documentation, Scrubbing Metadata [[Archive.org]][1262] +[^446]: Whonix Documentation, Scrubbing Metadata [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Metadata) -[^447]: Tails documentation, MAT [[Archive.org]][1263] +[^447]: Tails documentation, MAT [[Archive.org]](https://web.archive.org/web/https://gitlab.tails.boum.org/tails/blueprints/-/wikis/doc/mat/) -[^448]: GitHub, Disable Gatekeeper on macOS Big Sur (11.x) [[Archive.org]][1264] +[^448]: GitHub, Disable Gatekeeper on macOS Big Sur (11.x) [[Archive.org]](https://web.archive.org/web/https://disable-gatekeeper.github.io/) -[^449]: DuckDuckGo help, Cache [[Archive.org]][1265] +[^449]: DuckDuckGo help, Cache [[Archive.org]](https://web.archive.org/web/https://help.duckduckgo.com/duckduckgo-help-pages/features/cache/) -[^450]: DuckDuckGo help, Sources [[Archive.org]][1266] +[^450]: DuckDuckGo help, Sources [[Archive.org]](https://web.archive.org/web/https://help.duckduckgo.com/duckduckgo-help-pages/results/sources/) -[^451]: Wikipedia, Dead Drop [[Wikiless]][1267] [[Archive.org]][1268] +[^451]: Wikipedia, Dead Drop [[Wikiless]](https://wikiless.org/wiki/Dead_drop) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Dead_drop) -[^452]: Wikipedia, Secure Communication Obfuscation [[Wikiless]][1269] [[Archive.org]][1270] +[^452]: Wikipedia, Secure Communication Obfuscation [[Wikiless]](https://wikiless.org/wiki/Obfuscation) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Obfuscation) -[^453]: Wikipedia, Steganography [[Wikiless]][1024] [[Archive.org]][1025] +[^453]: Wikipedia, Steganography [[Wikiless]](https://wikiless.org/wiki/Steganography) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Steganography) -[^454]: Wikipedia, Kleptography [[Wikiless]][1271] [[Archive.org]][1272] +[^454]: Wikipedia, Kleptography [[Wikiless]](https://wikiless.org/wiki/Kleptography) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Kleptography) -[^455]: Wikipedia, Koalang [[Wikiless]][1273] [[Archive.org]][1274] +[^455]: Wikipedia, Koalang [[Wikiless]](https://wikiless.org/wiki/Koalang) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Koalang) -[^456]: Wikipedia, OPSEC [[Wikiless]][1275] [[Archive.org]][1276] +[^456]: Wikipedia, OPSEC [[Wikiless]](https://wikiless.org/wiki/Operations_security) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Operations_security) -[^457]: Quote Investigator, A Lie Can Travel Halfway Around the World While the Truth Is Putting On Its Shoes [[Archive.org]][1277] +[^457]: Quote Investigator, A Lie Can Travel Halfway Around the World While the Truth Is Putting On Its Shoes [[Archive.org]](https://web.archive.org/web/https://quoteinvestigator.com/2014/07/13/truth/) -[^458]: Privacyguides.org, Operating Systems [[Archive.org]][1278] +[^458]: Privacyguides.org, Operating Systems [[Archive.org]](https://web.archive.org/web/https://www.privacyguides.org/tools/#operating-systems) -[^459]: Brave Support, What is a Private Window with Tor? [[Archive.org]][1279] +[^459]: Brave Support, What is a Private Window with Tor? [[Archive.org]](https://web.archive.org/web/https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor) -[^460]: Medium.com, The Windows USN Journal [[Scribe.rip]][1280] [[Archive.org]][1281] +[^460]: Medium.com, The Windows USN Journal [[Scribe.rip]](https://scribe.rip/velociraptor-ir/the-windows-usn-journal-f0c55c9010e) [[Archive.org]](https://web.archive.org/web/https://medium.com/velociraptor-ir/the-windows-usn-journal-f0c55c9010e) -[^461]: Medium.com, Digging into the System Resource Usage Monitor (SRUM) [[Scribe.rip]][1282] [[Archive.org]][1283] +[^461]: Medium.com, Digging into the System Resource Usage Monitor (SRUM) [[Scribe.rip]](https://scribe.rip/velociraptor-ir/digging-into-the-system-resource-usage-monitor-srum-afbadb1a375) [[Archive.org]](https://web.archive.org/web/https://medium.com/velociraptor-ir/digging-into-the-system-resource-usage-monitor-srum-afbadb1a375) -[^462]: SANS, Timestamped Registry & NTFS Artifacts from Unallocated Space [[Archive.org]][1284] +[^462]: SANS, Timestamped Registry & NTFS Artifacts from Unallocated Space [[Archive.org]](https://web.archive.org/web/https://www.sans.org/blog/timestamped-registry-ntfs-artifacts-from-unallocated-space/) -[^463]: DBAN, [[Archive.org]][1285] +[^463]: DBAN, [[Archive.org]](https://web.archive.org/web/https://dban.org/) -[^464]: NYTimes, Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes [[Archive.org]][1106] +[^464]: NYTimes, Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes [[Archive.org]](https://web.archive.org/web/https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html) -[^465]: CrystalDiskInfo [[Archive.org]][1286] +[^465]: CrystalDiskInfo [[Archive.org]](https://web.archive.org/web/https://crystalmark.info/en/software/crystaldiskinfo/) -[^466]: Wikipedia, Faraday Cage, [[Wikiless]][1287] [[Archive.org]][1288] +[^466]: Wikipedia, Faraday Cage, [[Wikiless]](https://wikiless.org/wiki/Faraday_cage) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Faraday_cage) -[^467]: Edith Cowan University, A forensic examination of several mobile device Faraday bags & materials to test their effectiveness materials to test their effectiveness [[Archive.org]][1289] +[^467]: Edith Cowan University, A forensic examination of several mobile device Faraday bags & materials to test their effectiveness materials to test their effectiveness [[Archive.org]](https://web.archive.org/web/20211011220410/https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1165&context=adf) -[^468]: arXiv, Deep-Spying: Spying using Smartwatch and Deep Learning [[Archive.org]][1290] +[^468]: arXiv, Deep-Spying: Spying using Smartwatch and Deep Learning [[Archive.org]](https://web.archive.org/web/https://arxiv.org/pdf/1512.05616.pdf) -[^469]: Acm.org, Privacy Implications of Accelerometer Data: A Review of Possible Inferences [[Archive.org]][1291] +[^469]: Acm.org, Privacy Implications of Accelerometer Data: A Review of Possible Inferences [[Archive.org]](https://web.archive.org/web/https://dl.acm.org/doi/pdf/10.1145/3309074.3309076) -[^470]: YouTube, Fingerprinting Paper - Forensic Education [[Invidious]][1292] +[^470]: YouTube, Fingerprinting Paper - Forensic Education [[Invidious]](https://yewtu.be/watch?v=sO98kDLkh-M) -[^471]: Wikipedia, Touch DNA, [[Wikiless]][1293] [[Archive.org]][1294] +[^471]: Wikipedia, Touch DNA, [[Wikiless]](https://wikiless.org/wiki/Touch_DNA) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Touch_DNA) -[^472]: TheDNAGuide, DNA from Postage Stamps or Hair Samples? Yeeesssss..... [[Archive.org]][1295] +[^472]: TheDNAGuide, DNA from Postage Stamps or Hair Samples? Yeeesssss..... [[Archive.org]](https://web.archive.org/web/https://www.yourdnaguide.com/ydgblog/dna-hair-samples-postage-stamps) -[^473]: GitHub, Mhinkie, OONI-Detection [[Archive.org]][1296] +[^473]: GitHub, Mhinkie, OONI-Detection [[Archive.org]](https://web.archive.org/web/https://github.com/mhinkie/ooni-detection) -[^474]: Wikipedia, File Verification [[Wikiless]][1297] [[Archive.org]][1298] +[^474]: Wikipedia, File Verification [[Wikiless]](https://wikiless.org/wiki/File_verification) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/File_verification) -[^475]: Wikipedia, CRC [[Wikiless]][1299] [[Archive.org]][1300] +[^475]: Wikipedia, CRC [[Wikiless]](https://wikiless.org/wiki/Cyclic_redundancy_check) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Cyclic_redundancy_check) -[^476]: Wikipedia, MD5 [[Wikiless]][1301] [[Archive.org]][1302] +[^476]: Wikipedia, MD5 [[Wikiless]](https://wikiless.org/wiki/MD5) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/MD5) -[^477]: Wikipedia, MD5 Security [[Wikiless]][1301] [[Archive.org]][1302] +[^477]: Wikipedia, MD5 Security [[Wikiless]](https://wikiless.org/wiki/MD5) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/MD5) -[^478]: Wikipedia, Collisions [[Wikiless]][1303] [[Archive.org]][1304] +[^478]: Wikipedia, Collisions [[Wikiless]](https://wikiless.org/wiki/Collision_(computer_science)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Collision_(computer_science)) -[^479]: Wikipedia, SHA [[Wikiless]][1305] [[Archive.org]][1306] +[^479]: Wikipedia, SHA [[Wikiless]](https://wikiless.org/wiki/Secure_Hash_Algorithms) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Secure_Hash_Algorithms) -[^480]: Wikipedia, SHA-2 [[Wikiless]][1307] [[Archive.org]][1308] +[^480]: Wikipedia, SHA-2 [[Wikiless]](https://wikiless.org/wiki/SHA-2) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/SHA-2) -[^481]: Wikipedia, Collision Resistance [[Wikiless]][1309] [[Archive.org]][1310] +[^481]: Wikipedia, Collision Resistance [[Wikiless]](https://wikiless.org/wiki/Collision_resistance) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Collision_resistance) -[^482]: GnuPG Gpg4win Wiki, Check integrity of Gpg4win packages [[Archive.org]][1311] +[^482]: GnuPG Gpg4win Wiki, Check integrity of Gpg4win packages [[Archive.org]](https://web.archive.org/web/https://wiki.gnupg.org/Gpg4win/CheckIntegrity) -[^483]: Medium.com, How to verify checksum on Mac [[Scribe.rip]][1312] [[Archive.org]][1313] +[^483]: Medium.com, How to verify checksum on Mac [[Scribe.rip]](https://web.archive.org/web/https://scribe.rip/@EvgeniIvanov/how-to-verify-checksum-on-mac-988f166b0c4f) [[Archive.org]](https://web.archive.org/web/https://medium.com/@EvgeniIvanov/how-to-verify-checksum-on-mac-988f166b0c4f) -[^484]: Wikipedia, GPG [[Wikiless]][1314] [[Archive.org]][1315] +[^484]: Wikipedia, GPG [[Wikiless]](https://wikiless.org/wiki/GNU_Privacy_Guard) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/GNU_Privacy_Guard) -[^485]: Wikipedia, Public-Key Cryptography [[Wikiless]][1316] [[Archive.org]][1317] +[^485]: Wikipedia, Public-Key Cryptography [[Wikiless]](https://wikiless.org/wiki/Public-key_cryptography) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Public-key_cryptography) -[^486]: Wikipedia, Polymorphic Code [[Wikiless]][1318] [[Archive.org]][1319] +[^486]: Wikipedia, Polymorphic Code [[Wikiless]](https://wikiless.org/wiki/Polymorphic_code) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Polymorphic_code) -[^487]: Whonix Documentation, Use of AV, [[Archive.org]][1320] +[^487]: Whonix Documentation, Use of AV, [[Archive.org]](https://web.archive.org/web/https://www.whonix.org/wiki/Malware_and_Firmware_Trojans) -[^488]: Whonix Forums, [[Archive.org]][1321] +[^488]: Whonix Forums, [[Archive.org]](https://web.archive.org/web/https://forums.whonix.org/t/installation-of-antivirus-scanners-by-default/9755/8) -[^489]: AV-Test Security Report 2018-2019, [[Archive.org]][1322] +[^489]: AV-Test Security Report 2018-2019, [[Archive.org]](https://web.archive.org/web/https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2018-2019.pdf) -[^490]: ZDNet, ESET discovers 21 new Linux malware families [[Archive.org]][1323] +[^490]: ZDNet, ESET discovers 21 new Linux malware families [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/eset-discovers-21-new-linux-malware-families/) -[^491]: NakeSecurity, EvilGnome -- Linux malware aimed at your desktop, not your servers [[Archive.org]][1324] +[^491]: NakeSecurity, EvilGnome -- Linux malware aimed at your desktop, not your servers [[Archive.org]](https://web.archive.org/web/https://nakedsecurity.sophos.com/2019/07/25/evilgnome-linux-malware-aimed-at-your-laptop-not-your-servers/) -[^492]: Immunify, HiddenWasp: How to detect malware hidden on Linux & IoT [[Archive.org]][1325] +[^492]: Immunify, HiddenWasp: How to detect malware hidden on Linux & IoT [[Archive.org]](https://web.archive.org/web/https://blog.imunify360.com/hiddenwasp-how-to-detect-malware-hidden-on-linux-iot) -[^493]: Wikipedia, Linux Malware [[Wikiless]][1326] [[Archive.org]][1327] +[^493]: Wikipedia, Linux Malware [[Wikiless]](https://wikiless.org/wiki/Linux_malware) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Linux_malware) -[^494]: Wikipedia, macOS Malware [[Wikiless]][1328] [[Archive.org]][1329] +[^494]: Wikipedia, macOS Malware [[Wikiless]](https://wikiless.org/wiki/MacOS_malware) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/MacOS_malware) -[^495]: MacWorld, List of Mac viruses, malware and security flaws [[Archive.org]][1330] +[^495]: MacWorld, List of Mac viruses, malware and security flaws [[Archive.org]](https://web.archive.org/web/https://www.macworld.co.uk/feature/mac-viruses-list-3668354/) -[^496]: JAMF, The Mac Malware of 2020 [[Archive.org]][1331] +[^496]: JAMF, The Mac Malware of 2020 [[Archive.org]](https://web.archive.org/web/https://resources.jamf.com/documents/macmalware-2020.pdf) -[^497]: macOS Security and Privacy Guide, [[Archive.org]][294] +[^497]: macOS Security and Privacy Guide, [[Archive.org]](https://web.archive.org/web/https://www.bejarano.io/hardening-macos/) -[^498]: ImageTragick.com, [[Archive.org]][1332] +[^498]: ImageTragick.com, [[Archive.org]](https://web.archive.org/web/https://imagetragick.com/) -[^499]: Oracle Virtualbox Documentation, [[Archive.org]][1333] +[^499]: Oracle Virtualbox Documentation, [[Archive.org]](https://web.archive.org/web/https://docs.oracle.com/en/virtualization/virtualbox/6.0/admin/hyperv-support.html) -[^500]: Oracle Virtualbox Documentation, [[Archive.org]][1333] +[^500]: Oracle Virtualbox Documentation, [[Archive.org]](https://web.archive.org/web/https://docs.oracle.com/en/virtualization/virtualbox/6.0/admin/hyperv-support.html) -[^501]: Lenny Zeltser, Analyzing Malicious Documents Cheat Sheet [[Archive.org]][1334] +[^501]: Lenny Zeltser, Analyzing Malicious Documents Cheat Sheet [[Archive.org]](https://web.archive.org/web/https://zeltser.com/analyzing-malicious-documents/) -[^502]: Wikipedia, Portable Applications [[Wikiless]][1335] [[Archive.org]][1336] +[^502]: Wikipedia, Portable Applications [[Wikiless]](https://wikiless.org/wiki/Portable_application) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Portable_application) -[^503]: Brave Help, What is a Private Window with Tor Connectivity? [[Archive.org]][1279] +[^503]: Brave Help, What is a Private Window with Tor Connectivity? [[Archive.org]](https://web.archive.org/web/https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor) -[^504]: BlackGNU, Brave, the false sensation of privacy [[Archive.org]][1337] +[^504]: BlackGNU, Brave, the false sensation of privacy [[Archive.org]](https://web.archive.org/web/https://blackgnu.net/brave-is-shit.html) -[^505]: Brave Help Center, What is "Shields"? [[Archive.org]][1338] +[^505]: Brave Help Center, What is "Shields"? [[Archive.org]](https://web.archive.org/web/https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields) -[^506]: VentureBeat, Browser benchmark battle January 2020: Chrome vs. Firefox vs. Edge vs. Brave [[Archive.org]][1339] +[^506]: VentureBeat, Browser benchmark battle January 2020: Chrome vs. Firefox vs. Edge vs. Brave [[Archive.org]](https://web.archive.org/web/https://venturebeat.com/2020/01/15/browser-benchmark-battle-january-2020-chrome-firefox-edge-brave/view-all/) -[^507]: Brave.com, Brave, Fingerprinting, and Privacy Budgets [[Archive.org]][159] +[^507]: Brave.com, Brave, Fingerprinting, and Privacy Budgets [[Archive.org]](https://web.archive.org/web/https://brave.com/brave-fingerprinting-and-privacy-budgets/) -[^508]: Madaidan's Insecurities, Firefox and Chromium [[Archive.org]][1340] +[^508]: Madaidan's Insecurities, Firefox and Chromium [[Archive.org]](https://web.archive.org/web/https://madaidans-insecurities.github.io/firefox-chromium.html) -[^509]: GrapheneOS, Web Browsing [[Archive.org]][1341] +[^509]: GrapheneOS, Web Browsing [[Archive.org]](https://web.archive.org/web/https://grapheneos.org/usage#web-browsing) -[^510]: ResearchGate, Web Browser Privacy: What Do Browsers Say When They Phone Home? [[Archive.org]][1342] +[^510]: ResearchGate, Web Browser Privacy: What Do Browsers Say When They Phone Home? [[Archive.org]](https://web.archive.org/web/https://www.researchgate.net/publication/349979628_Web_Browser_Privacy_What_Do_Browsers_Say_When_They_Phone_Home) -[^511]: Duck's pond, Ungoogled-Chromium [[Archive.org]][1343] +[^511]: Duck's pond, Ungoogled-Chromium [[Archive.org]](https://web.archive.org/web/https://qua3k.github.io/ungoogled/) -[^512]: Madaidan's Insecurities, Firefox and Chromium [[Archive.org]][1340] +[^512]: Madaidan's Insecurities, Firefox and Chromium [[Archive.org]](https://web.archive.org/web/https://madaidans-insecurities.github.io/firefox-chromium.html) -[^513]: GrapheneOS, Web Browsing [[Archive.org]][1341] +[^513]: GrapheneOS, Web Browsing [[Archive.org]](https://web.archive.org/web/https://grapheneos.org/usage#web-browsing) -[^514]: Microsoft.com, Microsoft Edge support for Microsoft Defender Application Guard [[Archive.org]][1344] +[^514]: Microsoft.com, Microsoft Edge support for Microsoft Defender Application Guard [[Archive.org]](https://web.archive.org/web/https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-windows-defender-application-guard) -[^515]: PcMag, Mozilla Signs Lucrative 3-Year Google Search Deal for Firefox [[Archive.org]][1345] +[^515]: PcMag, Mozilla Signs Lucrative 3-Year Google Search Deal for Firefox [[Archive.org]](https://web.archive.org/web/https://www.pcmag.com/news/mozilla-signs-lucrative-3-year-google-search-deal-for-firefox) -[^516]: Madaidan's Insecurities, Firefox and Chromium [[Archive.org]][1340] +[^516]: Madaidan's Insecurities, Firefox and Chromium [[Archive.org]](https://web.archive.org/web/https://madaidans-insecurities.github.io/firefox-chromium.html) -[^517]: FingerprintJS, Demo: Disabling JavaScript Won't Save You from Fingerprinting [[Archive.org]][933] +[^517]: FingerprintJS, Demo: Disabling JavaScript Won't Save You from Fingerprinting [[Archive.org]](https://web.archive.org/web/https://fingerprintjs.com/blog/disabling-javascript-wont-stop-fingerprinting/) -[^518]: Duck's pond, Ungoogled-Chromium [[Archive.org]][1343] +[^518]: Duck's pond, Ungoogled-Chromium [[Archive.org]](https://web.archive.org/web/https://qua3k.github.io/ungoogled/) -[^519]: Wikipedia, Virtualization [[Wikiless]][1346] [[Archive.org]][1347] +[^519]: Wikipedia, Virtualization [[Wikiless]](https://wikiless.org/wiki/Virtualization) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Virtualization) -[^520]: Tor Project, Project Snowflake [[Archive.org]][563] +[^520]: Tor Project, Project Snowflake [[Archive.org]](https://web.archive.org/web/https://snowflake.torproject.org/) -[^521]: GitHub, Obfs4 Repository [[Archive.org]][1348] +[^521]: GitHub, Obfs4 Repository [[Archive.org]](https://web.archive.org/web/https://github.com/Yawning/obfs4/) -[^523]: Tor Browser Manual, Pluggable Transport [[Archive.org]][1349] +[^523]: Tor Browser Manual, Pluggable Transport [[Archive.org]](https://web.archive.org/web/https://tb-manual.torproject.org/circumvention/) -[^524]: Wikipedia, Domain Fronting [[Wikiless]][1350] [[Archive.org]][1351] +[^524]: Wikipedia, Domain Fronting [[Wikiless]](https://wikiless.org/wiki/Domain_fronting) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Domain_fronting) -[^525]: GitLab, Tor Browser Issues, Add uBlock Origin to the Tor Browser [[Archive.org]][1352] +[^525]: GitLab, Tor Browser Issues, Add uBlock Origin to the Tor Browser [[Archive.org]](https://web.archive.org/web/https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17569) -[^526]: Vice, The NSA and CIA Use Ad Blockers Because Online Advertising Is So Dangerous [[Archive.org]][1353] +[^526]: Vice, The NSA and CIA Use Ad Blockers Because Online Advertising Is So Dangerous [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/93ypke/the-nsa-and-cia-use-ad-blockers-because-online-advertising-is-so-dangerous) -[^528]: NIST, NIST Has Spoken - Death to Complexity, Long Live the Passphrase! [[Archive.org]][1355] +[^528]: NIST, NIST Has Spoken - Death to Complexity, Long Live the Passphrase! [[Archive.org]](https://web.archive.org/web/https://www.sans.org/blog/nist-has-spoken-death-to-complexity-long-live-the-passphrase/) -[^529]: ZDnet, FBI recommends passphrases over password complexity [[Archive.org]][1356] +[^529]: ZDnet, FBI recommends passphrases over password complexity [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/fbi-recommends-passphrases-over-password-complexity/) -[^530]: The Intercept, Passphrases That You Can Memorize --- But That Even the NSA Can't Guess [[Tor Mirror]][1357] [[Archive.org]][1358] +[^530]: The Intercept, Passphrases That You Can Memorize --- But That Even the NSA Can't Guess [[Tor Mirror]](https://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2015/03/26/passphrases-can-memorize-attackers-cant-guess/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/) -[^531]: Proton Blog, Let's settle the password vs. passphrase debate once and for all [[Archive.org]][1359] +[^531]: Proton Blog, Let's settle the password vs. passphrase debate once and for all [[Archive.org]](https://web.archive.org/web/https://proton.me/blog/protonmail-com-blog-password-vs-passphrase) -[^532]: YouTube, Edward Snowden on Passwords: Last Week Tonight with John Oliver (HBO) [[Invidious]][1360] +[^532]: YouTube, Edward Snowden on Passwords: Last Week Tonight with John Oliver (HBO) [[Invidious]](https://yewtu.be/watch?v=yzGzB-yYKcc) -[^533]: YouTube, How to Choose a Password -- Computerphile [[Invidious]][699] +[^533]: YouTube, How to Choose a Password -- Computerphile [[Invidious]](https://yewtu.be/watch?v=3NjQ9b3pgIg) -[^534]: Wikipedia, Passphrase [[Wikiless]][1361] [[Archive.org]][1362] +[^534]: Wikipedia, Passphrase [[Wikiless]](https://wikiless.org/wiki/Passphrase#Passphrase_selection) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Passphrase#Passphrase_selection) -[^535]: Monero Research Lab, Evaluating cryptocurrency security and privacy in a post-quantum world [[Archive.org]][1363] +[^535]: Monero Research Lab, Evaluating cryptocurrency security and privacy in a post-quantum world [[Archive.org]](https://web.archive.org/web/https://github.com/insight-decentralized-consensus-lab/post-quantum-monero/blob/master/writeups/technical_note.pdf) [Contents:]: #contents [Pre-requisites and limitations:]: #pre-requisites-and-limitations @@ -13799,1370 +13780,90 @@ And from [a post](https://tor.stackexchange.com/questions/427/is-running-tor-ove [Appendix B3: Threat modeling resources]: #appendix-b3-threat-modeling-resources [Appendix B4: Important notes about evil-maid and tampering]: #appendix-b4-important-notes-about-evil-maid-and-tampering [Appendix B5: Types of CPU attacks:]: #appendix-b5-types-of-cpu-attacks - [Appendix B6: Warning for using Orbot on Android]: #appendix-b6-warning-for-using-orbot-on-android [References:]: #references [cc-by-nc-4.0]: https://creativecommons.org/licenses/by-nc/4.0/ [LINDDUN2015]: https://lirias.kuleuven.be/retrieve/295669 - [27]: https://web.archive.org/web/https://creativecommons.org/licenses/by-nc/4.0/ [https://matrix.to/#/#anonymity:matrix.org]: https://matrix.to/#/ - [28]: https://nitter.net/AnonyPla - [29]: https://web.archive.org/web/https://github.com/iv-org/invidious - [30]: https://web.archive.org/web/https://github.com/zedeus/nitter - [31]: https://web.archive.org/web/https://codeberg.org/orenom/wikiless - [32]: https://web.archive.org/web/https://scribe.rip/ - [33]: https://web.archive.org/web/20220509220021/https://libredirect.github.io/ - [34]: https://wikiless.org/wiki/Sci-Hub - [35]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Sci-Hub - [36]: https://wikiless.org/wiki/Library_Genesis - [37]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Library_Genesis [38]: media/image1.jpeg [39]: media/image2.jpeg [40]: media/image3.jpeg - [41]: https://web.archive.org/web/https://ssd.eff.org/en/module-categories/security-scenarios - [42]: https://web.archive.org/web/https://thenewoil.org/ - [43]: https://yewtu.be/c/Techlore - [44]: https://web.archive.org/web/https://privacyguides.org/ - [45]: https://web.archive.org/web/https://privacytools.io/ - [46]: https://web.archive.org/web/https://github.com/techlore-official/go-incognito - [47]: https://yewtu.be/playlist?list=PL3KeV6Ui_4CayDGHw64OFXEPHgXLkrtJO - [48]: https://yewtu.be/watch?v=vrxwXXytEuI - [49]: https://web.archive.org/web/https://www.cloudflare.com/ssl/encrypted-sni/ [50]: media/image4.jpeg - [51]: https://web.archive.org/web/https://www.ssl.com/blogs/how-do-browsers-handle-revoked-ssl-tls-certificates/ [52]: media/image5.jpeg - [53]: https://web.archive.org/web/https://blog.cloudflare.com/welcome-hidden-resolver/ - [54]: https://web.archive.org/web/https://blog.cloudflare.com/oblivious-dns/ - [55]: https://web.archive.org/web/https://github.com/alecmuffett/dohot [56]: media/image6.jpeg - [57]: https://web.archive.org/web/https://blog.apnic.net/2019/08/23/what-can-you-learn-from-an-ip-address/ - [58]: https://wikiless.org/wiki/Radio-frequency_identification - [59]: https://web.archive.org/web/https://web.archive.org/web/20220530073225/https://en.wikipedia.org/wiki/Radio-frequency_identification - [60]: https://web.archive.org/web/http://rfpose.csail.mit.edu/ - [61]: https://yewtu.be/watch?v=HgDdaMy8KNE - [62]: https://web.archive.org/web/https://www.news.ucsb.edu/2021/020392/dont-fidget-wifi-will-count-you [63]: media/image7.jpeg - [64]: https://yewtu.be/watch?v=FDZ39h-kCS8 - [65]: https://yewtu.be/watch?v=7v3JR4Wlw4Q - [66]: https://web.archive.org/web/https://blog.torproject.org/new-low-cost-traffic-analysis-attacks-mitigations [67]: media/image8.jpeg [68]: media/image9.jpeg [69]: media/image10.jpeg - [70]: https://web.archive.org/web/https://github.com/Attacks-on-Tor/Attacks-on-Tor - [71]: https://web.archive.org/web/https://www.researchgate.net/publication/323627387_Shedding_Light_on_the_Dark_Corners_of_the_Internet_A_Survey_of_Tor_Research - [72]: https://web.archive.org/web/https://www.hackerfactor.com/blog/index.php?/archives/906-Tor-0day-The-Management-Vulnerability.html - [73]: https://web.archive.org/web/https://arstechnica.com/information-technology/2014/07/active-attack-on-tor-network-tried-to-decloak-users-for-five-months/ - [74]: https://web.archive.org/web/https://svn-archive.torproject.org/svn/projects/design-paper/tor-design.pdf - [75]: https://yewtu.be/watch?v=siCk4pGGcqA - [76]: https://yewtu.be/watch?v=mYsTBPqbya8 - [77]: https://yewtu.be/watch?v=bKH5nGLgi08&t=2834s - [80]: https://web.archive.org/web/https://github.com/speed47/spectre-meltdown-checker - [81]: https://web.archive.org/web/https://www.grc.com/inspectre.htm - [82]: https://web.archive.org/web/https://www.whonix.org/wiki/Spectre_Meltdown - [83]: https://web.archive.org/web/https://policies.google.com/privacy - [84]: https://web.archive.org/web/https://www.scss.tcd.ie/doug.leith/apple_google.pdf - [85]: https://web.archive.org/web/https://www.apple.com/legal/privacy/en-ww/ - [86]: https://web.archive.org/web/https://support.apple.com/en-us/HT202100 - [87]: https://web.archive.org/web/https://docs.microsoft.com/en-us/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004 - [88]: https://web.archive.org/web/https://docs.microsoft.com/en-us/windows/privacy/windows-diagnostic-data - [89]: https://web.archive.org/web/https://support.apple.com/guide/mac-help/share-analytics-information-mac-apple-mh27990/mac - [90]: https://web.archive.org/web/https://ubuntu.com/desktop/statistics - [91]: https://web.archive.org/web/https://twitter.com/idf/status/1125066395010699264 - [92]: https://nitter.net/idf/status/1125066395010699264 - [93]: https://web.archive.org/web/https://mediasonar.com/ - [94]: https://web.archive.org/web/https://www.typingdna.com/ - [95]: https://web.archive.org/web/https://link.springer.com/10.1007/978-1-4614-7163-9_110198-1 [96]: https://archive.ph/iuowI - [97]: https://web.archive.org/web/https://www.researchgate.net/publication/300562034_Using_Social_Networks_Data_for_Behavior_and_Sentiment_Analysis - [98]: https://web.archive.org/web/https://www.academia.edu/30936118/A_Survey_on_User_Behaviour_Analysis_in_Social_Networks - [99]: https://web.archive.org/web/https://web.archive.org/web/https://sci-hub.se/10.1007/978-3-030-02592-2 - [100]: https://web.archive.org/web/https://docs.google.com/spreadsheets/d/18rtqh8EG2q1xBo2cLNyhIDuK9jrPGwYr9DI2UncoqJQ/edit - [101]: https://web.archive.org/web/https://github.com/jivoi/awesome-osint - [102]: https://yewtu.be/playlist?list=PLrFPX1Vfqk3ehZKSFeb9pVIHqxqrNW8Sy - [103]: https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2019/12/26/guide-to-using-reverse-image-search-for-investigations/ - [104]: https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2019/02/19/using-the-new-russian-facial-recognition-site-searchface-ru/ - [105]: https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2018/10/24/dali-warhol-boshirov-determining-time-alleged-photograph-skripal-suspect-chepiga/ - [106]: https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2017/06/30/advanced-guide-verifying-video-content/ - [107]: https://web.archive.org/web/https://www.bellingcat.com/resources/2020/12/03/using-the-sun-and-the-shadows-for-geolocation/ - [108]: https://web.archive.org/web/https://www.bellingcat.com/news/uk-and-europe/2021/01/27/navalny-poison-squad-implicated-in-murders-of-three-russian-activists/ - [109]: https://web.archive.org/web/https://www.bellingcat.com/news/2021/03/19/berlin-assassination-new-evidence-on-suspected-fsb-hitman-passed-to-german-investigators/ - [110]: https://yewtu.be/watch?v=cAVZaPiVArA - [111]: https://yewtu.be/watch?v=awY87q2Mr0E - [112]: https://yewtu.be/watch?v=bS6gYWM4kzY [113]: media/image11.jpeg - [114]: https://web.archive.org/web/https://www.nature.com/articles/s41598-020-79310-1.pdf [115]: media/image12.jpeg - [116]: https://web.archive.org/web/https://rd.springer.com/chapter/10.1007/978-3-030-42504-3_15 - [117]: https://web.archive.org/web/https://media.ccc.de/v/rc3-11406-spot_the_surveillance - [118]: https://web.archive.org/web/https://www.eff.org/sls - [119]: https://web.archive.org/web/https://www.respeecher.com/ - [120]: https://web.archive.org/web/https://www.descript.com/overdub - [121]: https://yewtu.be/watch?v=t5yw5cR79VA - [122]: https://web.archive.org/web/https://www.reflectacles.com/ - [123]: https://web.archive.org/web/https://gitlab.com/FG-01/fg-01 - [124]: https://wikiless.org/wiki/Advance-fee_scam - [125]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Advance-fee_scam - [126]: https://yewtu.be/watch?v=Z20XNp-luNA - [127]: https://yewtu.be/watch?v=VVdmmN0su6E - [128]: https://yewtu.be/watch?v=hdCs6bPM4is - [129]: https://web.archive.org/web/https://shop.hak5.org/products/usb-rubber-ducky-deluxe - [130]: https://yewtu.be/watch?v=V5mBJHotZv0 - [131]: https://web.archive.org/web/https://www.keelog.com/ - [132]: https://web.archive.org/web/https://www.aliexpress.com/i/4000710369016.html [133]: media/image13.jpeg - [134]: https://web.archive.org/web/https://mattw.io/youtube-geofind/location - [135]: https://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2021/01/18/leak-zoom-meeting/ - [136]: https://web.archive.org/web/https://theintercept.com/2021/01/18/leak-zoom-meeting/ - [137]: https://web.archive.org/web/https://www.eff.org/issues/printers - [138]: https://yewtu.be/watch?v=izMGMsIZK4U - [139]: https://web.archive.org/web/https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots - [140]: https://web.archive.org/web/https://www.whonix.org/wiki/Printing_and_Scanning - [141]: https://web.archive.org/web/https://github.com/beurtschipper/Depix [142]: media/image14.jpeg [143]: https://scribe.rip/@somdevsangwan/unblurring-images-for-osint-and-more-part-1-5ee36db6a70b - [144]: https://web.archive.org/web/https://medium.com/@somdevsangwan/unblurring-images-for-osint-and-more-part-1-5ee36db6a70b [145]: https://scribe.rip/@somdevsangwan/deblurring-images-for-osint-part-2-ba564af8eb5d - [146]: https://web.archive.org/web/https://medium.com/@somdevsangwan/deblurring-images-for-osint-part-2-ba564af8eb5d [147]: media/image15.jpeg - [148]: https://web.archive.org/web/https://github.com/subeeshvasu/Awesome-Deblurring - [149]: https://web.archive.org/web/https://www.myheritage.com/photo-enhancer [150]: media/image16.jpeg - [151]: https://web.archive.org/web/https://bitcoin.org/en/you-need-to-know - [152]: https://web.archive.org/web/https://bitcoin.org/en/protect-your-privacy - [153]: https://web.archive.org/web/https://support.apple.com/en-us/HT202303 - [154]: https://web.archive.org/web/https://faq.whatsapp.com/android/chats/about-google-drive-backups/ - [155]: https://web.archive.org/web/https://about.fb.com/news/2021/10/end-to-end-encrypted-backups-on-whatsapp/ - [156]: https://web.archive.org/web/https://www.dropbox.com/privacy - [157]: https://web.archive.org/web/https://privacy.microsoft.com/en-us/privacystatement - [158]: https://web.archive.org/web/https://amiunique.org/links - [159]: https://web.archive.org/web/https://brave.com/brave-fingerprinting-and-privacy-budgets/ - [160]: https://web.archive.org/web/https://palant.info/2020/12/10/how-anti-fingerprinting-extensions-tend-to-make-fingerprinting-easier/ - [161]: https://web.archive.org/web/https://www.upturn.org/reports/2020/mass-extraction/ - [162]: https://web.archive.org/web/https://www.nytimes.com/2020/10/21/technology/iphone-encryption-police.html - [163]: https://web.archive.org/web/https://www.vice.com/en/article/vbxxxd/unlock-iphone-ios11-graykey-grayshift-police - [164]: https://web.archive.org/web/http://encase-docs.opentext.com/documentation/encase/forensic/8.07/Content/Resources/External%20Files/EnCase%20Forensic%20v8.07%20User%20Guide.pdf - [165]: https://web.archive.org/web/https://accessdata.com/products-services/forensic-toolkit-ftk - [166]: https://web.archive.org/web/https://latacora.micro.blog/2018/04/03/cryptographic-right-answers.html - [167]: https://web.archive.org/web/https://jedisct1.github.io/minisign/ - [168]: https://web.archive.org/web/https://democratic-europe.eu/2021/07/20/cryptographers-uncover-four-vulnerabilities-in-telegram/ - [169]: https://web.archive.org/web/https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/ - [170]: https://web.archive.org/web/https://www.cryptofails.com/ [171]: media/image17.jpeg - [172]: https://web.archive.org/web/https://cyber.bgu.ac.il/advanced-cyber/airgap - [173]: https://web.archive.org/web/https://www.welivesecurity.com/wp-content/uploads/2021/12/eset_jumping_the_air_gap_wp.pdf - [174]: https://yewtu.be/watch?v=mSNt4h7EDKo - [175]: https://yewtu.be/watch?v=1kBGDHVr7x0 - [176]: https://yewtu.be/watch?v=om5fNqKjj2M - [177]: https://yewtu.be/watch?v=auoYKSzdOj4 - [178]: https://yewtu.be/watch?v=v2_sZIfZkDQ - [179]: https://yewtu.be/watch?v=4vIu8ld68fc - [180]: https://yewtu.be/watch?v=E28V1t-k8Hk - [181]: https://yewtu.be/watch?v=H7lQXmSLiP8 - [182]: https://yewtu.be/watch?v=RChj7Mg3rC4 - [183]: https://yewtu.be/watch?v=2OzTWiGl1rM&t=20s - [184]: https://yewtu.be/watch?v=yz8E5n1Tzlo - [185]: https://yewtu.be/watch?v=2WtiHZNeveY - [186]: https://yewtu.be/watch?v=ZrkZUO2g4DE - [187]: https://yewtu.be/watch?v=XGD343nq1dg - [188]: https://yewtu.be/watch?v=vhNnc0ln63c - [189]: https://web.archive.org/web/https://arxiv.org/pdf/1804.04014.pdf - [190]: https://web.archive.org/web/http://wallcamera.csail.mit.edu/ - [191]: https://web.archive.org/web/https://arxiv.org/pdf/2001.04642.pdf - [192]: https://web.archive.org/web/https://engineering.cmu.edu/news-events/news/2020/02/17-mauraders-map.html - [193]: https://yewtu.be/watch?v=t32QvpfOHqw - [194]: https://web.archive.org/web/http://www.gcomtech.com/ccp0-prodshow/laser-surveillance-laser-listening.html - [195]: https://yewtu.be/watch?v=YKRtFgunyj4 - [196]: https://web.archive.org/web/https://www.whonix.org/wiki/Data_Collection_Techniques - [197]: https://web.archive.org/web/https://tosdr.org/ - [198]: https://web.archive.org/web/https://www.eff.org/issues/privacy - [199]: https://wikiless.org/wiki/List_of_government_mass_surveillance_projects - [200]: https://web.archive.org/web/https://en.wikipedia.org/wiki/List_of_government_mass_surveillance_projects - [201]: https://web.archive.org/web/https://www.gwern.net/Death-Note-Anonymity - [202]: https://web.archive.org/web/https://www.freehaven.net/anonbib/date.html - [203]: https://web.archive.org/web/https://transparencyreport.google.com/user-data/overview - [204]: https://web.archive.org/web/https://transparency.facebook.com/ - [205]: https://web.archive.org/web/https://www.apple.com/legal/transparency/ - [206]: https://web.archive.org/web/https://www.cloudflare.com/transparency/ - [207]: https://web.archive.org/web/https://www.snap.com/en-US/privacy/transparency - [208]: https://web.archive.org/web/https://t.me/transparency - [209]: https://web.archive.org/web/https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report - [210]: https://web.archive.org/web/https://www.amazon.com/gp/help/customer/display.html?nodeId=GYSDRGWQ2C2CRYEF - [211]: https://web.archive.org/web/https://www.dropbox.com/transparency - [212]: https://web.archive.org/web/20220812051950/https://discord.com/blog/discord-transparency-report-q1-2022 - [213]: https://web.archive.org/web/https://github.blog/2021-02-25-2020-transparency-report/ - [214]: https://web.archive.org/web/20220806141853/https://www.snap.com/en-US/privacy/transparency - [215]: https://web.archive.org/web/20220812054600/https://www.tiktok.com/transparency/en/information-requests-2021-2/ - [216]: https://web.archive.org/web/20220812054736/https://www.redditinc.com/policies/transparency-report-2021 - [217]: https://web.archive.org/web/20220812054839/https://transparency.twitter.com/ - [218]: https://yewtu.be/watch?v=euSsqXO53GY - [219]: https://web.archive.org/web/https://media.defense.gov/2021/Feb/25/2002588479/-1/-1/0/CSI_EMBRACING_ZT_SECURITY_MODEL_UOO115131-21.PDF [220]: media/image18.jpeg - [221]: https://web.archive.org/web/https://www.whonix.org/wiki/Warning - [222]: https://web.archive.org/web/https://www.whonix.org/wiki/Dev/Threat_Model - [223]: https://web.archive.org/web/https://www.whonix.org/wiki/Comparison_with_Others - [224]: https://web.archive.org/web/https://ssd.eff.org/en/module/understanding-and-circumventing-network-censorship - [225]: https://web.archive.org/web/https://www.usenix.org/system/files/sec21-hoang.pdf - [226]: https://web.archive.org/web/https://therecord.media/malware-found-preinstalled-in-classic-push-button-phones-sold-in-russia/ - [227]: https://web.archive.org/web/https://prepaid-data-sim-card.fandom.com/wiki/Registration_Policies_Per_Country [228]: http://cryptonx6nsmspsnpicuihgmbbz3qvro4na35od3eht4vojdo7glm6yd.onion - [229]: https://web.archive.org/web/https://crypton.sh/ - [230]: https://web.archive.org/web/https://virtualsim.net/ - [231]: https://web.archive.org/web/https://mobilesms.io/ - [232]: https://web.archive.org/web/https://www.sms77.io/ - [233]: https://web.archive.org/web/https://onlinesim.ru/ - [234]: https://web.archive.org/web/https://cryptwerk.com/companies/sms/xmr/ - [235]: https://web.archive.org/web/https://syscall.eu/blog/2018/03/12/aigo_part1/ - [236]: https://web.archive.org/web/https://www.torproject.org/ - [237]: https://yewtu.be/watch?v=JWII85UlzKw - [238]: https://web.archive.org/web/https://2019.www.torproject.org/about/overview.html.en - [239]: https://web.archive.org/web/https://support.torproject.org/tormobile/tormobile-7/ - [240]: https://web.archive.org/web/https://tb-manual.torproject.org/security-settings/ - [241]: https://web.archive.org/web/https://tails.boum.org/doc/about/warnings/index.en.html - [242]: https://web.archive.org/web/https://tails.boum.org/install/index.en.html - [243]: https://web.archive.org/web/https://tails.boum.org/doc/anonymous_internet/tor/index.en.html - [244]: https://web.archive.org/web/https://2019.www.torproject.org/docs/bridges - [245]: https://web.archive.org/web/https://github.com/aforensics/HiddenVM [246]: media/image19.jpeg [Tor over VPN]: #tor-over-vpn - [247]: https://web.archive.org/web/https://www.whonix.org/wiki/Whonix-Host - [248]: https://web.archive.org/web/https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm - [249]: https://wikiless.org/wiki/Rubber-hose_cryptanalysis - [250]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis - [251]: https://web.archive.org/web/https://github.com/aforensics/HiddenVM/releases - [252]: https://web.archive.org/web/https://www.whonix.org/wiki/VirtualBox/XFCE - [253]: https://web.archive.org/web/https://store.hp.com/us/en/tech-takes/how-to-enter-bios-setup-windows-pcs - [254]: https://yewtu.be/watch?v=QDSlWa9xQuA - [255]: https://yewtu.be/watch?v=0fZdL3ufVOI - [256]: https://web.archive.org/web/https://support.apple.com/en-au/HT204455 - [257]: https://web.archive.org/web/https://support.apple.com/en-gb/guide/security/sec28382c9ca/web - [258]: https://web.archive.org/web/https://mullvad.net/en/help/how-tamper-protect-laptop/ [259]: media/image20.jpeg [260]: media/image21.jpeg - [261]: https://web.archive.org/web/https://sourceforge.net/p/veracrypt/discussion/technical/thread/3961542951/ - [262]: https://web.archive.org/web/https://www.whonix.org/wiki/Cold_Boot_Attack_Defense - [263]: https://web.archive.org/web/https://www.whonix.org/wiki/Protection_Against_Physical_Attacks - [264]: https://web.archive.org/web/https://github.com/0xPoly/Centry - [266]: https://web.archive.org/web/https://github.com/hephaest0s/usbkill - [267]: https://web.archive.org/web/https://github.com/Lvl4Sword/Killer - [268]: https://web.archive.org/web/https://askubuntu.com/questions/153245/how-to-wipe-ram-on-shutdown-prevent-cold-boot-attacks - [269]: https://web.archive.org/web/https://github.com/QubesOS/qubes-antievilmaid - [270]: https://web.archive.org/web/https://www.sans.org/security-resources/posters/windows-forensic-analysis/170/download - [271]: https://web.archive.org/web/https://www.whonix.org/wiki/Full_Disk_Encryption - [272]: https://web.archive.org/web/https://madaidans-insecurities.github.io/linux.html - [273]: https://web.archive.org/web/https://ubuntu.com/tutorials/install-ubuntu-desktop - [274]: https://web.archive.org/web/https://help.ubuntu.com/community/ManualFullSystemEncryption [The Detached Headers Way]: #the-detached-headers-way [The Veracrypt Way]: #the-veracrypt-way - [275]: https://web.archive.org/web/https://wiki.archlinux.org/title/Dm-crypt/Specialties#Encrypted_system_using_a_detached_LUKS_header - [276]: https://web.archive.org/web/https://vitux.com/how-to-force-ubuntu-to-stop-collecting-your-data-from-your-pc/ - [277]: https://web.archive.org/web/https://www.addictivetips.com/ubuntu-linux-tips/disable-bluetooth-in-ubuntu/ - [278]: https://web.archive.org/web/https://www.linuxuprising.com/2019/07/how-to-completely-disable-tracker.html - [279]: https://web.archive.org/web/https://www.how2shout.com/linux/how-to-hibernate-ubuntu-20-04-lts-focal-fossa/ - [280]: https://web.archive.org/web/http://www.lorenzobettini.it/2020/07/enabling-hibernation-on-ubuntu-20-04/ - [281]: https://web.archive.org/web/20211011215449/https://blog.ivansmirnov.name/how-to-set-up-hibernate-on-ubuntu-20-04/ - [282]: https://web.archive.org/web/http://ubuntuhandbook.org/index.php/2020/05/lid-close-behavior-ubuntu-20-04/ - [283]: https://web.archive.org/web/https://tipsonubuntu.com/2018/04/28/change-lid-close-action-ubuntu-18-04-lts/ - [284]: https://web.archive.org/web/https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap - [285]: https://web.archive.org/web/https://help.ubuntu.com/community/AnonymizingNetworkMACAddresses - [286]: https://web.archive.org/web/https://josh.works/shell-script-basics-change-mac-address - [287]: https://yewtu.be/watch?v=Sa0KqbpLye4 - [288]: https://web.archive.org/web/https://madaidans-insecurities.github.io/guides/linux-hardening.html - [289]: https://web.archive.org/web/https://wiki.archlinux.org/title/Security - [290]: https://web.archive.org/web/https://codeberg.org/SalamanderSecurity/PARSEC - [291]: https://web.archive.org/web/https://www.whonix.org/wiki/Kicksecure - [292]: https://web.archive.org/web/http://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html - [293]: https://yewtu.be/watch?v=lFx5icuE6Io - [294]: https://web.archive.org/web/https://www.bejarano.io/hardening-macos/ - [295]: https://web.archive.org/web/https://support.apple.com/en-us/HT204455 - [296]: https://web.archive.org/web/https://sneak.berlin/20201112/your-computer-isnt-yours/ - [297]: https://web.archive.org/web/https://blog.jacopo.io/en/post/apple-ocsp/ - [298]: https://yewtu.be/watch?v=vNRics7tlqw - [299]: https://web.archive.org/web/https://technitium.com/tmac/ - [300]: https://web.archive.org/web/https://www.veracrypt.fr/en/Downloads.html [Route A and B: Simple Encryption using Veracrypt (Windows tutorial)]: #route-a-and-b-simple-encryption-using-veracrypt-windows-tutorial - [301]: https://web.archive.org/web/https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838 - [302]: https://web.archive.org/web/https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/disable-and-re-enable-hibernation - [303]: https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt%20Hidden%20Operating%20System.html - [304]: https://web.archive.org/web/https://www.veracrypt.fr/en/Security%20Requirements%20for%20Hidden%20Volumes.html [305]: media/image22.jpeg [306]: #_Appendix_C:_Windows - [307]: https://web.archive.org/web/https://www.veracrypt.fr/en/Protection%20of%20Hidden%20Volumes.html - [308]: https://web.archive.org/web/https://www.whonix.org/wiki/KVM - [309]: https://web.archive.org/web/https://www.whonix.org/wiki/KVM#Why_Use_KVM_Over_VirtualBox.3F [310]: media/image23.jpeg [311]: media/image24.jpeg - [312]: https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/org/doc/ListOfServicesBlockingTor [313]: media/image25.jpeg [314]: media/image26.jpeg - [315]: https://web.archive.org/web/https://stakey.club/en/decred-via-tor-network/ - [316]: https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation - [317]: https://web.archive.org/web/https://tails.boum.org/contribute/design/stream_isolation/ - [318]: https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction#Comparison_Table - [319]: https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor - [320]: https://web.archive.org/web/https://www.whonix.org/wiki/Comparison_Of_Tor_with_CGI_Proxies,_Proxy_Chains,_and_VPN_Services - [321]: https://web.archive.org/web/https://www.whonix.org/wiki/Why_does_Whonix_use_Tor - [322]: https://web.archive.org/web/https://www.researchgate.net/publication/324251041_Anonymity_communication_VPN_and_Tor_a_comparative_study - [323]: https://web.archive.org/web/https://gist.github.com/joepie91/5a9909939e6ce7d09e29 - [324]: https://web.archive.org/web/https://schub.wtf/blog/2019/04/08/very-precarious-narrative.html [Adversaries (threats)]: #threats - [325]: https://web.archive.org/web/https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN - [326]: https://web.archive.org/web/https://gitlab.tails.boum.org/tails/blueprints/-/wikis/vpn_support/ - [327]: https://web.archive.org/web/https://tails.boum.org/support/faq/index.en.html - [328]: https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Introduction - [329]: https://web.archive.org/web/https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_VPN [330]: media/image27.jpeg [331]: media/image28.jpeg - [332]: https://web.archive.org/web/https://www.virtualbox.org/wiki/Downloads - [333]: https://web.archive.org/web/https://www.whonix.org/wiki/Download - [334]: https://web.archive.org/web/https://www.whonix.org/wiki/Virtualization_Platform_Security - [335]: https://web.archive.org/web/https://www.whonix.org/wiki/Network_Time_Synchronization - [336]: https://web.archive.org/web/https://www.virtualbox.org/manual/ch13.html - [337]: https://web.archive.org/web/https://www.whonix.org/wiki/Bridges - [338]: https://web.archive.org/web/https://www.whonix.org/wiki/Operating_System_Software_and_Updates - [339]: https://web.archive.org/web/https://www.whonix.org/wiki/DoNot - [340]: https://web.archive.org/web/https://www.whonix.org/wiki/Documentation - [341]: https://web.archive.org/web/https://www.whonix.org/wiki/Install_Software - [342]: https://web.archive.org/web/https://www.whonix.org/wiki/Anti-Forensics_Precautions [Virtualbox Hardening recommendations]: #virtualbox-hardening-recommendations - [343]: https://web.archive.org/web/https://www.whonix.org/wiki/AppArmor - [344]: https://web.archive.org/web/https://www.whonix.org/wiki/VM_Fingerprinting - [345]: https://web.archive.org/web/https://www.whonix.org/wiki/Other_Operating_Systems [Hardening Linux]: #hardening-linux - [346]: https://web.archive.org/web/https://ameliorated.info/ - [347]: https://web.archive.org/web/https://www.whonix.org/wiki/Anbox - [348]: https://web.archive.org/web/https://www.android-x86.org/documentation/virtualbox.html - [349]: https://web.archive.org/web/https://www.wikigain.com/install-macos-catalina-on-virtualbox-on-windows/ - [350]: https://web.archive.org/web/https://www.wikigain.com/how-to-install-macos-big-sur-on-virtualbox-on-windows-pc/ - [351]: https://web.archive.org/web/https://www.wikigain.com/install-macos-monterey-on-virtualbox/ - [352]: https://web.archive.org/web/https://github.com/myspaghetti/macos-virtualbox [Hardening macOS]: #hardening-macos - [353]: https://web.archive.org/web/https://www.whonix.org/wiki/Keepassxc - [354]: https://web.archive.org/web/https://keepassxc.org/download/ - [355]: https://web.archive.org/web/https://keepassxc.org/docs/KeePassXC_GettingStarted.html [356]: media/image29.jpeg [357]: media/image30.jpeg [358]: media/image31.jpeg - [359]: https://web.archive.org/web/https://www.qubes-os.org/intro/ - [360]: https://web.archive.org/web/https://www.qubes-os.org/video-tours/ - [361]: https://web.archive.org/web/https://www.qubes-os.org/doc/getting-started/ - [362]: https://yewtu.be/watch?v=8cU4hQg6GvU - [363]: https://yewtu.be/watch?v=sbN5Bz3v-uA - [364]: https://yewtu.be/watch?v=YPAvoFsvSbg - [365]: https://web.archive.org/web/https://www.qubes-os.org/hcl/ [366]: media/image32.jpeg [367]: media/image33.jpeg [Note about plausible deniability on Linux]: #note-about-plausible-deniability-on-linux - [368]: https://web.archive.org/web/https://www.qubes-os.org/doc/installation-guide/ - [369]: https://web.archive.org/web/https://www.qubes-os.org/faq/ - [370]: https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/privacy/anonymizing-your-mac-address.md - [371]: https://web.archive.org/web/https://www.whonix.org/wiki/Qubes/Install - [372]: https://web.archive.org/web/https://wiki.debian.org/AppArmor - [373]: https://web.archive.org/web/https://wiki.archlinux.org/title/AppArmor - [374]: https://web.archive.org/web/https://www.whonix.org/wiki/Qubes/AppArmor - [375]: https://yewtu.be/watch?v=_WOKRaM-HI4 - [376]: https://web.archive.org/web/https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/ - [377]: https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md - [378]: https://web.archive.org/web/https://check.torproject.org/ - [379]: https://web.archive.org/web/https://linuxconfig.org/how-to-create-a-vpn-killswitch-using-iptables-on-linux - [380]: https://web.archive.org/web/https://mullvad.net/en/check/ - [381]: https://web.archive.org/web/https://www.ivpn.net/ - [382]: https://web.archive.org/web/https://protonvpn.com/support/vpn-ip-change/ - [383]: https://web.archive.org/web/https://www.whonix.org/wiki/Qubes/DisposableVM - [384]: https://web.archive.org/web/https://brave.com/linux/ - [385]: https://web.archive.org/web/https://anbox.io/ - [386]: https://web.archive.org/web/https://github.com/anbox/anbox-modules - [387]: https://web.archive.org/web/https://github.com/anbox/anbox/blob/master/docs/install.md [388]: media/image34.jpeg [389]: media/image35.jpeg - [390]: https://web.archive.org/web/https://github.com/dessant/buster - [391]: https://web.archive.org/web/https://www.hcaptcha.com/accessibility - [392]: https://web.archive.org/web/https://privacypass.github.io/ [393]: http://vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion/ [394]: media/image36.jpeg [395]: media/image37.jpeg [396]: media/image38.jpeg - [397]: https://web.archive.org/web/https://github.com/deepfakes/faceswap - [398]: https://web.archive.org/web/https://github.com/iperov/DeepFaceLive [Online Phone Number (less recommended)]: #online-phone-number - [400]: https://web.archive.org/web/https://github.com/NVlabs/stylegan2 - [401]: https://web.archive.org/web/https://www.myheritage.com/deep-nostalgia [402]: media/image39.jpeg - [403]: https://web.archive.org/web/https://github.com/AliaksandrSiarohin/first-order-model - [404]: https://web.archive.org/web/https://www.d-id.com/talkingheads/ - [405]: https://yewtu.be/channel/UCqyzLOHYamYX2tNXBNSHr1w/videos - [406]: https://web.archive.org/web/https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual - [407]: https://web.archive.org/web/https://www.bigdatacloud.com/insights/tor-exit-nodes - [408]: https://wikiless.org/wiki/Facebook_real-name_policy_controversy - [409]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Facebook_real-name_policy_controversy - [410]: https://web.archive.org/web/https://slate.com/technology/2018/02/why-some-americans-are-cheering-germany-for-taking-on-facebooks-real-name-policy.html - [411]: https://web.archive.org/web/https://www.theverge.com/2018/2/12/17005746/facebook-real-name-policy-illegal-german-court-rules - [412]: https://web.archive.org/web/https://www.pcmag.com/news/german-court-rules-facebooks-real-name-policy-is-illegal - [413]: https://web.archive.org/web/https://www.vzbv.de/sites/default/files/downloads/2018/02/14/18-02-12_vzbv_pm_facebook-urteil_en.pdf - [414]: https://web.archive.org/web/https://www.reuters.com/article/us-germany-facebook/german-court-rules-facebook-use-of-personal-data-illegal-idUSKBN1FW1FI - [415]: https://wikiless.org/wiki/Real-name_system - [416]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Real-name_system - [417]: https://web.archive.org/web/https://privacyguides.org - [418]: https://web.archive.org/web/https://www.whonix.org/wiki/E-Mail#Anonymity_Friendly_Email_Provider_List - [419]: https://web.archive.org/web/https://www.amazon.com/gp/help/customer/display.html?nodeId=202140280 - [420]: https://web.archive.org/web/https://www.apple.com/legal/internet-services/icloud/en/terms.html - [421]: https://web.archive.org/web/https://www.binance.com/en/terms - [423]: https://web.archive.org/web/https://discord.com/terms - [424]: https://web.archive.org/web/https://element.io/terms-of-service - [425]: https://web.archive.org/web/https://www.facebook.com/terms.php - [426]: https://web.archive.org/web/https://docs.github.com/en/free-pro-team@latest/github/site-policy/github-terms-of-service - [427]: https://web.archive.org/web/https://about.gitlab.com/handbook/legal/subscription-agreement/ - [428]: https://web.archive.org/web/https://policies.google.com/terms - [430]: https://web.archive.org/web/https://help.instagram.com/581066165581870?ref=dp - [431]: https://web.archive.org/web/https://jami.net/privacy-policy/ - [433]: https://web.archive.org/web/https://www.kraken.com/legal - [434]: https://web.archive.org/web/https://www.linkedin.com/legal/user-agreement - [435]: https://web.archive.org/web/https://policy.medium.com/medium-terms-of-service-9db0094a1e0f - [436]: https://web.archive.org/web/https://www.microsoft.com/en/servicesagreement/ - [439]: https://web.archive.org/web/https://onlyfans.com/terms - [440]: https://web.archive.org/web/https://proton.me/legal/terms - [442]: https://web.archive.org/web/https://www.redditinc.com/policies - [443]: https://web.archive.org/web/https://old.reddit.com/r/ShadowBan/comments/8a2gpk/an_unofficial_guide_on_how_to_avoid_being/ - [444]: https://web.archive.org/web/https://slashdotmedia.com/terms-of-use/ - [445]: https://web.archive.org/web/https://telegram.org/tos - [446]: https://web.archive.org/web/mailto:recover@telegram.org - [447]: https://web.archive.org/web/https://tutanota.com/terms/ - [448]: https://web.archive.org/web/https://www.twitch.tv/p/en/legal/terms-of-service/ - [449]: https://web.archive.org/web/https://www.whatsapp.com/legal/updates/terms-of-service-eea [450]: media/image40.jpeg - [451]: https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2018/08/23/creating-android-open-source-research-device-pc/ - [452]: https://yewtu.be/watch?v=zSQtyW_ywZc - [453]: https://wikiless.org/wiki/Comparison_of_instant_messaging_protocols - [454]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Comparison_of_instant_messaging_protocols - [455]: https://wikiless.org/wiki/Comparison_of_cross-platform_instant_messaging_clients - [456]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Comparison_of_cross-platform_instant_messaging_clients - [457]: https://web.archive.org/web/https://www.securemessagingapps.com/ - [458]: https://web.archive.org/web/20220531171438/https://proton.me/blog/whatsapp-alternatives - [459]: https://web.archive.org/web/https://www.whonix.org/wiki/Chat - [460]: https://web.archive.org/web/https://securechatguide.org/featuresmatrix.html - [461]: https://web.archive.org/web/https://www.messenger-matrix.de/messenger-matrix-en.html [462]: http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/ - [463]: https://web.archive.org/web/https://onionshare.org/ - [464]: https://web.archive.org/web/https://cwtch.im/ - [465]: https://web.archive.org/web/https://element.io/ - [466]: https://web.archive.org/web/https://jami.net/ - [467]: https://web.archive.org/web/https://gajim.org/ - [468]: https://web.archive.org/web/https://briarproject.org/ - [469]: https://web.archive.org/web/https://getsession.org/ - [470]: https://web.archive.org/web/https://privacyguides.org/cloud/ - [471]: https://web.archive.org/web/https://securedrop.org/ - [472]: https://web.archive.org/web/https://docs.securedrop.org/en/stable/source.html - [473]: https://web.archive.org/web/https://github.com/alecmuffett/real-world-onion-sites#securedrop - [474]: https://web.archive.org/web/https://haveibeenpwned.com/ - [475]: https://web.archive.org/web/https://www.veracrypt.fr/en/Beginner%27s%20Tutorial.html - [476]: https://web.archive.org/web/https://www.qubes-os.org/doc/backup-restore/ - [477]: https://web.archive.org/web/https://support.apple.com/en-ie/guide/mac-help/mh21241/mac - [478]: https://web.archive.org/web/https://support.apple.com/en-ie/guide/mac-help/mh11421/11.0/mac/11.0 - [479]: https://web.archive.org/web/https://support.apple.com/en-ie/guide/disk-utility/dskutl1010/mac - [480]: https://web.archive.org/web/https://www.privacyguides.org/productivity/#paste-services - [481]: https://web.archive.org/web/https://syncthing.net/ [482]: media/image41.jpeg [483]: media/image42.jpeg [484]: media/image43.jpeg - [485]: https://wikiless.org/wiki/Trim_(computing) - [486]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Trim_(computing) [487]: media/image44.jpeg - [488]: https://yewtu.be/watch?v=-bpX8YvNg6Y - [489]: https://web.archive.org/web/https://wiki.archlinux.org/index.php/Solid_state_drive - [490]: https://web.archive.org/web/https://www.bleachbit.org/download/linux - [491]: https://web.archive.org/web/https://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux - [492]: https://web.archive.org/web/https://linuxhint.com/completely_wipe_hard_drive_ubuntu/ - [493]: https://web.archive.org/web/https://linoxide.com/linux-command/commands-wipe-disk-linux/ - [494]: https://web.archive.org/web/https://wiki.archlinux.org/index.php/Securely_wipe_disk - [495]: https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-linux [Extra Tools Cleaning]: #extra-tools-cleaning - [496]: https://web.archive.org/web/https://eraser.heidi.ie/download/ - [497]: https://web.archive.org/web/http://killdisk.com/killdisk-freeware.htm - [498]: https://web.archive.org/web/https://support.apple.com/en-gb/guide/disk-utility/dskutl14079/mac - [499]: https://web.archive.org/web/https://support.apple.com/guide/disk-utility/erase-and-reformat-a-storage-device-dskutl14079/mac - [500]: https://web.archive.org/web/https://support.apple.com/guide/disk-utility/encrypt-protect-a-storage-device-password-dskutl35612/mac [501]: media/image45.jpeg - [502]: https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-windows - [503]: https://web.archive.org/web/https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption - [504]: https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/disk-trim.md - [505]: https://web.archive.org/web/https://support.apple.com/en-us/HT210898 [506]: media/image46.jpeg - [507]: https://web.archive.org/web/http://www.edenwaith.com/products/permanent%20eraser/ - [508]: https://web.archive.org/web/https://ssd.eff.org/en/module/how-delete-your-data-securely-macos - [509]: https://web.archive.org/web/https://www.whonix.org/wiki/System_Hardening_Checklist - [510]: https://web.archive.org/web/https://exiftool.org/ - [511]: https://web.archive.org/web/https://exifcleaner.com/ - [512]: https://web.archive.org/web/https://www.purevpn.com/internet-privacy/how-to-remove-metadata-from-photos - [513]: https://web.archive.org/web/https://sandlab.cs.uchicago.edu/fawkes/ - [514]: https://web.archive.org/web/https://github.com/Shawn-Shan/fawkes - [515]: https://web.archive.org/web/https://lowkey.umiacs.umd.edu/ - [516]: https://web.archive.org/web/https://adversarial.io/ - [517]: https://web.archive.org/web/https://github.com/kanzure/pdfparanoia - [518]: https://web.archive.org/web/https://support.microsoft.com/en-us/office/remove-hidden-data-and-personal-information-by-inspecting-documents-presentations-or-workbooks-356b7b5d-77af-44fe-a07f-9aa4d085966f [519]: https://web.archive.org/web/https://0xacab.org/jvoisin/mat2 [520]: media/image47.jpeg - [521]: https://web.archive.org/web/https://www.whonix.org/wiki/VM_Live_Mode - [522]: https://web.archive.org/web/https://www.titanium-software.fr/en/onyx.html - [523]: https://web.archive.org/web/https://github.com/Qubes-Community/Contents/blob/master/docs/security/security-guidelines.md - [524]: https://web.archive.org/web/https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG - [525]: https://web.archive.org/web/https://github.com/sundowndev/covermyass - [526]: https://web.archive.org/web/https://support.microsoft.com/en-us/windows/how-to-open-registry-editor-in-windows-10-deab38e6-91d6-e0aa-4b7c-8878d9e07b11 - [527]: https://web.archive.org/web/https://privazer.com/en/download-shellbag-analyzer-shellbag-cleaner.php - [528]: https://web.archive.org/web/https://privazer.com/en/download.php - [529]: https://web.archive.org/web/https://www.bleachbit.org/download - [530]: https://web.archive.org/web/https://justdeleteme.xyz/ - [531]: https://web.archive.org/web/https://justgetmydata.com/ - [532]: https://web.archive.org/web/https://search.google.com/search-console/remove-outdated-content - [533]: https://web.archive.org/web/https://www.bing.com/webmasters/tools/contentremoval - [534]: https://web.archive.org/web/https://webmaster.yandex.com/ - [535]: https://web.archive.org/web/https://webmaster.yandex.com/tools/del-url/ - [536]: https://web.archive.org/web/https://help.yahoo.com/kb/SLN4530.html - [537]: https://wikiless.org/wiki/Wikipedia:Courtesy_vanishing - [538]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Wikipedia:Courtesy_vanishing - [539]: https://web.archive.org/web/https://inteltechniques.com/workbook.html - [540]: https://web.archive.org/web/https://guardianproject.github.io/haven/ - [541]: https://web.archive.org/web/https://www.google.com/alerts - [542]: https://wikiless.org/wiki/Ross_Ulbricht - [543]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Ross_Ulbricht - [544]: https://yewtu.be/watch?v=d-7o9xYp7eE - [545]: https://scribe.rip/@c5/darkweb-vendors-and-the-basic-opsec-mistakes-they-keep-making-e54c285a488c - [546]: https://web.archive.org/web/https://medium.com/@c5/darkweb-vendors-and-the-basic-opsec-mistakes-they-keep-making-e54c285a488c - [547]: https://yewtu.be/watch?v=IqZZU9lFlF4 - [548]: https://yewtu.be/watch?v=zXmZnU2GdVk - [549]: https://yewtu.be/watch?v=eQ2OZKitRwc [Slides]: https://www.defcon.org/images/defcon-22/dc-22-presentations/Crenshaw/DEFCON-22-Adrian-Crenshaw-Dropping-Docs-on-Darknets-How-People-Got-Caught-UPDATED.pdf - [550]: https://web.archive.org/web/https://www.defcon.org/images/defcon-22/dc-22-presentations/Crenshaw/DEFCON-22-Adrian-Crenshaw-Dropping-Docs-on-Darknets-How-People-Got-Caught-UPDATED.pdf - [551]: https://yewtu.be/watch?v=6Chp12sEnWk - [552]: https://yewtu.be/watch?v=J1q4Ir2J8P8 - [553]: https://yewtu.be/watch?v=GR_U0G-QGA0 - [554]: https://wikiless.org/wiki/Key_disclosure_law - [555]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Key_disclosure_law - [556]: https://web.archive.org/web/https://www.gp-digital.org/world-map-of-encryption/ - [557]: https://mirror.anonymousplanet.org/donations.html - [558]: https://web.archive.org/web/https://anonymousplanet.org/donations.html [559]: http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion/donations.html [560]: media/image48.jpeg [561]: media/image49.jpeg [562]: media/image50.jpeg - [563]: https://web.archive.org/web/https://snowflake.torproject.org/ - [564]: https://web.archive.org/web/https://community.torproject.org/relay/ - [Recommended VPS hosting providers]: #_Recommended_VPS_hosting - [565]: https://web.archive.org/web/https://torrelay.ca/ - [566]: https://web.archive.org/web/https://blog.torproject.org/tips-running-exit-node - [567]: https://wikiless.org/wiki/Permanent_Record_(autobiography) - [568]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Permanent_Record_(autobiography) - [569]: https://web.archive.org/web/https://www.w10privacy.de/english-home/ - [570]: https://web.archive.org/web/https://crazymax.dev/WindowsSpyBlocker/download/ - [571]: https://web.archive.org/web/https://www.oo-software.com/en/shutup10 - [572]: https://web.archive.org/web/https://github.com/beerisgood/windows10_hardening - [573]: https://web.archive.org/web/https://www.microsoft.com/en-us/software-download/windows10 - [574]: https://web.archive.org/web/https://www.system-rescue.org/Installing-SystemRescue-on-a-USB-memory-stick/ - [575]: https://web.archive.org/web/https://wiki.archlinux.org/index.php/Solid_state_drive/Memory_cell_clearing - [576]: https://web.archive.org/web/https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase - [577]: https://web.archive.org/web/https://tinyapps.org/docs/wipe_drives_hdparm.html - [578]: https://web.archive.org/web/https://tinyapps.org/docs/ata_sanitize_hdparm.html - [579]: https://web.archive.org/web/https://tinyapps.org/docs/nvme-secure-erase.html - [580]: https://web.archive.org/web/https://tinyapps.org/docs/nvme-sanitize.html - [581]: https://web.archive.org/web/https://clonezilla.org/liveusb.php - [582]: https://web.archive.org/web/https://clonezilla.org/show-live-doc-content.php?topic=clonezilla-live/doc/01_Save_disk_image - [583]: https://web.archive.org/web/https://clonezilla.org/show-live-doc-content.php?topic=clonezilla-live/doc/02_Restore_disk_image - [584]: https://web.archive.org/web/https://bridges.torproject.org/ - [585]: https://web.archive.org/web/https://support.microsoft.com/en-us/windows/disk-cleanup-in-windows-10-8a96ff42-5751-39ad-23d6-434b4d5b9a68 - [586]: https://web.archive.org/web/https://support.microsoft.com/en-us/windows/defragment-your-windows-10-pc-048aefac-7f1f-4632-d48a-9700c4ec702a - [587]: https://web.archive.org/web/https://www.bleachbit.org/ - [588]: https://web.archive.org/web/https://privazer.com/ - [589]: https://web.archive.org/web/https://www.system-rescue.org/ - [590]: https://web.archive.org/web/https://www.lifewire.com/how-to-erase-a-hard-drive-using-dban-2619148 - [591]: https://web.archive.org/web/https://github.com/PartialVolume/shredos.x86_64 - [592]: https://web.archive.org/web/https://rufus.ie/ - [593]: https://web.archive.org/web/https://kb.sandisk.com/app/answers/detail/a_id/15108/~/dashboard-support-information - [594]: https://web.archive.org/web/https://www.seagate.com/support/downloads/seatools/ - [595]: https://web.archive.org/web/https://www.samsung.com/semiconductor/minisite/ssd/download/tools/ - [596]: https://web.archive.org/web/https://www.kingston.com/unitedstates/en/support/technical/ssdmanager - [597]: https://web.archive.org/web/https://support.lenovo.com/us/en/downloads/ds019026-thinkpad-drive-erase-utility-for-resetting-the-cryptographic-key-and-erasing-the-solid-state-drive-thinkpad - [598]: https://web.archive.org/web/https://www.crucial.com/support/storage-executive - [599]: https://web.archive.org/web/https://support.wdc.com/downloads.aspx?p=279 - [600]: https://web.archive.org/web/https://store.hp.com/us/en/tech-takes/how-to-secure-erase-ssd - [601]: https://web.archive.org/web/https://www.transcend-info.com/Support/Software-10/ - [602]: https://web.archive.org/web/https://www.dell.com/support/kbdoc/en-us/000134997/using-the-dell-bios-data-wipe-function-for-optiplex-precision-and-latitude-systems-built-after-november-2015?lwp=rt - [603]: https://web.archive.org/web/https://www.toshiba-storage.com/downloads/ - [604]: https://web.archive.org/web/https://www.glump.net/howto/desktop/enable-trim-on-an-external-ssd-on-linux - [605]: https://web.archive.org/web/https://code.mendhak.com/securely-wipe-ssd/ - [606]: https://web.archive.org/web/https://www.lifewire.com/enable-trim-for-ssd-in-os-x-yosemite-2260789 - [607]: https://web.archive.org/web/https://cindori.org/trimenabler/ - [608]: https://web.archive.org/web/https://www.debian.org/CD/netinst/ - [609]: https://web.archive.org/web/https://support.lenovo.com/be/en/solutions/migr-68369 - [610]: https://web.archive.org/web/https://support.hp.com/gb-en/document/c06204100 - [611]: https://web.archive.org/web/https://www.dell.com/support/kbdoc/en-us/000146892/dell-data-wipe - [612]: https://web.archive.org/web/https://us.answers.acer.com/app/answers/detail/a_id/41567/~/how-to-use-disk-sanitizer-on-acer-travelmate-notebooks - [613]: https://translate.google.com/translate?hl=&sl=ru&tl=en&u=https%3A%2F%2Fbiboroda.livejournal.com%2F4894724.html&anno=2 - [614]: https://web.archive.org/web/https://biboroda.livejournal.com/4894724.html - [615]: https://web.archive.org/web/https://www.theguardian.com/australia-news/2021/sep/11/inside-story-most-daring-surveillance-sting-in-history - [616]: https://wikiless.org/wiki/EncroChat - [617]: https://web.archive.org/web/https://en.wikipedia.org/wiki/EncroChat - [618]: https://wikiless.org/wiki/Sky_ECC - [619]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Sky_ECC - [620]: https://web.archive.org/web/https://www.privacyguides.org/vpn/ - [621]: https://web.archive.org/web/https://safing.io/ [Printing Watermarking]: #printing-watermarking - [622]: https://web.archive.org/web/https://www.getmonero.org/community/merchants/ - [623]: https://web.archive.org/web/https://proprivacy.com/vpn/guides/create-your-own-vpn-server - [624]: https://web.archive.org/web/https://linuxize.com/post/how-to-setup-ssh-socks-tunnel-for-private-browsing/ - [625]: https://web.archive.org/web/https://www.digitalocean.com/community/tutorials/how-to-route-web-traffic-securely-without-a-vpn-using-a-socks-tunnel - [626]: https://web.archive.org/web/https://www.forwardproxy.com/2018/12/using-putty-to-setup-a-quick-socks-proxy/ - [627]: https://web.archive.org/web/https://ma.ttias.be/socks-proxy-linux-ssh-bypass-content-filters/ - [628]: https://web.archive.org/web/https://www.putty.org/ [629]: media/image51.jpeg - [630]: https://web.archive.org/web/https://tails.boum.org/contribute/design/Unsafe_Browser/ - [631]: https://web.archive.org/web/https://archive.flossmanuals.net/bypassing-censorship/index.html [632]: media/image52.jpeg - [633]: https://web.archive.org/web/https://www.alfa.com.tw/ - [634]: https://web.archive.org/web/https://www.tp-link.com/us/home-networking/usb-adapter/tl-wn722n/ - [635]: https://web.archive.org/web/https://www.wirelesshack.org/best-kali-linux-compatible-usb-adapter-dongles.html - [636]: https://yewtu.be/watch?v=8FV2QZ1BPnw - [637]: https://web.archive.org/web/https://www.netally.com/products/ - [638]: https://web.archive.org/web/https://mullvad.net/en/help/install-mullvad-app-windows/ - [639]: https://web.archive.org/web/https://www.ivpn.net/apps-windows - [640]: https://web.archive.org/web/https://docs.safing.io/portmaster/install/windows - [641]: https://web.archive.org/web/https://protonvpn.com/support/protonvpn-windows-vpn-application/ - [642]: https://web.archive.org/web/https://mullvad.net/en/help/install-and-use-mullvad-app-macos/ - [643]: https://web.archive.org/web/https://www.ivpn.net/apps-macos/ - [644]: https://web.archive.org/web/https://protonvpn.com/support/protonvpn-mac-vpn-application/ - [645]: https://web.archive.org/web/https://mullvad.net/en/help/install-mullvad-app-linux/ - [646]: https://web.archive.org/web/https://www.ivpn.net/apps-linux/ - [647]: https://web.archive.org/web/https://docs.safing.io/portmaster/install/linux - [648]: https://web.archive.org/web/https://protonvpn.com/support/linux-vpn-setup/ - [649]: https://web.archive.org/web/https://www.ivpn.net/knowledgebase/general/do-you-offer-a-kill-switch-or-vpn-firewall/ - [650]: https://web.archive.org/web/https://protonvpn.com/support/what-is-kill-switch/ - [651]: https://web.archive.org/web/https://mullvad.net/en/help/using-mullvad-vpn-app/ - [652]: https://web.archive.org/web/https://protonvpn.com/blog/macos-vpn-kill-switch/ - [653]: https://web.archive.org/web/https://mullvad.net/en/help/wireguard-and-mullvad-vpn/ - [654]: https://web.archive.org/web/https://mullvad.net/en/help/linux-openvpn-installation/ - [655]: https://web.archive.org/web/https://github.com/ProtonVPN/linux-cli/blob/master/USAGE.md - [656]: https://web.archive.org/web/https://www.ivpn.net/knowledgebase/linux/linux-wireguard-kill-switch/ - [657]: https://web.archive.org/web/https://www.ivpn.net/knowledgebase/linux/linux-kill-switch-using-the-uncomplicated-firewall-ufw/ - [658]: https://web.archive.org/web/https://ooni.org/install/ - [659]: https://web.archive.org/web/https://www.gpg4win.org/ - [660]: https://web.archive.org/web/https://gpgtools.org/ - [661]: https://web.archive.org/web/https://support.torproject.org/tbb/how-to-verify-signature/ - [662]: https://web.archive.org/web/https://tails.boum.org/install/vm/index.en.html - [663]: https://web.archive.org/web/https://www.whonix.org/wiki/Verify_the_Whonix_images - [664]: https://web.archive.org/web/https://www.clamav.net/ - [665]: https://web.archive.org/web/https://github.com/rfxn/linux-malware-detect - [666]: https://web.archive.org/web/http://www.chkrootkit.org/ - [667]: https://web.archive.org/web/https://developers.virustotal.com/v3.0/docs/search-by-hash - [668]: https://web.archive.org/web/https://github.com/rshipp/awesome-malware-analysis - [669]: https://web.archive.org/web/https://support.virustotal.com/hc/en-us/articles/115002168385-Privacy-Policy - [670]: https://web.archive.org/web/https://blog.didierstevens.com/programs/pdf-tools/ - [671]: https://web.archive.org/web/https://github.com/QubesOS/qubes-app-linux-pdf-converter - [672]: https://web.archive.org/web/https://github.com/firstlookmedia/pdf-redact-tools - [673]: https://web.archive.org/web/https://github.com/firstlookmedia/dangerzone - [674]: https://web.archive.org/web/https://www.vice.com/en/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez - [675]: https://web.archive.org/web/https://digital-forensics.sans.org/media/analyzing-malicious-document-files.pdf - [676]: https://web.archive.org/web/https://www.winitor.com/pdf/Malware-Analysis-Fundamentals-Files-Tools.pdf - [677]: https://web.archive.org/web/https://privacytests.org/ - [678]: https://web.archive.org/web/https://www.mozilla.org/en-US/firefox/browsers/compare/brave/ - [679]: https://yewtu.be/watch?v=qkJGF3syQy4 - [680]: https://web.archive.org/web/https://brave.com/download/ - [681]: https://web.archive.org/web/https://wiki.archlinux.org/title/Firefox/Privacy - [682]: https://web.archive.org/web/https://proprivacy.com/privacy-service/guides/firefox-privacy-security-guide - [683]: https://web.archive.org/web/https://chrisx.xyz/blog/yet-another-firefox-hardening-guide/ - [684]: https://web.archive.org/web/https://ebin.city/~werwolf/posts/firefox-hardening-guide/ [685]: media/image53.jpeg [686]: media/image54.png - [687]: https://web.archive.org/web/https://www.torproject.org/download/ [688]: media/image55.png [689]: media/image56.png [690]: media/image57.png - [691]: https://web.archive.org/web/https://z.cash/ - [692]: https://web.archive.org/web/https://z.cash/exchanges/ - [693]: https://web.archive.org/web/https://wasabiwallet.io/ - [694]: https://web.archive.org/web/https://community.torproject.org/relay/community-resources/good-bad-isps/ - [695]: https://web.archive.org/web/https://privacyguides.org/providers/hosting/ - [696]: https://web.archive.org/web/https://xkcd.com/936/ - [697]: https://web.archive.org/web/https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength [698]: media/image58.jpeg - [699]: https://yewtu.be/watch?v=3NjQ9b3pgIg - [700]: https://web.archive.org/web/https://www.privacyguides.org/search-engines/ - [701]: https://web.archive.org/web/https://arstechnica.com/tech-policy/2018/06/dark-web-vendor-oxymonster-turns-out-to-be-a-frenchman-with-luscious-beard/ - [702]: https://web.archive.org/web/https://www.whonix.org/wiki/Surfing_Posting_Blogging#Stylometry - [703]: https://wikiless.org/wiki/Forensic_linguistics - [704]: https://web.archive.org/web/https://wikipedia.org/wiki/Forensic_linguistics - [705]: https://wikiless.org/wiki/Writeprint - [706]: https://web.archive.org/web/https://wikipedia.org/wiki/Writeprint - [707]: https://wikiless.org/wiki/Stylometry - [708]: https://web.archive.org/web/https://wikipedia.org/wiki/Stylometry - [709]: https://wikiless.org/wiki/Content_similarity_detection - [710]: https://web.archive.org/web/https://wikipedia.org/wiki/Content_similarity_detection - [711]: https://wikiless.org/wiki/Author_profiling - [712]: https://web.archive.org/web/https://wikipedia.org/wiki/Author_profiling - [713]: https://wikiless.org/wiki/Native-language_identification - [714]: https://web.archive.org/web/https://wikipedia.org/wiki/Native-language_identification - [715]: https://wikiless.org/wiki/Computational_linguistics - [716]: https://web.archive.org/web/https://wikipedia.org/wiki/Computational_linguistics - [717]: https://web.archive.org/web/https://regmedia.co.uk/2017/09/27/gal_vallerius.pdf - [718]: https://wikiless.org/wiki/Ted_Kaczynski#After_publication - [719]: https://web.archive.org/web/https://wikipedia.org/wiki/Ted_Kaczynski#After_publication - [720]: https://web.archive.org/web/https://i.blackhat.com/USA-19/Wednesday/us-19-Wixey-Im-Unique-Just-Like-You-Human-Side-Channels-And-Their-Implications-For-Security-And-Privacy.pdf - [721]: https://web.archive.org/web/https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/DEFCON-26-Matt-Wixey-Betrayed-by-the-Keyboard-Updated.pdf - [722]: https://web.archive.org/web/https://i.blackhat.com/us-18/Wed-August-8/us-18-Wixey-Every-ROSE-Has-Its-Thorn-The-Dark-Art-Of-Remote-Online-Social-Engineering.pdf - [https://yewtu.be]: https://invidious.fdn.fr - [https://nitter.net]: https://nitter.fdn.fr - [723]: https://web.archive.org/web/https://github.com/spikecodes/libreddit - [724]: https://web.archive.org/web/https://simplytranslate.org/ - [726]: https://web.archive.org/web/https://anonymousplanet.org/export/guide.pdf - [727]: http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion/guide.pdf - [732]: https://web.archive.org/web/https://anonymousplanet.org/export/guide.odt - [733]: http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion/guide.odt - [734]: https://web.archive.org/web/https://help.libreoffice.org/7.1/en-US/text/shared/guide/redlining_doccompare.html - [735]: https://web.archive.org/web/https://www.whonix.org/wiki/Surfing_Posting_Blogging#Anonymous_File_Sharing - [736]: https://yewtu.be/watch?v=H33ggs7bh8M - [**https://www.youtube.com/watch?v=j02QoI4ZlnU**]: https://www.youtube.com/watch?v=j02QoI4ZlnU - [737]: https://yewtu.be/watch?v=j02QoI4ZlnU - [738]: https://web.archive.org/web/https://github.com/monero-project/monero/blob/master/docs/ANONYMITY_NETWORKS.md#privacy-limitations - [739]: https://web.archive.org/web/https://www.linddun.org/ - [740]: https://wikiless.org/wiki/STRIDE_%28security%29 - [741]: https://web.archive.org/web/https://en.wikipedia.org/wiki/STRIDE_%28security%29 - [742]: https://web.archive.org/web/https://versprite.com/tag/pasta-threat-modeling/ - [743]: https://web.archive.org/web/https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/ - [744]: https://web.archive.org/web/https://www.geeksforgeeks.org/threat-modelling/ [745]: https://web.archive.org/web/https://www.threatmodelingmanifesto.org/ - [https://web.archive.org/web/20210711215728/https://github.com/devbret/online-OPSEC]: https://web.archive.org/web/20210711215728/https://github.com/devbret/online-opsec - [747]: https://web.archive.org/web/https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2016/02/Telemedia_Act__TMA_.pdf - [748]: https://wikiless.org/wiki/Don%27t_be_evil - [749]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Don%27t_be_evil - [750]: https://yewtu.be/watch?v=6DGNZnfKYnU - [751]: https://wikiless.org/wiki/Open-source_intelligence - [752]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Open-source_intelligence - [753]: https://yewtu.be/playlist?list=PLna1KTNJu3y09Tu70U6yPn28sekaNhOMY - [754]: https://wikiless.org/wiki/4chan - [755]: https://web.archive.org/web/https://en.wikipedia.org/wiki/4chan - [756]: https://web.archive.org/web/https://www.privateinternetaccess.com/blog/how-does-privacy-differ-from-anonymity-and-why-are-both-important/ - [757]: https://scribe.rip/unitychain/privacy-blockchain-and-onion-routing-d5609c611841 - [758]: https://web.archive.org/web/https://medium.com/unitychain/privacy-blockchain-and-onion-routing-d5609c611841 - [759]: https://web.archive.org/web/https://scholar.harvard.edu/files/mickens/files/thisworldofours.pdf - [760]: https://web.archive.org/web/https://xkcd.com/538/ - [761]: https://wikiless.org/wiki/Threat_model - [762]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Threat_model - [763]: https://web.archive.org/web/https://www.bellingcat.com/ - [764]: https://wikiless.org/wiki/Doxing - [765]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Doxing - [766]: https://yewtu.be/watch?v=muoR8Td44UE - [767]: https://web.archive.org/web/https://www.bbc.com/news/technology-50150981 - [768]: https://web.archive.org/web/https://github.com/alecmuffett/real-world-onion-sites - [769]: https://web.archive.org/web/https://2019.www.torproject.org/about/torusers.html.en - [770]: https://web.archive.org/web/https://www.whonix.org/wiki/Anonymity - [771]: https://web.archive.org/web/https://geekfeminism.wikia.org/wiki/Who_is_harmed_by_a_%22Real_Names%22_policy%3F - [772]: https://web.archive.org/web/https://www.cyberghostvpn.com/privacyhub/internet-privacy-surveillance/ - [773]: https://web.archive.org/web/https://www.privateinternetaccess.com/blog/internet-freedom-around-the-world-in-50-stats/ - [774]: https://wikiless.org/wiki/IANAL - [775]: https://web.archive.org/web/https://en.wikipedia.org/wiki/IANAL - [776]: https://wikiless.org/wiki/Trust,_but_verify - [777]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Trust,_but_verify - [778]: https://wikiless.org/wiki/IP_address - [779]: https://web.archive.org/web/https://en.wikipedia.org/wiki/IP_address - [780]: https://wikiless.org/wiki/Data_retention - [781]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Data_retention - [782]: https://wikiless.org/wiki/Tor_(anonymity_network) - [783]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Tor_(anonymity_network) - [784]: https://wikiless.org/wiki/Virtual_private_network - [785]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Virtual_private_network - [786]: https://web.archive.org/web/https://ieeexplore.ieee.org/document/8418599 - [787]: https://wikiless.org/wiki/Domain_Name_System - [788]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Domain_Name_System - [789]: https://wikiless.org/wiki/DNS_blocking - [790]: https://web.archive.org/web/https://en.wikipedia.org/wiki/DNS_blocking - [791]: https://web.archive.org/web/https://censoredplanet.org/ - [792]: https://web.archive.org/web/https://arxiv.org/pdf/2001.08288.pdf - [793]: https://web.archive.org/web/https://labzilla.io/blog/force-dns-pihole - [794]: https://wikiless.org/wiki/DNS_over_HTTPS - [795]: https://web.archive.org/web/https://en.wikipedia.org/wiki/DNS_over_HTTPS - [796]: https://wikiless.org/wiki/DNS_over_TLS - [797]: https://web.archive.org/web/https://en.wikipedia.org/wiki/DNS_over_TLS - [798]: https://wikiless.org/wiki/Pi-hole - [799]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Pi-hole - [800]: https://wikiless.org/wiki/Server_Name_Indication - [801]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Server_Name_Indication - [802]: https://web.archive.org/web/https://www.usenix.org/system/files/foci19-paper_chai_0.pdf - [803]: https://wikiless.org/wiki/Content_delivery_network - [804]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Content_delivery_network - [805]: https://web.archive.org/web/https://blog.cloudflare.com/encrypted-client-hello/ - [806]: https://web.archive.org/web/https://www.zdnet.com/article/russia-wants-to-ban-the-use-of-secure-protocols-such-as-tls-1-3-doh-dot-esni/ - [807]: https://web.archive.org/web/https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/ - [808]: https://wikiless.org/wiki/Online_Certificate_Status_Protocol - [809]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol - [810]: https://web.archive.org/web/https://madaidans-insecurities.github.io/encrypted-dns.html - [811]: https://wikiless.org/wiki/OCSP_stapling - [812]: https://web.archive.org/web/https://en.wikipedia.org/wiki/OCSP_stapling - [813]: https://web.archive.org/web/https://dev.chromium.org/Home/chromium-security/crlsets - [814]: https://web.archive.org/web/https://www.zdnet.com/article/chrome-does-certificate-revocation-better/ - [815]: https://web.archive.org/web/https://www.esat.kuleuven.be/cosic/publications/article-3153.pdf - [816]: https://web.archive.org/web/https://www.researchgate.net/publication/332893422_Oblivious_DNS_Practical_Privacy_for_DNS_Queries - [817]: https://web.archive.org/web/https://nymity.ch/tor-dns/ - [818]: https://wikiless.org/wiki/Near-field_communication - [819]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Near-field_communication - [820]: https://web.archive.org/web/https://shop.samsonite.com/accessories/rfid-accessories/ - [821]: https://web.archive.org/web/https://support.google.com/accounts/answer/3467281?hl=en - [822]: https://web.archive.org/web/https://support.apple.com/en-us/HT207056 - [823]: https://web.archive.org/web/http://fly.isti.cnr.it/pub/papers/pdf/Wifi-probes-IPIN16.pdf - [824]: https://web.archive.org/web/https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7472341/ [825]: https://scribe.rip/@brannondorsey/wi-fi-is-broken-3f6054210fa5 - [826]: https://web.archive.org/web/https://medium.com/@brannondorsey/wi-fi-is-broken-3f6054210fa5 - [827]: https://web.archive.org/web/https://cse.buffalo.edu/~lusu/papers/MobiCom2020.pdf - [828]: https://web.archive.org/web/https://digi.ninja/jasager/ - [829]: https://web.archive.org/web/https://shop.hak5.org/products/wifi-pineapple - [830]: https://wikiless.org/wiki/Wi-Fi_deauthentication_attack - [831]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack - [832]: https://wikiless.org/wiki/Captive_portal - [833]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Captive_portal - [834]: https://web.archive.org/web/https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html - [835]: https://web.archive.org/web/https://distrinet.cs.kuleuven.be/software/tor-wf-dl/ - [836]: https://web.archive.org/web/https://homes.esat.kuleuven.be/~mjuarezm/index_files/pdf/ccs18.pdf - [837]: https://web.archive.org/web/20160617040428/https://www.internetsociety.org/sites/default/files/blogs-media/website-fingerprinting-internet-scale.pdf - [838]: https://web.archive.org/web/https://www.esat.kuleuven.be/cosic/publications/article-2456.pdf - [839]: https://web.archive.org/web/https://www.dailydot.com/unclick/tor-harvard-bomb-suspect/ - [840]: https://web.archive.org/web/https://arstechnica.com/information-technology/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/ - [841]: https://wikiless.org/wiki/Sybil_attack - [842]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Sybil_attack - [843]: https://web.archive.org/web/https://arstechnica.com/gadgets/2020/11/does-tor-provide-more-benefit-or-harm-new-paper-says-it-depends/ - [844]: https://web.archive.org/web/https://www.pnas.org/content/early/2020/11/24/2011893117 - [845]: https://web.archive.org/web/https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/ - [846]: https://web.archive.org/web/https://support.apple.com/en-us/HT210515 - [847]: https://web.archive.org/web/https://www.xda-developers.com/samsung-find-my-mobile-app-locate-galaxy-devices-offline/ - [848]: https://web.archive.org/web/https://support.apple.com/en-us/HT204756 - [849]: https://wikiless.org/wiki/Bluetooth_Low_Energy - [850]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Bluetooth_Low_Energy - [851]: https://wikiless.org/wiki/International_Mobile_Equipment_Identity - [852]: https://web.archive.org/web/https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity - [853]: https://wikiless.org/wiki/International_mobile_subscriber_identity - [854]: https://web.archive.org/web/https://en.wikipedia.org/wiki/International_mobile_subscriber_identity - [855]: https://web.archive.org/web/https://source.android.com/devices/tech/config/device-identifiers - [856]: https://web.archive.org/web/https://policies.google.com/privacy/embedded?hl=en-US - [857]: https://web.archive.org/web/https://www.bellingcat.com/news/uk-and-europe/2019/06/28/the-gru-globetrotters-mission-london/ - [858]: https://web.archive.org/web/https://www.bellingcat.com/news/uk-and-europe/2020/02/17/v-like-vympel-fsbs-secretive-department-v-behind-assassination-of-zelimkhan-khangoshvili/ - [859]: https://wikiless.org/wiki/Closed-circuit_television - [860]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Closed-circuit_television - [861]: https://web.archive.org/web/https://www.apple.com/legal/transparency/device-requests.html - [862]: https://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/ - [863]: https://web.archive.org/web/https://theintercept.com/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/ - [864]: https://wikiless.org/wiki/IMSI-catcher - [865]: https://web.archive.org/web/https://en.wikipedia.org/wiki/IMSI-catcher - [866]: https://wikiless.org/wiki/Stingray_phone_tracker - [867]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Stingray_phone_tracker - [868]: https://web.archive.org/web/https://gizmodo.com/american-cops-turns-to-canadian-phone-tracking-firm-aft-1845442778 - [869]: https://wikiless.org/wiki/Man-in-the-middle_attack - [870]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Man-in-the-middle_attack - [871]: https://web.archive.org/web/https://shop.puri.sm/shop/librem-5/ - [872]: https://wikiless.org/wiki/MAC_address - [873]: https://web.archive.org/web/https://en.wikipedia.org/wiki/MAC_address - [874]: https://web.archive.org/web/https://amsignalinc.com/data-sheets/Acyclica/Acyclica-RoadTrend-Product-Sheet.pdf - [875]: https://web.archive.org/web/https://www.researchgate.net/publication/334590931_Tracking_Anonymized_Bluetooth_Devices/fulltext/5d3308db92851cd04675a469/Tracking-Anonymized-Bluetooth-Devices.pdf - [876]: https://wikiless.org/wiki/Central_processing_unit - [877]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Central_processing_unit - [878]: https://wikiless.org/wiki/Intel_Management_Engine - [879]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Intel_Management_Engine - [880]: https://wikiless.org/wiki/AMD_Platform_Security_Processor - [881]: https://web.archive.org/web/https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor - [882]: https://web.archive.org/web/https://libreboot.org/ - [883]: https://web.archive.org/web/https://www.apple.com/privacy/docs/Differential_Privacy_Overview.pdf - [884]: https://wikiless.org/wiki/Differential_privacy - [885]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Differential_privacy - [886]: https://web.archive.org/web/https://edwardsnowden.substack.com/p/all-seeing-i - [887]: https://web.archive.org/web/https://www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT - [888]: https://web.archive.org/web/https://www.zdnet.com/article/apple-data-collection-stored-request/ - [889]: https://web.archive.org/web/https://decorrespondent.nl/8481/heres-how-we-found-the-names-and-addresses-of-soldiers-and-secret-agents-using-a-simple-fitness-app/412999257-6756ba27 - [890]: https://web.archive.org/web/https://www.websiteplanet.com/blog/gethealth-leak-report/ - [891]: https://web.archive.org/web/https://www.wired.com/story/strava-heat-map-military-bases-fitness-trackers-privacy/ - [892]: https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2018/01/29/strava-interpretation-guide/ - [893]: https://web.archive.org/web/https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases - [894]: https://web.archive.org/web/https://www.telegraph.co.uk/technology/2018/07/08/running-app-exposes-mi6-gchq-workers-whereabouts/ - [895]: https://web.archive.org/web/https://www.washingtonpost.com/technology/2019/05/06/alexa-has-been-eavesdropping-you-this-whole-time/?itid=lk_interstitial_manual_59 - [896]: https://web.archive.org/web/https://www.washingtonpost.com/technology/2019/12/17/what-does-your-car-know-about-you-we-hacked-chevy-find-out/ - [897]: https://web.archive.org/web/https://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/ - [898]: https://wikiless.org/wiki/Sensorvault - [899]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Sensorvault - [900]: https://web.archive.org/web/https://nrkbeta.no/2020/12/03/my-phone-was-spying-on-me-so-i-tracked-down-the-surveillants/ - [901]: https://web.archive.org/web/https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html - [902]: https://web.archive.org/web/https://nakedsecurity.sophos.com/2020/03/10/google-data-puts-innocent-man-at-the-scene-of-a-crime/ - [903]: https://wikiless.org/wiki/Geo-fence_warrant - [904]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Geo-fence_warrant - [905]: https://web.archive.org/web/https://www.vice.com/en/article/y3g97x/location-data-apps-drone-strikes-iowa-national-guard - [906]: https://web.archive.org/web/https://techcrunch.com/2021/08/19/google-geofence-warrants/ - [907]: https://web.archive.org/web/https://www.techdirt.com/articles/20210821/10494847401/google-report-shows-reverse-warrants-are-swiftly-becoming-law-enforcements-go-to-investigative-tool.shtml - [908]: https://web.archive.org/web/https://www.vice.com/en/article/m7vqkv/how-fbi-gets-phone-data-att-tmobile-verizon - [909]: https://wikiless.org/wiki/Room_641A - [910]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Room_641A - [911]: https://wikiless.org/wiki/Edward_Snowden - [912]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Edward_Snowden - [913]: https://wikiless.org/wiki/XKeyscore - [914]: https://web.archive.org/web/https://en.wikipedia.org/wiki/XKeyscore - [915]: https://web.archive.org/web/https://www.electrospaces.net/2020/10/danish-military-intelligence-uses.html - [916]: https://web.archive.org/web/https://en.wikipedia.org/wiki/MUSCULAR_(surveillance_program) - [917]: https://wikiless.org/wiki/SORM - [918]: https://web.archive.org/web/https://en.wikipedia.org/wiki/SORM - [919]: https://wikiless.org/wiki/Tempora - [920]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Tempora - [921]: https://wikiless.org/wiki/PRISM_(surveillance_program) - [922]: https://web.archive.org/web/https://en.wikipedia.org/wiki/PRISM_(surveillance_program) - [923]: https://web.archive.org/web/https://www.justsecurity.org/10318/video-clip-director-nsa-cia-we-kill-people-based-metadata/ - [924]: https://web.archive.org/web/https://www.imdb.com/title/tt11464826/ - [925]: https://web.archive.org/web/https://arstechnica.com/information-technology/2015/07/how-the-way-you-type-can-shatter-anonymity-even-on-tor/ - [926]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Stylometry - [927]: https://web.archive.org/web/https://paul.reviews/behavioral-profiling-the-password-you-cant-change/ - [928]: https://wikiless.org/wiki/Sentiment_analysis - [929]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Sentiment_analysis - [930]: https://web.archive.org/web/https://coveryourtracks.eff.org/ - [931]: https://web.archive.org/web/https://people.eecs.berkeley.edu/~dawnsong/papers/2012%20On%20the%20Feasibility%20of%20Internet-Scale%20Author%20Identification.pdf - [932]: https://web.archive.org/web/https://www.forbes.com/sites/thomasbrewster/2021/10/04/google-keyword-warrants-give-us-government-data-on-search-users - [933]: https://web.archive.org/web/https://fingerprintjs.com/blog/disabling-javascript-wont-stop-fingerprinting/ - [934]: https://web.archive.org/web/https://blog.securedtouch.com/behavioral-biometrics-101-an-in-depth-look-at-behavioral-biometrics-vs-behavioral-analytics - [935]: https://web.archive.org/web/https://arstechnica.com/tech-policy/2012/03/stakeout-how-the-fbi-tracked-and-busted-a-chicago-anon/ - [936]: https://web.archive.org/web/https://www.bellingcat.com/news/uk-and-europe/2018/05/25/mh17-russian-gru-commander-orion-identified-oleg-ivannikov/ - [937]: https://web.archive.org/web/https://research.fb.com/publications/deepface-closing-the-gap-to-human-level-performance-in-face-verification/ - [938]: https://web.archive.org/web/https://www.privateinternetaccess.com/blog/putting-face-facebook-mark-zuckerberg-building-world-without-public-anonymity/ - [939]: https://web.archive.org/web/https://www.cnbc.com/2017/09/01/facebook-has-mapped-human-population-building-internet-in-space.html - [940]: https://web.archive.org/web/https://www.technologyreview.com/2021/02/05/1017388/ai-deep-learning-facial-recognition-data-history/ - [941]: https://web.archive.org/web/https://www.bellingcat.com/resources/case-studies/2015/08/07/shadow-of-a-doubt/ - [942]: https://web.archive.org/web/https://brown.columbia.edu/open-source-investigation/ - [943]: https://web.archive.org/web/https://www.newscientist.com/article/dn27761-facebook-can-recognise-you-in-photos-even-if-youre-not-looking/ - [944]: https://web.archive.org/web/https://patents.google.com/patent/US20150242679 - [945]: https://web.archive.org/web/https://apnews.com/article/bf75dd1c26c947b7826d270a16e2658a - [946]: https://web.archive.org/web/https://www.thesun.co.uk/news/7684204/cctv-technology-identify-body-shape-way-walk/ - [947]: https://web.archive.org/web/https://citysecuritymagazine.com/security-management/gait-recognition-identification-tool/ - [948]: https://web.archive.org/web/https://www.vice.com/en/article/bvzvdw/tech-companies-are-training-ai-to-read-your-lips - [949]: https://web.archive.org/web/https://newatlas.com/science/science/eye-tracking-privacy/ - [950]: https://web.archive.org/web/https://techcrunch.com/2021/01/13/facial-recognition-reveals-political-party-in-troubling-new-research/ - [951]: https://web.archive.org/web/https://slate.com/technology/2018/04/facebook-collects-data-on-non-facebook-users-if-they-want-to-delete-it-they-have-to-sign-up.html - [952]: https://web.archive.org/web/https://theconversation.com/shadow-profiles-facebook-knows-about-you-even-if-youre-not-on-facebook-94804 - [953]: https://web.archive.org/web/https://www.theverge.com/2018/4/11/17225482/facebook-shadow-profiles-zuckerberg-congress-data-privacy - [954]: https://web.archive.org/web/https://www.zdnet.com/article/anger-mounts-after-facebooks-shadow-profiles-leak-in-bug/ - [955]: https://web.archive.org/web/https://www.cnet.com/news/shadow-profiles-facebook-has-information-you-didnt-hand-over/ - [956]: https://web.archive.org/web/https://oosto.com/ - [957]: https://web.archive.org/web/https://www.buzzfeednews.com/article/ryanmac/clearview-ai-local-police-facial-recognition - [958]: https://web.archive.org/web/https://www.wired.com/story/clearview-ai-new-tools-identify-you-photos/ - [959]: https://web.archive.org/web/https://www.nec.com/en/global/solutions/biometrics/face/neofacewatch.html - [960]: https://web.archive.org/web/https://www.theguardian.com/uk-news/2020/feb/11/met-police-deploy-live-facial-recognition-technology - [961]: https://yewtu.be/watch?v=lH2gMNrUuEY - [962]: https://web.archive.org/web/https://edition.cnn.com/2021/07/23/tech/idme-unemployment-facial-recognition/index.html - [963]: https://web.archive.org/web/https://www.washingtonpost.com/technology/2020/12/08/huawei-tested-ai-software-that-could-recognize-uighur-minorities-alert-police-report-says/ - [964]: https://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2016/10/13/how-a-facial-recognition-mismatch-can-ruin-your-life/ - [965]: https://web.archive.org/web/https://theintercept.com/2016/10/13/how-a-facial-recognition-mismatch-can-ruin-your-life/ - [966]: https://web.archive.org/web/https://www.vice.com/en/article/5dbywn/facial-recognition-failures-are-locking-people-out-of-unemployment-systems - [967]: https://web.archive.org/web/https://www.bbc.com/news/uk-wales-43711477 - [968]: https://web.archive.org/web/https://edition.cnn.com/2021/05/25/uk/drug-dealer-cheese-sentenced-scli-gbr-intl/index.html - [969]: https://web.archive.org/web/https://www.vice.com/en/article/evqk9e/photo-of-fingerprints-used-to-arrest-drug-dealers - [970]: https://web.archive.org/web/https://blog.kraken.com/post/11905/your-fingerprint-can-be-hacked-for-5-heres-how/ - [971]: https://web.archive.org/web/https://patents.justia.com/patent/10891948 - [972]: https://web.archive.org/web/https://www.pymnts.com/news/biometrics/2021/iris-scan-traveler-identification-dubai-airport/ - [973]: https://web.archive.org/web/https://www.imdb.com/title/tt0119177/ - [974]: https://web.archive.org/web/https://www.imdb.com/title/tt1839578 - [975]: https://web.archive.org/web/https://www.imdb.com/title/tt0181689 - [976]: https://wikiless.org/wiki/Deepfake - [977]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Deepfake - [978]: https://web.archive.org/web/https://www.econotimes.com/Deepfake-Voice-Technology-The-Good-The-Bad-The-Future-1601278 - [979]: https://web.archive.org/web/https://www.forbes.com/sites/jessedamiani/2019/09/03/a-voice-deepfake-was-used-to-scam-a-ceo-out-of-243000/ - [980]: https://web.archive.org/web/https://josephsteinberg.com/how-to-prevent-facial-recognition-technology-from-identifying-you/ - [981]: https://web.archive.org/web/https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8311.pdf - [982]: https://web.archive.org/web/https://www.bbc.com/news/technology-55573802 - [983]: https://web.archive.org/web/http://diglib.uwgb.edu/digital/api/collection/p17003coll4/id/71/download - [984]: https://wikiless.org/wiki/Phishing - [985]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Phishing - [986]: https://wikiless.org/wiki/Social_engineering_(security) - [987]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Social_engineering_(security) - [988]: https://web.archive.org/web/https://www.bbc.com/news/technology-56071437 - [989]: https://wikiless.org/wiki/Exploit_(computer_security) - [990]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Exploit_(computer_security) - [991]: https://wikiless.org/wiki/Freedom_Hosting - [992]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Freedom_Hosting - [993]: https://web.archive.org/web/https://www.wired.com/2013/09/freedom-hosting-fbi/ - [994]: https://wikiless.org/wiki/2020_United_States_federal_government_data_breach - [995]: https://web.archive.org/web/https://en.wikipedia.org/wiki/2020_United_States_federal_government_data_breach - [996]: https://web.archive.org/web/https://www.bbc.com/news/blogs-china-blog-48552907 - [997]: https://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2021/01/29/china-uyghur-muslim-surveillance-police/ - [998]: https://web.archive.org/web/https://theintercept.com/2021/01/29/china-uyghur-muslim-surveillance-police/ - [999]: https://wikiless.org/wiki/Sandbox_(computer_security) - [1000]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Sandbox_(computer_security) - [1001]: https://web.archive.org/web/https://www.wired.com/2014/07/usb-security/ - [1002]: https://wikiless.org/wiki/Stuxnet - [1003]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Stuxnet - [1004]: https://web.archive.org/web/https://superuser.com/questions/1206321/how-do-i-safely-investigate-a-usb-stick-found-in-the-parking-lot-at-work - [1005]: https://web.archive.org/web/https://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden - [1006]: https://wikiless.org/wiki/Rootkit - [1007]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Rootkit - [1008]: https://wikiless.org/wiki/User_space - [1009]: https://web.archive.org/web/https://en.wikipedia.org/wiki/User_space - [1010]: https://wikiless.org/wiki/Firmware - [1011]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Firmware - [1012]: https://wikiless.org/wiki/BIOS - [1013]: https://web.archive.org/web/https://en.wikipedia.org/wiki/BIOS - [1014]: https://wikiless.org/wiki/Unified_Extensible_Firmware_Interface - [1015]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface - [1016]: https://web.archive.org/web/https://www.bellingcat.com/news/americas/2018/10/26/joseph-mifsud-rush-exif/ - [1017]: https://web.archive.org/web/https://support.zoom.us/hc/en-us/articles/209605273-Adding-a-Watermark - [1018]: https://web.archive.org/web/https://support.zoom.us/hc/en-us/articles/360021839031-Audio-Watermark - [1019]: https://web.archive.org/web/https://exchange.adobe.com/creativecloud.details.101789.imatag-invisible-watermark-and-image-monitoring.html - [1020]: https://web.archive.org/web/https://dtv.nagra.com/nexguard-forensic-watermarking - [1021]: https://web.archive.org/web/https://www.vobilegroup.com - [1022]: https://web.archive.org/web/https://www.cinavia.com/languages/english/pages/technology.html - [1023]: https://web.archive.org/web/https://www.imatag.com/ - [1024]: https://wikiless.org/wiki/Steganography - [1025]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Steganography - [1026]: https://web.archive.org/web/https://ieeexplore.ieee.org/document/4428921 - [1027]: https://web.archive.org/web/https://www.researchgate.net/publication/256994444_Robust_Audio_Watermarking_Using_Perceptual_Masking - [1028]: https://web.archive.org/web/https://www.researchgate.net/publication/3318571_Spread-Spectrum_Watermarking_of_Audio - [1029]: https://web.archive.org/web/https://scholar.google.com/scholar?q=source+camera+identification - [1030]: https://wikiless.org/wiki/Machine_Identification_Code - [1031]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Machine_Identification_Code - [1032]: https://web.archive.org/web/https://web.archive.org/web/20220224174025/http://seeingyellow.com/ - [1033]: https://web.archive.org/web/https://arxiv.org/pdf/1107.4524.pdf - [1034]: https://web.archive.org/web/https://www.bellingcat.com/resources/how-tos/2019/03/26/how-to-track-illegal-funding-campaigns-via-cryptocurrency/ - [1035]: https://web.archive.org/web/https://www.coindesk.com/business/2021/09/21/leaked-slides-show-how-chainalysis-flags-crypto-suspects-for-cops/ - [1036]: https://wikiless.org/wiki/Know_your_customer - [1037]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Know_your_customer - [1038]: https://web.archive.org/web/https://arxiv.org/pdf/1906.05754.pdf - [1039]: https://yewtu.be/playlist?list=PLsSYUeVwrHBnAUre2G_LYDsdo-tD0ov-y - [1040]: https://web.archive.org/web/https://monero.org/monero-vs-princeton-researchers/ - [1041]: https://wikiless.org/wiki/Cryptocurrency_tumbler - [1042]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Cryptocurrency_tumbler - [1043]: https://wikiless.org/wiki/Security_through_obscurity - [1044]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Security_through_obscurity - [1045]: https://web.archive.org/web/https://arxiv.org/pdf/2009.14007.pdf - [1046]: https://web.archive.org/web/https://www.researchgate.net/publication/321786355_The_Cryptocurrency_Tumblers_Risks_Legality_and_Oversight - [1047]: https://web.archive.org/web/https://www.magnetforensics.com/products/magnet-axiom/cloud/ - [1048]: https://web.archive.org/web/https://www.cellebrite.com/en/ufed-cloud/ - [1049]: https://web.archive.org/web/https://propertyofthepeople.org/document-detail/?doc-id=21114562 - [1050]: https://web.archive.org/web/https://sites.google.com/a/chromium.org/dev/Home/chromium-security/client-identification-mechanisms - [1051]: https://web.archive.org/web/https://wiki.mozilla.org/Fingerprinting - [1052]: https://web.archive.org/web/https://www.grayshift.com/ - [1053]: https://web.archive.org/web/https://securephones.io/main.pdf - [1054]: https://web.archive.org/web/https://loup-vaillant.fr/articles/rolling-your-own-crypto - [1055]: https://web.archive.org/web/https://soatok.blog/2021/02/09/crackpot-cryptography-and-security-theater/ - [1056]: https://web.archive.org/web/https://www.vice.com/en/article/wnx8nq/why-you-dont-roll-your-own-crypto - [1057]: https://web.archive.org/web/https://arxiv.org/pdf/2107.04940.pdf - [1058]: https://yewtu.be/watch?v=loy84K3AJ5Q - [1059]: https://web.archive.org/web/https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/ - [1060]: https://scribe.rip/@atcipher/the-myth-of-military-grade-encryption-292313ae6369 - [1061]: https://web.archive.org/web/https://medium.com/@atcipher/the-myth-of-military-grade-encryption-292313ae6369 - [1062]: https://web.archive.org/web/https://blog.congruentlabs.co/military-grade-encryption/ - [1063]: https://web.archive.org/web/https://blog.ironcorelabs.com/military-grade-encryption-69aae0145588 - [1064]: https://wikiless.org/wiki/BLAKE_(hash_function)#BLAKE2 - [1065]: https://web.archive.org/web/https://en.wikipedia.org/wiki/BLAKE_(hash_function)#BLAKE2 - [1066]: https://wikiless.org/wiki/AES_instruction_set - [1067]: https://web.archive.org/web/https://en.wikipedia.org/wiki/AES_instruction_set - [1068]: https://wikiless.org/wiki/Salsa20#ChaCha_variant - [1069]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Salsa20#ChaCha_variant - [1070]: https://wikiless.org/wiki/Serpent_(cipher) - [1071]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Serpent_(cipher) - [1072]: https://wikiless.org/wiki/Twofish - [1073]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Twofish - [1074]: https://web.archive.org/web/https://latacora.singles/2019/07/16/the-pgp-problem.html - [1075]: https://wikiless.org/wiki/Shor%27s_algorithm - [1076]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Shor%27s_algorithm - [1077]: https://wikiless.org/wiki/Gag_order - [1078]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Gag_order - [1079]: https://wikiless.org/wiki/National_security_letter - [1080]: https://web.archive.org/web/https://en.wikipedia.org/wiki/National_security_letter - [1081]: https://web.archive.org/web/https://techcrunch.com/2021/09/06/proton-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/ - [1082]: https://web.archive.org/web/https://arstechnica.com/gadgets/2021/07/vpn-servers-seized-by-ukrainian-authorities-werent-encrypted/ - [1083]: https://web.archive.org/web/https://www.bleepingcomputer.com/news/security/doublevpn-servers-logs-and-account-info-seized-by-law-enforcement/ - [1084]: https://web.archive.org/web/https://www.cyberscoop.com/court-rules-encrypted-email-tutanota-monitor-messages/ - [1085]: https://web.archive.org/web/https://www.heise.de/news/Gericht-zwingt-Mailprovider-Tutanota-zu-Ueberwachungsfunktion-4972460.html - [1086]: https://web.archive.org/web/https://www.pcmag.com/opinions/did-purevpn-cross-a-line-when-it-disclosed-user-information - [1087]: https://web.archive.org/web/https://archive.is/XNuVw - [1088]: https://wikiless.org/wiki/Lavabit - [1089]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Lavabit - [1090]: https://wikiless.org/wiki/Warrant_canary - [1091]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Warrant_canary - [1092]: https://web.archive.org/web/https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/ - [1093]: https://web.archive.org/web/https://www.swissinfo.ch/eng/second-swiss-firm-allegedly-sold-encrypted-spying-devices/46186432 - [1094]: https://wikiless.org/wiki/The_Lives_of_Others - [1095]: https://web.archive.org/web/https://en.wikipedia.org/wiki/The_Lives_of_Others - [1096]: https://web.archive.org/web/https://www.wired.com/story/air-gap-researcher-mordechai-guri/ - [1097]: https://web.archive.org/web/https://www.scientificamerican.com/article/a-blank-wall-can-show-how-many-people-are-in-a-room-and-what-theyre-doing/ - [1098]: https://web.archive.org/web/https://www.scientificamerican.com/article/a-shiny-snack-bags-reflections-can-reconstruct-the-room-around-it/ - [1099]: https://web.archive.org/web/https://www.scientificamerican.com/article/footstep-sensors-identify-people-by-gait/ - [1100]: https://web.archive.org/web/https://www.nassiben.com/lamphone - [1101]: https://web.archive.org/web/https://www.theguardian.com/world/2013/aug/22/gchq-warned-laser-spying-guardian-offices - [1102]: https://web.archive.org/web/https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/ - [1103]: https://wikiless.org/wiki/OONI - [1104]: https://web.archive.org/web/https://en.wikipedia.org/wiki/OONI - [1105]: https://web.archive.org/web/https://privacyinternational.org/long-read/3018/timeline-sim-card-registration-laws - [1106]: https://web.archive.org/web/https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html - [1107]: https://web.archive.org/web/https://www.usenix.org/system/files/conference/woot17/woot17-paper-obermaier.pdf - [1108]: https://web.archive.org/web/https://support.torproject.org/tormobile/tormobile-3/ - [1109]: https://wikiless.org/wiki/Tails_(operating_system) - [1110]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Tails_(operating_system) - [1111]: https://web.archive.org/web/https://www.veracrypt.fr/en/Trim%20Operation.html - [1112]: https://wikiless.org/wiki/Booting - [1113]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Booting - [1114]: https://web.archive.org/web/https://www.wired.com/2013/12/better-data-security-nail-polish/ - [1115]: https://wikiless.org/wiki/Virtual_machine - [1116]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Virtual_machine - [1117]: https://wikiless.org/wiki/Plausible_deniability - [1118]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Plausible_deniability - [1119]: https://wikiless.org/wiki/Deniable_encryption - [1120]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Deniable_encryption - [1121]: https://web.archive.org/web/https://www.privacyguides.org/tools/#operating-systems - [1122]: https://wikiless.org/wiki/BitLocker - [1123]: https://web.archive.org/web/https://en.wikipedia.org/wiki/BitLocker - [1124]: https://wikiless.org/wiki/Evil_maid_attack - [1125]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Evil_maid_attack - [1126]: https://wikiless.org/wiki/Cold_boot_attack - [1127]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Cold_boot_attack - [1128]: https://yewtu.be/watch?v=JDaicPIgn9U - [1129]: https://web.archive.org/web/https://www.researchgate.net/publication/318155607_Defeating_Plausible_Deniability_of_VeraCrypt_Hidden_Operating_Systems - [1130]: https://web.archive.org/web/https://www.sans.org/reading-room/whitepapers/forensics/mission-implausible-defeating-plausible-deniability-digital-forensics-39500 - [1131]: https://web.archive.org/web/https://sourceforge.net/p/veracrypt/discussion/technical/thread/53f33faf/ - [1132]: https://web.archive.org/web/https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures - [1133]: https://web.archive.org/web/https://www.sans.org/reading-room/whitepapers/forensics/windows-shellbag-forensics-in-depth-34545 - [1134]: https://web.archive.org/web/https://eprints.whiterose.ac.uk/75046/1/Forensic_Data_Recovery_From_The_Windows_Search_Database_preprint_DIIN328.pdf - [1135]: https://web.archive.org/web/https://cyberforensicator.com/wp-content/uploads/2017/01/1-s2.0-S1742287616300202-main.2-14.pdf - [1136]: https://wikiless.org/wiki/Gatekeeper_(macOS) - [1137]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Gatekeeper_(macOS) - [1138]: https://web.archive.org/web/https://wiki.alpinelinux.org/wiki/Setting_up_a_laptop - [1139]: https://wikiless.org/wiki/VeraCrypt - [1140]: https://web.archive.org/web/https://en.wikipedia.org/wiki/VeraCrypt - [1141]: https://web.archive.org/web/https://www.veracrypt.fr/en/Unencrypted%20Data%20in%20RAM.html - [1142]: https://web.archive.org/web/https://www.veracrypt.fr/code/VeraCrypt/plain/doc/html/Data%20Leaks.html - [1143]: https://web.archive.org/web/https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network - [1144]: https://web.archive.org/web/https://trmm.net/tpm-sniffing/ - [1145]: https://nitter.net/SecurityJon/status/1445020885472235524 - [1146]: https://web.archive.org/web/https://labs.f-secure.com/blog/sniff-there-leaks-my-bitlocker-key/ - [1147]: https://web.archive.org/web/https://www.veracrypt.fr/en/VeraCrypt%20Rescue%20Disk.html - [1148]: https://web.archive.org/web/20211009021236/https://repository.stcloudstate.edu/cgi/viewcontent.cgi?article=1141&context=msia_etds - [1149]: https://web.archive.org/web/https://www.windowscentral.com/how-ensure-trim-enabled-windows-10-speed-ssd-performance - [1150]: https://web.archive.org/web/https://veracrypt.eu/en/docs/trim-operation/ - [1151]: https://web.archive.org/web/https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Schaub-Perfectly-Deniable-Steganographic-Disk-Encryption.pdf - [1152]: https://web.archive.org/web/http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html - [1153]: https://wikiless.org/wiki/VirtualBox - [1154]: https://web.archive.org/web/https://en.wikipedia.org/wiki/VirtualBox - [1155]: https://web.archive.org/web/https://www.virtualbox.org/ticket/17987 - [1156]: https://wikiless.org/wiki/Whonix - [1157]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Whonix - [1158]: https://web.archive.org/web/https://docs.oracle.com/en/virtualization/virtualbox/6.0/user/snapshots.html - [1159]: https://wikiless.org/wiki/Spectre_(security_vulnerability) - [1160]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Spectre_(security_vulnerability) - [1161]: https://wikiless.org/wiki/Meltdown_(security_vulnerability) - [1162]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability) - [1163]: https://web.archive.org/web/https://www.whonix.org/wiki/Stream_Isolation#By_Settings - [1164]: https://wikiless.org/wiki/Time-based_One-time_Password_algorithm - [1165]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm - [1166]: https://wikiless.org/wiki/Multi-factor_authentication - [1167]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Multi-factor_authentication - [1168]: https://web.archive.org/web/https://www.whonix.org/wiki/Whonix-Gateway_Security#Warning:_Bridged_Networking - [1169]: https://web.archive.org/web/https://www.qubes-os.org/faq/#is-qubes-just-another-linux-distribution - [1170]: https://web.archive.org/web/https://www.qubes-os.org/doc/system-requirements/ - [1171]: https://web.archive.org/web/https://github.com/QubesOS/qubes-issues/issues/2414 - [1172]: https://wikiless.org/wiki/AppArmor - [1173]: https://web.archive.org/web/https://en.wikipedia.org/wiki/AppArmor - [1174]: https://wikiless.org/wiki/Security-Enhanced_Linux - [1175]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Security-Enhanced_Linux - [1176]: https://wikiless.org/wiki/CAPTCHA - [1177]: https://web.archive.org/web/https://en.wikipedia.org/wiki/CAPTCHA - [1178]: https://wikiless.org/wiki/Turing_test - [1179]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Turing_test - [1180]: https://web.archive.org/web/https://www.google.com/recaptcha/about/ - [1181]: https://web.archive.org/web/https://www.hcaptcha.com/ - [1182]: https://web.archive.org/web/https://www.hcaptcha.com/post/hcaptcha-now-the-largest-independent-captcha-service - [1183]: https://web.archive.org/web/https://nearcyan.com/you-probably-dont-need-recaptcha/ - [1184]: https://web.archive.org/web/https://arstechnica.com/gadgets/2017/03/googles-recaptcha-announces-invisible-background-captchas/ - [1185]: https://web.archive.org/web/https://www.blackhat.com/docs/asia-16/materials/asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf - [1186]: https://web.archive.org/web/https://security.googleblog.com/2014/12/are-you-robot-introducing-no-captcha.html - [1187]: https://web.archive.org/web/https://blog.cloudflare.com/cloudflare-supports-privacy-pass/ - [1188]: https://wikiless.org/wiki/Device_fingerprint - [1189]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Device_fingerprint - [1190]: https://web.archive.org/web/https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html - [1191]: https://web.archive.org/web/https://support.google.com/accounts/answer/10071085 - [1192]: https://wikiless.org/wiki/Dark_pattern - [1193]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Dark_pattern - [1194]: https://web.archive.org/web/https://www.theverge.com/2020/1/23/21077423/tinder-photo-verification-blue-checkmark-safety-center-launch-noonlight - [1195]: https://web.archive.org/web/https://www.digitalinformationworld.com/2020/03/facebook-is-now-demanding-some-users-to-create-a-video-selfie-for-identity-verification.html - [1196]: https://web.archive.org/web/https://www.vice.com/en/article/m7a4eq/pornhub-new-verification-policy-biometric-id - [1197]: https://web.archive.org/web/https://variety.com/2021/digital/news/china-censorship-hotline-historical-nihilism-1234950554/ - [1198]: https://wikiless.org/wiki/Zero_trust_security_model - [1199]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Zero_trust_security_model - [1200]: https://wikiless.org/wiki/Espionage - [1201]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Espionage - [1202]: https://scribe.rip/@kcimc/how-to-recognize-fake-ai-generated-images-4d1f6f9a2842 - [1203]: https://web.archive.org/web/https://kcimc.medium.com/how-to-recognize-fake-ai-generated-images-4d1f6f9a2842 - [1204]: https://web.archive.org/web/https://blog.jayway.com/2020/03/06/using-ml-to-detect-fake-face-images-created-by-ai/ - [1205]: https://wikiless.org/wiki/SIM_swap_scam - [1206]: https://web.archive.org/web/https://en.wikipedia.org/wiki/SIM_swap_scam - [1207]: https://web.archive.org/web/https://www.whonix.org/wiki/Tor - [1208]: https://web.archive.org/web/https://support.torproject.org/tbb/tbb-editing-torrc/ - [1209]: https://web.archive.org/web/https://support.google.com/accounts/answer/114129?hl=en - [1210]: https://web.archive.org/web/https://support.google.com/google-ads/answer/7474263?hl=en - [1211]: https://web.archive.org/web/https://support.google.com/accounts/answer/40695 - [1212]: https://web.archive.org/web/https://support.google.com/accounts/contact/disabled2 - [1213]: https://web.archive.org/web/https://support.google.com/accounts/answer/1333913?hl=en - [1214]: https://web.archive.org/web/https://www.jumio.com/features/ - [1215]: https://web.archive.org/web/https://www.privacyguides.org/email/ - [1216]: https://web.archive.org/web/https://proton.me/support/human-verification - [1217]: https://web.archive.org/web/https://knowyourmeme.com/memes/good-luck-im-behind-7-proxies - [1218]: https://wikiless.org/wiki/End-to-end_encryption - [1219]: https://web.archive.org/web/https://en.wikipedia.org/wiki/End-to-end_encryption - [1220]: https://wikiless.org/wiki/Forward_secrecy - [1221]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Forward_secrecy - [1222]: https://web.archive.org/web/https://proton.me/blog/zero-access-encryption/ - [1223]: https://wikiless.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal - [1224]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal - [1225]: https://web.archive.org/web/https://signal.org/blog/sealed-sender/ - [1226]: https://web.archive.org/web/https://signal.org/blog/private-contact-discovery/ - [1227]: https://web.archive.org/web/https://signal.org/blog/signal-private-group-system/ - [1228]: https://web.archive.org/web/https://www.privacyguides.org/file-sharing/ - [1229]: https://web.archive.org/web/https://www.privacyguides.org/real-time-communication/ - [1230]: https://web.archive.org/web/https://getsession.org/session-protocol-explained/ - [1231]: https://web.archive.org/web/https://blog.quarkslab.com/audit-of-session-secure-messaging-application.html - [1232]: https://yewtu.be/watch?v=aVwl892hqb4 - [1233]: https://wikiless.org/wiki/InterPlanetary_File_System - [1234]: https://web.archive.org/web/https://en.wikipedia.org/wiki/InterPlanetary_File_System - [1235]: https://web.archive.org/web/https://www.praxisfilms.org/open-letter-from-laura-poitras/ - [1236]: https://wikiless.org/wiki/SecureDrop - [1237]: https://web.archive.org/web/https://en.wikipedia.org/wiki/SecureDrop - [1238]: https://wikiless.org/wiki/Trusted_Platform_Module - [1239]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Trusted_Platform_Module - [1240]: https://wikiless.org/wiki/Pastebin - [1241]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Pastebin - [1242]: https://wikiless.org/wiki/Wear_leveling - [1243]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Wear_leveling - [1244]: https://wikiless.org/wiki/Write_amplification - [1245]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Write_amplification - [1246]: https://web.archive.org/web/https://techgage.com/article/too_trim_when_ssd_data_recovery_is_impossible/ - [1247]: https://web.archive.org/web/https://www.researchgate.net/publication/341761017_Live_forensics_method_for_acquisition_on_the_Solid_State_Drive_SSD_NVMe_TRIM_function - [1248]: https://web.archive.org/web/https://blog.elcomsoft.com/2019/01/life-after-trim-using-factory-access-mode-for-imaging-ssd-drives/ - [1249]: https://web.archive.org/web/https://www.forensicfocus.com/articles/forensic-acquisition-of-solid-state-drives-with-open-source-tools/ - [1250]: https://web.archive.org/web/https://www.researchgate.net/publication/325976653_Solid_State_Drive_Forensics_Where_Do_We_Stand - [1251]: https://web.archive.org/web/https://www.bleepingcomputer.com/news/security/firmware-attack-can-drop-persistent-malware-in-hidden-ssd-area/ - [1252]: https://wikiless.org/wiki/Parted_Magic - [1253]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Parted_Magic - [1254]: https://wikiless.org/wiki/Hdparm - [1255]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Hdparm - [1256]: https://web.archive.org/web/https://github.com/linux-nvme/nvme-cli - [1257]: https://web.archive.org/web/https://partedmagic.com/secure-erase/ - [1258]: https://web.archive.org/web/https://partedmagic.com/nvme-secure-erase/ - [1259]: https://web.archive.org/web/https://www.ufsexplorer.com/solutions/data-recovery-on-encrypted-storage.php - [1260]: https://web.archive.org/web/https://developer.apple.com/library/archive/documentation/FileManagement/Conceptual/APFS_Guide/FAQ/FAQ.html - [1261]: https://web.archive.org/web/https://privacyguides.org/productivity/ - [1262]: https://web.archive.org/web/https://www.whonix.org/wiki/Metadata - [1263]: https://web.archive.org/web/https://gitlab.tails.boum.org/tails/blueprints/-/wikis/doc/mat/ - [1264]: https://web.archive.org/web/https://disable-gatekeeper.github.io/ - [1265]: https://web.archive.org/web/https://help.duckduckgo.com/duckduckgo-help-pages/features/cache/ - [1266]: https://web.archive.org/web/https://help.duckduckgo.com/duckduckgo-help-pages/results/sources/ - [1267]: https://wikiless.org/wiki/Dead_drop - [1268]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Dead_drop - [1269]: https://wikiless.org/wiki/Obfuscation - [1270]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Obfuscation - [1271]: https://wikiless.org/wiki/Kleptography - [1272]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Kleptography - [1273]: https://wikiless.org/wiki/Koalang - [1274]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Koalang - [1275]: https://wikiless.org/wiki/Operations_security - [1276]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Operations_security - [1277]: https://web.archive.org/web/https://quoteinvestigator.com/2014/07/13/truth/ - [1278]: https://web.archive.org/web/https://www.privacyguides.org/tools/#operating-systems - [1279]: https://web.archive.org/web/https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor - [1280]: https://scribe.rip/velociraptor-ir/the-windows-usn-journal-f0c55c9010e - [1281]: https://web.archive.org/web/https://medium.com/velociraptor-ir/the-windows-usn-journal-f0c55c9010e - [1282]: https://scribe.rip/velociraptor-ir/digging-into-the-system-resource-usage-monitor-srum-afbadb1a375 - [1283]: https://web.archive.org/web/https://medium.com/velociraptor-ir/digging-into-the-system-resource-usage-monitor-srum-afbadb1a375 - [1284]: https://web.archive.org/web/https://www.sans.org/blog/timestamped-registry-ntfs-artifacts-from-unallocated-space/ - [1285]: https://web.archive.org/web/https://dban.org/ - [1286]: https://web.archive.org/web/https://crystalmark.info/en/software/crystaldiskinfo/ - [1287]: https://wikiless.org/wiki/Faraday_cage - [1288]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Faraday_cage - [1289]: https://web.archive.org/web/20211011220410/https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1165&context=adf - [1290]: https://web.archive.org/web/https://arxiv.org/pdf/1512.05616.pdf - [1291]: https://web.archive.org/web/https://dl.acm.org/doi/pdf/10.1145/3309074.3309076 - [1292]: https://yewtu.be/watch?v=sO98kDLkh-M - [1293]: https://wikiless.org/wiki/Touch_DNA - [1294]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Touch_DNA - [1295]: https://web.archive.org/web/https://www.yourdnaguide.com/ydgblog/dna-hair-samples-postage-stamps - [1296]: https://web.archive.org/web/https://github.com/mhinkie/ooni-detection - [1297]: https://wikiless.org/wiki/File_verification - [1298]: https://web.archive.org/web/https://en.wikipedia.org/wiki/File_verification - [1299]: https://wikiless.org/wiki/Cyclic_redundancy_check - [1300]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Cyclic_redundancy_check - [1301]: https://wikiless.org/wiki/MD5 - [1302]: https://web.archive.org/web/https://en.wikipedia.org/wiki/MD5 - [1303]: https://wikiless.org/wiki/Collision_(computer_science) - [1304]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Collision_(computer_science) - [1305]: https://wikiless.org/wiki/Secure_Hash_Algorithms - [1306]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Secure_Hash_Algorithms - [1307]: https://wikiless.org/wiki/SHA-2 - [1308]: https://web.archive.org/web/https://en.wikipedia.org/wiki/SHA-2 - [1309]: https://wikiless.org/wiki/Collision_resistance - [1310]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Collision_resistance - [1311]: https://web.archive.org/web/https://wiki.gnupg.org/Gpg4win/CheckIntegrity - [1312]: https://web.archive.org/web/https://scribe.rip/@EvgeniIvanov/how-to-verify-checksum-on-mac-988f166b0c4f - [1313]: https://web.archive.org/web/https://medium.com/@EvgeniIvanov/how-to-verify-checksum-on-mac-988f166b0c4f - [1314]: https://wikiless.org/wiki/GNU_Privacy_Guard - [1315]: https://web.archive.org/web/https://en.wikipedia.org/wiki/GNU_Privacy_Guard - [1316]: https://wikiless.org/wiki/Public-key_cryptography - [1317]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Public-key_cryptography - [1318]: https://wikiless.org/wiki/Polymorphic_code - [1319]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Polymorphic_code - [1320]: https://web.archive.org/web/https://www.whonix.org/wiki/Malware_and_Firmware_Trojans - [1321]: https://web.archive.org/web/https://forums.whonix.org/t/installation-of-antivirus-scanners-by-default/9755/8 - [1322]: https://web.archive.org/web/https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2018-2019.pdf - [1323]: https://web.archive.org/web/https://www.zdnet.com/article/eset-discovers-21-new-linux-malware-families/ - [1324]: https://web.archive.org/web/https://nakedsecurity.sophos.com/2019/07/25/evilgnome-linux-malware-aimed-at-your-laptop-not-your-servers/ - [1325]: https://web.archive.org/web/https://blog.imunify360.com/hiddenwasp-how-to-detect-malware-hidden-on-linux-iot - [1326]: https://wikiless.org/wiki/Linux_malware - [1327]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Linux_malware - [1328]: https://wikiless.org/wiki/MacOS_malware - [1329]: https://web.archive.org/web/https://en.wikipedia.org/wiki/MacOS_malware - [1330]: https://web.archive.org/web/https://www.macworld.co.uk/feature/mac-viruses-list-3668354/ - [1331]: https://web.archive.org/web/https://resources.jamf.com/documents/macmalware-2020.pdf - [1332]: https://web.archive.org/web/https://imagetragick.com/ - [1333]: https://web.archive.org/web/https://docs.oracle.com/en/virtualization/virtualbox/6.0/admin/hyperv-support.html - [1334]: https://web.archive.org/web/https://zeltser.com/analyzing-malicious-documents/ - [1335]: https://wikiless.org/wiki/Portable_application - [1336]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Portable_application - [1337]: https://web.archive.org/web/https://blackgnu.net/brave-is-shit.html - [1338]: https://web.archive.org/web/https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields - [1339]: https://web.archive.org/web/https://venturebeat.com/2020/01/15/browser-benchmark-battle-january-2020-chrome-firefox-edge-brave/view-all/ - [1340]: https://web.archive.org/web/https://madaidans-insecurities.github.io/firefox-chromium.html - [1341]: https://web.archive.org/web/https://grapheneos.org/usage#web-browsing - [1342]: https://web.archive.org/web/https://www.researchgate.net/publication/349979628_Web_Browser_Privacy_What_Do_Browsers_Say_When_They_Phone_Home - [1343]: https://web.archive.org/web/https://qua3k.github.io/ungoogled/ - [1344]: https://web.archive.org/web/https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-windows-defender-application-guard - [1345]: https://web.archive.org/web/https://www.pcmag.com/news/mozilla-signs-lucrative-3-year-google-search-deal-for-firefox - [1346]: https://wikiless.org/wiki/Virtualization - [1347]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Virtualization - [1348]: https://web.archive.org/web/https://github.com/Yawning/obfs4/ - [1349]: https://web.archive.org/web/https://tb-manual.torproject.org/circumvention/ - [1350]: https://wikiless.org/wiki/Domain_fronting - [1351]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Domain_fronting - [1352]: https://web.archive.org/web/https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17569 - [1353]: https://web.archive.org/web/https://www.vice.com/en/article/93ypke/the-nsa-and-cia-use-ad-blockers-because-online-advertising-is-so-dangerous - [1354]: https://web.archive.org/web/20220508125004/https://bitcoinmagazine.com/technical/a-comprehensive-bitcoin-coinjoin-guide - [1355]: https://web.archive.org/web/https://www.sans.org/blog/nist-has-spoken-death-to-complexity-long-live-the-passphrase/ - [1356]: https://web.archive.org/web/https://www.zdnet.com/article/fbi-recommends-passphrases-over-password-complexity/ - [1357]: https://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2015/03/26/passphrases-can-memorize-attackers-cant-guess/ - [1358]: https://web.archive.org/web/https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/ - [1359]: https://web.archive.org/web/https://proton.me/blog/protonmail-com-blog-password-vs-passphrase - [1360]: https://yewtu.be/watch?v=yzGzB-yYKcc - [1361]: https://wikiless.org/wiki/Passphrase#Passphrase_selection - [1362]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Passphrase#Passphrase_selection - [1363]: https://web.archive.org/web/https://github.com/insight-decentralized-consensus-lab/post-quantum-monero/blob/master/writeups/technical_note.pdf - [1364]: https://web.archive.org/web/https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis - [1365]: https://web.archive.org/web/https://github.com/psal/anonymouth - [1366]: https://web.archive.org/web/https://psal.cs.drexel.edu/index.php/Main_Page - [1367]: https://web.archive.org/web/20220511015546/https://www.qubes-os.org/security/verifying-signatures/ - [1371]: https://web.archive.org/web/https://positive.security/blog/video-depixelation - [1372]: https://web.archive.org/web/https://www.qubes-os.org/doc/upgrade/4.1/ - [1373]: https://web.archive.org/web/https://safing.io/portmaster/ - [1374]: https://web.archive.org/web/https://safing.io/portmaster/https://docs.safing.io/portmaster/install/status/vpn-compatibility - [1375]: https://web.archive.org/web/https://blogs.oracle.com/virtualization/post/install-microsoft-windows-11-on-virtualbox - [1376]: https://web.archive.org/web/https://www.whonix.org/wiki/Release_Upgrade_Whonix_15_to_Whonix_16 - [1377]: https://web.archive.org/web/https://mullvad.net/en/help/qubes-os-4-and-mullvad-vpn/ - [1378]: https://web.archive.org/web/https://www.qubes-os.org/doc/anti-evil-maid/ - [1379]: https://web.archive.org/web/https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html - [1380]: https://web.archive.org/web/https://github.com/QubesOS/qubes-antievilmaid - [1381]: https://web.archive.org/web/20220717064253/https://dan-kir.github.io/2022/05/26/OPSEC-notes.html - [1382]: https://www.youtube.com/watch?v=J1q4Ir2J8P8 - [1383]: https://web.archive.org/web/20220714213939/https://officercia.mirror.xyz/4x2-M4R2cSnID1wpsTO4CQNrMQ5JUFouR-rZ_N4xO-Q - [1384]: https://web.archive.org/web/20220718231735/https://officercia.mirror.xyz/5KSkJOTgMtvgC36v1GqZ987N-_Oj_zwvGatOk0A47Ws - [1385]: https://web.archive.org/web/20220516000616/https://officercia.mirror.xyz/WeAilwJ9V4GIVUkYa7WwBwV2II9dYwpdPTp3fNsPFjo - [1386]: https://web.archive.org/web/20220720023429/https://leakuidatorplusteam.github.io/ - [1387]: https://web.archive.org/web/20220801151048/https://support.torproject.org/glossary/moat/ - [1388]: https://web.archive.org/web/20220708014922/https://blog.torproject.org/run-tor-bridges-defend-open-internet/ [1389]: media/image59.png From cba1af022cdaf9358bbf99d38c188bbba0050ed5 Mon Sep 17 00:00:00 2001 From: pterocles Date: Wed, 24 Aug 2022 16:21:48 -0400 Subject: [PATCH 2/8] Small fixes * Organizational fixes will work for now until later when we can cleanup. * Missed a few superscript links I think it looks beautiful! Signed-off-by: pterocles --- guide.md | 59 ++++++++++++++++++++++---------------------------------- 1 file changed, 23 insertions(+), 36 deletions(-) diff --git a/guide.md b/guide.md index 3d654de..3ff44df 100644 --- a/guide.md +++ b/guide.md @@ -28,7 +28,7 @@ The manual is here: , quick-start guide here: **Your experience may vary.** **Remember to check regularly for an updated version of this guide.** -This guide is a non-profit open-source initiative, licensed under Creative Commons **Attribution-NonCommercial** 4.0 International ([cc-by-nc-4.0][] [[Archive.org]](https://web.archive.org/web/https://creativecommons.org/licenses/by-nc/4.0/)). +This guide is a non-profit open-source initiative, licensed under Creative Commons **Attribution-NonCommercial** 4.0 International ([cc-by-nc-4.0](https://creativecommons.org/licenses/by-nc/4.0/) [[Archive.org]](https://web.archive.org/web/https://creativecommons.org/licenses/by-nc/4.0/)). - For mirrors see [Appendix A6: Mirrors] @@ -491,13 +491,13 @@ There are many ways you can be tracked besides browser cookies and ads, your e-m First, you could also consider these more general resources on privacy and security to learn more basics: -- The New Oil*: [[Archive.org]](https://web.archive.org/web/https://thenewoil.org/) +- The New Oil\*: [[Archive.org]](https://web.archive.org/web/https://thenewoil.org/) -- Techlore videos*: [[Invidious]](https://yewtu.be/c/Techlore) +- Techlore videos\*: [[Invidious]](https://yewtu.be/c/Techlore) - Privacy Guides: [[Archive.org]](https://web.archive.org/web/https://privacyguides.org/) -- Privacy Tools*: [[Archive.org]](https://web.archive.org/web/https://privacytools.io/) +- Privacy Tools\*: [[Archive.org]](https://web.archive.org/web/https://privacytools.io/) *Note that these websites could contain affiliate/sponsored content and/or merchandising. This guide does not endorse and is not sponsored by any commercial entity in any way.* @@ -1430,8 +1430,8 @@ Installing the [NoScript](https://noscript.net/) extension will prevent the atta - Release tweet: [[Archive.org]](https://web.archive.org/web/https://twitter.com/ma1/status/1557751019945299969) - User explanation: [[Archive.org]](https://web.archive.org/web/https://noscript.net/usage/#crosstab-identity-leak-protection) - Tor Project Forum Post: [[Archive.org]](https://web.archive.org/web/https://forum.torproject.net/t/tor-browser-can-leak-your-identity-through-side-channel-attack/4005/2) -- NoScript extension for Firefox (Firefox, and other Firefox-based browsers except Tor Browser): https://addons.mozilla.org/en-US/firefox/addon/noscript/ -- NoScript extension for Chromium based browsers (Brave, Chrome, Edge, and other Chromium-based browsers): https://chrome.google.com/webstore/detail/noscript/doojmbjmlfjjnbmnoijecmcbfeoakpjm?hl=en +- NoScript extension for Firefox (Firefox, and other Firefox-based browsers except Tor Browser): +- NoScript extension for Chromium based browsers (Brave, Chrome, Edge, and other Chromium-based browsers): ### Alternative to NoScript for all other browsers: @@ -9386,7 +9386,7 @@ You must live by the simple rule that "loose lips sink ships" - but also that th - 2020, RSA Conference 2020, When Cybercriminals with Good OpSec Attack [[Invidious]](https://yewtu.be/watch?v=zXmZnU2GdVk) - - 2015, DEF CON 22, Adrian Crenshaw, Dropping Docs on Darknets: How People Got Caught [[Invidious]](https://yewtu.be/watch?v=eQ2OZKitRwc) ([Slides][] [[Archive.org]](https://web.archive.org/web/https://www.defcon.org/images/defcon-22/dc-22-presentations/Crenshaw/DEFCON-22-Adrian-Crenshaw-Dropping-Docs-on-Darknets-How-People-Got-Caught-UPDATED.pdf)) + - 2015, DEF CON 22, Adrian Crenshaw, Dropping Docs on Darknets: How People Got Caught [[Invidious]](https://yewtu.be/watch?v=eQ2OZKitRwc) ([Slides](https://www.defcon.org/images/defcon-22/dc-22-presentations/Crenshaw/DEFCON-22-Adrian-Crenshaw-Dropping-Docs-on-Darknets-How-People-Got-Caught-UPDATED.pdf) [[Archive.org]](https://web.archive.org/web/https://www.defcon.org/images/defcon-22/dc-22-presentations/Crenshaw/DEFCON-22-Adrian-Crenshaw-Dropping-Docs-on-Darknets-How-People-Got-Caught-UPDATED.pdf)) - 2017, Ochko123 - How the Feds Caught Russian Mega-Carder Roman Seleznev [[Invidious]](https://yewtu.be/watch?v=6Chp12sEnWk) @@ -11110,7 +11110,7 @@ Here is a comparison table of one fingerprinting test of various browsers with t -- *: macOS only. **: Windows only. +- \*: macOS only. \*\*: Windows only. Another useful resource to be considered for comparing browsers is: [[Archive.org]](https://web.archive.org/web/https://privacytests.org/) @@ -12352,7 +12352,7 @@ First, please read this small introduction video to Monero: [[Invidious]](https://yewtu.be/watch?v=j02QoI4ZlnU) +You may want to watch this insightful video for more details: [[Invidious]](https://yewtu.be/watch?v=j02QoI4ZlnU) Also please consider reading: **** [[Archive.org]](https://web.archive.org/web/https://github.com/monero-project/monero/blob/master/docs/ANONYMITY_NETWORKS.md#privacy-limitations) @@ -12372,7 +12372,7 @@ Here are various threat modeling resources if you want to go deeper in threat mo - It is used in the making of the Threat Modeling Manifesto: [[Archive.org]](https://web.archive.org/web/https://www.threatmodelingmanifesto.org/) ![][1389] -(Illustration from [LINDDUN2015]) +(Illustration from [LINDDUN2015](https://lirias.kuleuven.be/retrieve/295669) Here are alternative resources and models if LINDDUN doesn't suit you: @@ -13781,9 +13781,18 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte [Appendix B4: Important notes about evil-maid and tampering]: #appendix-b4-important-notes-about-evil-maid-and-tampering [Appendix B5: Types of CPU attacks:]: #appendix-b5-types-of-cpu-attacks [References:]: #references - [cc-by-nc-4.0]: https://creativecommons.org/licenses/by-nc/4.0/ - [LINDDUN2015]: https://lirias.kuleuven.be/retrieve/295669 - [https://matrix.to/#/#anonymity:matrix.org]: https://matrix.to/#/ + [Tor over VPN]: #tor-over-vpn + [The Detached Headers Way]: #the-detached-headers-way + [The Veracrypt Way]: #the-veracrypt-way + [Route A and B: Simple Encryption using Veracrypt (Windows tutorial)]: #route-a-and-b-simple-encryption-using-veracrypt-windows-tutorial + [Adversaries (threats)]: #threats + [Virtualbox Hardening recommendations]: #virtualbox-hardening-recommendations + [Hardening Linux]: #hardening-linux + [Hardening macOS]: #hardening-macos + [Note about plausible deniability on Linux]: #note-about-plausible-deniability-on-linux + [Online Phone Number (less recommended)]: #online-phone-number + [Extra Tools Cleaning]: #extra-tools-cleaning + [Printing Watermarking]: #printing-watermarking [38]: media/image1.jpeg [39]: media/image2.jpeg [40]: media/image3.jpeg @@ -13794,68 +13803,47 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte [67]: media/image8.jpeg [68]: media/image9.jpeg [69]: media/image10.jpeg - [96]: https://archive.ph/iuowI [113]: media/image11.jpeg [115]: media/image12.jpeg [133]: media/image13.jpeg [142]: media/image14.jpeg - [143]: https://scribe.rip/@somdevsangwan/unblurring-images-for-osint-and-more-part-1-5ee36db6a70b - [145]: https://scribe.rip/@somdevsangwan/deblurring-images-for-osint-part-2-ba564af8eb5d [147]: media/image15.jpeg [150]: media/image16.jpeg [171]: media/image17.jpeg [220]: media/image18.jpeg - [228]: http://cryptonx6nsmspsnpicuihgmbbz3qvro4na35od3eht4vojdo7glm6yd.onion [246]: media/image19.jpeg - [Tor over VPN]: #tor-over-vpn [259]: media/image20.jpeg [260]: media/image21.jpeg - [The Detached Headers Way]: #the-detached-headers-way - [The Veracrypt Way]: #the-veracrypt-way - [Route A and B: Simple Encryption using Veracrypt (Windows tutorial)]: #route-a-and-b-simple-encryption-using-veracrypt-windows-tutorial [305]: media/image22.jpeg [306]: #_Appendix_C:_Windows [310]: media/image23.jpeg [311]: media/image24.jpeg [313]: media/image25.jpeg [314]: media/image26.jpeg - [Adversaries (threats)]: #threats [330]: media/image27.jpeg [331]: media/image28.jpeg - [Virtualbox Hardening recommendations]: #virtualbox-hardening-recommendations - [Hardening Linux]: #hardening-linux - [Hardening macOS]: #hardening-macos [356]: media/image29.jpeg [357]: media/image30.jpeg [358]: media/image31.jpeg [366]: media/image32.jpeg [367]: media/image33.jpeg - [Note about plausible deniability on Linux]: #note-about-plausible-deniability-on-linux [388]: media/image34.jpeg [389]: media/image35.jpeg - [393]: http://vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion/ [394]: media/image36.jpeg [395]: media/image37.jpeg [396]: media/image38.jpeg - [Online Phone Number (less recommended)]: #online-phone-number [402]: media/image39.jpeg [450]: media/image40.jpeg - [462]: http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/ [482]: media/image41.jpeg [483]: media/image42.jpeg [484]: media/image43.jpeg [487]: media/image44.jpeg - [Extra Tools Cleaning]: #extra-tools-cleaning [501]: media/image45.jpeg [506]: media/image46.jpeg - [519]: https://web.archive.org/web/https://0xacab.org/jvoisin/mat2 [520]: media/image47.jpeg - [Slides]: https://www.defcon.org/images/defcon-22/dc-22-presentations/Crenshaw/DEFCON-22-Adrian-Crenshaw-Dropping-Docs-on-Darknets-How-People-Got-Caught-UPDATED.pdf - [559]: http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion/donations.html [560]: media/image48.jpeg [561]: media/image49.jpeg [562]: media/image50.jpeg - [Printing Watermarking]: #printing-watermarking [629]: media/image51.jpeg [632]: media/image52.jpeg [685]: media/image53.jpeg @@ -13864,6 +13852,5 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte [689]: media/image56.png [690]: media/image57.png [698]: media/image58.jpeg - [745]: https://web.archive.org/web/https://www.threatmodelingmanifesto.org/ - [825]: https://scribe.rip/@brannondorsey/wi-fi-is-broken-3f6054210fa5 [1389]: media/image59.png + \ No newline at end of file From ec306242f7dc0650fad5665c6c02d1ac49ef8484 Mon Sep 17 00:00:00 2001 From: TwoSixtyThreeFiftyFour <108928957+TwoSixtyThreeFiftyFour@users.noreply.github.com> Date: Thu, 25 Aug 2022 02:25:25 +0000 Subject: [PATCH 3/8] Fixed some .onion links that were HTTPS when only working on HTTP Fixed some .onion links that were HTTPS when only working on HTTP --- guide.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/guide.md b/guide.md index 3ff44df..1d2a11f 100644 --- a/guide.md +++ b/guide.md @@ -1295,7 +1295,7 @@ Pictures/Videos often contain visible watermarks indicating who is the owner/cre So, if you are a whistleblower and thinking about leaking some picture/audio/video file. Think twice. There are chances that those might contain invisible watermarking within them that would include information about you as a viewer. Such watermarks can be enabled with a simple switch in like Zoom (Video[^223] or Audio[^224]) or with extensions[^225] for popular apps such as Adobe Premiere Pro. These can be inserted by various content management systems. -For a recent example where someone leaking a Zoom meeting recording was caught because it was watermarked: [[Tor Mirror]](https://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2021/01/18/leak-zoom-meeting/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2021/01/18/leak-zoom-meeting/) +For a recent example where someone leaking a Zoom meeting recording was caught because it was watermarked: [[Tor Mirror]](http://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2021/01/18/leak-zoom-meeting/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2021/01/18/leak-zoom-meeting/) Such watermarks can be inserted by various products[^226]'[^227]'[^228]'[^229] using Steganography[^230] and can resist compression[^231] and re-encoding[^232]'[^233]. @@ -6927,7 +6927,7 @@ Unfortunately, you will be extremely limited with that account and to do anythin - Will they require a phone number? Maybe. This depends on the IP you are coming from. If you come from Tor, it is likely. From a VPN, it is less likely. -- Can you create accounts through Tor? Yes, but highly likely that a phone number will be required when only an e-mail or a captcha will be required over a VPN. They even have a ".onion" address at . +- Can you create accounts through Tor? Yes, but highly likely that a phone number will be required when only an e-mail or a captcha will be required over a VPN. They even have a ".onion" address at . You obviously need an e-mail for your online identity and disposable e-mails are pretty much banned everywhere. @@ -7679,7 +7679,7 @@ Finally, Open-Source apps should always be preferred because they allow third pa
  • Telegram Documentation, MTProto Mobile Protocol https://core.telegram.org/mtproto [Archive.org]↩︎

  • Wikipedia, Telegram Security Breaches, https://en.wikipedia.org/wiki/Telegram_(software)#Security_breaches [Wikiless] [Archive.org]↩︎

  • TechCrunch, Maybe we shouldn’t use Zoom after all, https://techcrunch.com/2020/03/31/zoom-at-your-own-risk/ [Archive.org]↩︎

  • -
  • The Incercept, Zoom Meetings Aren’t End-to-End Encrypted, Despite Misleading Marketing https://theintercept.com/2020/03/31/zoom-meeting-encryption/ [Tor Mirror] [Archive.org]↩︎

  • +
  • The Incercept, Zoom Meetings Aren’t End-to-End Encrypted, Despite Misleading Marketing https://theintercept.com/2020/03/31/zoom-meeting-encryption/ [Tor Mirror] [Archive.org]↩︎

  • Serpentsec, Secure Messaging: Choosing a chat app https://web.archive.org/web/https://serpentsec.1337.cx/secure-messaging-choosing-a-chat-app↩︎

  • Berty, Development, https://berty.tech↩︎

  • Tox Handshake Vulnerable to KCI, https://github.com/TokTok/c-toxcore/issues/426↩︎

  • @@ -12003,7 +12003,7 @@ Personally, my favorites are: Note that some of those have a convenient ".onion" address: -- DuckDuckGo: +- DuckDuckGo: In the end, we were often not satisfied with the results of both those search engines and still ended up on Bing or Google. @@ -12602,7 +12602,7 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte [^92]: Apple, Transparency Report, Device Requests [[Archive.org]](https://web.archive.org/web/https://www.apple.com/legal/transparency/device-requests.html) -[^93]: The Intercept, How Cops Can Secretly Track Your Phone [[Tor Mirror]](https://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/) +[^93]: The Intercept, How Cops Can Secretly Track Your Phone [[Tor Mirror]](http://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/) [^94]: Wikipedia, IMSI Catcher [[Wikiless]](https://wikiless.org/wiki/IMSI-catcher) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/IMSI-catcher) @@ -12782,7 +12782,7 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte [^182]: Washington Post, Huawei tested AI software that could recognize Uighur minorities and alert police, report says [[Archive.org]](https://web.archive.org/web/https://www.washingtonpost.com/technology/2020/12/08/huawei-tested-ai-software-that-could-recognize-uighur-minorities-alert-police-report-says/) -[^183]: The Intercept, How a Facial Recognition Mismatch Can Ruin Your Life [[Tor Mirror]](https://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2016/10/13/how-a-facial-recognition-mismatch-can-ruin-your-life/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2016/10/13/how-a-facial-recognition-mismatch-can-ruin-your-life/) +[^183]: The Intercept, How a Facial Recognition Mismatch Can Ruin Your Life [[Tor Mirror]](http://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2016/10/13/how-a-facial-recognition-mismatch-can-ruin-your-life/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2016/10/13/how-a-facial-recognition-mismatch-can-ruin-your-life/) [^184]: Vice, Facial Recognition Failures Are Locking People Out of Unemployment Systems [[Archive.org]](https://web.archive.org/web/https://www.vice.com/en/article/5dbywn/facial-recognition-failures-are-locking-people-out-of-unemployment-systems) @@ -12838,7 +12838,7 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte [^210]: BBC, China social media: WeChat and the Surveillance State [[Archive.org]](https://web.archive.org/web/https://www.bbc.com/news/blogs-china-blog-48552907) -[^211]: The Intercept, Revealed: Massive Chinese Police Database [[Tor Mirror]](https://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2021/01/29/china-uyghur-muslim-surveillance-police/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2021/01/29/china-uyghur-muslim-surveillance-police/) +[^211]: The Intercept, Revealed: Massive Chinese Police Database [[Tor Mirror]](http://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2021/01/29/china-uyghur-muslim-surveillance-police/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2021/01/29/china-uyghur-muslim-surveillance-police/) [^212]: Wikipedia, Sandbox [[Wikiless]](https://wikiless.org/wiki/Sandbox_(computer_security)) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Sandbox_(computer_security)) @@ -13470,7 +13470,7 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte [^529]: ZDnet, FBI recommends passphrases over password complexity [[Archive.org]](https://web.archive.org/web/https://www.zdnet.com/article/fbi-recommends-passphrases-over-password-complexity/) -[^530]: The Intercept, Passphrases That You Can Memorize --- But That Even the NSA Can't Guess [[Tor Mirror]](https://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2015/03/26/passphrases-can-memorize-attackers-cant-guess/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/) +[^530]: The Intercept, Passphrases That You Can Memorize --- But That Even the NSA Can't Guess [[Tor Mirror]](http://27m3p2uv7igmj6kvd4ql3cct5h3sdwrsajovkkndeufumzyfhlfev4qd.onion/2015/03/26/passphrases-can-memorize-attackers-cant-guess/) [[Archive.org]](https://web.archive.org/web/https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/) [^531]: Proton Blog, Let's settle the password vs. passphrase debate once and for all [[Archive.org]](https://web.archive.org/web/https://proton.me/blog/protonmail-com-blog-password-vs-passphrase) @@ -13853,4 +13853,4 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte [690]: media/image57.png [698]: media/image58.jpeg [1389]: media/image59.png - \ No newline at end of file + From 9f133c439d6d81c10cd63b8c47b2fbf741a37ec7 Mon Sep 17 00:00:00 2001 From: TwoSixtyThreeFiftyFour <108928957+TwoSixtyThreeFiftyFour@users.noreply.github.com> Date: Thu, 25 Aug 2022 09:29:21 +0000 Subject: [PATCH 4/8] Re-adding missing B6 and car warning. Re-adding missing B6 and car warning. --- guide.md | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) diff --git a/guide.md b/guide.md index 1d2a11f..41bab9e 100644 --- a/guide.md +++ b/guide.md @@ -385,6 +385,7 @@ Finally note that this guide does mention and even recommends various commercial - [Appendix B3: Threat modeling resources] - [Appendix B4: Important notes about evil-maid and tampering] - [Appendix B5: Types of CPU attacks:] +- [Appendix B6: Warning for using Orbot on Android]: #appendix-b6-warning-for-using-orbot-on-android - [References:] # Pre-requisites and limitations: @@ -2149,6 +2150,8 @@ However, the Safer level should be used with some extra precautions while using Now, you are really done, and you can now surf the web anonymously from your Android device. +**Please see** [Warning for using Orbot on Android][Appendix B6: Warning for using Orbot on Android]. + ### iOS: **Disclaimer: Onion Browser, following a 2018 release on iOS, has had IP leaks via WebRTC. It is still the only officially endorsed browser for the Tor network for iOS. Users should exercise caution when using the browser and check for any DNS leaks.** @@ -10402,7 +10405,9 @@ When conducting sensitive activities, remember that: - Warning: consider that sensor data itself can also be reliably used to track you[^468]'[^469]. -- **Consider leaving your smart devices at home online and doing something (watching YouTube/Netflix or something similar) instead of taking them with you powered off. This will mitigate tracking efforts but also create digital traces that could indicate you were at home.** +- Consider leaving your smart devices at home online and doing something (watching YouTube/Netflix or something similar) instead of taking them with you powered off. This will mitigate tracking efforts but also create digital traces that could indicate you were at home. + + - **This could also include your car which could for example have a cell network device (including at least an IMEI) and a functionality to call emergency services** Additionally, if using a smartphone as a burner, know that they send a lot of diagnostics by default. Enough to potentially identify you based on your device usage patterns (a technique known as biometric profiling). You should avoid using your burner unless absolutely necessary, to minimize the information that can be collected and used to identify you. @@ -10416,11 +10421,11 @@ Additionally, if using a smartphone as a burner, know that they send a lot of di - **Sky ECC: ** [[Wikiless]](https://wikiless.org/wiki/Sky_ECC) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Sky_ECC) -**You should never rely on some external commercial service to protect your anonymity.** +**You should never rely on an external commercial service to ensure your first line of anonymity. But you will see that paid services can still be used later from an already anonymous identity if bought anonymously while observing good operational security.** # Appendix O: Getting an anonymous VPN/Proxy -If you follow my advice, you will also need a VPN subscription but this time you will need an anonymous one that cannot be tied to you by the financial system. Meaning you will need to buy a VPN subscription with cash or a reasonably private cryptocurrency (Monero). You will later use this VPN to connect to the various services anonymously but never directly from your IP. +If you follow our advice, you will also need a VPN subscription but this time you will need an anonymous one that cannot be tied to you by the financial system. Meaning you will need to buy a VPN subscription with cash or a reasonably private cryptocurrency (for example Monero). You will later be able to use this VPN to connect to various services anonymously but **never directly from your IP**. This VPN can never be used in any other non-anonymous context without jeopardzing your anonymity. There are, two viable options: @@ -12413,6 +12418,22 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte - [SQUIP](https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) [[Archive.org]](https://web.archive.org/web/20220812082548/https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) - Scheduler Queue Usage via Interface Probing. All of AMD's Zen CPUs are vulnerable to a medium-severity flaw which can allow threat actors to run side-channel attacks. - [Hertzbleed](https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) [[Archive.org]](https://web.archive.org/web/20220712000058/https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) - Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit. - [Retbleed](https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) [[Archive.org]](https://web.archive.org/web/20220804151557/https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) - Retbleed focuses on return instructions, which are part of the retpoline software mitigation against the speculative execution class of attacks that became known starting early 2018, with Spectre. + +# Appendix B6: Warning for using Orbot on Android + +While this is often misunderstood, Orbot on Android does not make your "Tor-Enabled Apps" go through Tor if you add them to the list. Orbot is acting as a device-wide VPN or (also known as a transparent proxy). The list of apps using Orbot is a whitelist. This list will not make some apps magically use Tor and unchecked ones use the clear-net. This only ensures the device-wide VPN is using Tor to route traffic. This means that Orbot can only control what app can access the VPN it creates. Other apps will lose connectivity. + +What is important to know is that, if you launch an app (or Android does it automatically) while Orbot is not running, the app will just use the normal network, without involving Orbot (with the exception of some apps supporting a proxy Orbot). + +Additionally, you should not be surprised by Tor Browser not working when using Orbot in VPN mode, as the Tor design does not allow "Tor over Tor" (you cannot re-enter the Tor network from a Tor exit node). + +This is explained rather well by Alexander Færøy, who is a core developer at the Tor Project, in their [TorifyHOWTO: Tor over Tor](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorifyHOWTO#tor-over-tor). + +"When using a transparent proxy, it is possible to start a Tor session from the client as well as from the transparent proxy (read the warning!), creating a "Tor over Tor" scenario. Doing so produces undefined and potentially unsafe behavior. In theory, however, you can get six hops instead of three, but it is not guaranteed that you'll get three different hops - you could end up with the same hops, maybe in reverse or mixed order. It is not clear if this is safe. It has never been discussed. You can choose an entry/exit point, but you get the best security that Tor can provide when you leave the route selection to Tor; overriding the entry / exit nodes can mess up your anonymity in ways we don't understand. Therefore Tor over Tor usage is highly discouraged." + +And from [a post](https://tor.stackexchange.com/questions/427/is-running-tor-over-tor-dangerous) on the Tor Stack Exchange: + +"The danger (beyond the performance hit) which keeps me from running Tor over Tor has to do with timing and congestion measurements. Adversaries watching your traffic at the exit(s) of your circuits have a better chance of linking your Whonix activity with your [Tor Browser Bundle] activity when those shared circuits slow down or drop packets at the same time. This can happen without Tor over Tor when your instances use a common upstream link. The linkage will be made tighter and more explicit if you run the Whonix Tor traffic through your TBB SOCKS5 Tor circuits. This tighter linkage raises the danger of successful correlation." --- @@ -13780,6 +13801,7 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte [Appendix B3: Threat modeling resources]: #appendix-b3-threat-modeling-resources [Appendix B4: Important notes about evil-maid and tampering]: #appendix-b4-important-notes-about-evil-maid-and-tampering [Appendix B5: Types of CPU attacks:]: #appendix-b5-types-of-cpu-attacks + [Appendix B6: Warning for using Orbot on Android]: #appendix-b6-warning-for-using-orbot-on-android [References:]: #references [Tor over VPN]: #tor-over-vpn [The Detached Headers Way]: #the-detached-headers-way @@ -13853,4 +13875,3 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte [690]: media/image57.png [698]: media/image58.jpeg [1389]: media/image59.png - From 69c729b8a086c445beb73cac797af0decb283eac Mon Sep 17 00:00:00 2001 From: TwoSixtyThreeFiftyFour <108928957+TwoSixtyThreeFiftyFour@users.noreply.github.com> Date: Thu, 25 Aug 2022 12:31:06 +0000 Subject: [PATCH 5/8] Update fixes to be in sync with current guide.md Update fixes to be in sync with current guide.md --- guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/guide.md b/guide.md index 41bab9e..3010a0a 100644 --- a/guide.md +++ b/guide.md @@ -10405,7 +10405,7 @@ When conducting sensitive activities, remember that: - Warning: consider that sensor data itself can also be reliably used to track you[^468]'[^469]. -- Consider leaving your smart devices at home online and doing something (watching YouTube/Netflix or something similar) instead of taking them with you powered off. This will mitigate tracking efforts but also create digital traces that could indicate you were at home. + - Consider leaving your smart devices at home online and doing something (watching YouTube/Netflix or something similar) instead of taking them with you powered off. This will mitigate tracking efforts but also create digital traces that could indicate you were at home. - **This could also include your car which could for example have a cell network device (including at least an IMEI) and a functionality to call emergency services** From 3b8dbde8e6a221a300f3f4678287b45f3e3d7f66 Mon Sep 17 00:00:00 2001 From: TwoSixtyThreeFiftyFour <108928957+TwoSixtyThreeFiftyFour@users.noreply.github.com> Date: Thu, 25 Aug 2022 12:41:40 +0000 Subject: [PATCH 6/8] Sync fixes again Sync fixes again --- guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/guide.md b/guide.md index 3010a0a..2118d55 100644 --- a/guide.md +++ b/guide.md @@ -820,7 +820,7 @@ The IMEI and IMSI can be traced back to you in at least six ways: Here is also a good YouTube video on this topic: DEFCON Safe Mode - Cooper Quintin - Detecting Fake 4G Base Stations in Real-Time [[Invidious]](https://yewtu.be/watch?v=siCk4pGGcqA) -**For these reasons, it is crucial to get dedicated an anonymous phone number and/or an anonymous burner phone with an anonymous pre-paid sim card that is not tied to you in any way (past or present) for conducting sensitive activities (See more practical guidance in [Getting an anonymous Phone number][Getting an anonymous Phone number:] section).** + **For these reasons, it is crucial to get dedicated an anonymous phone number and/or an anonymous burner phone with an anonymous pre-paid sim card that is not tied to you in any way (past or present) for conducting sensitive activities. It is also possible get an anonymous pre-paid but preferably dedicated number from specific free and paid online services accepting anonymous cryptocurrencies like Monero (Get more practical guidance here: [Getting an anonymous Phone number][Getting an anonymous Phone number:]).** While there are some smartphones manufacturers like Purism with their Librem series[^98] who claim to have your privacy in mind, they still do not allow IMEI randomization which we believe is a key anti-tracking feature that should be provided by such manufacturers. While this measure will not prevent IMSI tracking within the SIM card, it would at least allow you to keep the same "burner phone" and only switch SIM cards instead of having to switch both for privacy. From 9de4397764a0f61c870de2b70ab9900e758efe34 Mon Sep 17 00:00:00 2001 From: TwoSixtyThreeFiftyFour <108928957+TwoSixtyThreeFiftyFour@users.noreply.github.com> Date: Thu, 25 Aug 2022 12:52:37 +0000 Subject: [PATCH 7/8] ToC fix Normally the last one --- guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/guide.md b/guide.md index 2118d55..3caaa2e 100644 --- a/guide.md +++ b/guide.md @@ -385,7 +385,7 @@ Finally note that this guide does mention and even recommends various commercial - [Appendix B3: Threat modeling resources] - [Appendix B4: Important notes about evil-maid and tampering] - [Appendix B5: Types of CPU attacks:] -- [Appendix B6: Warning for using Orbot on Android]: #appendix-b6-warning-for-using-orbot-on-android +- [Appendix B6: Warning for using Orbot on Android] - [References:] # Pre-requisites and limitations: From 5d89aca4d4daface1229a02f503ae8f9a0980678 Mon Sep 17 00:00:00 2001 From: pterocles Date: Thu, 25 Aug 2022 09:48:22 -0400 Subject: [PATCH 8/8] Fix grammar in final commits Signed-off-by: pterocles --- guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/guide.md b/guide.md index 3caaa2e..6a4a762 100644 --- a/guide.md +++ b/guide.md @@ -820,7 +820,7 @@ The IMEI and IMSI can be traced back to you in at least six ways: Here is also a good YouTube video on this topic: DEFCON Safe Mode - Cooper Quintin - Detecting Fake 4G Base Stations in Real-Time [[Invidious]](https://yewtu.be/watch?v=siCk4pGGcqA) - **For these reasons, it is crucial to get dedicated an anonymous phone number and/or an anonymous burner phone with an anonymous pre-paid sim card that is not tied to you in any way (past or present) for conducting sensitive activities. It is also possible get an anonymous pre-paid but preferably dedicated number from specific free and paid online services accepting anonymous cryptocurrencies like Monero (Get more practical guidance here: [Getting an anonymous Phone number][Getting an anonymous Phone number:]).** + **For these reasons, it is crucial to get a dedicated anonymous phone number and/or an anonymous burner phone with a cash-bought pre-paid sim card that is not tied to you in any way (past or present) for conducting sensitive activities. It is also possible to get an anonymous pre-paid but preferably dedicated number from free and paid online services accepting anonymous cryptocurrencies like Monero. Get more practical guidance here: [Getting an anonymous Phone number][Getting an anonymous Phone number:].** While there are some smartphones manufacturers like Purism with their Librem series[^98] who claim to have your privacy in mind, they still do not allow IMEI randomization which we believe is a key anti-tracking feature that should be provided by such manufacturers. While this measure will not prevent IMSI tracking within the SIM card, it would at least allow you to keep the same "burner phone" and only switch SIM cards instead of having to switch both for privacy.