diff --git a/graphs/.$sensitive critical data backups.drawio.bkp b/graphs/.$sensitive critical data backups.drawio.bkp index 49303ce..513d1f5 100644 --- a/graphs/.$sensitive critical data backups.drawio.bkp +++ b/graphs/.$sensitive critical data backups.drawio.bkp @@ -1,57 +1,57 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -59,16 +59,16 @@ - + - + - + - + @@ -76,7 +76,7 @@ - + @@ -85,7 +85,7 @@ - + @@ -94,27 +94,27 @@ - + - + - + - + - + - + - + @@ -122,46 +122,46 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -169,57 +169,57 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -228,7 +228,7 @@ - + @@ -237,47 +237,47 @@ - + - + - + - + - + - + - + - + - + - + - + @@ -285,48 +285,48 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -334,7 +334,7 @@ - + @@ -342,21 +342,121 @@ - + - + - + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/graphs/sensitive critical data backups.drawio b/graphs/sensitive critical data backups.drawio index 884cef7..513d1f5 100644 --- a/graphs/sensitive critical data backups.drawio +++ b/graphs/sensitive critical data backups.drawio @@ -1,57 +1,57 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -59,16 +59,16 @@ - + - + - + - + @@ -76,7 +76,7 @@ - + @@ -85,7 +85,7 @@ - + @@ -94,27 +94,27 @@ - + - + - + - + - + - + - + @@ -122,46 +122,46 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -169,57 +169,57 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -228,7 +228,7 @@ - + @@ -237,47 +237,47 @@ - + - + - + - + - + - + - + - + - + - + - + @@ -285,48 +285,48 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -334,7 +334,7 @@ - + @@ -342,21 +342,121 @@ - + - + - + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/imagecompress.sh b/imagecompress.sh old mode 100755 new mode 100644 diff --git a/opsec/plausiblydeniabledataprotection/48.png b/opsec/plausiblydeniabledataprotection/48.png new file mode 100644 index 0000000..dc40b14 Binary files /dev/null and b/opsec/plausiblydeniabledataprotection/48.png differ diff --git a/opsec/plausiblydeniabledataprotection/49.png b/opsec/plausiblydeniabledataprotection/49.png new file mode 100644 index 0000000..fea4570 Binary files /dev/null and b/opsec/plausiblydeniabledataprotection/49.png differ diff --git a/opsec/plausiblydeniabledataprotection/index.html b/opsec/plausiblydeniabledataprotection/index.html index 84b7da1..56c8ecf 100644 --- a/opsec/plausiblydeniabledataprotection/index.html +++ b/opsec/plausiblydeniabledataprotection/index.html @@ -209,9 +209,28 @@ torsocks scp /home/user/diary user@yourremotevpsaddress.onion:/root/diary: -

However be careful if you intend to hide those usb keys in that are not yours (where you normally never go to either), you need to make sure that you are going there without a cellphone on you. As otherwise the adversary would see that your phone has gone to a novel place that you have never been to before, And that gives them hints regarding where you might've hidden the usb keys.

+

However be careful if you intend to hide those usb keys in public places that are not yours (where you normally never go to either), you need to make sure that you are going there without a cellphone on you. As otherwise the adversary would see that your phone has gone to a novel place that you have never been to before, And that gives them hints regarding where you might've hidden the usb keys.

-

Here for instance, the adversary wouldn't see your movements in pink, the only clues they'd have are the movements in red that they can anyway see from their dashboards.

+

Here for instance, the adversary wouldn't see your movements in pink, the only clues they'd have are the movements in red that they can anyway see from their dashboards. However it doesn't stop there, if you actually are a high value target you should instead backup to remote VPSes exclusively, as the authorities will most likely find every physical clues you might leave behind, (you might need to take into account satellite and public covert surveillance too)

+

If you don't want to leave any physical clues behind and stick to digital backups alone, you're going to need to rent 3 cheap remote VPSes in 3 different datacenter locations, from 3 different cloud providers, by using 3 different non-KYC cloud reseller accounts. To know how to rent a VPS anonymously, check out this tutorial:

+ +

Hence your backup.sh script would look like so:

+

+[user ~]% vim backup.sh 
+[user ~]% cat backup.sh 
+
+#!/bin/bash
+
+echo 'remote backup to VPSes rented anonymously...'
+torsocks scp /home/user/diary user@remotevpsaddressA:/root/diary:
+torsocks scp /home/user/diary user@remotevpsaddressB:/root/diary:
+torsocks scp /home/user/diary user@remotevpsaddressC:/root/diary:
+
+[user ~]% chmod +x backup.sh 
+[user ~]% ./backup.sh 
+
+
+

With this second approach, the adversary will only be able to find your laptop, and they'll get the impression that you didn't try to make any backups.

@@ -234,6 +253,20 @@ torsocks scp /home/user/diary user@yourremotevpsaddress.onion:/root/diary:

So your primary data source has been destroyed (including the sensitive VMs and the main diary VC volume), you also realize that they seized and destroyed the usb key you had in your backpack, and in your car. However upon checking further you realize that they didn't get the USB key that you hid in your garden.

Too bad for them, because they didn't find that one usb key you had buried in your garden, so you dig it up, retrieve it, you purchase a new laptop, you set up your sensitive VMs once again, and then you simply plug the usb back in the sensitive VM, and with it you can restore your critical sensitive data (which includes your Keepass accesses, your pgp keys, your ssh keys and monero wallet seed) by copying the files back into your new sensitive use VM.

+ +

In a worse scenario, you could've had all physical backups being seized and destroyed, leaving you with only the remote VPSes that you rented to retrieve your backups. In this usecase All you need to remember is how to access those VPSes via SSH, you need to remember the IP addresses, the username, and the password to SSH back into the VPSes:

+

+[user ~]% scp root@256.51.123.1:/root/diary ~/diary
+
+
+ +

to make it easier to remember the addresses of the remote VPSes (since remembering IP addresses off the top of your head isn't trivial) you could also use a clearnet domain alias (that you also rent anonymously) to easily access those VPSes again.

+

+[user ~]% scp root@your.clearnetdoma.in:/root/diary ~/diary
+
+
+ +

And once restored you can resume your sensitive activities as usual, minus the opsec mistakes you made that led up to your arrest obviously.

diff --git a/opsec/qubesos/Screenshot From 2024-12-05 11-20-03.png b/opsec/qubesos/Screenshot From 2024-12-05 11-20-03.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-26-38.png b/opsec/qubesos/Screenshot From 2024-12-05 16-26-38.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-28-18.png b/opsec/qubesos/Screenshot From 2024-12-05 16-28-18.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-28-40.png b/opsec/qubesos/Screenshot From 2024-12-05 16-28-40.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-28-51.png b/opsec/qubesos/Screenshot From 2024-12-05 16-28-51.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-29-00.png b/opsec/qubesos/Screenshot From 2024-12-05 16-29-00.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-29-12.png b/opsec/qubesos/Screenshot From 2024-12-05 16-29-12.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-29-23.png b/opsec/qubesos/Screenshot From 2024-12-05 16-29-23.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-29-33.png b/opsec/qubesos/Screenshot From 2024-12-05 16-29-33.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-29-47.png b/opsec/qubesos/Screenshot From 2024-12-05 16-29-47.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-29-57.png b/opsec/qubesos/Screenshot From 2024-12-05 16-29-57.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-39-09.png b/opsec/qubesos/Screenshot From 2024-12-05 16-39-09.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-39-27.png b/opsec/qubesos/Screenshot From 2024-12-05 16-39-27.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-40-07.png b/opsec/qubesos/Screenshot From 2024-12-05 16-40-07.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-40-34.png b/opsec/qubesos/Screenshot From 2024-12-05 16-40-34.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-40-42.png b/opsec/qubesos/Screenshot From 2024-12-05 16-40-42.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 17-40-25.png b/opsec/qubesos/Screenshot From 2024-12-05 17-40-25.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 17-40-39.png b/opsec/qubesos/Screenshot From 2024-12-05 17-40-39.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/QubesManager.png b/opsec/qubesosnetwork/QubesManager.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/banking.png b/opsec/qubesosnetwork/banking.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/copy_destination.png b/opsec/qubesosnetwork/copy_destination.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/copy_in_vm.png b/opsec/qubesosnetwork/copy_in_vm.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/create.png b/opsec/qubesosnetwork/create.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/destination_paste.png b/opsec/qubesosnetwork/destination_paste.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/disp_whonix.png b/opsec/qubesosnetwork/disp_whonix.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/dom0_exec.png b/opsec/qubesosnetwork/dom0_exec.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/file_arrived.png b/opsec/qubesosnetwork/file_arrived.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/file_await_transfer.png b/opsec/qubesosnetwork/file_await_transfer.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/firewall-net.png b/opsec/qubesosnetwork/firewall-net.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/firewall-service.png b/opsec/qubesosnetwork/firewall-service.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/manager.png b/opsec/qubesosnetwork/manager.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/master_pasteboard.png b/opsec/qubesosnetwork/master_pasteboard.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/master_pasteboard_wiped.png b/opsec/qubesosnetwork/master_pasteboard_wiped.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/template_install.png b/opsec/qubesosnetwork/template_install.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/template_shutdown.png b/opsec/qubesosnetwork/template_shutdown.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/terminal.png b/opsec/qubesosnetwork/terminal.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/text_arrived.png b/opsec/qubesosnetwork/text_arrived.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/torrent_transmission.png b/opsec/qubesosnetwork/torrent_transmission.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/torrent_vm.png b/opsec/qubesosnetwork/torrent_vm.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/transmission_on.png b/opsec/qubesosnetwork/transmission_on.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/whonix-usage.png b/opsec/qubesosnetwork/whonix-usage.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/whonix_dread.png b/opsec/qubesosnetwork/whonix_dread.png old mode 100644 new mode 100755 diff --git a/rss/rss-roller.rc b/rss/rss-roller.rc old mode 100755 new mode 100644 diff --git a/sed.sh b/sed.sh old mode 100755 new mode 100644