diff --git a/opsec/contribute/14.png b/opsec/contribute/14.png index 36af0db..fd34d40 100644 Binary files a/opsec/contribute/14.png and b/opsec/contribute/14.png differ diff --git a/opsec/contribute/9.png b/opsec/contribute/9.png index db6bc7f..fc58e1b 100644 Binary files a/opsec/contribute/9.png and b/opsec/contribute/9.png differ diff --git a/opsec/contribute/index.html b/opsec/contribute/index.html index a70d16c..6bda7e3 100644 --- a/opsec/contribute/index.html +++ b/opsec/contribute/index.html @@ -76,14 +76,14 @@

The Nihilism Blog Organisation

First, look at all the blogposts that are yet to be completed from the opsec index page to see if there are some you'd like to do:

-

Each tutorial (even if completed) has it's own assigned issue on gitea:

+

Each tutorial (even if completed) has it's own assigned issue on gitea:

-

You can pick one that you'd like to do, if you see one that has a red cross you can click on it, it will redirect you to it's assigned gitea issue (example: Easy Private Chats - SimpleX you are free to brainstorm it further like so:

+

You can pick one that you'd like to do, if you see one that has a red cross you can click on it, it will redirect you to it's assigned gitea issue (example: Easy Private Chats - SimpleX you are free to brainstorm it further like so:

The idea being that each issue needs to have a clear todolist to bring clarity on what needs to be done in it. Please check if the tutorial is already assigned to someone already or not:

At first, I am assigning only one contributor per tutorial, and only one tutorial per contributor at a time, with a default deadline of 1 month. to complete the assigned tutorial. (if you want to extend the deadline, you'll have to contact me first).

-

In short, please choose a tutorial that is neither done, nor assigned yet, you can check the status of each tutorial on the project board here:

+

In short, please choose a tutorial that is neither done, nor assigned yet, you can check the status of each tutorial on the project board here:

The list of tutorials that are not assigned yet are in the second column, once you have chosen one just ping me on SimpleX or in the Opsec SimpleX group chat.

You can also submit a suggestion to me directly if you think this blog is missing something crucial, such as a brand new blogpost idea (although make sure it remains on topic for Privacy / Anonymity / Deniability) i am NOT looking for regular Sysadmin tutorials here.

@@ -103,11 +103,12 @@

How to contribute new tutorials

-

Now you first need to sign up on gitea, if you want to maintain your anonymity feel free to get yourself a mailbox anonymously such as signing up on protonmail using the tor browser. and then use that email to sign up onto gitea aswell:

- + +

Now you first need to sign up on gitea, just ping me directly on SimpleX so that i create your account manually.

+

From there, you can fork the repository, from your new account:

You can leave everything as default as shown below:

@@ -115,7 +116,10 @@

Now from there you continue from the commandline, do a git clone the repository you just forked, and do the edits you need to do:


 [ mainpc ] [ /dev/pts/18 ] [~/Documents]
-→ git clone https://git.nowhere.moe/6dv9lk1pbaflulau/blog-contributions
+→ apt install git tor torsocks -y
+
+[ mainpc ] [ /dev/pts/18 ] [~/Documents]
+→ torsocks git clone http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/6dv9lk1pbaflulau/blog-contributions
 Cloning into 'blog-contributions'...
 remote: Enumerating objects: 3400, done.
 remote: Counting objects: 100% (3400/3400), done.
@@ -217,7 +221,7 @@ draw.io/now 24.7.17 amd64 [installed,local]

Preferably copy paste the command outputs into the pre code blocks, so we i can save on storage space as images take alot more space than regular text.

-

Then once your tutorial is finished, don't forget to edit the footer to contain your contact details, your links if you have any, and your monero donation address.

+

Then once your tutorial is finished, don't forget to edit the footer to contain your contact details, your links if you have any, and your monero donation address (which is important as i use that address to pay you for your contribution).

Now your tutorial is ready to be sent over for review. So now you need to git push it to your forked repository like so:


 [ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
@@ -249,8 +253,8 @@ ESC :wq
 
 [ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
 → git push
-Username for 'https://git.nowhere.moe': 6dv9lk1pbaflulau
-Password for 'https://6dv9lk1pbaflulau@git.nowhere.moe':
+Username for 'http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion': 6dv9lk1pbaflulau
+Password for 'https://6dv9lk1pbaflulau@git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion':
 Enumerating objects: 7, done.
 Counting objects: 100% (7/7), done.
 Delta compression using up to 4 threads
@@ -259,15 +263,15 @@ Writing objects: 100% (4/4), 388 bytes | 388.00 KiB/s, done.
 Total 4 (delta 3), reused 0 (delta 0), pack-reused 0
 remote:
 remote: Create a new pull request for '6dv9lk1pbaflulau:main':
-remote:   https://git.nowhere.moe/nihilist/blog-contributions/compare/main...6dv9lk1pbaflulau:main
+remote:   http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/compare/main...6dv9lk1pbaflulau:main
 remote:
 remote: . Processing 1 references
 remote: Processed 1 references in total
-To https://git.nowhere.moe/6dv9lk1pbaflulau/blog-contributions
+To http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/6dv9lk1pbaflulau/blog-contributions
    7c759d3..7067b5c  main -> main
-

Now you have pushed your changes to your forked respository, from there you can make a Pull request (asking me to pull in your changes, to the main repository) as follows:

+

Now you have pushed your changes to your forked respository, from there you can make a Pull request (asking me to pull in your changes, to the main repository) as follows:

@@ -300,9 +304,9 @@ ESC :wq 1 file changed, 1 insertion(+), 1 deletion(-) [ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions] -→ git push -Username for 'https://git.nowhere.moe': 6dv9lk1pbaflulau -Password for 'https://6dv9lk1pbaflulau@git.nowhere.moe': +→ torsocks git push +Username for 'http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion': 6dv9lk1pbaflulau +Password for 'https://6dv9lk1pbaflulau@git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion': Enumerating objects: 9, done. Counting objects: 100% (9/9), done. Delta compression using up to 4 threads @@ -318,126 +322,6 @@ Writing objects: 100% (5/5), 432 bytes | 432.00 KiB/s, done.
- -
-
-
-
-

You can also host the blog yourself!

-

As you may have noticed, the entire blog is Public Domain (Creative Commons Zero license), which means that you can not only save the files for yourself, but you can also run it under your own clearnet or onion domain.

-

To do so you can just git clone it on a VPS like so :

-

-[ Datura ] [ /dev/pts/0 ] [~]
-→ cd /srv
-
-[ Datura ] [ /dev/pts/0 ] [/srv]
-→ git clone https://git.nowhere.moe/nihilist/blog-contributions blog
-
-
-

And then using nginx you can make it publicly accessible over clearnet, or over Tor. Feel free to reuse my nginx config if you want to host it, just change the domains to be your instead.

-

-[ Datura ] [ /dev/pts/0 ] [/srv]
-→ cat /etc/nginx/sites-enabled/blog.nowhere.moe.conf
-server {
-        listen 80;
-        listen [::]:80;
-        server_name blog.nihilism.network;
-        return 301 https://blog.nowhere.moe$request_uri;
-}
-
-server {
-        listen 443 http2 ssl;
-        listen [::]:443 http2 ssl;
-        server_name blog.nihilism.network;
-                ssl_certificate /root/.acme.sh/blog.nihilism.network/fullchain.cer;
-                                ssl_certificate_key /root/.acme.sh/blog.nihilism.network/blog.nihilism.network.key;
-        return 301 https://blog.nowhere.moe$request_uri;
-}
-
-server {
-        listen 80;
-        listen [::]:80;
-        server_name blog.nowhere.moe;
-        return 301 https://$server_name$request_uri;
-}
-
-server {
-        ######## TOR CHANGES ########
-        listen 4443;
-        listen [::]:4443;
-        server_name blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion;
-        add_header Onion-Location "http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion$request_uri" always;
-        ######## TOR CHANGES ########
-
-        listen 443 ssl http2;
-        listen [::]:443 ssl http2;
-        server_name blog.nowhere.moe;
-########################################## HARDENING SSL #############################################
-                ssl_certificate /root/.acme.sh/blog.nowhere.moe/fullchain.cer;
-                                ssl_certificate_key /root/.acme.sh/blog.nowhere.moe/blog.nowhere.moe.key;
-                ssl_dhparam     /root/.acme.sh/dhparam.pem;
-
-
-# SSL Settings
-                ssl_protocols TLSv1.2 TLSv1.3;
-                ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-                ssl_prefer_server_ciphers on;
-
-
-                ssl_session_cache shared:SSL:10m;
-                ssl_session_timeout 10m;
-                ssl_session_tickets off;
-                ssl_ecdh_curve auto;
-
-                # OCSP stapling
-                ssl_stapling on;
-                ssl_stapling_verify on;
-                ssl_trusted_certificate /root/.acme.sh/blog.nowhere.moe/fullchain.cer;
-                resolver 1.1.1.1 208.67.222.222;
-
-                add_header Strict-Transport-Security "max-age=63072000" always;
-
-
-
-
-        access_log  off;
-    error_log off;
-###################################END OF HARDENING SSL###########################################
-
-
-
-                root /srv/blog/;
-                                rewrite ^/servers/anon.html /opsec/index.html permanent;
-                                rewrite ^/servers/(.*)$ /opsec/$1 permanent;
-                index index.html;
-}
-
-

Then you can check if the nginx configuration is correct like so:

-

-[ Datura ] [ /dev/pts/0 ] [/srv]
-→ nginx -t
-nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
-nginx: configuration file /etc/nginx/nginx.conf test is successful
-
-[ Datura ] [ /dev/pts/0 ] [/srv]
-→ systemctl restart nginx
-
-
- -

Now to make sure it remains updated on a hourly basis, you can have the following cronjob:

-

-[ Datura ] [ /dev/pts/0 ] [/srv]
-→ crontab -e
-
-0 * * * git -C /srv/blog pull
-
-
-

And that's it! you're now helping me educate people on what technology can do to enhance their lives :)

- -
-
-
-
diff --git a/opsec/index.html b/opsec/index.html index 7ad5577..f601354 100644 --- a/opsec/index.html +++ b/opsec/index.html @@ -110,7 +110,7 @@
  • ✅ How to have Privacy on your Computer (Linux) ⭐
  • ✅ How to have Privacy on your Phone (GrapheneOS)
  • ❌ How to have Privacy on your Router (Opnsense)
    • -
  • ❌ Easy Private Chats - SimpleX
    • +
  • ✅ Easy Private Chats - SimpleX

    • diff --git a/opsec/privatesimplex/0.png b/opsec/privatesimplex/0.png new file mode 100644 index 0000000..b42959e Binary files /dev/null and b/opsec/privatesimplex/0.png differ diff --git a/opsec/privatesimplex/1.png b/opsec/privatesimplex/1.png new file mode 100644 index 0000000..b9ce0f1 Binary files /dev/null and b/opsec/privatesimplex/1.png differ diff --git a/opsec/privatesimplex/10.png b/opsec/privatesimplex/10.png new file mode 100644 index 0000000..8e23d44 Binary files /dev/null and b/opsec/privatesimplex/10.png differ diff --git a/opsec/privatesimplex/11.png b/opsec/privatesimplex/11.png new file mode 100644 index 0000000..41cb03f Binary files /dev/null and b/opsec/privatesimplex/11.png differ diff --git a/opsec/privatesimplex/12.png b/opsec/privatesimplex/12.png new file mode 100644 index 0000000..6287ced Binary files /dev/null and b/opsec/privatesimplex/12.png differ diff --git a/opsec/privatesimplex/13.png b/opsec/privatesimplex/13.png new file mode 100644 index 0000000..9d090c9 Binary files /dev/null and b/opsec/privatesimplex/13.png differ diff --git a/opsec/privatesimplex/14.png b/opsec/privatesimplex/14.png new file mode 100644 index 0000000..2a8c3bc Binary files /dev/null and b/opsec/privatesimplex/14.png differ diff --git a/opsec/privatesimplex/15.png b/opsec/privatesimplex/15.png new file mode 100644 index 0000000..b5a7b5e Binary files /dev/null and b/opsec/privatesimplex/15.png differ diff --git a/opsec/privatesimplex/16.png b/opsec/privatesimplex/16.png new file mode 100644 index 0000000..4b24acb Binary files /dev/null and b/opsec/privatesimplex/16.png differ diff --git a/opsec/privatesimplex/2.png b/opsec/privatesimplex/2.png new file mode 100644 index 0000000..b64f48e Binary files /dev/null and b/opsec/privatesimplex/2.png differ diff --git a/opsec/privatesimplex/3.png b/opsec/privatesimplex/3.png new file mode 100644 index 0000000..253e382 Binary files /dev/null and b/opsec/privatesimplex/3.png differ diff --git a/opsec/privatesimplex/4.png b/opsec/privatesimplex/4.png new file mode 100644 index 0000000..e17e3e2 Binary files /dev/null and b/opsec/privatesimplex/4.png differ diff --git a/opsec/privatesimplex/5.png b/opsec/privatesimplex/5.png new file mode 100644 index 0000000..ddf5d4e Binary files /dev/null and b/opsec/privatesimplex/5.png differ diff --git a/opsec/privatesimplex/6.png b/opsec/privatesimplex/6.png new file mode 100644 index 0000000..43a2bd6 Binary files /dev/null and b/opsec/privatesimplex/6.png differ diff --git a/opsec/privatesimplex/7.png b/opsec/privatesimplex/7.png new file mode 100644 index 0000000..9d29e11 Binary files /dev/null and b/opsec/privatesimplex/7.png differ diff --git a/opsec/privatesimplex/8.png b/opsec/privatesimplex/8.png new file mode 100644 index 0000000..633e834 Binary files /dev/null and b/opsec/privatesimplex/8.png differ diff --git a/opsec/privatesimplex/9.png b/opsec/privatesimplex/9.png new file mode 100644 index 0000000..42a0a81 Binary files /dev/null and b/opsec/privatesimplex/9.png differ diff --git a/opsec/privatesimplex/index.html b/opsec/privatesimplex/index.html new file mode 100644 index 0000000..ee1fc07 --- /dev/null +++ b/opsec/privatesimplex/index.html @@ -0,0 +1,503 @@ + + + + + + + + + + + Easy Private Chats - SimpleX + + + + + + + + + + + + + + + + + + + +
    +
    +
    + + The Nihilism Blog +
    +
    + +
    + +
    +
    + + + +
    +
    +
    +
    + Previous Page

    XMRonly - 30 / 11 / 2024

    +

    Easy Private Chats - SimpleX

    + +

    + +
    +
    +
    +
    + + +
    +
    +
    +
    +

    Introduction

    +

    +Online communication is one of the most ubiquitous activities on all of the internet. From newsletters, corporate emails and even down to instant messaging with friends, its spread cannot be denied. With such wide reach, it would seem very important to protect these communication channels, yet this is almost an after-thought for most mainstream messengers. Platforms with millions of users market their services with the latest buzz words yet close-source their protocols leaving users with a "trust me bro". With so many options to choose from how can we best decide which app to use? In this article we'll compare a few options (Telegram, Signal and SimpleX) to see how their technical details stack up and determine which is best for easy private chats. +

    + + +
    +
    +
    +
    + +
    +
    +
    +
    +

    Overview of Telegram, Signal and SimpleX



    +

    +Telegram is a very popular messaging app that boasts close to 1 billion active users worldwide. With support for massive chatrooms, Telegram is almost more akin to social media than to a traditional messaging app. Many companies offer news, updates, and support through their official Telegram channels making it a very convenient place for users to stay up to date with various interests. Due to its strong stance on free speech, Telegram built a reputation for not cooperating with law enforcement investigations. However, after the arrest of CEO Pavel Durov in part relating to Telegram's refusal hand over user data in lawful orders, Telegram changed their privacy policy to say they may share user phone numbers and IP addresses and indeed have done so. Telegram supports E2EE but this is not enabled by default, which is probably its most significant drawback. +

    + +

    +Signal is a champion for user freedom and its state-of-the-art security is the foundation upon which other chat applications are built. Signal is very intuitive to use, supporting all of the usual text/image/voice/video/etc features that users expect. Unlike Telegram, Signal is E2EE by default and the only information it knows about users are their phone number and time of registration. Numerous court orders have solidified how Signal has nothing else to hand over to law enforcement. The phone number requirement for SMS verification, while concretely a drawback if not acquired anonymously, is an intentional decision for Signal's target audience (normies) as everyday users can be notified if other stored contacts join Signal. +

    + +

    +SimpleX is a relative newcomer on the scene and has a unique angle in that there are no user identifies of any kind. As such, users can create unlimited profiles (and even hidden profiles to improve plausible deniability) and connect with others anonymously. Unlike Signal, SimpleX supports native onion routing as well as the ability to self-host servers. Because of its default E2EE, servers are not able to see message contents and self-hosted servers can be shared with others, contributing to decentralization and thus making SimpleX more resilient. SimpleX's founder, in an interview, implied that SimpleX sees no information about its users but since it is new, it remains to be seen how they would respond to actual court orders. SimpleX has received some criticism for its reliance on Venture Capital to establish itself while it works to develop a business model. +

    + +

    +A comparison from privacyspreadsheet.com has a breakdown of all the technical details. + +

    + +

    +When selecting a messaging app, certain OPSEC criteria should be considered. +
    +
    +Privacy: +
    +   1. The application is free and open source (FOSS). +
    +   2. The application is end-to-end-encrypted by default (E2EE). +
    +   3. The application allows self-hosting our own servers (Decentralization). +
    +Anonymity: +
    +   1. The application supports Tor servers out of the box (Onion Routing). +
    +   2. The application requires no sign-up information (Emails, Usernames, Phone Numbers). +
    +   3. The application allows joining chatrooms without revealing our identity (Incognito Mode). +
    +Deniability: +
    +   1. The application allows disappearing messages (Plausible Deniability). +
    +   2. The application allows creation/deletion of multiple profiles (Plausible Deniability). +
    +   3. The application allows hidden profiles (Plausible Deniability). +
    +
    +From the above comparison, we can see that only SimpleX meets all of the criteria. While we only focus on Privacy in this article, it doesn't hurt to have the other benefits of Anonymity and Plausible Deniability. +

    + +
    +
    +
    +
    + + + +
    +
    +
    +
    +

    Using SimpleX


    + +

    +To start using SimpleX, we will start by installing it from F-Droid. Search for the app and then click Install. Navigate through the setup process, choose a username and click Create your profile. + +

    + +

    +With your profile complete, it's time to create a private group chat. Click on the pencil icon at the bottom of the screen and select Create group. Give your group a name and click Create group. Finally, skip inviting members for now. + +

    + +

    +Click on the group name to see some options. Click on Create group link. Finally, share the group link with your friends out-of-band. + +

    + +

    +Once your friends connect, you can start messaging. + +

    + +

    +Out of the box, SimpleX works perfectly fine. However, more advanced users may wish to tweak a few settings or self-host their own servers. +

    + +
    +
    +
    +
    + + +
    +
    +
    +
    +

    Self-Hosting SimpleX Servers



    + +

    +

    Requirements

    + +

    +   1. A VPS running Debian 12 (or Ubuntu 22.04) +
    +   2. A domain name (or subdomain) +

    + +

    +To start, we will need a domain name. A subdomain such as a free one obtained from https://freedns.afraid.org will also work. Create A record entries for smp.yourdomain.tld and xftp.yourdomain.tld and point them at the IP address of your VPS. + +

    + +

    +We will SSH into our VPS and set up our environment. + +

    
+~ ❯ torsocks ssh root@145.223.79.150
+The authenticity of host '145.223.79.150 (145.223.79.150)' can't be established.
+ED25519 key fingerprint is SHA256:AGZHyLpidaSu+ZE3cLFZ3KWxQq3Mx9rDH+HLVNF/okc.
+This key is not known by any other names.
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Warning: Permanently added '145.223.79.150' (ED25519) to the list of known hosts.
+root@145.223.79.150's password:
+Linux srv636770 6.1.0-26-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.112-1 (2024-09-30) x86_64
+
+The programs included with the Debian GNU/Linux system are free software;
+the exact distribution terms for each program are described in the
+individual files in /usr/share/doc/*/copyright.
+
+Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
+permitted by applicable law.
+Last login: Wed Nov 20 21:05:02 2024 from 185.220.101.103
+root@srv636770:~#
+
+
    +

    + +

    +Once connected, we will follow the official instructions to install Docker. Run: +

    
+# Add Docker's official GPG key:
+apt update
+apt install -y ca-certificates curl gnupg openssl vim
+install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+chmod a+r /etc/apt/keyrings/docker.gpg
+
+# Add the repository to Apt sources:
+echo \
+"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
+"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
+tee /etc/apt/sources.list.d/docker.list > /dev/null
+apt update
+
+
    +

    + +

    +With the Docker apt repositories out of the way, install the Docker packages: +

    
+apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+
+
    +

    + +

    +OPTIONAL: You can test everything is working up to this point by a deploying a test container to see some output. Run: +

    
+docker run hello-world
+
+
    +

    + +

    +We will now set up a docker-compose.yml file with all the build instructions: +

    
+vim docker-compose.yml
+
+
    +

    + +

    +Copy/paste the following and change the ADDR fields to your domain. +
    +HINT: It's p to paste in vim, then ESC :wq to write changes and quit the file. +

    
+networks:
+  simplex:
+
+services:
+  simplex-smp-server:
+    image: simplexchat/smp-server:v6.0.6
+    container_name: simplex-smp
+    restart: unless-stopped
+    ports:
+      - "5223:5223" 
+    volumes:
+      - ./simplex/smp/config:/etc/opt/simplex:Z
+      - ./simplex/smp/logs:/var/opt/simplex:Z
+    environment:
+      - ADDR=smp.xmronly.us.to
+#     - PASS=${SIMPLEX_PASSWORD} #for non public servers
+    networks:
+      - simplex
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
+
+  simplex-xftp-server:
+    image: simplexchat/xftp-server:v6.1.3
+    container_name: simplex-xftp
+    ports:
+      - "443:443" 
+    restart: unless-stopped
+    volumes:
+      - ./simplex/xftp/config:/etc/opt/simplex-xftp:Z
+      - ./simplex/xftp/logs:/var/opt/simplex-xftp:Z
+      - ./simplex/xftp/files:/srv/xftp:X
+    environment:
+      - ADDR=xftp.xmronly.us.to
+      - QUOTA=10gb #change to set your own quota
+    networks:
+      - simplex
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
+
+
    +

    + +

    +A note about versioning: at the time of writing, there was an open issue with the "latest" (v6.1.3) tag and HTTPS credentials for the SMP server. The most recent working version for the SMP server (v6.0.6) was definitively tagged here and the "latest" version for XFTP server (v6.1.3) was also definitively tagged to ensure working builds with the presented instructions. For reference, the "latest" version used in the HackLiberty documentation for June 1st, 2024 is v5.8.0-beta.6 which is now several security fixes behind. +

    + +

    +Everything is now ready to be deployed. Run: +

    
+docker compose up -d
+
+
    +

    + +

    +Run the following command to see the SMP and XFTP server addresses: +

    
+echo "smp://$(<simplex/smp/config/fingerprint)@$(awk -F '=' '/ADDR=/ {print $2}' docker-compose.yml | head -1)" && \
+echo "xftp://$(<simplex/xftp/config/fingerprint)@$(awk -F '=' '/ADDR=/ {print $2}' docker-compose.yml | tail -1)"
+
+
    +

    + +

    +You should see output similar to this and just like that your self-hosted SimpleX servers are now ready! +

    
+smp://IB2NJl4Pv3OSLUmnvipKkCuJKGkEDfgUNkYFiKIH_GY=@smp.xmronly.us.to
+xftp://t_H_I_h5Iz7X-ChxA3nJeyw0s_2PJIFkfSK7Ng6UulU=@xftp.xmronly.us.to
+
+
    +

    + + +
    +
    +
    +
    + + +
    +
    +
    +
    +

    Adding Your Self-Hosted SimpleX Servers



    + +

    +To add the newly created self-hosted SimpleX servers to your client, click on your profile on the top left, followed by Settings. Click on Network & servers. We will modify both the Message servers (SMP) and the Media & file servers (XFTP). + +

    + +

    +Click on Message servers and scroll down to Add server. Select Enter server manually. Paste in your SMP server address from above, click Test server and receive a green check mark. Finally, tick Use for new connections. + +

    + +

    +With our self-hosted SMP server set, it's time to remove the default SimpleX servers. Click on each of the presets, then click Delete server. + +

    + +

    +With only our self-hosted SMP server remaining, click the back arrow, then save changes. + +

    + +

    +We will now repeat the process for Media & file servers. Scroll down to Add server. Select Enter server manually. Paste in your XFTP server address from above, click Test server and receive a green check mark. Finally, tick Use for new connections. + +

    + +

    +With our self-hosted XFTP server set, it's time to remove the default SimpleX servers. Click on each of the presets, then click Delete server. + +

    + +

    +With only our self-hosted XFTP server remaining, click the back arrow, then save changes. + +

    + +

    +It is possible to self-host onion servers as well, but since this article is focusing on privacy and not anonymity, that part of the setup has been omitted. +

    + +
    +
    +
    +
    + + + +
    +
    +
    +
    +

    Using Your Self-Hosted SimpleX Servers



    + +

    +All new connections will automatically use your self-hosted SimpleX servers, but what about already existing connections that were made using the default Simplex servers? It turns out existing connections do not automatically update, so we will need to manually change them. Click on the group name and scroll down to the members section. Click on a group member and scroll down to servers. We can see that Larry is using the default SimpleX servers. Click on Change receiving address and confirm the change. + +

    + +

    +Repeat the process for Sam and you have now configured the group chat to use your self-hosted servers! + +

    + +

    +You can confirm this by clicking on the group chat name and clicking on any of the members. + +

    + +
    +
    +
    +
    + + + + +
    +
    +
    +
    +

    Conclusion



    + +

    +In this article we saw how SimpleX compares to a few other popular instant messengers and some of its unique advantages. We saw how to easily install and start using it, and going the extra mile, how to self-host and use your own servers. With that knowledge in hand, you can easily make all your chats private! +

    + +
    +
    +
    +
    + + + +
    +
    +
    +
    +

    Nihilism

    +

    + Until there is Nothing left.



    Creative Commons Zero: No Rights Reserved
    + +

    +
    + +
    +

    My Links

    +

    + + RSS Feed
    SimpleX Chat
    + +

    +
    + +
    +

    About nihilist

    +

    Donate XMR: + 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8 +


    +

    Donate XMR to the author: + 8AHNGepbz9844kfCqR4aVTCSyJvEKZhtxdyz6Qn8yhP2gLj5u541BqwXR7VTwYwMqbGc8ZGNj3RWMNQuboxnb1X4HobhSv3

    +

    Contact: nihilist@contact.nowhere.moe (PGP)

    +
    + +
    + +
    +
    + + + + + + + diff --git a/opsec/sensitivevm/9.png b/opsec/sensitivevm/9.png index 36e24aa..5728065 100644 Binary files a/opsec/sensitivevm/9.png and b/opsec/sensitivevm/9.png differ