When it comes to using cryptocurrencies as a means for anonymous payments, the guide seems to put a lot of stress on using Zcash and Monero, while outright discouraging the use of Bitcoin. However, Zcash is simply not used by enough people to provide an anonymous means of financial transactions, so long as anonymity requires the ability to hide in a crowd as is relevant here. Just last year, Zcash was attacked by an entity filling up blocks, causing the [chain size to significantly increase](https://blockchair.com/zcash/charts/blockchain-size) without an [increase in transactions](https://blockchair.com/zcash/charts/transaction-count), while only costing the attacker [approximately $10 a day](https://twitter.com/lopp/status/1577718171468972033). Yet Zcash is recommended as the "Extra-Paranoid anonymous option" in "Online anonymous payments using cryptocurrencies". The reasoning stresses that the crypto algorithms would have to be broken in order to harm the anonymity of its users and that isn't true because an anonymity-focused coin that no one uses is **not anonymous** no matter how secure its algorithms are.
The [resources](https://github.com/Anon-Planet/thgtoa/blob/master/guide.md#warning-about-special-tumbling-mixing-coinjoining-privacy-wallets-and-services-wikiless-archiveorg) provided in the warning against special tumbling, mixing, coinjoining privacy wallets and services all target centralized and/or custodial mixing services, while making no mention of modern privacy protocols that work on Bitcoin and give users forward-facing on-chain privacy guarantees today.
This PR hopes to clarify the risks of using centralized mixers/tumblers, point readers to tools that are non-custodial and actually **do** provide users with forward-facing on-chain privacy so that they can use Bitcoin anonymously, and remove recommendations to use Zcash.
Based on a [previous comment](https://github.com/Anon-Planet/thgtoa/pull/28#issuecomment-1145782407), there was hesitancy on adding a recommendation before its gotten significant review. Whirlpool is an implementation of [ZeroLink](https://code.samourai.io/whirlpool/Whirlpool/-/blob/whirlpool/THEORY.md) which breaks all links between a UTXO and its history. Whirlpool has been used on Bitcoin's mainnet since 2019 beginning with its [public beta](https://bitcoinmagazine.com/culture/samourai-wallets-privacy-enhancing-whirlpool-now-in-public-beta) and has since grown to [6743 BTC in unspent capacity](https://twitter.com/SamouraiDev/status/1615708859641004032). This should provide a basis for "significant review" to be able to recommend.
We already use a plethora of VMs in this guide; it's probably not necessary to
make a big deal about VMWare tools.
Signed-off-by: Sharp-tailed Grouse <sharptail@riseup.net>
* Your Browser and Device Fingerprints:
* Microarchitectural Side-channel Deanonymization Attacks
Adds previous documentation on side-channel attacks which can be used
to fingerprint users, presented in 2016. This means this type of
microarchitectural deanonymization attack has been performed
possibly as early on as the first day websites have been able to
perform browser fingerprinting.
Fixes#70: ("Revisiting the Browser and Device Fingerprints &
Microarchitectural Side-channel Deanonymization Attacks sections")
We have two sections for FPing and this clearly defines the meaning of both:
- one section is a brief explanation and intro into Fingerprinting and "why"
- the other provides more technical analysis of things that can be leaked
Signed-off-by: Sharp-tailed Grouse <sharptail@riseup.net>
Adding designed approved quick LINDDUN tutorial video link for getting started. The video has been reviewed positively by LINDDUN designers/researchers on our demand.
1. Avoid usage of multiple tenses or tense-switching at all costs.
2. Avoid using too many words when you can substitute less.
3. At first mention, use lowercase "perfect forward secrecy" followed
by abbr. "PFS".
4. Use common English words, not "defavorable". Try saying "bad" in
most cases. Prefix "de-" usually means "off, from".
- Mentioning those that are outdated/unmaintained and that those will be removed in next releases
- Adding https://github.com/bkil/secuchart which is a maintained project
- Adding disclaimer that we do not necessarily endorse their opinions
- Removed spaces between list items (and we should consider doing that on the whole guide)