From 67c58fdfc9fdb4574b1620fa63d4b0b911ff6827 Mon Sep 17 00:00:00 2001 From: nihilist Date: Sun, 30 Mar 2025 20:45:30 +0200 Subject: [PATCH] listed ALL the git issues on ALL the tutorials, --- opsec/anonaccess/index.html | 47 ++---- opsec/anonclearnetservices/index.html | 1 + opsec/anoncreditcard/index.html | 2 + opsec/anondomain/index.html | 1 + opsec/anonemail/index.html | 3 +- opsec/anonprotest/index.html | 1 + opsec/anonproxy/index.html | 2 + opsec/anonsimplex/index.html | 2 + opsec/anonsms/index.html | 2 + opsec/anonuse/index.html | 2 + opsec/anonymityexplained/index.html | 3 + opsec/anonymousremoteserver/index.html | 1 + opsec/anonzulucrypt/index.html | 1 + opsec/chainalysisattempts/index.html | 3 + opsec/clearnetvsdarknet/index.html | 2 + opsec/cloud_provider_adversary/index.html | 1 + opsec/contribute/index.html | 2 + opsec/darknetexploration/index.html | 2 + opsec/darknetlantern/index.html | 2 + opsec/deniability/index.html | 1 + opsec/dns/index.html | 1 + opsec/endgame/index.html | 1 + opsec/failovers/index.html | 1 + opsec/finances/index.html | 2 + opsec/forgejo-anon/index.html | 1 + opsec/haveno-arbitrator/index.html | 2 + opsec/haveno-cashbymail/index.html | 2 + opsec/haveno-client-f2f/index.html | 3 + opsec/haveno-seednode/index.html | 2 + opsec/haveno-sepa/index.html | 2 + opsec/hiddenservice/index.html | 3 +- opsec/high_availability/index.html | 1 + opsec/i2ptorrents/index.html | 2 + opsec/index.html | 141 +++++++++--------- opsec/livemode/index.html | 1 + opsec/mailprivate/index.html | 1 + opsec/maintainers/index.html | 1 + opsec/monero2024/index.html | 2 + opsec/monero2024/node.html | 1 + opsec/moneroinheritance/index.html | 2 + opsec/monerop2pool/index.html | 1 + opsec/mysqlmastermaster/index.html | 1 + opsec/nextcloud/index.html | 1 + opsec/onionbalancelb/index.html | 2 +- opsec/onionshare/index.html | 3 + opsec/phonenumbers/index.html | 2 + opsec/physicalsecurity/index.html | 1 + .../index.html | 1 + opsec/qualitystandard/index.html | 1 + opsec/runtheblog/index.html | 1 + opsec/sensitiveremotevshome/index.html | 1 + opsec/sensitivevm/index.html | 1 + opsec/steganography/index.html | 1 + opsec/steghide/index.html | 1 + opsec/stylometry/index.html | 3 + opsec/syncthinganon/index.html | 3 + opsec/tailsqemuvm/index.html | 2 + opsec/tor/bridge/index.html | 2 + opsec/tor/exit_node/index.html | 2 + opsec/tor/relay/index.html | 2 + opsec/torbrowsing/index.html | 85 ++++++++++- opsec/tornginxphpmysql/index.html | 1 + opsec/torthroughvpn/index.html | 2 + opsec/torvsvpns/index.html | 2 + opsec/torwebsite/index.html | 1 + opsec/veracrypt/index.html | 1 + opsec/vpnqemu/index.html | 3 +- opsec/whentorisblocked/index.html | 2 + opsec/whonixqemuvms/index.html | 2 + 69 files changed, 272 insertions(+), 112 deletions(-) diff --git a/opsec/anonaccess/index.html b/opsec/anonaccess/index.html index 83aab7f..2bbdbf5 100644 --- a/opsec/anonaccess/index.html +++ b/opsec/anonaccess/index.html @@ -61,7 +61,9 @@
Previous Page

nihilist@mainpc - 2024-05-02

-

Remote anonymous access setup (cockpit + ssh through tor)

+

Remote anonymous access setup (SSH through tor)

+ +

Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

@@ -88,16 +90,10 @@ HiddenServicePort 80 127.0.0.1:4443 

 [ mainpc ] [ /dev/pts/7 ] [~]
 → cat .ssh/config
-Host web-gw2024-dedi
-        User root
-        hostname 37.27.32.233
-        IdentityFile ~/.ssh/torified
-
 Host tortura
         User root
         hostname daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion
         IdentityFile ~/.ssh/torified
-        proxyCommand ncat --proxy 127.0.0.1:9050 --proxy-type socks5 %h %p
 
 Host datura
         User root
@@ -105,13 +101,13 @@ Host datura
         IdentityFile ~/.ssh/torified
-

Then connect to the host via SSH:

+

Then connect to the host by forcing SSH to go through tor, thanks to torsocks:


 [ mainpc ] [ /dev/pts/5 ] [~]
 → systemctl restart tor@default
 
 [ mainpc ] [ /dev/pts/5 ] [~]
-→ ssh tortura
+→ torsocks ssh tortura
 The authenticity of host 'daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion (<no hostip for proxy command>)' can't be established.
 ED25519 key fingerprint is SHA256:A0CFTeUixGoK96VenBQ7Z2U8kX5olDCqBvBNeJUfs6I.
 This host key is known by the following other names/addresses:
@@ -128,39 +124,18 @@ individual files in /usr/share/doc/*/copyright.
 Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
 permitted by applicable law.
 Last login: Thu May  2 14:47:23 2024 from 178.255.149.178
-
-[ Datura ] [ /dev/pts/11 ] [~]
-→
-

So that's how you do it if you cannot access the server via a public IP directly, but keep in mind that the latency is most likely unbearable due to the 6 hops circuit (since we're doing it via the .onion link, rather than connecting to the IP directly)

-

so you're probably better off just connecting to the IP directly but forcing the SSH connection through tor using torsocks, which greatly reduces the latency (3 hops instead of 6):

-

-[ mainpc ] [ /dev/pts/7 ] [~]
-→ torsocks ssh datura
-Enter passphrase for key '/home/nihilist/.ssh/torified':
-Linux Datura 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64
+
For instance, this is how you can access a server that is in an isolated LAN (such as in your home network), without requiring to port-forward anything.

 
-The programs included with the Debian GNU/Linux system are free software;
-the exact distribution terms for each program are described in the
-individual files in /usr/share/doc/*/copyright.
-
-Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
-permitted by applicable law.
-Last login: Thu May  2 15:48:08 2024 from 127.0.0.1
-
-[ Datura ] [ /dev/pts/12 ] [~]
-→ id
-uid=0(root) gid=0(root) groups=0(root)
-	
-
+

But keep in mind that the latency is going to be higher due to the 6 hops circuit (since we're doing it via the .onion link, rather than connecting to the IP directly). The length of the circuit is due to requiring to use the rendez-vous mechanism, since we're using the .onion domain.

-
+ -
- + + + --> diff --git a/opsec/anonclearnetservices/index.html b/opsec/anonclearnetservices/index.html index 11636cc..317f092 100644 --- a/opsec/anonclearnetservices/index.html +++ b/opsec/anonclearnetservices/index.html @@ -64,6 +64,7 @@

Where to host Anonymous Clearnet Services ?

In this tutorial we're going explain how you can have anonymous clearnet services, which can either remotely or self-hosted.

+

Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

diff --git a/opsec/anoncreditcard/index.html b/opsec/anoncreditcard/index.html index 624d6dc..8d4acb8 100644 --- a/opsec/anoncreditcard/index.html +++ b/opsec/anoncreditcard/index.html @@ -87,6 +87,8 @@ With the growing economy and increasingly aggressive marketing, every company is

  • Virtual Machine: Whonix or Tails

    • Every steps listed below are to be done via the Tor browser, in order to preserve our anonymity.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + diff --git a/opsec/anondomain/index.html b/opsec/anondomain/index.html index 7f9674e..e13f19c 100644 --- a/opsec/anondomain/index.html +++ b/opsec/anondomain/index.html @@ -72,6 +72,7 @@

  • Hypervisor: libvirtd QEMU/KVM

  • Virtual Machine: Linux or Whonix or Tails

    • +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/anonemail/index.html b/opsec/anonemail/index.html index f6c83d4..1fa7501 100644 --- a/opsec/anonemail/index.html +++ b/opsec/anonemail/index.html @@ -63,7 +63,8 @@ Previous Page

    XMRonly - 2024 / 10 / 16

    How to Get an Email Account Anonymously (Emails as a Service)

    -

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + diff --git a/opsec/anonprotest/index.html b/opsec/anonprotest/index.html index 890a2ce..596843f 100644 --- a/opsec/anonprotest/index.html +++ b/opsec/anonprotest/index.html @@ -83,6 +83,7 @@ protest without telling anyone for a few hours and you get back home proud that you showed your support to the people. However, the police bangs your door and arrests you for taking part in the protest.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/anonproxy/index.html b/opsec/anonproxy/index.html index b3ea553..c6b004f 100644 --- a/opsec/anonproxy/index.html +++ b/opsec/anonproxy/index.html @@ -83,6 +83,8 @@

  • Hypervisor: libvirtd QEMU/KVM (Or Qubes OS's Xen)

  • Virtual Machine:Whonix (that must be dedicated to the (you -> Tor -> residential proxy -> website) setup

    • +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + diff --git a/opsec/anonsimplex/index.html b/opsec/anonsimplex/index.html index 3437682..2fac1ac 100644 --- a/opsec/anonsimplex/index.html +++ b/opsec/anonsimplex/index.html @@ -41,6 +41,8 @@

    Anonymity - Easy Anonymous Chats Using SimpleX (and onion-only servers)

    In this tutorial we're going to see how to setup a chat application for Anonymous use. This is especially important in a world where mass-surveillance is nearly-omnipresent. It has become the end users' responsibility to uphold their privacy and anonymity while communicating online.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + diff --git a/opsec/anonsms/index.html b/opsec/anonsms/index.html index 25e2b64..df1c325 100644 --- a/opsec/anonsms/index.html +++ b/opsec/anonsms/index.html @@ -64,6 +64,8 @@

    How to Receive Anonymous SMSes (Remote SMSes as a Service)

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + diff --git a/opsec/anonuse/index.html b/opsec/anonuse/index.html index bca3608..e702cef 100644 --- a/opsec/anonuse/index.html +++ b/opsec/anonuse/index.html @@ -56,6 +56,8 @@ Previous Page

    nihilist@mainpc - 2024-08-14

    Why isn’t Privacy enough for Anonymous Use?

    In this post we are going to see why Privacy is not enough for Anonymous Use, and what can be done about it.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + diff --git a/opsec/anonymityexplained/index.html b/opsec/anonymityexplained/index.html index 99584d3..d74a5ba 100644 --- a/opsec/anonymityexplained/index.html +++ b/opsec/anonymityexplained/index.html @@ -62,6 +62,8 @@
    Previous Page

    nihilist@mainpc, zl - 2025-03-15

    What is Anonymity ? Why is it Important ?

    + +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    @@ -84,6 +86,7 @@

    DISCLAIMER: That Someone remains Anonymous UNTIL THEY MAKE ONE OPSEC MISTAKE !

    Keep in mind that maintaining Anonymity is a much stricter practice than that of maintaining Privacy, as you will see, more threat vectors come into the picture.

    + diff --git a/opsec/anonymousremoteserver/index.html b/opsec/anonymousremoteserver/index.html index 3e84460..987226c 100644 --- a/opsec/anonymousremoteserver/index.html +++ b/opsec/anonymousremoteserver/index.html @@ -65,6 +65,7 @@ +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/anonzulucrypt/index.html b/opsec/anonzulucrypt/index.html index 306be44..9e93609 100644 --- a/opsec/anonzulucrypt/index.html +++ b/opsec/anonzulucrypt/index.html @@ -66,6 +66,7 @@ One feature that sets zuluCrypt apart from other encryption tools is the ability to hide (small or large) files and folders within video files via the "Encrypted Container Hidden In Video/Cover File (Steganography)" option, leaving the video file fully functional and therefore acting as an ideal method of hiding important information in plain sight.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    zuluCrypt can be installed on multiple Linux distributions. For Debian-based distro's, simply use your favourite package manager or run the following apt command in the terminal:

    diff --git a/opsec/chainalysisattempts/index.html b/opsec/chainalysisattempts/index.html index 3e3f8da..d3cb4aa 100644 --- a/opsec/chainalysisattempts/index.html +++ b/opsec/chainalysisattempts/index.html @@ -63,6 +63,9 @@ Previous Page

    nihilist@mainpc - 2024-09-07

    Why can't I trust Centralised Exchanges, and random Monero nodes ?

    As of September 5, 2024 sech1 posted on monero.town the following post, which was a repost of the following reddit post talking about a leaked Chainalysis meeting video about what was their progress on tracing monero transactions back in August 2023. This is a great opportunity to highlight the opsec weaknesses they are targeting so let's dive into it.

    + +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + diff --git a/opsec/clearnetvsdarknet/index.html b/opsec/clearnetvsdarknet/index.html index abf5146..966ea9c 100644 --- a/opsec/clearnetvsdarknet/index.html +++ b/opsec/clearnetvsdarknet/index.html @@ -65,6 +65,8 @@

    In this tutorial we're going to explain the differences between the two, and explain why you should host your services on the Darknet rather than the Clearnet.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + diff --git a/opsec/cloud_provider_adversary/index.html b/opsec/cloud_provider_adversary/index.html index 4397a97..761dc22 100644 --- a/opsec/cloud_provider_adversary/index.html +++ b/opsec/cloud_provider_adversary/index.html @@ -89,6 +89,7 @@ in this post we are going to do a threat modelling exercise:


    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/contribute/index.html b/opsec/contribute/index.html index 0ab509e..8b2b59e 100644 --- a/opsec/contribute/index.html +++ b/opsec/contribute/index.html @@ -63,6 +63,7 @@ Previous Page

    nihilist@mainpc - 2024-10-06

    How to become a Contributor

    In this tutorial we're going to look at how you can contribute to the opsec blog, we'll look into how the work is being organized, and how to contribute via gitea.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    @@ -109,6 +110,7 @@ To be showcased:

    After discussing with me what task you want to do, we'll confirm on the price for that tutorial and after i get your confirmation i'll assign it to you, and that's when you can start to work on it.

    Disclaimer: if you're not used to writing technical stuff, please aim for the tutorials that are labeled as "Simple" and that you actually understand. Don't try to bite more than you can chew, otherwise i might refuse further contributions coming from you. You should be at least familliar with the topic you intend to talk about.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/darknetexploration/index.html b/opsec/darknetexploration/index.html index 5dd8088..d0715a2 100644 --- a/opsec/darknetexploration/index.html +++ b/opsec/darknetexploration/index.html @@ -65,6 +65,8 @@

    In this tutorial we're going to take a look at what are the differences between the clearnet and the darknet, and how you can explore the darknet using the lantern project.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + diff --git a/opsec/darknetlantern/index.html b/opsec/darknetlantern/index.html index e701ec5..1cbf55f 100644 --- a/opsec/darknetlantern/index.html +++ b/opsec/darknetlantern/index.html @@ -64,6 +64,8 @@

    How to run your own Darknet Lantern for Visibility and Discoverability

    In this tutorial we're going to first explain why the Darknet Lantern is important in the current Darknet context, we'll cover what it is made of, and then we'll cover how to spin up a Darknet Lantern instance, how to maintain one's list of onion links, and lastly we'll cover how to join the Darknet Webring.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + diff --git a/opsec/deniability/index.html b/opsec/deniability/index.html index b9b8981..f678ea1 100644 --- a/opsec/deniability/index.html +++ b/opsec/deniability/index.html @@ -63,6 +63,7 @@ Previous Page

    nihilist@mainpc - 2024-05-01

    What is Plausible Deniability ? Why is it Important ?

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/dns/index.html b/opsec/dns/index.html index d08d139..fdbec37 100644 --- a/opsec/dns/index.html +++ b/opsec/dns/index.html @@ -66,6 +66,7 @@

    In this tutorial we're going to take a look at how to setup DNS servers using bind9.

    Disclaimer: If you want this service to remain anonymous, make sure you at least keep TOR between you and the service from the VPS acquisition to actual service usage.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/endgame/index.html b/opsec/endgame/index.html index a705e28..e9256bf 100644 --- a/opsec/endgame/index.html +++ b/opsec/endgame/index.html @@ -71,6 +71,7 @@ This is the same system that anti-DDOS services like Cloudflare, Indusface, and

    Now we'll first cover how to have a single Endgame V3 front, to redirect to 2 onion backends, but keep in mind that there is very high latency involved here. The ideal setup as we'll see later, is to have local redirection behind the Endgame front. And we'll also make use of the onionbalance technology to setup multiple Endgame fronts for the same Master Onion!

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/failovers/index.html b/opsec/failovers/index.html index 0ef1217..acc8e63 100644 --- a/opsec/failovers/index.html +++ b/opsec/failovers/index.html @@ -68,6 +68,7 @@

    In this tutorial we'll look at the most fundamental part of both Disaster Recovery Planning and Business Continuity for home servers. We'll look at how to deal with power outages.

    For the Electrical Outages, we'll setup a UPS in between our homeserver and the main electrical input, so that in case of a power outage the home server can keep running for a while before finally shutting down. The UPS will then send a message to the Network UPS Tools suite to tell the server to shutdown when the batteries run low.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/finances/index.html b/opsec/finances/index.html index 765adf4..02cec9b 100644 --- a/opsec/finances/index.html +++ b/opsec/finances/index.html @@ -62,6 +62,8 @@
    Previous Page

    user@Whonix - 2024-04-26

    Why Financial decentralisation ?

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    +
    diff --git a/opsec/forgejo-anon/index.html b/opsec/forgejo-anon/index.html index 1be63a0..ef00ac6 100644 --- a/opsec/forgejo-anon/index.html +++ b/opsec/forgejo-anon/index.html @@ -74,6 +74,7 @@ Notes on why you should use Forgejo instead of Gitea:

    Disclaimer: If you are a developer working on projects that aim to reduce governmental control, such as working on privacy-cryptocurrency projects (ie Monero, Haveno, Crypto Mixers, etc), take some time to consider stopping maintaing/contributing to those projects under your public identity, and rather shift to maintaining those projects under an anonymous identity (which is the aim of the following Forgejo setup).

    You never know when your tyrannical government is going to snap and decide to make an example out of you, just like what happened to Tornado Cash. It is a matter of adapting your OPSEC to the intended internet use. Don't paint a target on your back and give any ammunition to the adversary, because they're going to shoot you with everything you give them (your IRL name, what you contributed on the project, taking things you said out of context, etc). Tyrants don't care, even if it they have to step on your freedom of speech (as that's what developing code is) to keep their control over the masses, they will do anything to keep their control intact.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/haveno-arbitrator/index.html b/opsec/haveno-arbitrator/index.html index 7d69943..9056d10 100644 --- a/opsec/haveno-arbitrator/index.html +++ b/opsec/haveno-arbitrator/index.html @@ -74,6 +74,8 @@

  • Application: Haveno DEX Setup

    • I recommend using this setup into one of the above mentionned VMs, either for Private use, or Anonymous use, as per the 4 basic OPSEC levels. (Note that Deanonymization will happen during the Fiat transaction, but it is minimized as you're revealing your identity to an other peer, rather than to a centralised exchange)

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + diff --git a/opsec/haveno-cashbymail/index.html b/opsec/haveno-cashbymail/index.html index ac122eb..21d4822 100644 --- a/opsec/haveno-cashbymail/index.html +++ b/opsec/haveno-cashbymail/index.html @@ -74,6 +74,8 @@

  • Application: Haveno DEX Setup

    • I recommend using this setup into one of the above mentionned VMs, either for Private use, or Anonymous use, as per the 4 basic OPSEC levels. (Note that Deanonymization will happen during the Fiat transaction, but it is minimized as you're revealing your identity to an other peer, rather than to a centralised exchange)

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + diff --git a/opsec/haveno-client-f2f/index.html b/opsec/haveno-client-f2f/index.html index 82f5ca0..119eca7 100644 --- a/opsec/haveno-client-f2f/index.html +++ b/opsec/haveno-client-f2f/index.html @@ -86,6 +86,9 @@

    I recommend using this setup into one of the above mentionned VMs, either for Private use, or Anonymous use, as per the 4 basic OPSEC levels. (Note that Deanonymization will happen during the Fiat transaction, but it is minimized as you're revealing your identity to an other peer, rather than to a centralised exchange)

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + + diff --git a/opsec/haveno-seednode/index.html b/opsec/haveno-seednode/index.html index 2b14f3a..1f5cf4f 100644 --- a/opsec/haveno-seednode/index.html +++ b/opsec/haveno-seednode/index.html @@ -65,6 +65,8 @@

    In this tutorial we're going to take a look at how you can contribute to an existing Haveno Network, by running a Seed Node, in order to make the Haveno Network of your choice more resillient to potential takedowns.

    Disclaimer: I am not running any seednodes for any Haveno Network, this is only to showcase how it works for whoever wants to run a seednode. Obviously you don't want to get the TornadoCash treatment by publicly announcing that you are helping with the infrastructure for an exchange with your public identity since this is potentially sensitive use. Therefore make sure you remain Anonymous (meaning you use a disposable identity) when saying that you are running a haveno seed node (see how to properly segment your internet uses here). See the explanation on where to host sensitive hidden services here.

    + +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/haveno-sepa/index.html b/opsec/haveno-sepa/index.html index 0d2cc8c..5881bd3 100644 --- a/opsec/haveno-sepa/index.html +++ b/opsec/haveno-sepa/index.html @@ -87,6 +87,8 @@ If you get banned from a physical bank, they may put your name on a fraud regist

  • Application: Haveno DEX Setup

    • I recommend using this setup into one of the above mentionned VMs, either for Private use, or Anonymous use, as per the 4 basic OPSEC levels. (Note that Deanonymization will happen during the Fiat transaction, but it is minimized as you're revealing your identity to an other peer, rather than to a centralised exchange)

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + diff --git a/opsec/hiddenservice/index.html b/opsec/hiddenservice/index.html index 8b75cfa..3bf623e 100644 --- a/opsec/hiddenservice/index.html +++ b/opsec/hiddenservice/index.html @@ -62,8 +62,9 @@
    Previous Page

    nihilist@mainpc - 2024-08-06

    Where to host Anonymous Hidden Services ?

    -

    In this tutorial we're going to look at how to host Anonymous Hidden Services.

    +

    In this tutorial we're going to look at where exactly you can host Hidden Services Anonymously.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/high_availability/index.html b/opsec/high_availability/index.html index 733104a..e8db8c5 100644 --- a/opsec/high_availability/index.html +++ b/opsec/high_availability/index.html @@ -73,6 +73,7 @@ When an adversary wants to collect information such as physical location behind Anonymity IS a requirement for deniability
    Being able to plausibly deny being the operator of, or a downstream service supplier to a hidden service is a significant boon to personal protection.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/i2ptorrents/index.html b/opsec/i2ptorrents/index.html index cfb5a5f..5250ee8 100644 --- a/opsec/i2ptorrents/index.html +++ b/opsec/i2ptorrents/index.html @@ -64,6 +64,8 @@

    Peer-to-Peer Large File Sharing (Torrents over I2P)

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + diff --git a/opsec/index.html b/opsec/index.html index 9699402..b0c1217 100644 --- a/opsec/index.html +++ b/opsec/index.html @@ -175,16 +175,16 @@

    📝 Explaining Anonymity

      -
    1. ✅ What is Anonymity ? Why is it Important ?
      2. -
    2. ✅ Why isn't Privacy enough for Anonymous use ?
      3. -
    3. ✅ Phone Numbers are incompatible with Anonymity
      4. +
    4. What is Anonymity ? Why is it Important ?
      5. +
    5. Why isn't Privacy enough for Anonymous use ?
      6. +
    6. Phone Numbers are incompatible with Anonymity
    7. ❌ Why is metadata detrimental to Anonymity ?
      8. -
    8. ✅ The main source of Anonymity: The Tor Network
      9. -
    9. ✅ How to use Tor Safely: (Tor + VPN combinations)
      10. -
    10. ✅ Why is the Darknet superior to the Clearnet ?
      11. -
    11. ✅ How to explore the Darknet? (Visibility and Discoverability)
      12. -
    12. ✅ How to run your own Darknet Lantern for Visibility and Discoverability
      13. +
    13. The main source of Anonymity: The Tor Network
      14. +
    14. 🚧 How to use Tor Safely: (Tor + VPN combinations)
      15. +
    15. Why is the Darknet superior to the Clearnet ?
      16. +
    16. How to explore the Darknet? (Visibility and Discoverability)
      17. +
    17. How to run your own Darknet Lantern for Visibility and Discoverability
    18. ❌ When should I use I2P instead of Tor ?

    @@ -192,53 +192,52 @@
    1. ❌ How to obtain Internet access anonymously
      2. -
    2. ✅ VMs for Long-term Anonymity (Whonix QEMU VMs)
      3. -
    3. ✅ Tor Web Browser setup
      4. -
    4. 🚧 How to use the Tor Browser on Mobile
      5. -
    5. ✅ How to Anonymously access websites that block Tor
      6. -
    6. ✅ How to Anonymous access websites that block Tor and VPNs
      7. -
    7. ✅ Easy Anonymous Chats - SimpleX (and onion-only servers)
      8. -
    8. ✅ How to Receive Anonymous SMSes (Remote SMSes as a Service)
      9. -
    9. ✅ How to Get an Email Account Anonymously (Emails as a Service)
      10. +
    10. VMs for Long-term Anonymity (Whonix QEMU VMs)
      11. +
    11. Tor Web Browser Setup (on Desktop and Mobile)
      12. +
    12. How to Anonymously access websites that block Tor
      13. +
    13. How to Anonymous access websites that block Tor and VPNs
      14. +
    14. 🚧 Easy Anonymous Chats - SimpleX (and onion-only servers)
      15. +
    15. How to Receive Anonymous SMSes (Remote SMSes as a Service)
      16. +
    16. How to Get an Email Account Anonymously (Emails as a Service)

    💻 Clientside - Censorship Evasion

      -
    1. ✅ How to access Tor when it is being blocked, using VPNs
      2. +
    2. How to access Tor when it is being blocked, using VPNs
    3. ❌ How to temporarily access Tor when VPNs are blocked, using Tor bridges
      4. -
    4. ✅ How to access Tor when VPNs are blocked, using v2ray
      5. +
    5. 🚧 How to access Tor when VPNs are blocked, using v2ray

    💻 Clientside - Fingerprinting Protection

      -
    1. ✅ Stylometry protection (Running a Local LLM and copy pasting messages)
      2. +
    2. Stylometry protection (Running a Local LLM and copy pasting messages)
    3. ❌ How to protect against fingerprinting (persona, text, files)

    💻 File Sharing

      -
    1. ✅ How to send small files Anonymously (Onionshare)
      2. -
    2. ✅ How to send large files using Syncthing over Tor
      3. -
    3. ✅ P2P large file sharing (Torrents over i2p?)
      4. +
    4. How to send small files Anonymously (Onionshare)
      5. +
    5. How to send large files using Syncthing over Tor
      6. +
    6. P2P large file sharing (Torrents over i2p?)

    💻 Clientside - Decentralized Finances ⭐

      -
    1. ✅ Why Financial decentralisation ? (Cryptocurrencies, Exchanges and KYC) ⭐
      2. -
    2. ✅ How to setup a Monero Wallet
      3. -
    3. ✅ Why can't I trust Centralised Exchanges, and random Monero nodes ?
      4. +
    4. Why Financial decentralisation ? (Cryptocurrencies, Exchanges and KYC) ⭐
      5. +
    5. How to setup a Monero Wallet
      6. +
    6. Why can't I trust Centralised Exchanges, and random Monero nodes ?
    7. ❌ How to get your first Monero ? (xmrbazaar.com, crypto swaps, p2p chats, or work)
      8. -
    8. ✅ Haveno Decentralised Exchange direct Fiat -> XMR transaction ⭐
      9. -
    9. ✅ Haveno DEX Dispute resolution (Fiat -> XMR)
      10. -
    10. ✅ Haveno DEX Bank Transfer (ex: SEPA) -> XMR transaction
      11. -
    11. ✅ Haveno DEX Cash By Mail -> XMR transaction ⭐
      12. +
    12. Haveno Decentralised Exchange direct Fiat -> XMR transaction ⭐
      13. +
    13. Haveno DEX Dispute resolution (Fiat -> XMR)
      14. +
    14. Haveno DEX Bank Transfer (ex: SEPA) -> XMR transaction
      15. +
    15. Haveno DEX Cash By Mail -> XMR transaction ⭐
    16. ❌ Convert Monero into other Cryptos Anonymously (XMR -> BTC w/ BasicSwap DEX)
      17. -
    17. ✅ How to get a credit card anonymously (Credit cards as a service)
      18. -
    18. ✅ Monero Inheritence Management (VaultWarden Emergency Contacts)
      19. +
    19. How to get a credit card anonymously (Credit cards as a service)
      20. +
    20. Monero Inheritence Management (VaultWarden Emergency Contacts)

    @@ -246,42 +245,42 @@

    🧅 Serverside - Contributing to Anonymity

      -
    1. ✅ Tor Node
      2. -
    2. ✅ Tor Bridge Node
      3. -
    3. ✅ Tor Exit Node
      4. -
    4. ✅ Monero Node
      5. -
    5. ✅ Monero Mining with p2pool (help validate the network)
      6. -
    6. ✅ Haveno Seed Node
      7. +
    7. 🚧 Tor Node
      8. +
    8. Tor Bridge Node
      9. +
    9. Tor Exit Node
      10. +
    10. Monero Node
      11. +
    11. Monero Mining with p2pool (help validate the network)
      12. +
    12. Haveno Seed Node
    13. ❌ Haveno DEX Network

    🧅 Serverside - Anonymous Hidden Services

      -
    1. ✅ Where to host Anonymous Hidden Services ?
      2. -
    2. ✅ How to rent remote servers anonymously (Cloud resellers) ⭐
      3. -
    3. ✅ Hidden Service with custom .onion domain Vanity V3 address
      4. +
    4. Where to host Anonymous Hidden Services ?
      5. +
    5. How to rent remote servers anonymously (Cloud resellers) ⭐
      6. +
    6. Hidden Service with custom .onion domain Vanity V3 address
    7. ❌ How to Verify one's Identity while maintaining Anonymity using PGP canaries ?
      8. -
    8. ✅ Forgejo .onion Setup (Anonymous Code Repositories and Collaboration)
      9. -
    9. ✅ Nextcloud .onion Setup (Anonymous File Hosting)
      10. +
    10. Forgejo .onion Setup (Anonymous Code Repositories and Collaboration)
      11. +
    11. Nextcloud .onion Setup (Anonymous File Hosting)
    12. ❌ How to setup Nerostr (Nostr blogging)
    13. ❌ How to monitor your servers Anonymously


    🧅 Serverside - Anonymous Clearnet Services

      -
    1. ✅ Where to host Anonymous Clearnet Services ?
      2. -
    2. ✅ How to rent Clearnet domains anonymously (Registrar resellers) ⭐
      3. -
    3. ✅ Remote anonymous access setup (cockpit + ssh through tor)
      4. -
    4. ✅ Clearnet Bind9 DNS server setup (with DNSSEC)
      5. -
    5. ✅ Anonymous (remote or self-hosted) Clearnet Mail Server ⭐
      6. +
    6. Where to host Anonymous Clearnet Services ?
      7. +
    7. How to rent Clearnet domains anonymously (Registrar resellers) ⭐
      8. +
    8. Remote anonymous access setup (SSH through tor)
      9. +
    9. 🚧 Clearnet Bind9 DNS server setup (with DNSSEC)
      10. +
    10. Anonymous (remote or self-hosted) Clearnet Mail Server ⭐


    ⚠️ Miscellaneous - In real life

    1. ❌ How to send a mail package anonymously
    2. ❌ How to recieve a mail package anonymously
      3. -
    3. ✅ How to remain Anonymous during a protest
      4. +
    4. How to remain Anonymous during a protest

    @@ -305,23 +304,23 @@

    📝 Explaining Plausible Deniability

      -
    1. ✅ What is Plausible Deniability ? Why is it Important ?
      2. -
    2. ✅ Why isn't Anonymity enough for Sensitive use ?
      3. +
    3. What is Plausible Deniability ? Why is it Important ?
      4. +
    4. Why isn't Anonymity enough for Sensitive use ?

    💻 Clientside - Getting Started

      -
    1. ✅ Tails OS for Easy Temporary Sensitive Use
      2. -
    2. ✅ Using the Host-OS in live-mode to enable Sensitive Use
      3. -
    3. ✅ The main source of Plausible Deniability: Deniable Encryption
      4. -
    4. ✅ Sensitive use VMs Setup (Whonix VMs in a Veracrypt Hidden Volume)⭐
      5. -
    5. 🚧 Plausibly Deniable Critical Data Backups
      6. +
    6. Tails OS for Easy Temporary Sensitive Use
      7. +
    7. 🚧 Using the Host-OS in live-mode to enable Sensitive Use
      8. +
    8. 🚧 The main source of Plausible Deniability: Deniable Encryption
      9. +
    9. 🚧 Sensitive use VMs Setup (Whonix VMs in a Veracrypt Hidden Volume)⭐
      10. +
    10. 🚧 Plausibly Deniable Critical Data Backups

    💻 Steganography - Hiding secrets in plain sight

      -
    1. ✅ Other sources of Plausible Deniability: Steganography Introduction
      2. -
    2. ✅ Hiding files in images with Steghide
      3. -
    3. ✅ Hiding entire zipfiles into videofiles files (zulucrypt)
      4. +
    4. Other sources of Plausible Deniability: Steganography Introduction
      5. +
    5. Hiding files in images with Steghide
      6. +
    6. Hiding entire zipfiles into videofiles files (zulucrypt)

    💻 Decentralised Finances

    @@ -335,14 +334,14 @@

    🧅 Serverside - Plausible Deniability at Home (⚠️ Self Hosting = Risky!)

    1. ❌ Host OS WAN Failover Configuration
      2. -
    2. ✅ Electrical Failover (basic UPS setup)
      3. +
    3. Electrical Failover (basic UPS setup)
    4. ❌ Isolating on-premise hidden services (VM-based restrictive networking)
      5. -
    5. 🚧 Deniable Encryption Protection Automation
      6. +
    6. 🚧 Deniable Encryption Protection Automation

    🧅 Serverside - Remote Plausible Deniability (⚠️ Remote Hosting = Safer!)

      -
    1. 🚧 Sensitive Services: Self-Host or Host Remotely ?
      2. -
    2. ✅ When the Adversary is the cloud provider himself
      3. +
    3. 🚧 Sensitive Services: Self-Host or Host Remotely ?
      4. +
    4. When the Adversary is the cloud provider himself
    5. ❌ Sensitive remote servers organisation
    6. ✅ Anonymous Servers Monitoring
    7. ❌ Protecting against cold boot attacks, encrypting RAM with no Hardware access
      8. @@ -355,11 +354,11 @@

      🧅 Serverside - High Availability for Deniability (⚠️ Remote Hosting = Safer!)

        -
      1. ✅ Why is High Availability Important for Deniability ?
        2. -
      2. ✅ How to setup a basic NGINX / PHP / MySQL app
        3. -
      3. ✅ How to setup a MySQL Master-Master replication over Tor
        4. -
      4. ✅ OnionBalance for .onion domains load balancing
        5. -
      5. 🚧 Endgame V3 (.onion service Anti DDOS / Load Balancer / WAF + Captcha) ⭐
        6. +
      6. Why is High Availability Important for Deniability ?
        7. +
      7. How to setup a basic NGINX / PHP / MySQL app
        8. +
      8. How to setup a MySQL Master-Master replication over Tor
        9. +
      9. OnionBalance for .onion domains load balancing
        10. +
      10. 🚧 Endgame V3 (.onion service Anti DDOS / Load Balancer / WAF + Captcha) ⭐

      @@ -404,11 +403,11 @@

      Contributing to the Project

      1. ❌ How to become a Moderator
        2. -
      2. ✅ How to become a Contributor
        3. -
      3. ✅ The Quality Standard
        4. -
      4. ✅ How to become a Maintainer
        5. +
      5. How to become a Contributor
        6. +
      6. The Quality Standard
        7. +
      7. How to become a Maintainer
      8. ❌ How to become an Administrator
        9. -
      9. ✅ How to run the blog yourself
        10. +
      10. How to run the blog yourself

      diff --git a/opsec/livemode/index.html b/opsec/livemode/index.html index c28e40a..78852d9 100644 --- a/opsec/livemode/index.html +++ b/opsec/livemode/index.html @@ -71,6 +71,7 @@

    8. Host OS: Linux

    9. Hypervisor: QEMU/KVM

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/mailprivate/index.html b/opsec/mailprivate/index.html index a49be40..3b23fc4 100644 --- a/opsec/mailprivate/index.html +++ b/opsec/mailprivate/index.html @@ -66,6 +66,7 @@

    In this tutorial we will setup a local mail server (to be able to keep control of our data), we will make it available publicly (so that it can communicate with other mail servers), but we'll make it go through TOR to guarantee Anonymity.

    Note that this setup involves self-hosting, which I do not recommend if the service is supposed to be sensitive. If this is an issue for you, just install it on a non-KYC remote VPS and skip the port-forwarding part if you don't want to host it at your house.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/maintainers/index.html b/opsec/maintainers/index.html index 562aca4..40ddffd 100644 --- a/opsec/maintainers/index.html +++ b/opsec/maintainers/index.html @@ -64,6 +64,7 @@

    How to become a Maintainer

    Becoming a Maintainer is the next step to contribute to the Opsec blog and Darknet Lantern projects, where you get to assist the other contributors contribute just like you did. The requirement is simple: You should have contributed at least 3 times, having submitted contributions that were already nearly finished (95%) in one go. If you are still submitting contributions that are 75% finished in one go, you are not ready to become a maintainer yet, maintainers are supposed to know the quality standard perfectly, to be able to enforce it when doing contribution reviews, therefore i expect that they show that they understand it.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/monero2024/index.html b/opsec/monero2024/index.html index a7d20d2..6fc4574 100644 --- a/opsec/monero2024/index.html +++ b/opsec/monero2024/index.html @@ -72,6 +72,8 @@

  • Virtual Machine: Linux or Whonix or Tails

    • I recommend using this setup into one of the above mentioned VMs, either for Private use, or Anonymous use, as per the 4 basic OPSEC levels.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + diff --git a/opsec/monero2024/node.html b/opsec/monero2024/node.html index 10bcf6e..2714555 100644 --- a/opsec/monero2024/node.html +++ b/opsec/monero2024/node.html @@ -64,6 +64,7 @@

    Monero Node Setup

    In this tutorial we're going to take a look at how to setup a monero node

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/moneroinheritance/index.html b/opsec/moneroinheritance/index.html index 3900adb..54f805a 100644 --- a/opsec/moneroinheritance/index.html +++ b/opsec/moneroinheritance/index.html @@ -63,6 +63,8 @@ Previous Page

    XMRONLY - 2025 / 01 / 29

    Monero Inheritence Management (VaultWarden Emergency Contacts)

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + diff --git a/opsec/monerop2pool/index.html b/opsec/monerop2pool/index.html index 39979b0..7c88943 100644 --- a/opsec/monerop2pool/index.html +++ b/opsec/monerop2pool/index.html @@ -69,6 +69,7 @@
    Figure 4.7 from Mastering Monero
    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/mysqlmastermaster/index.html b/opsec/mysqlmastermaster/index.html index edf392a..ae746bc 100644 --- a/opsec/mysqlmastermaster/index.html +++ b/opsec/mysqlmastermaster/index.html @@ -104,6 +104,7 @@ With the influx of new users placing orders, you might want to consider high ava

    In this guide, we will configure MySQL Master-Master replication over Tor. In this configuration, each database acts as both Master and Slave, automatically replicating queries between them via a Tor connection.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/nextcloud/index.html b/opsec/nextcloud/index.html index 782e3cb..ef17a07 100644 --- a/opsec/nextcloud/index.html +++ b/opsec/nextcloud/index.html @@ -68,6 +68,7 @@

    Nextcloud is an indispensable tool for productivity, as you're going to see:

    What we are trying to achieve here, is a setup where we can have a single folder synchronized on multiple devices, so that any change done from any of those devices, to that same folder, gets to be automatically shared and synchronized accross all of the other devices aswell. And of course, we're going to achieve that while maintaining our anonymity, by routing all traffic through Tor.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/onionbalancelb/index.html b/opsec/onionbalancelb/index.html index 114d746..d054091 100644 --- a/opsec/onionbalancelb/index.html +++ b/opsec/onionbalancelb/index.html @@ -63,7 +63,7 @@ Previous Page

    oxeo0 - 2025 / 02 / 26

    OnionBalance for .onion domains load balancing

    -

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/onionshare/index.html b/opsec/onionshare/index.html index 222c031..0605371 100644 --- a/opsec/onionshare/index.html +++ b/opsec/onionshare/index.html @@ -66,6 +66,9 @@ +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + +

    OnionShare can easily be installed on various Linux distributions (by following the offical instructions at https://onionshare.org/#download). For Debian-based distro's (including Whonix), simply run the following apt command in a terminal:

    
diff --git a/opsec/phonenumbers/index.html b/opsec/phonenumbers/index.html
index 6f77d2d..02476b0 100644
--- a/opsec/phonenumbers/index.html
+++ b/opsec/phonenumbers/index.html
@@ -62,6 +62,8 @@
 				
    
   					Previous Page

     user@Whonix - 2024-05-26
    
 
    Phone Numbers are incompatible with Anonymity
    
+
     Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!
    
+
           
 	       
    
 			
diff --git a/opsec/physicalsecurity/index.html b/opsec/physicalsecurity/index.html
index d77d856..f77b95f 100644
--- a/opsec/physicalsecurity/index.html
+++ b/opsec/physicalsecurity/index.html
@@ -76,6 +76,7 @@
 
 
    Let's take all those threat vectors into account, and setup our homeserver with the following physical security setup:
    
 
+
     Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!
    
           
 	       
 			
diff --git a/opsec/plausiblydeniabledataprotection/index.html b/opsec/plausiblydeniabledataprotection/index.html
index f286ff4..e0439ca 100644
--- a/opsec/plausiblydeniabledataprotection/index.html
+++ b/opsec/plausiblydeniabledataprotection/index.html
@@ -72,6 +72,7 @@ regarding wear leveling:
 "Also as mentioned earlier, disabling Trim will reduce the lifetime of your SSD drive and will significantly impact its performance over time (your laptop will become slower and slower over several months of use until it becomes almost unusable, you will then have to clean the drive and re-install everything). But you must do it to prevent data leaks that could allow forensics to defeat your plausible deniability. The only way around this at the moment is to have a laptop with a classic HDD drive instead."
    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/qualitystandard/index.html b/opsec/qualitystandard/index.html index 359ba8d..beca9f8 100644 --- a/opsec/qualitystandard/index.html +++ b/opsec/qualitystandard/index.html @@ -63,6 +63,7 @@ Previous Page

    nihilist@mainpc - 2025-03-22

    The Quality Standard

    In this tutorial we're going to look at what the quality standard is, to be able to submit good quality tutorials to the blog. We do not consider tutorials that don't follow that standard to be acceptable.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/runtheblog/index.html b/opsec/runtheblog/index.html index 86d5574..0852c06 100644 --- a/opsec/runtheblog/index.html +++ b/opsec/runtheblog/index.html @@ -79,6 +79,7 @@

    The reason behind this stems from Sum Nihil, where i strongly believe that it doesn't matter who does the work, who gets the fame, who gets to profit off of it, what truly matters is that the work gets done, no matter who does it.

    Here, the work is to make sure that everyone out there knows that when using the right technology in the right way, they cannot be oppressed, silenced, censored, controlled, and governed anymore. If you can help me reach that goal i'm definitely going to welcome it, even if it means to allow other people to run the blog.

    The entire blog is meant to remain available for free, for everyone, over clearnet and over the Tor network. Ideally i'd like it to be resillient to takedowns in the case if something were to happen to me in the future. Therefore, the more people run the blog themselves, the more resillient it will become, and the farther the word will be able to go out there.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/sensitiveremotevshome/index.html b/opsec/sensitiveremotevshome/index.html index 52abcb7..bfe1ea9 100644 --- a/opsec/sensitiveremotevshome/index.html +++ b/opsec/sensitiveremotevshome/index.html @@ -81,6 +81,7 @@

  • Making sure you can't be traced back as the owner/administrator of the server

    • Out of those requirements, we have 2 possibilities as to where you can run a sensitive service.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/sensitivevm/index.html b/opsec/sensitivevm/index.html index c478cc7..df629fc 100644 --- a/opsec/sensitivevm/index.html +++ b/opsec/sensitivevm/index.html @@ -75,6 +75,7 @@

  • Harddrive (HDD): 500GB and encrypted with Veracrypt (with a 250Gb Hidden Volume)

  • Virtual Machine:Whonix

    • +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/steganography/index.html b/opsec/steganography/index.html index 27a946f..b03ccdd 100644 --- a/opsec/steganography/index.html +++ b/opsec/steganography/index.html @@ -64,6 +64,7 @@

    Other sources of Plausible Deniability: Steganography

    Steganography is the craft of hiding messages. It is a close relative of cryptography, but where cryptography strives to conceal the contents of a messages, steganography attempts to conceal its presence. Therefore steganography helps avoiding suspicion and providing deniability.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/steghide/index.html b/opsec/steghide/index.html index efc4c52..240c322 100644 --- a/opsec/steghide/index.html +++ b/opsec/steghide/index.html @@ -63,6 +63,7 @@

    Hiding files in images with steghide

    Previous Page

    Zesc - 2024-08-30

    steghide is a mature GPL-licensed CLI tool for hiding arbitrary data inside of of image files (and some archaic audio formats). Its official web presence is located at https://steghide.sourceforge.net/. it conceals data inside a larger coverfile in a way that is indistinguishable to first-order statistical analysis. This means there is are anomalies in the file histogram, making most pictures innocuous without having the original image to compare it to.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/stylometry/index.html b/opsec/stylometry/index.html index 9b7261e..b85658d 100644 --- a/opsec/stylometry/index.html +++ b/opsec/stylometry/index.html @@ -72,7 +72,10 @@

  • Virtual Machine: Linux or Whonix or Tails

    • +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + + diff --git a/opsec/syncthinganon/index.html b/opsec/syncthinganon/index.html index 45aa27a..01c126f 100644 --- a/opsec/syncthinganon/index.html +++ b/opsec/syncthinganon/index.html @@ -82,6 +82,9 @@ It is highly recommended to use whonix for this setup, because there are always

    + +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + diff --git a/opsec/tailsqemuvm/index.html b/opsec/tailsqemuvm/index.html index 83878fb..8a8fe6c 100644 --- a/opsec/tailsqemuvm/index.html +++ b/opsec/tailsqemuvm/index.html @@ -75,6 +75,8 @@

    I recommend using this setup for Anonymous use if you store anything into the persistent storage, or for short-term Sensitive use if you are not storing anything sensitive in the persistent storage, as per the 4 basic OPSEC levels.

    + +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/tor/bridge/index.html b/opsec/tor/bridge/index.html index 09aee3c..63a1261 100644 --- a/opsec/tor/bridge/index.html +++ b/opsec/tor/bridge/index.html @@ -64,6 +64,8 @@

    TOR Bridge (November 2024 update)

    Before we start, you will need a Debian VPS (you can get one on digitalocean for example), if you prefer to use your own self hosted server, make sure that port 80 and 443 are correctly port forwarded so that the public ip points to the server and not the router. Once that's done, go and ssh into your Debian server.

    + +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/tor/exit_node/index.html b/opsec/tor/exit_node/index.html index 22a8447..d73393f 100644 --- a/opsec/tor/exit_node/index.html +++ b/opsec/tor/exit_node/index.html @@ -81,6 +81,8 @@ If you are still motivated to get your own exit node, keep the phone number of a

    Disclaimer: Do not host your Tor node in Germany, Netherlands or in the US, as there are already too many nodes in those countries. Try to run your own Tor nodes in countries that have the least nodes preferably, as this will help keeping the Tor network decentralized.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + diff --git a/opsec/tor/relay/index.html b/opsec/tor/relay/index.html index 0a553ec..376b8cb 100644 --- a/opsec/tor/relay/index.html +++ b/opsec/tor/relay/index.html @@ -70,6 +70,8 @@

    Now regarding the choice of location for the server, in order to make sure that Tor remains decentralised, make sure that you are picking a country that doesn't have many tor nodes (see the bubbles graph):

    Disclaimer: Do not host your Tor node in Germany, Netherlands or in the US, as there are already too many nodes in those countries. Try to run your own Tor nodes in countries that have the least nodes preferably, as this will help keeping the Tor network decentralized.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + diff --git a/opsec/torbrowsing/index.html b/opsec/torbrowsing/index.html index ebd48ea..68b18c7 100644 --- a/opsec/torbrowsing/index.html +++ b/opsec/torbrowsing/index.html @@ -73,6 +73,8 @@

  • Application: VPN (if your ISP doesn't allow Tor traffic)

    • I recommend using this setup into one of the above mentioned VMs, for Anonymous use, as per the 4 basic OPSEC levels.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + @@ -85,7 +87,7 @@
    -

    Initial Setup

    +

    Setting up the Tor Browser on your Desktop

    If you have a regular debian distribution, do as follows to install the tor browser:

    
 [ mainpc ] [ /dev/pts/5 ] [~]
@@ -240,6 +242,87 @@ extraction percent done: 100 / 100
    + + +
    +
    +
    +
    +

    Setting up the Tor Browser on your Mobile

    +

    OPSEC Recommendations:

    +
      +

    • Hardware: Google Pixel

      • +

    • Host OS: Graphene OS

      • +

    • Configuration: Can be set in the Private or Anonymous Profile

      • +
    +

    +

    Initial Download and Setup

    +

    You can download Tor Browser for Android from F-Droid (as we want to maintain the open source requirement), using the Guardian Repository, or the apk directly from the official Tor website. Please do not download it from any other source. There have been malicious versions passed around on social media in the past.

    + + + + + + + + + + + + + +

    Note: To download from F-Droid you will have to enable Guardian Project Repositories under settings → My Apps → Guardian Project (guardianproject.info/fdroid/repo)

    + +

    When you open the Tor app for the first time you will be greeted with this screen:

    +

    + +

    +

    We'll do some slight configuration changes, starting with the automatic connection and then open settings: +toggle auto → settings +

    + +

    +

    In settings, scroll down to Privacy and security. Open Security Level:

    + +

    + +

    +

    Choose Safest for maximum security

    + +

    +

    Additionally in settings you can choose the Default search engine and to use (.onion) sites if you prefer.

    + +

    +

    And you are done, you should now be at the start page:

    +

    + +

    +

    If your connection is being censored or you are unable to connect to the Tor network then you may have to configure a bridge. Choose “Config Bridge” on the opening screen or under settings:

    +

    + +

    +

    Toggle “Use a Bridge” to open up three options: "obfs4", "meek-azure", and "snowflake".

    +
      +

    1. Obfs4 is a pluggable transport that makes Tor traffic look random and also prevents censors from finding bridges by Internet scanning.

      2. +

    2. Meek-Azure is a pluggable transport that makes it look like you are browsing a Microsoft web site instead of using Tor.

      3. +

    3. Snowflake involves a large number of volunteer proxies, which also makes them hard to pin point and prevents the blocking of proxy IP addresses.

      4. +
    +

    Additionally you can provide a trusted bridge to use if you know one.

    +

    +

    Closing:

    +
      +

    1. Orfox is a sunsetted privacy focused web browser based on Tor. It is no longer maintained and is not recommended.

      2. +

    2. Orbot is a proxy app that allows other apps on your device to encrypt your internet traffic through Tor. After installing Orbot go to Choose apps under settings in order to route the apps of your choice through Tor.

      3. +

    3. Currently there is no official Tor browser available for iOS on iPhone. Using Orbot with the open source Onion Browser is better than nothing but does not have the same privacy protections as Tor Browser. Use at your own risk.

      4. +
    + + + +
    +
    +
    +
    +
    diff --git a/opsec/tornginxphpmysql/index.html b/opsec/tornginxphpmysql/index.html index a47a75c..7ff798a 100644 --- a/opsec/tornginxphpmysql/index.html +++ b/opsec/tornginxphpmysql/index.html @@ -85,6 +85,7 @@ Today, many websites use JavaScript to fetch and store data via APIs, dynamicall

    The main drawback of this approach is that website content can only be updated by reloading the page since each page is server-side rendered using a PHP interpreter.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/torthroughvpn/index.html b/opsec/torthroughvpn/index.html index 4c668d7..b86c289 100644 --- a/opsec/torthroughvpn/index.html +++ b/opsec/torthroughvpn/index.html @@ -76,6 +76,8 @@

    Using Tor means you are employing Decentralisation, by using it you are placing your trust into 3 random entities (which can be individuals, companies or adversaries), in 3 different legislations (due to being in 3 different countries), rather than in one centralized entity, hence providing Anonymity on the IP layer.

    There is always a low probability of risk, where if you are unlucky and tor circuits go through 3 nodes that are hosted by the same malicious entity, leading to deanonymization.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    +
    diff --git a/opsec/torvsvpns/index.html b/opsec/torvsvpns/index.html index 9863ee0..f9ba856 100644 --- a/opsec/torvsvpns/index.html +++ b/opsec/torvsvpns/index.html @@ -63,6 +63,8 @@ Previous Page

    nihilist@mainpc - 2024-04-30

    The main source of Anonymity: The Tor Network

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + diff --git a/opsec/torwebsite/index.html b/opsec/torwebsite/index.html index 421d846..a64bd75 100644 --- a/opsec/torwebsite/index.html +++ b/opsec/torwebsite/index.html @@ -64,6 +64,7 @@

    Hidden Service with custom .onion Vanity V3 address

    In this tutorial we'll setup a Hidden Service with custom .onion Vanity V3 address, we'll set it up using nginx and Tor.

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/veracrypt/index.html b/opsec/veracrypt/index.html index 98a1c09..cb8952f 100644 --- a/opsec/veracrypt/index.html +++ b/opsec/veracrypt/index.html @@ -85,6 +85,7 @@ regarding wear leveling:

  • Packages: grub-live and ram-wipe

    • +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    diff --git a/opsec/vpnqemu/index.html b/opsec/vpnqemu/index.html index 4a29aed..86318fe 100644 --- a/opsec/vpnqemu/index.html +++ b/opsec/vpnqemu/index.html @@ -62,7 +62,8 @@
    Previous Page

    nihilist@mainpc - 2024-08-08

    Route QEMU VMs through a Host OS VPN

    -

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    +
    diff --git a/opsec/whentorisblocked/index.html b/opsec/whentorisblocked/index.html index 93e18d7..82a74c7 100644 --- a/opsec/whentorisblocked/index.html +++ b/opsec/whentorisblocked/index.html @@ -83,6 +83,8 @@

    I recommend using this setup into one of the above mentioned VMs, for Anonymous use, as per the 4 basic OPSEC levels.

    Sidenote: If your ISP does not allow Tor traffic, make sure that you route the QEMU VMs traffic through a VPN, to hide the tor traffic from your ISP (You -> VPN -> Tor) Setup

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    + diff --git a/opsec/whonixqemuvms/index.html b/opsec/whonixqemuvms/index.html index f5483df..5d71d59 100644 --- a/opsec/whonixqemuvms/index.html +++ b/opsec/whonixqemuvms/index.html @@ -75,6 +75,8 @@

    I recommend using this setup into one of the above mentioned VMs, for Anonymous use, as per the 4 basic OPSEC levels.

    Sidenote: If your ISP does not allow Tor traffic, make sure that you route the QEMU VMs traffic through a VPN, to hide the tor traffic from your ISP (You -> VPN -> Tor) Setup

    +

    Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!

    +