Merge pull request 'add Monero Inheritance Plan' (#213) from XMRonly/blog-contributions:main into main

Reviewed-on: http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/pulls/213

opsec/moneroinheritanceplan/index.html

@@ -0,0 +1,870 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="">
+    <meta name="author" content="">
+    <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
+
+    <title>Monero Inheritance Plan</title>
+
+    <!-- Bootstrap core CSS -->
+    <link href="../../assets/css/bootstrap.css" rel="stylesheet">
+	<link href="../../assets/css/xt256.css" rel="stylesheet">
+    
+    
+
+    <!-- Custom styles for this template -->
+    <link href="../../assets/css/main.css" rel="stylesheet">
+
+    
+
+    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
+    <!--[if lt IE 9]>
+      <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
+      <script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
+    <![endif]-->
+  </head>
+
+  <body>
+
+    <!-- Static navbar -->
+    <div class="navbar navbar-inverse-anon navbar-static-top">
+      <div class="container">
+        <div class="navbar-header">
+          <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+          </button>
+          <a class="navbar-brand-anon" href="\index.html">The Nihilism Blog</a>
+        </div>
+        <div class="navbar-collapse collapse">
+          <ul class="nav navbar-nav navbar-right">
+
+            <li><a  href="/about.html">About</a></li>
+            <li><a  href="/blog.html">Categories</a></li>
+<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
+            <li><a  href="/contact.html">Contact</a></li>
+          </ul>
+        </div><!--/.nav-collapse -->
+        
+      </div>
+    </div>
+
+	<!-- +++++ Posts Lists +++++ -->
+	<!-- +++++ First Post +++++ -->
+	<div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>XMRONLY - 2025 / 01 / 29</ba></p>
+<h1>Monero Inheritance Plan</h1>
+<img src="0.png" style="width:100px">
+<p> </p>
+          
+	       </div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /grey -->
+
+	<!-- +++++ Second Post +++++ -->
+	<div id="anon3">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Introduction</b></h2>
+<br>
+<br>
+<p>
+Uncle Rich has worked hard his entire life and has managed to save a large amount of Monero. Now approaching the later years of his life, he is worried about what will become of his financial legacy. Having no kids of his own, he decides he wants to pass on his wealth to the closest thing to a son he has, his Nephew Nick. Uncle Rich figures the easiest way to do this is by giving Nephew Nick the seedphrase to his wallet but Uncle Rich wants to transfer his wealth only after he passes away. The critical question thus becomes "How does one securely share a secret from beyond the grave?" In this article we will see how to do exactly that, specifically using <b>Vaultwarden</b>, and its <b>Emergency Contacts</b> feature. 
+</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Overview</b></h2> </br> </br>
+<p>
+In order to avoid relying on third parties, we need a sovereign solution that is FOSS, self-hostable, end-to-end encrypted and that stores data in a zero-knowledge environment. Vaultwarden is the ideal candidate for this task as it is an alternative server implementation of Bitwarden that is written in Rust and is memory-safe. It is more light-weight than the full Bitwarden stack and can be easily deployed on a VPS for less than €5 per month. 
+</p>
+<p>
+<img src="1.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+<p>
+Nephew Nick will start by setting up a self-hosted instance where both Uncle Rich and him will create an account. After setting up a reliable notification system, Uncle Rich will grant Nephew Nick Emergency Access to his account, where he has his seedphrase stored. After Nephew Nick accepts Emergency Access, everything will be set in place. In the future, when Nephew Nick requests access to Uncle Rich's vault, Uncle Rich will receive a notification and have a predetermined amount of time to reject the Emergency Access request. If Uncle Rich is still alive at this point, that is trivially easy to do. If Uncle Rich is no longer with us, he will not be able to reject the Emergency Access request. As a result, after the allotted time has expired, Nephew Nick will be notified his request has been granted and will be able to access Uncle Rich's vault where the seedphrase lies. 
+</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+
+  <!-- +++++ Second Post +++++ -->
+	<div id="anon1">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Prerequisites</b></h2> </br> </br>
+<p>
+Starting from Nephew Nick's perspective:
+</p>
+
+<p>
+<img src="nick.png"> 
+</p>
+
+<p>
+Prerequisites:
+<br>
+- A <a href=http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anondomain/index.html target=_blank>domain name</a> - Nephew Nick purchased one anonymously using Monero on <b>Njalla</b> using their onion link.
+<br>
+- A <a href=http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonymousremoteserver/index.html target=_blank>VPS</a> - Nephew Nick purchased one anonymously using Monero on <b>Kyun</b> using their onion link. Specs consisting of 1 core and 2 GB of memory are more than enough to self-host everything needed for the setup. 
+<br>
+<br>
+<img src="2.png" style="display: block; margin-left: auto; margin-right: auto;">
+<br>
+Nephew Nick knows that Uncle Rich is getting quite old. Uncle Rich is still capable of using a computer but in order for this setup to work it must provide as little friction as possible. As such, we will keep things simple and use email notifications from a self-hosted server. While not overtly private, email is a suitable option in this case given its ease of use and because it is being used strictly for notifications with no sensitive information is being transmitted. Setting up a self-hosted mail server has been <a href=http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/mailprivate/index.html target=_blank>covered before</a>, however, in this article we will do things a little different in line with running all of our services independently as docker containers. All publicly accessible services will be protected by SSL and we will use Traefik reverse proxy both to automatically procure wildcard SSL certificates and renew them, and also to route traffic to each respective subdomain. Let's get started. 
+</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>DNS Setup</b></h2> </br> </br>
+<p>
+Nephew Nick will start by setting up DNS records on Njalla (note: no trailing dot is needed). Required are A records pointing to the VPS IP address for xmronly.com, *.xmronly.com, and mail.xmronly.com. An MX record for mail.xmronly.com is also required as shown.
+</p>
+<p>
+<img src="3.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+<p>
+Over on Kyun, Nephew Nick will set a reverse DNS to point to mail.xmronly.com.
+</p>
+<p>
+<img src="4.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+<p>
+With this complete, Nephew Nick can test the DNS records to make sure they are set up correctly and have propagated. With the expected outputs as shown below, we're ready to move on.
+</p>
+<p>
+<pre><code class="nim">
+~ ❯ dig @1.1.1.1 +short MX xmronly.com
+10 mail.xmronly.com.
+~ ❯ dig @1.1.1.1 +short A mail.xmronly.com
+65.87.7.101
+~ ❯ dig @1.1.1.1 +short -x 65.87.7.101
+mail.xmronly.com.
+</code></pre>
+</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+	<div id="anon1">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Infrastructure Setup</b></h2> </br> </br>
+<p>
+Nephew Nick will SSH into the VPS and install docker. Note: the commands have been stylized for ease of copy/pasting.
+</p>
+
+<pre><code class="nim">
+~ ❯ torsocks ssh root@65.87.7.101
+
+The authenticity of host '65.87.7.101 (65.87.7.101)' can't be established.
+ED25519 key fingerprint is SHA256:QAP2txmiectXuYnTD7LIcd3RMo5cuA8h0kO2gG0RFX.
+This key is not known by any other names.
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Warning: Permanently added '65.87.7.101' (ED25519) to the list of known hosts.
+root@65.87.7.101's password:
+Linux danbo-0565a7 6.1.0-28-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.119-1 (2024-12-16) x86_64
+
+The programs included with the Debian GNU/Linux system are free software;
+the exact distribution terms for each program are described in the
+individual files in /usr/share/doc/*/copyright.
+
+Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
+permitted by applicable law.
+root@VPS:~#
+
+# Add Docker's official GPG key:
+apt-get update
+apt-get install ca-certificates curl gpg -y
+install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
+chmod a+r /etc/apt/keyrings/docker.asc
+
+# Add the repository to Apt sources:
+echo \
+  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
+  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+  tee /etc/apt/sources.list.d/docker.list > /dev/null
+apt-get update
+
+# Install docker
+apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
+
+# Verify installation was successful
+docker run hello-world
+</code></pre>
+</p>
+<p>
+With docker successfully installed, let's specify a docker network for our containers to use and let's create the required directories to segregate each service we'll be using.
+<pre><code class="nim">
+# Create a docker network
+docker network create proxy
+
+# Create directories for each separate service
+mkdir -p docker/{traefik,mailserver,vaultwarden}
+</code></pre>
+</p>
+<p>
+Next we'll set up a docker-compose file (<b>traefik.yml</b>) in /docker/traefik and tell it to grab an SSL certificate for our mail subdomain mail.xmronly.com. We'll deploy a tiny container (whoami) at this subdomain to test it works correctly. Note: a DNS challenge is required for Traefik to obtain wildcard SSL certificates, and any of a <a href=https://doc.traefik.io/traefik/https/acme/#providers target=_blank>number of DNS providers</a> will suffice with an access token obtained from your account with that provider.
+
+<pre><code class="nim">
+services:
+  traefik:
+    image: docker.io/traefik:latest
+    container_name: traefik
+    ports:
+      - '80:80'
+      - '443:443'
+    command:
+      - '--api=true'
+      - '--api.dashboard=false' 
+      - '--providers.docker=true'
+      - '--providers.docker.exposedbydefault=false'
+      - '--certificatesresolvers.letsencrypt.acme.dnschallenge=true'
+      - '--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=njalla'
+      - '--certificatesresolvers.letsencrypt.acme.email=email_goes_here'
+      - '--certificatesresolvers.letsencrypt.acme.dnschallenge.delayBeforeCheck=2s'
+      - '--certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53'
+      - '--certificatesresolvers.letsencrypt.acme.storage=/acme/acme.json'
+      - '--entrypoints.web.address=:80'
+      - '--entrypoints.web.http.redirections.entrypoint.to=websecure'
+      - '--entrypoints.web.http.redirections.entrypoint.scheme=https'
+      - '--entrypoints.websecure.address=:443'
+      - '--entrypoints.websecure.http.tls=true'
+      - '--entrypoints.websecure.http.tls.certResolver=letsencrypt'
+      - '--entrypoints.websecure.http.tls.domains[0].main=xmronly.com'
+      - '--entrypoints.websecure.http.tls.domains[0].sans=*.xmronly.com'
+    environment:
+      - 'NJALLA_TOKEN=token_goes_here'
+    volumes:
+      - ./acme/:/acme
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    labels:
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.traefik.entryPoints=websecure'
+      - 'traefik.http.routers.traefik.service=api@internal'
+    restart: unless-stopped
+    networks: 
+    - 'proxy'
+
+  whoami:
+    image: docker.io/traefik/whoami:latest
+    labels:
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.whoami.entrypoints=websecure'
+      - 'traefik.http.routers.whoami.rule=Host(`mail.xmronly.com`)'
+    restart: unless-stopped
+    networks:
+      - proxy
+
+networks:
+  proxy:
+    external: true
+</code></pre>
+</p>
+
+<p>
+Start the containers with <b>docker compose -f traefik.yml up -d</b> then navigate to https://mail.xmronly.com and verify the SSL certificate is present. 
+</p>
+<p>
+<img src="5.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+<p>
+Next we'll set up a docker-compose file (<b>mailserver.yml</b>) in /docker/mailserver.
+<pre><code class="nim">
+services:
+  mailserver:
+    image: ghcr.io/docker-mailserver/docker-mailserver:latest
+    container_name: mailserver
+    hostname: mail.xmronly.com
+    ports:
+      - "25:25"    # SMTP  (explicit TLS => STARTTLS, Authentication is DISABLED => use port 465/587 instead)
+      - "143:143"  # IMAP4 (explicit TLS => STARTTLS)
+      - "465:465"  # ESMTP (implicit TLS)
+      - "587:587"  # ESMTP (explicit TLS => STARTTLS)
+      - "993:993"  # IMAP4 (implicit TLS)
+    volumes:
+      - ./data/mailserver/mail-data/:/var/mail/
+      - ./data/mailserver/mail-state/:/var/mail-state/
+      - ./data/mailserver/mail-logs/:/var/log/mail/
+      - ./data/mailserver/config/:/tmp/docker-mailserver/
+      - /etc/localtime:/etc/localtime:ro
+      - /root/docker/traefik/acme/acme.json:/etc/letsencrypt/acme.json:ro #specify path
+    environment:
+      - "SSL_TYPE=letsencrypt"
+      - "SSL_DOMAIN=mail.xmronly.com"
+      - "ENABLE_FAIL2BAN=1"
+    restart: unless-stopped
+    stop_grace_period: 1m
+    cap_add:
+      - NET_ADMIN
+    healthcheck:
+      test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
+      timeout: 3s
+      retries: 0
+    networks: 
+    - 'proxy'
+
+networks:
+  proxy:
+    external: true
+</code></pre>
+</p>
+
+<p>
+Start the container with <b>docker compose -f mailserver.yml up -d</b>, then add a user and configure the DKIM settings.
+<pre><code class="nim">
+# Add a user
+docker exec mailserver setup email add no-reply@xmronly.com password_goes_here
+
+# Generate the DKIM configuration
+docker exec mailserver setup config dkim
+</code></pre>
+</p>
+
+<p>
+To obtain the DKIM info, navigate to docker/mailserver/data/dms/config/opendkim/keys/xmronly.com/mail.txt and copy the info removing all quotes/punctuation such that you are left with an output (that you will need to copy later) that looks like this:
+<pre><code class="nim">
+v=DKIM1; k=rsa; p=MIIBIjANBgkqhkifHSvSJUf3e17tNhF1lPPsNfEGtrwywCmXS5GvAuzsP29n9k/Tp5sUKFnT63o0Z9r3pC7sSuAWo3x9N38XmYlSwoztODvM5WEfHSvSJUf3e17tNhF1lPPsNfEGtrwywCmXS5GvAuzsP29n9k/Tp5sUKFnT63o0Z9r3pC7
+</code></pre>
+</p>
+
+<p>
+Back on Njalla, add a TXT record using the following:
+<pre><code class="nim">
+Name: @
+Content: v=spf1 mx ~all
+</code></pre>
+</p>
+
+<p>
+Add another TXT record using the following:
+<pre><code class="nim">
+Name: _dmarc
+Content: v=DMARC1; p=none; sp=none; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400; rua=mailto:dmarc.report@xmronly.com; ruf=mailto:dmarc.report@xmronly.com
+</code></pre>
+</p>
+
+<p>
+Finally, add a TXT record using the DKIM information from above:
+<pre><code class="nim">
+Name: mail._domainkey
+Content: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkifHSvSJUf3...
+</code></pre>
+</p>
+
+<p>
+With everything complete, your DNS should look like this:
+</p>
+<p>
+<img src="6.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+Finally, restart the mailserver for these changes to take effect.
+</p>
+<p>
+<pre><code class="nim">
+docker compose -f mailserver.yml down
+docker compose -f mailserver.yml up -d
+</code></pre>
+</p>
+
+<p>
+You can confirm everything is working correctly by configuring Thunderbird to use your mail server and sending out a test email on <b>https://mail-tester.com</b>.
+</p>
+
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="7.png" style="margin: 10px;" width="400">
+    <img src="8.png" style="margin: 10px;" width="400">
+</p>
+
+<p>
+The last step is to set up a docker-compose file (<b>vaultwarden.yml</b>) in /docker/vaultwarden. 
+</p>
+
+<p>
+<pre><code class="nim">
+services:
+  vaultwarden:
+    image: vaultwarden/server:latest
+    container_name: vaultwarden
+    volumes:
+      - ./data/:/data/
+    labels:
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.vaultwarden.entryPoints=websecure'
+      - 'traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.xmronly.com`)'
+    environment:
+      - 'DOMAIN=https://vaultwarden.xmronly.com'
+      - 'SIGNUPS_ALLOWED=true'
+      - 'SMTP_HOST=mail.xmronly.com'
+      - 'SMTP_FROM=no-reply@xmronly.com'
+      - 'SMTP_SECURITY=starttls'
+      - 'SMTP_USERNAME=no-reply@xmronly.com'
+      - 'SMTP_PASSWORD=password_goes_here'
+    restart: unless-stopped
+    networks:
+      - proxy
+
+networks:
+  proxy:
+    external: true
+</code></pre>
+</p>
+
+<p>
+Start the container with <b>docker compose -f vaultwarden.yml up -d</b>. With the final piece of the infrastructure in place, Nephew Nick and Uncle Rich can now proceed to creating their accounts.
+</p>
+
+
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Vaultwarden Setup (Nephew Nick)</b></h2> </br> </br>
+<p>
+Continuing with the same perspective, Nephew Nick will head to <b>https://vaultwarden.xmronly.com</b> and start by creating an account then using it to sign in.
+</p>
+
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="9.png" style="margin: 10px;" width="400">
+    <img src="10.png" style="margin: 10px;" width="400">
+</p>
+
+<p>
+When prompted, Nephew Nick will verify his email address.
+</p>
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="11.png" style="margin: 10px;" height="100">
+    <img src="12.png" style="margin: 10px;" width="600">
+</p>
+
+<p>
+With verification complete, Nephew Nick will confirm his account fingerprint phrase as this information will be needed for a future step. This is located on the sidebar under Settings -> My account.
+</p>
+
+<p>
+<img src="13.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon1">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Vaultwarden Setup (Uncle Rich)</b></h2> </br> </br>
+<p>
+Switching over to Uncle Rich's perspective now:
+</p>
+
+<p>
+<img src="rich.png"> 
+</p>
+
+<p>
+Uncle Rich will start by creating an account and then using it to sign in.
+</p>
+
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="9.png" style="margin: 10px;" height="400">
+    <img src="14.png" style="margin: 10px;" width="400">
+</p>
+
+<p>
+When prompted, Uncle Rich will verify his email address.
+</p>
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="11.png" style="margin: 10px;" height="100">
+    <img src="15.png" style="margin: 10px;" width="600">
+</p>
+
+<p>
+With verification complete, Uncle Rich can proceed to set up an entry containing his seedphrase.
+</p>
+
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="16.png" style="margin: 10px;" height="200">
+    <img src="17.png" style="margin: 10px;" width="600">
+</p>
+
+<p>
+Next, Uncle Rich will add Nephew Nick as an Emergency Contact. This is found on the sidebar under Settings -> Emergency access.
+</p>
+
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="18.png" style="margin: 10px;" height="350">
+    <img src="19.png" style="margin: 10px;" width="450">
+</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+
+  <div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Vaultwarden Setup (Accepting Emergency Access)</b></h2> </br> </br>
+<p>
+Switching back to Nephew Nick's perspective now:
+</p>
+
+<p>
+<img src="nick.png"> 
+</p>
+
+<p>
+Nephew Nick receives an email notification that Uncle Rich has invited him to be an Emergency Contact. Clicking the link prompts a log in, automatically accepting the request.
+</p>
+
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="20.png" style="margin: 10px;" height="400">
+    <img src="21.png" style="margin: 10px;" width="400">
+</p>
+
+<p>
+Upon signing in, there is a notification indicating that the invitation has been accepted and that Nephew Nick's identity must be confirmed (by Uncle Rich). Nephew Nick can see the status of his designation as an Emergency Contact under Settings -> Emergency access on the sidebar.
+</p>
+
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="22.png" style="margin: 10px;" height="200">
+    <img src="23.png" style="margin: 10px;" height="400">
+</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon1">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Vaultwarden Setup (Confirming Identity)</b></h2> </br> </br>
+<p>
+Switching back to Uncle Rich's perspective now:
+</p>
+
+<p>
+<img src="rich.png"> 
+</p>
+
+<p>
+Uncle Rich receives an email notification that Nephew Nick has accepted the invitation to become an Emergency Contact and that Uncle Rich must confirm his identity.
+</p>
+
+<p>
+<img src="24.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+Uncle Rich logs in and navigates to Settings -> Emergency access on the sidebar. Next he clicks on Options -> Confirm to make Nephew Nick a Trusted Emergency Contact. Lastly, Uncle Rich confirms with Nephew Nick that his account fingerprint phrase matches from the previous step and clicks Confirm.
+</p>
+
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="25.png" style="margin: 10px;" height="350">
+    <img src="26.png" style="margin: 10px;" width="500">
+</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Vaultwarden Setup (Requesting Access)</b></h2> </br> </br>
+<p>
+Switching back to Nephew Nick's perspective now:
+</p>
+
+<p>
+<img src="nick.png"> 
+</p>
+
+<p>
+Nephew Nick receives an email notification that he has been confirmed as an Emergency Contact for Uncle Rich.
+</p>
+
+<p>
+<img src="27.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+With that, the setup is fully complete. Nephew Nick is able to request Emergency Access and Uncle Rich can reject it according to his wishes as long as he is still alive.
+</p>
+
+<br>
+<br>
+<br>
+<p style="text-align: center">
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+-------------------------------------------------------------------------------------------------------------- Some times passes ----------------------------------------------------------------------------------------------------
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+</p>
+<br>
+<br>
+<br>
+
+<p>
+Nephew Nick has not heard from Uncle Rich in a long time and fears the worst has happened. After signing in, he navigates to Settings -> Emergency access on the sidebar and requests Emergency Access to Uncle Rich's vault.
+</p>
+
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="28.png" style="margin: 10px;" height="350">
+    <img src="29.png" style="margin: 10px;" width="400">
+</p>
+
+
+
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon1">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Obtaining Access (Scenario 1: Rejection)</b></h2> </br> </br>
+<p>
+Switching back to Uncle Rich's perspective now:
+</p>
+
+<p>
+<img src="rich.png"> 
+</p>
+
+<p>
+Uncle Rich receives an email notification that Nephew Nick has requested Emergency Access. Being that Uncle Rich is still alive and doesn't want access to his Monero seedphrase to be granted until he has passed away, he will reject the request. 
+</p>
+
+<p>
+<img src="30.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+After logging into his account, Uncle Rich navigates to Settings -> Emergency access in the side bar and rejects Nephew Nick's request.
+</p>
+
+<p>
+<img src="31.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+<img src="nick.png"> 
+</p>
+
+<p>
+From Nephew Nick's perspective, he will receive an email notification saying his request has been rejected by Uncle Rich. Nephew Nick can confidently conclude that Uncle Rich is therefore still alive and can try to visit him in person.
+</p>
+
+<p>
+<img src="32.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Obtaining Access (Scenario 2: Acceptance)</b></h2> </br> </br>
+<p>
+In this scenario, Uncle Rich indeed has passed away.
+</p>
+
+<p>
+<img src="nick.png"> 
+</p>
+
+<p>
+From Nephew Nick's perspective, there is nothing to do but wait for the 30 day interval to expire. After 30 days have passed, Nephew Nick receives an email. Note: the text of this notification is the confusingly same whether Uncle Rich has manually approved access or whether the timeframe has expired.
+</p>
+
+<p>
+<img src="33.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+Nephew Nick signs into his account and navigates to Settings -> Emergency access. He is now able to view Uncle Rich's vault.
+</p>
+
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="34.png" style="margin: 10px;" height="350">
+    <img src="35.png" style="margin: 10px;" width="400">
+</p>
+
+<p>
+And just like that Nephew Nick has received Uncle Rich's seedphrase!
+</p>
+
+<p>
+<img src="36.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon3">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Restoring a Wallet from Seedphrase</b></h2> </br> </br>
+<p>
+Nephew Nick opens up his Monero Wallet GUI and navigates to "Restore wallet from keys or mnemonic seed"
+</p>
+
+<p>
+<img src="37.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+He gives the wallet a name and chooses a location to save it. Finally Nephew Nick input's Uncle Rich's seedphrase.
+</p>
+
+<p>
+<img src="38.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+Proceeding to the next screen, Nephew Nick inputs a strong password and saves it in his password manager.
+</p>
+
+<p>
+<img src="39.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+Finally, he selects a node for the connection. Connecting to your own node is recommended but in this example we will use a remote node.
+</p>
+
+<p>
+<img src="40.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+With the connection established, all that is left to do is to wait synchronization to finish.
+</p>
+
+<p>
+<img src="41.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+Nephew Nick has successfully restored Uncle Rich's wallet using the seedphrase!
+</p>
+
+<p>
+<img src="42.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+
+
+
+
+	<!-- +++++ Footer Section +++++ -->
+
+	<div id="anonb">
+		<div class="container">
+			<div class="row">
+				<div class="col-lg-4">
+					<h4>Nihilism</h4>
+          <p>
+						Until there is Nothing left.</p></br></br><p>Creative Commons Zero: <a href="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><img src="\CC0.png">
+						
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4>My Links</h4>
+					<p>
+
+						<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FL5jrGV2L_Bb20Oj0aE4Gn-m5AHet9XdpYDotiqpcpGc%3D%40nowhere.moe%2FH4g7zPbitSLV5tDQ51Yz-R6RgOkMEeCc%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAkts5T5AMxHGrZCCg12aeKxWcpXaxbB_XqjrXmcFYlDQ%253D&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22c3Y-iDaoDCFm6RhptSDOaw%3D%3D%22%7D">SimpleX Chat</a><br/>
+
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4 class="readable">About nihilist</h4>
+					<p style="word-wrap: break-word;"><u>Donate XMR:</u>
+						8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
+					</p></br>
+					<p style="word-wrap: break-word;"><u>Donate XMR to the author:</u>
+						8AHNGepbz9844kfCqR4aVTCSyJvEKZhtxdyz6Qn8yhP2gLj5u541BqwXR7VTwYwMqbGc8ZGNj3RWMNQuboxnb1X4HobhSv3</p>
+					<p class="readable"><u>Contact:</u> nihilist@contact.nowhere.moe (<a
+							href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
+				</div><!-- /col-lg-4 -->
+
+			</div>
+
+		</div>
+	</div>
+
+
+    <!-- Bootstrap core JavaScript
+    ================================================== -->
+    <!-- Placed at the end of the document so the pages load faster -->
+    
+  </body>
+</html>