simplified the monitoring tutorial

2025-07-02 11:56:40 +00:00 · 2025-04-27 18:36:18 +02:00 · 2025-04-27 18:36:18 +02:00 · 68196c4d47
commit 68196c4d47
parent 055249d719
31 changed files with 1917 additions and 305 deletions
--- a/graphs/.$monitoring.drawio.bkp
+++ b/graphs/.$monitoring.drawio.bkp
--- a/graphs/monitoring.drawio
+++ b/graphs/monitoring.drawio
--- a/opsec/anonymous_server_monitoring.old/add_datasource.png
+++ b/opsec/anonymous_server_monitoring.old/add_datasource.png
--- a/opsec/anonymous_server_monitoring.old/architecture.dia
+++ b/opsec/anonymous_server_monitoring.old/architecture.dia
--- a/opsec/anonymous_server_monitoring.old/architecture.png
+++ b/opsec/anonymous_server_monitoring.old/architecture.png
--- a/opsec/anonymous_server_monitoring.old/datasource_config.png
+++ b/opsec/anonymous_server_monitoring.old/datasource_config.png
--- a/opsec/anonymous_server_monitoring.old/example_dashboard.png
+++ b/opsec/anonymous_server_monitoring.old/example_dashboard.png
--- a/opsec/anonymous_server_monitoring.old/glances.png
+++ b/opsec/anonymous_server_monitoring.old/glances.png
--- a/opsec/anonymous_server_monitoring.old/grafana_login.png
+++ b/opsec/anonymous_server_monitoring.old/grafana_login.png
--- a/opsec/anonymous_server_monitoring.old/index.html
+++ b/opsec/anonymous_server_monitoring.old/index.html
@ -0,0 +1,423 @@
 <!DOCTYPE html>
 <html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="Cloud provider threat model">
    <meta name="author" content="MulliganSecurity">
    <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
    <title>Anonymous Server Monitoring</title>
    <!-- Bootstrap core CSS -->
    <link href="../../assets/css/bootstrap.css" rel="stylesheet">
 	<link href="../../assets/css/xt256.css" rel="stylesheet">
    <!-- Custom styles for this template -->
    <link href="../../assets/css/main.css" rel="stylesheet">
    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
    <!--[if lt IE 9]>
      <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
      <script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
    <![endif]-->
  </head>
  <body>
    <!-- Static navbar -->
    <div class="navbar navbar-inverse-anon navbar-static-top">
      <div class="container">
        <div class="navbar-header">
          <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
          </button>
          <a class="navbar-brand-anon" href="\index.html">The Nihilism Opsec Blog</a>
        </div>
        <div class="navbar-collapse collapse">
          <ul class="nav navbar-nav navbar-right">
            <li><a  href="/about.html">About</a></li>
            <li><a  href="/blog.html">Categories</a></li>
            <li><a  href="/contact.html">Contact</a></li>
          </ul>
        </div><!--/.nav-collapse -->
      </div>
    </div>
 	<!-- +++++ Posts Lists +++++ -->
 	<!-- +++++ First Post +++++ -->
 	<div id="anon1">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/mulligan_sec.jpeg" width="50px" height="50px"> <ba>Mulligan Security - 2025-02-07 </a></p>
                    <p>
                    <h1><b>Anonymous Server Monitoring</b></h1>
                    <h2>What is server monitoring?</h2>
                    When deploying compute resources (bare-metal, VPSes or more abstract work units) you will have to manage a living system. This system will <b>always</b> have the following characteristics:
                    <ul>
                        <li>Limited ressources: the amounts of RAM and CPU cycles, network bandwidth as well as storage space are neither infinite nor free.</li>
                        <li>Evolving requirements: depending on how you use your services, how many concurrent users you have you might need more or less ressources than what you initially purchased </li>
                        <li>Nominal operating parameters: range of RAM and CPU use, temperatures and so on in which your service performs as expected </li>
                    </ul>
                    <br><br>
                    The first item is fixed and only linked to your financial constraints. The other two are constantly evolving and thus must be <b>monitored</b>.
                    <h2>How do I do it?</h2>
                    How you monitor your systems can vary based on your technical requirements. It can be as simple as logging in once a week, check the output of some diagnostic command and calling it a day. <br>
                    This will give you a snapshot but you will miss a lot of important information.
                    <br><br>
                    You can also set up a complicated system that reports current metrics, trends and gives you capacity planning alerts
                    based on the data obtained!
                    You will have to find the middle-ground yourself, this article will propose one that you can tweak whichever way you need.
                    <h2>Risks of doing it improperly</h2>
                    Accessing your server for monitoring purposes is, from a risk perspective, pretty much the same as doing any other administration task or interacting with the services hosted therein. If done improperly (say logging in over the clearweb from your home address) you've just given anyone looking an undeniable link between your overt identity and your clandestine activities. (which should never happen since you're supposed to <a href="../internetsegmentation/index.html">segment your internet uses</a>)<br><br>
                    A <b>fail-closed</b> system is what you should strive for: opsec best practices should be the default and if there's a technical issue preventing you from following them (attack on tor, flaky network, client or server-side misconfiguration) the system should prevent access at all in order to keep you safe.
                    <h2>What if I don't monitor my Servers ?</h2>
                    If you don't properly monitor your infrastructure you will face the following consequences sooner or later:
                    <ul>
                        <li>service instability: you won't notice when things start going awry</li>
                        <li>costs overrun: you will end up paying more than you need to in order to deliver the same service</li>
                        <li>undetected attacks: attacks that impact your services can go unnoticed when the cues (eg: high RAM consumption from a cryptojacking) are not picked up</li>
 						<li>And lastly, if you are going to run a sensitive service on a remote server, it will anyway be on borrowed time as <a href="../cloud_provider_adversary/index.html">we have explained previously</a>, therefore you need to be able to easily detect whenever there is a downtime on one of the servers, while at the same time maintaining your anonymity.</li>
                    </ul>
                    </p>
 	       </div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /grey -->
 	<div id="anon2">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
                <h1><b>Risks</b></h1>
                Whenever you connect to your server, such as for monitoring or other administrative tasks, if you do so without going through Tor, then the cloud provider knows that you are the one connecting to that server. Even when using SSH you will leave a trail of metadata all the way back to your access point. That might be enough to get your door busted down the line if you intend on hosting anything sensitive on that server.
                <br><br>
                In the following part of the post we will look into how to set up advanced monitoring tools so you don't have to keep an eye on a bunch of tmux sessions with glances/top open in order to know the behaviour of your systems over time.
                <br><br>
                This tutorial will assume that you have acquired servers anonymously via non-KYC cloud providers, and that you are only accessing them anonymously through tor
                See <a href="../anonymousremoteserver/index.html">this article</a> if you have not already.
                <br>
                <br>
                ...
                <br>
                ...
                <br>
                Done? Let's proceed.
                <br>
 	       </div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /grey -->
 	<div id="anon3">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
                    <p>
                        <h1><b>Target Architecture</b></h1>
                        First, let's have a look at the network topology we'll be building:
                        <br>
                        <img src="architecture.png"/>
                        <br>
                        <ul>
                            <li>Our whonix workstation will connect through tor to a central monitoring server in order to access the grafana dashboard containing our monitoring data.</li>
                            <li>Our monitoring server will itself connect through tor to the target monitored servers using prometheus</li>
                        </ul>
                        <h1><b>Setting up the central monitoring server</b></h1>
                        First you want to set up your central monitoring server. For ease of use and better performance we are going to colocate the prometheus collector along with grafana.
                        <br>
                        <h2>Required installation</h2>
                        To get started we need the following software on the machine:
                        <br>
                        <ul>
                            <li>Tor: anonymize traffic</li>
                            <li>prometheus: aggregate metrics</li>
                            <li>prometheus-node-exporter: export local server metrics</li>
                            <li>docker: to run grafana</li>
                        </ul>
                        <img src="install.png"/>
                        <h2>Tor Configuration</h2>
 <h3>On the target server to be monitored</h3>
 run the following as root to create a hidden service for the prometheus collector
 <pre><code class="nim">
 apt update
 apt install prometheus-node-exporter tor
 systemctl stop tor #stop the tor service
 mkdir -p /var/lib/tor/onion/prometheus/authorized_clients #create the client auth keys folder to store our second layer of authentication
 chmod 400 -R /var/lib/tor/prometheus #set restrictive file permissions
 vi /etc/tor/torrc #edit the torrc file to add content
 cat /etc/tor/torrc
 AutomapHostsSuffixes .onion,.exit
 DataDirectory /var/lib/tor
 SOCKSPort 127.0.0.1:9050 IsolateDestAddr
 HiddenServiceDir /var/lib/tor/onion/prometheus
 HiddenServicePort 9100 127.0.0.1:9100
 tor-client-auth-gen 
 private_key=descriptor:x25519:DBQW3GP5FCN2KQBDKTDKDAQUQWBEGBZ5TFYJE4KTJFBUOJPKYZBQ #paste this key to your local machine as your prometheus node will need it
 echo "descriptor:x25519:6HDNHLLKIFNU5Q6T75B6Q3GBYDO5ZF4SQUX7EYDEKWNLPQUWUBTA" > /var/lib/tor/onion/prometheus/0.auth
 chown debian-tor:debian-tor -R /var/lib/tor # make tor owner of this folder
 systemctl start tor #restart tor
 systemctl status tor #check that everything works
 cat /var/lib/tor/onion/prometheus/hostname
 [clientaddr].onion
 </code></pre>
 What's that tor-client-auth-gen you ask? In order to protect this critical service from attacks that could be done against the grafana servers or from stolen credentials we need more than just security by obscurity
 (relying on the attacker not knowing our hidden service address).
 <br>
 When a client tries to connect to an onion service they request a server descriptor from a tor directory server that gives them a path to a rendez-vous point where they will be able to talk to each other. The keys we just created will be used to encrypt this descriptor. Without the proper private key, even with the onion service address, an attacker won't be able to connect to it because they won't be able to find the rendez-vous point.
 <br>
 <br>
 This is better than basic-auth for the following reasons:
 <ul>
    <li>More resistant to bruteforce attacks</li>
    <li>Also protects against flaws in your application itself</li>
    <li>Also protects you from fingerprinting attacks as no trafic can reach you without the required secret key</li>
 </ul>
 <br>
 <br>
 <h3>On the central monitoring server</h3>
                        The prometheus collector will only be accessed locally by grafana so it doesn't need to be accessible over tor. Grafana, on the other hand, does.
                        <br>
                        Let's start with tor's configuration, use the following commands as root:
                        <br>
 <pre><code class="nim">
 sudo systemctl stop tor #stop the tor service
 mkdir -p /var/lib/tor/auth_keys #create the client auth keys folder to store our second layer of authentication
 mkdir -p /var/lib/tor/onion/grafana #create the client auth keys folder to store our second layer of authentication
 chmod 400 -R /var/lib/tor/auth_keys #set restrictive file permissions
 #line below will allow your aggregator to connect to your monitored server. Without it no requests can even reach it
 echo "[prometheusclientaddr].onion:descriptor:x25519:DBQW3GP5FCN2KQBDKTDKDAQUQWBEGBZ5TFYJE4KTJFBUOJPKYZBQ" > /var/lib/tor/auth_keys/prometheus_server.auth_private
 chmod 400 -R /var/lib/tor/onion #set restrictive file permissions
 vi /etc/tor/torrc #edit the torrc file to add content
 cat /etc/tor/torrc
 AutomapHostsSuffixes .onion,.exit
 DataDirectory /var/lib/tor
 SOCKSPort 127.0.0.1:9050 IsolateDestAddr
 HiddenServiceDir /var/lib/tor/onion/grafana
 HiddenServicePort 80 127.0.0.1:3000
 ClientOnionAuthDir /var/lib/tor/auth_keys
 tor-client-auth-gen 
 private_key=descriptor:x25519:YCPURSYN4FL4QKQSXFTGLYNBHOVVRCQYRZLFHMZFCUFU5R6DCRMQ
 public_key=descriptor:x25519:UUQW4LIO447WRQOSRSNDXEW5NZMSR3CYOP65ZIFWH6G2PUKWV5WQ
 echo "YCPURSYN4FL4QKQSXFTGLYNBHOVVRCQYRZLFHMZFCUFU5R6DCRMQ" > ~/mygrafana_auth_key
 echo "descriptor:x25519:UUQW4LIO447WRQOSRSNDXEW5NZMSR3CYOP65ZIFWH6G2PUKWV5WQ" > /var/lib/tor/onion/grafana/0.auth
 chown debian-tor:debian-tor -R /var/lib/tor # make tor owner of this folder
 systemctl start tor #restart tor
 systemctl status tor #check that everything works
 </code></pre>
 And that's all you'll need! one hidden service for grafana. <br> You'll find your hostname in /var/lib/tor/onion/grafana/hostname.
 <h2>Prometheus server configuration on the central monitoring server</h2>
 Clean and simple: we scrape our server every 10s for new data, configure a proxy URL so scraping happens over tor, using our socksport and configure ou scraping targets.
 <br>
 <pre><code class="nim">
 vi /etc/prometheus/prometheus.yml
 cat /etc/prometheus/prometheus.yml
 alerting:
  alertmanagers: []
 global:
  scrape_interval: 10s
 remote_read: []
 remote_write: []
 scrape_configs:
 - job_name: remote-nodes
  proxy_url: socks5h://localhost:9050
  static_configs:
  - labels: {}
    targets:
    - <b>[clientaddr].onion:9100</b>
 - job_name: local-node
  static_configs:
  - labels: {}
    targets:
    - localhost:9100
 </code></pre>
 <br>
 This configuration will make the central monitoring server behave in the following way:
 <ul>
    <li>Scrap itself directly to collect its own data (prometheus is only exposed on loopback for this)</li>
    <li>Scrap the target monitored server through tor via the socks proxy</li>
 </ul>
 <h2>Grafana configuration on the central monitoring server</h2>
 Let's start grafana and make it available: as root, as tor is already configured we can then access it through our torbrowser
 <br>
 <pre><code class="nim">
    docker run -d -p 127.0.0.1:3000:3000 --name=grafana grafana/grafana
 </code></pre>
                    </p>
 	       </div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /grey -->
 	<div id="anon2">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
                    <p>
                    <h1> <b>Connecting to our grafana instance</b></h1>
                    On your monitoring server you can find your hostname at /var/lib/tor/grafana/hostname. Use it in the tor browser to reach your instance. You will be prompted for your private key, you can find it where you saved it earlier ~/mygrafana_auth_key, paste the part after 
                        <img src="grafana_login.png"/>
                        <br>
                        <h1><b>Configuring the data sources</b></h1>
                        Next we need to tell grafana to use prometheus as a data source: <br>
                        <img src="add_datasource.png"/>
                        <br>
                        <br>
                        Now, let's configure it (specifying localhost:9090 as the API port)<br>
                        <br>
                        <img src="datasource_config.png"/>
                        <br>
                        <br>
                        <br>
                        And Voila! we have simple system monitoring over tor in a dashboard: <br>
                        <img src="example_dashboard.png"/>
                    </p>
 	       </div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /grey -->
 	<div id="anon3">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
                    <h1><b>Conclusion</b></h1>
                    In this article we saw why and how you need to implement anonymous server monitoring for your infrastructure. If you are running hidden services with any form of sensitive data stored on them, having them under constant monitoring is a must because you need to detect downtimes quickly, without compromising your identity or the rest of your infrastructure.
 	       </div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /grey -->
 	<!-- +++++ Footer Section +++++ -->
 	<div id="anonb">
 		<div class="container">
 			<div class="row">
 				<div class="col-lg-4">
 					<h4>Nihilism</h4>
          <p>
 						Until there is Nothing left.</p><p><a href="../../../../opsec/legal.html">Legal Disclaimer</a></p><p>Creative Commons Zero: <a href="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><img src="\CC0.png">
 					</p>
 				</div><!-- /col-lg-4 -->
 				<div class="col-lg-4">
 					<h4>My Links</h4>
 					<p>
 						<a target="_blank" rel="noopener noreferrer" href="http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="http://nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/simplex.html">SimpleX Chatrooms</a><br/>
 					</p>
 				</div><!-- /col-lg-4 -->
 				<div class="col-lg-4">
 					<h4>About Mulligan Security</h4>
                    <p style="word-wrap: break-word;"><u>Donate XMR:</u><br>86NCojqYmjwim4NGZzaoLS2ozbLkMaQTnd3VVa9MdW1jVpQbseigSfiCqYGrM1c5rmZ173mrp8RmvPsvspG8jGr99yK3PSs</p></br><p><u>Contact:</u> mulligansecurity@riseup.net <br><a href="http://msec2nnqtbwh5c5yxpiswzwnqperok5k33udj7t6wmqcleu3ifj34sqd.onion">website</a><br><a href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FiZJOs1BYKxD2nEndBtacHlBP-bNKv3gywICYPZZjXXE%3D%40chatnedvznvcnsovrm3e6jrgt6pkpai5i3rgslrrxlnv352ardboebid.onion%2FtT5R0tQWBzJPAkjvH-wai4PnpfTor89R%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEA_7oNMJAjBrt210CSc2LEIZJh5BFizPx7JUYFCmj8p1k%253D">SimpleX</a></p>
 				</div><!-- /col-lg-4 -->
 			</div>
 		</div>
 	</div>
    <!-- Bootstrap core JavaScript
    ================================================== -->
    <!-- Placed at the end of the document so the pages load faster -->
  </body>
 </html>
--- a/opsec/anonymous_server_monitoring.old/install.png
+++ b/opsec/anonymous_server_monitoring.old/install.png
--- a/opsec/anonymous_server_monitoring.old/top.png
+++ b/opsec/anonymous_server_monitoring.old/top.png
--- a/opsec/anonymous_server_monitoring/0.png
+++ b/opsec/anonymous_server_monitoring/0.png
--- a/opsec/anonymous_server_monitoring/1.png
+++ b/opsec/anonymous_server_monitoring/1.png
--- a/opsec/anonymous_server_monitoring/10.png
+++ b/opsec/anonymous_server_monitoring/10.png
--- a/opsec/anonymous_server_monitoring/11.png
+++ b/opsec/anonymous_server_monitoring/11.png
--- a/opsec/anonymous_server_monitoring/2.png
+++ b/opsec/anonymous_server_monitoring/2.png
--- a/opsec/anonymous_server_monitoring/20.png
+++ b/opsec/anonymous_server_monitoring/20.png
--- a/opsec/anonymous_server_monitoring/3.png
+++ b/opsec/anonymous_server_monitoring/3.png
--- a/opsec/anonymous_server_monitoring/4.png
+++ b/opsec/anonymous_server_monitoring/4.png
--- a/opsec/anonymous_server_monitoring/5.png
+++ b/opsec/anonymous_server_monitoring/5.png
--- a/opsec/anonymous_server_monitoring/6.png
+++ b/opsec/anonymous_server_monitoring/6.png
--- a/opsec/anonymous_server_monitoring/7.png
+++ b/opsec/anonymous_server_monitoring/7.png
--- a/opsec/anonymous_server_monitoring/8.png
+++ b/opsec/anonymous_server_monitoring/8.png
--- a/opsec/anonymous_server_monitoring/9.png
+++ b/opsec/anonymous_server_monitoring/9.png
--- a/opsec/anonymous_server_monitoring/index.html
+++ b/opsec/anonymous_server_monitoring/index.html
@ -4,11 +4,11 @@
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <meta name="description" content="Cloud provider threat model">
+    <meta name="description" content="">
-    <meta name="author" content="MulliganSecurity">
+    <meta name="author" content="">
    <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
-    <title>Anonymous Server Monitoring</title>
+    <title>Anonymous Monitoring (Grafana, Prometheus, Node-exporter)</title>
    <!-- Bootstrap core CSS -->
    <link href="../../assets/css/bootstrap.css" rel="stylesheet">
@ -56,329 +56,366 @@
 	<!-- +++++ Posts Lists +++++ -->
 	<!-- +++++ First Post +++++ -->
 	<div id="anon2">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist - 27 / 04 / 2025</ba></p>
 <h1>Anonymous Monitoring (Grafana, Prometheus, Node-exporter) </h1>
 <p>In this tutorial we're going to cover how you can monitor the resource consumption of your remote servers while maintaining your anonymity, using Grafana, Prometheus, and node exporter.</p>
 <p><img src="../logos/daturagit.png" style="width:100px"> <u>Sidenote:</u> Help us improve this tutorial by letting us know if there's anything missing or incorrect on this <a href="http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/221">git issue</a> directly!</p>
 	       </div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /grey -->
 	<!-- +++++ Second Post +++++ -->
 	<div id="anon3">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
          <h2><b>What is the targeted setup? </b></h2>
 <p>In this setup, we have 3 servers. Server A is going to monitor Server B and C.</p>
 <img src="0.png" class="imgRz">
 <p>Server A is going to have the following 3 services:</p>
 <pre><code class="nim">
 -Grafana: to display the data retrieved by prometheus
 -Prometheus: to retrieve the data served by the node-exporters
 -node-exporter: to serve the server resource usage data (ex: CPU consumption, RAM consumption, etc)
 </code></pre>
 <p>Server B and C are going to have the node-exporter service on them, and thanks to it Server A's prometheus service is going to be able to monitor their resource consumption.</p>
 <p>Now the added complexity that we have to navigate in this tutorial is that <b>each server can only be reached by their own .onion hostnames.</b> we cannot query them via their IPs directly because otherwise we'd reveal the origin and destination of the servers. Hence in this tutorial we're going to maintain the Serverside anonymity.</p>
 				</div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /white -->
  <div id="anon2">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
          <h2><b>Server A setup (Grafana, Prometheus, Node-exporter)</b></h2> </br> </br>
 <p>First let's setup Server A:</p>
 <pre><code class="nim">
 [ Wonderland ] [ /dev/pts/22 ] [/srv/]
 → sudo apt install docker.io docker-compose -y
 [ Wonderland ] [ /dev/pts/22 ] [/srv/]
 → mkdir /srv/grafana ; cd /srv/grafana
 [ Wonderland ] [ /dev/pts/22 ] [/srv/]
 → vim docker-compose.yml
 </code></pre>
 <p>Then, we have the following docker-compose.yml:</p>
 <pre><code class="nim">
 [ Wonderland ] [ /dev/pts/19 ] [/srv/grafana]
 → cat docker-compose.yml
 networks:
  tor-monitoring:
    driver: bridge
    ipam:
      config:
        - subnet: 10.16.0.0/24
          gateway: 10.16.0.1
 services:
  grafana:
    image: grafana/grafana-enterprise:latest
    container_name: grafana
    restart: unless-stopped
    ports:
     - '127.0.0.1:3222:3000'
    volumes:
      - grafana-data:/var/lib/grafana
    environment:
      GF_INSTALL_PLUGINS: "grafana-clock-panel,grafana-simple-json-datasource,grafana-worldmap-panel,grafana-piechart-panel"
    networks:
      tor-monitoring:
        ipv4_address: 10.16.0.5
  prometheus:
    image: prom/prometheus:latest
    volumes:
      - ./prometheus/:/etc/prometheus/
      - prometheus_data:/prometheus
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
      - '--storage.tsdb.path=/prometheus'
      - '--web.console.libraries=/usr/share/prometheus/console_libraries'
      - '--web.console.templates=/usr/share/prometheus/consoles'
    networks:
      tor-monitoring:
        ipv4_address: 10.16.0.4
    restart: always
  tor:
    image: osminogin/tor-simple
    container_name: tormonitoring
    volumes:
      - ./tor-data:/var/lib/tor
      - ./tor-data/torrc:/etc/tor
    networks:
      tor-monitoring:
        ipv4_address: 10.16.0.3
 volumes:
    prometheus_data: {}
    grafana-data: {}
 </code></pre>
 <p>From there, you can already pull the containers and activate them:</p>
 <pre><code class="nim">
 [ Wonderland ] [ /dev/pts/19 ] [/srv/grafana]
 → docker-compose pull ; docker-compose up -d
 </code></pre>
 <p>It's going to first pull the containers and then activate them, but we need to do some changes first to ensure that the tor container works as intended:</p>
 <pre><code class="nim">
 [ Wonderland ] [ /dev/pts/19 ] [/srv/grafana]
 → docker-compose down
 [ Wonderland ] [ /dev/pts/19 ] [/srv/grafana]
 → vim tor-data/torrc/torrc
 [ Wonderland ] [ /dev/pts/19 ] [/srv/grafana]
 → cat tor-data/torrc/torrc
 SOCKSPort 0.0.0.0:9050
 [ Wonderland ] [ /dev/pts/19 ] [/srv/grafana]
 → chown -R 100:65533 tor-data/
 </code></pre>
 <p>then we also configure prometheus to scrape the destination servers:</p>
 <pre><code class="nim">
 [ Wonderland ] [ /dev/pts/19 ] [/srv/grafana]
 → vim prometheus/prometheus.yml
 [ Wonderland ] [ /dev/pts/19 ] [/srv/grafana]
 → cat prometheus/prometheus.yml
 global:
  scrape_interval:     15s # By default, scrape targets every 15 seconds.
  external_labels:
    monitor: 'datura-monitor'
 scrape_configs:
  - job_name: 'wonderland'
    scrape_interval: 5s
    proxy_url: socks5h://10.16.0.3:9050
    static_configs:
    - labels: {}
      targets:
      - serverAjezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion:9100
      - serverBjezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion:9100
      - serverCjezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion:9100
    basic_auth:
      username: 'admin'
      password: 'P@SSW0RD'
 </code></pre>
 <p>And then we can re-activate the containers:</p>
 <pre><code class="nim">
 [ Wonderland ] [ /dev/pts/19 ] [/srv/grafana]
 → docker-compose up -d
 </code></pre>
 <p>once done, we can configure the nginx reverse proxy to make sure that we can access our grafana instance:</p>
 <pre><code class="nim">
 [ Wonderland ] [ /dev/pts/19 ] [/srv/grafana]
 → vim /etc/nginx/sites-available/monitoring
 [ Wonderland ] [ /dev/pts/19 ] [/srv/grafana]
 → cat /etc/nginx/sites-available/monitoring
 upstream monitoringend {
        server 127.0.0.1:3222;
        #server 10.8.0.2:3009;
 }
 server {
        listen 4443;
        listen [::]:4443;
        server_name monitoring.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion;
        location / {
                                proxy_set_header Host $http_host;
                proxy_pass http://monitoringend;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                #client_max_body_size 1G;
        }
 }
 [ Wonderland ] [ /dev/pts/19 ] [/srv/grafana]
 → ln -s /etc/nginx/sites-available/monitoring /etc/nginx/sites-enabled/
 [ Wonderland ] [ /dev/pts/19 ] [/srv/grafana]
 → nginx -t
 nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
 nginx: configuration file /etc/nginx/nginx.conf test is successful
 [ Wonderland ] [ /dev/pts/19 ] [/srv/grafana]
 → systemctl restart nginx
 </code></pre>
 				</div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /white -->
  <!-- +++++ Second Post +++++ -->
 	<div id="anon1">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
-  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/mulligan_sec.jpeg" width="50px" height="50px"> <ba>Mulligan Security - 2025-02-07 </a></p>
+          <h2><b>Configuring Grafana</b></h2> </br> </br>
-                    <p>
+<p>Next, we can access our grafana instance to create the admin account and login:</p>
 <img src="1.png" class="imgRz">
 <p>Once logged in we make sure that our grafana instance uses our prometheus instance as a datasource:</p>
 <img src="2.png" class="imgRz">
 <img src="3.png" class="imgRz">
 <img src="4.png" class="imgRz">
 <p>here we mention the local IP of the prometheus container, being 10.16.0.4, with the service accessible on port 9090:</p>
 <img src="5.png" class="imgRz">
 <img src="6.png" class="imgRz">
 <p>Then, we import a dashboard to make sure that we can visualize the data we are monitoring, out of which i recommend the excellent <a href="https://grafana.com/grafana/dashboards/1860-node-exporter-full/">"Node Exporter Full"</a> dashboard (whose ID is 1860) </p>
 <img src="7.png" class="imgRz">
 <img src="8.png" class="imgRz">
 <img src="9.png" class="imgRz">
 <img src="10.png" class="imgRz">
 <img src="11.png" class="imgRz">
 <p>There, the dashboard is imported, but there's no data to be seen yet because we didn't configure the node-exporter daemons on the servers that we want to monitor.</p>
                    <h1><b>Anonymous Server Monitoring</b></h1>
                    <h2>What is server monitoring?</h2>
                    When deploying compute resources (bare-metal, VPSes or more abstract work units) you will have to manage a living system. This system will <b>always</b> have the following characteristics:
                    <ul>
                        <li>Limited ressources: the amounts of RAM and CPU cycles, network bandwidth as well as storage space are neither infinite nor free.</li>
                        <li>Evolving requirements: depending on how you use your services, how many concurrent users you have you might need more or less ressources than what you initially purchased </li>
                        <li>Nominal operating parameters: range of RAM and CPU use, temperatures and so on in which your service performs as expected </li>
                    </ul>
                    <br><br>
                    The first item is fixed and only linked to your financial constraints. The other two are constantly evolving and thus must be <b>monitored</b>.
                    <h2>How do I do it?</h2>
                    How you monitor your systems can vary based on your technical requirements. It can be as simple as logging in once a week, check the output of some diagnostic command and calling it a day. <br>
                    This will give you a snapshot but you will miss a lot of important information.
                    <br><br>
                    You can also set up a complicated system that reports current metrics, trends and gives you capacity planning alerts
                    based on the data obtained!
                    You will have to find the middle-ground yourself, this article will propose one that you can tweak whichever way you need.
                    <h2>Risks of doing it improperly</h2>
                    Accessing your server for monitoring purposes is, from a risk perspective, pretty much the same as doing any other administration task or interacting with the services hosted therein. If done improperly (say logging in over the clearweb from your home address) you've just given anyone looking an undeniable link between your overt identity and your clandestine activities. (which should never happen since you're supposed to <a href="../internetsegmentation/index.html">segment your internet uses</a>)<br><br>
                    A <b>fail-closed</b> system is what you should strive for: opsec best practices should be the default and if there's a technical issue preventing you from following them (attack on tor, flaky network, client or server-side misconfiguration) the system should prevent access at all in order to keep you safe.
                    <h2>What if I don't monitor my Servers ?</h2>
                    If you don't properly monitor your infrastructure you will face the following consequences sooner or later:
                    <ul>
                        <li>service instability: you won't notice when things start going awry</li>
                        <li>costs overrun: you will end up paying more than you need to in order to deliver the same service</li>
                        <li>undetected attacks: attacks that impact your services can go unnoticed when the cues (eg: high RAM consumption from a cryptojacking) are not picked up</li>
 						<li>And lastly, if you are going to run a sensitive service on a remote server, it will anyway be on borrowed time as <a href="../cloud_provider_adversary/index.html">we have explained previously</a>, therefore you need to be able to easily detect whenever there is a downtime on one of the servers, while at the same time maintaining your anonymity.</li>
                    </ul>
                    </p>
 				</div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
-	</div><!-- /grey -->
+	</div><!-- /white -->
  <!-- +++++ Second Post +++++ -->
 	<div id="anon2">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
-                <h1><b>Risks</b></h1>
+          <h2><b>Configuring node-exporter on the remote servers</b></h2> </br> </br>
-                Whenever you connect to your server, such as for monitoring or other administrative tasks, if you do so without going through Tor, then the cloud provider knows that you are the one connecting to that server. Even when using SSH you will leave a trail of metadata all the way back to your access point. That might be enough to get your door busted down the line if you intend on hosting anything sensitive on that server.
+<p>Next, we're going to configure node-exporter on the servers that we want to monitor:</p>
                <br><br>
                In the following part of the post we will look into how to set up advanced monitoring tools so you don't have to keep an eye on a bunch of tmux sessions with glances/top open in order to know the behaviour of your systems over time.
                <br><br>
                This tutorial will assume that you have acquired servers anonymously via non-KYC cloud providers, and that you are only accessing them anonymously through tor
                See <a href="../anonymousremoteserver/index.html">this article</a> if you have not already.
                <br>
                <br>
                ...
                <br>
                ...
                <br>
                Done? Let's proceed.
                <br>
 	       </div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /grey -->
 	<div id="anon3">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
                    <p>
                        <h1><b>Target Architecture</b></h1>
                        First, let's have a look at the network topology we'll be building:
                        <br>
                        <img src="architecture.png"/>
                        <br>
                        <ul>
                            <li>Our whonix workstation will connect through tor to a central monitoring server in order to access the grafana dashboard containing our monitoring data.</li>
                            <li>Our monitoring server will itself connect through tor to the target monitored servers using prometheus</li>
                        </ul>
                        <h1><b>Setting up the central monitoring server</b></h1>
                        First you want to set up your central monitoring server. For ease of use and better performance we are going to colocate the prometheus collector along with grafana.
                        <br>
                        <h2>Required installation</h2>
                        To get started we need the following software on the machine:
                        <br>
                        <ul>
                            <li>Tor: anonymize traffic</li>
                            <li>prometheus: aggregate metrics</li>
                            <li>prometheus-node-exporter: export local server metrics</li>
                            <li>docker: to run grafana</li>
                        </ul>
                        <img src="install.png"/>
                        <h2>Tor Configuration</h2>
 <h3>On the target server to be monitored</h3>
 run the following as root to create a hidden service for the prometheus collector
 <pre><code class="nim">
-apt update
+[ Wonderland ] [ /dev/pts/19 ] [/srv/node-exporter]
-apt install prometheus-node-exporter tor
+→ cat docker-compose.yml
-systemctl stop tor #stop the tor service
+version: '3.7'
-mkdir -p /var/lib/tor/onion/prometheus/authorized_clients #create the client auth keys folder to store our second layer of authentication
+services:
 chmod 400 -R /var/lib/tor/prometheus #set restrictive file permissions
-vi /etc/tor/torrc #edit the torrc file to add content
+  node-exporter:
    container_name: node-exporter
    image: quay.io/prometheus/node-exporter:latest
    #command:
      #- '--path.rootfs=/host'
    network_mode: host
    pid: host
    volumes:
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro
      - /:/rootfs:ro
      - /:/host:ro,rslave
      - ./web.yml:/etc/prometheus/web.yml
    command:
      - '--path.rootfs=/host'
      - '--path.procfs=/host/proc'
      - '--path.sysfs=/host/sys'
      - --collector.filesystem.ignored-mount-points
      - "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
      - "--web.config.file=/etc/prometheus/web.yml"
    restart: always
    deploy:
      mode: global
-cat /etc/tor/torrc
+</pre></code>
-AutomapHostsSuffixes .onion,.exit
+<p>Now that docker-compose.yml is written, we need to write a small python script to hash the basicauth password:</p>
-DataDirectory /var/lib/tor
+<pre><code class="nim">
-SOCKSPort 127.0.0.1:9050 IsolateDestAddr
+[ Wonderland ] [ /dev/pts/19 ] [/srv/node-exporter]
-HiddenServiceDir /var/lib/tor/onion/prometheus
+→ vim gen-pass.py
 [ Wonderland ] [ /dev/pts/19 ] [/srv/node-exporter]
 → cat gen-pass.py
 import getpass
 import bcrypt
 #sudo apt install python3-bcrypt
 password = getpass.getpass("password: ")
 hashed_password = bcrypt.hashpw(password.encode("utf-8"), bcrypt.gensalt())
 print(hashed_password.decode())
 [ Wonderland ] [ /dev/pts/19 ] [/srv/node-exporter]
 → sudo apt install python3-bcrypt -y
 [ Wonderland ] [ /dev/pts/19 ] [/srv/node-exporter]
 → python3 gen-pass.py
 password: P@SSW0RD
 $2b$12$AZg14Yp.hvDLk/iaYk9.ReqXyfonW94cwqzzxewZDWzTdAQZFo3zy
 </pre></code>
 <p>now with the hashed password, we can write the web.yml config file that the node exporter will use:</p>
 <pre><code class="nim">
 [ Wonderland ] [ /dev/pts/19 ] [/srv/node-exporter]
 → vim web.yml
 [ Wonderland ] [ /dev/pts/19 ] [/srv/node-exporter]
 → cat web.yml
 basic_auth_users:
    admin: $2b$12$AZg14Yp.hvDLk/iaYk9.ReqXyfonW94cwqzzxewZDWzTdAQZFo3zy
 </pre></code>
 <p>And now finally we can pull the container image and activate it:</p>
 <pre><code class="nim">
 [ Wonderland ] [ /dev/pts/19 ] [/srv/node-exporter]
 → docker-compose pull ; docker-compose up -d
 </pre></code>
 <p>Then we also make sure that the node-exporter port 9100 is accessible via the onion domain, as otherwise we can't access it while maintaining the serverside anonymity: </p>
 <pre><code class="nim">
 [ Wonderland ] [ /dev/pts/19 ] [/srv/node-exporter]
 → cat /etc/tor/torrc | grep 9100
 HiddenServicePort 9100 127.0.0.1:9100
-tor-client-auth-gen 
+[ Wonderland ] [ /dev/pts/19 ] [/srv/node-exporter]
-private_key=descriptor:x25519:DBQW3GP5FCN2KQBDKTDKDAQUQWBEGBZ5TFYJE4KTJFBUOJPKYZBQ #paste this key to your local machine as your prometheus node will need it
+→ systemctl restart tor@default
 echo "descriptor:x25519:6HDNHLLKIFNU5Q6T75B6Q3GBYDO5ZF4SQUX7EYDEKWNLPQUWUBTA" > /var/lib/tor/onion/prometheus/0.auth
 chown debian-tor:debian-tor -R /var/lib/tor # make tor owner of this folder
 systemctl start tor #restart tor
 systemctl status tor #check that everything works
 cat /var/lib/tor/onion/prometheus/hostname
 [clientaddr].onion
 </code></pre>
 What's that tor-client-auth-gen you ask? In order to protect this critical service from attacks that could be done against the grafana servers or from stolen credentials we need more than just security by obscurity
 (relying on the attacker not knowing our hidden service address).
 <br>
 When a client tries to connect to an onion service they request a server descriptor from a tor directory server that gives them a path to a rendez-vous point where they will be able to talk to each other. The keys we just created will be used to encrypt this descriptor. Without the proper private key, even with the onion service address, an attacker won't be able to connect to it because they won't be able to find the rendez-vous point.
 <br>
 <br>
 This is better than basic-auth for the following reasons:
 <ul>
    <li>More resistant to bruteforce attacks</li>
    <li>Also protects against flaws in your application itself</li>
    <li>Also protects you from fingerprinting attacks as no trafic can reach you without the required secret key</li>
 </ul>
 <br>
 <br>
 <h3>On the central monitoring server</h3>
                        The prometheus collector will only be accessed locally by grafana so it doesn't need to be accessible over tor. Grafana, on the other hand, does.
                        <br>
                        Let's start with tor's configuration, use the following commands as root:
                        <br>
 <pre><code class="nim">
 sudo systemctl stop tor #stop the tor service
 mkdir -p /var/lib/tor/auth_keys #create the client auth keys folder to store our second layer of authentication
 mkdir -p /var/lib/tor/onion/grafana #create the client auth keys folder to store our second layer of authentication
 chmod 400 -R /var/lib/tor/auth_keys #set restrictive file permissions
 #line below will allow your aggregator to connect to your monitored server. Without it no requests can even reach it
 echo "[prometheusclientaddr].onion:descriptor:x25519:DBQW3GP5FCN2KQBDKTDKDAQUQWBEGBZ5TFYJE4KTJFBUOJPKYZBQ" > /var/lib/tor/auth_keys/prometheus_server.auth_private
 chmod 400 -R /var/lib/tor/onion #set restrictive file permissions
 vi /etc/tor/torrc #edit the torrc file to add content
 cat /etc/tor/torrc
 AutomapHostsSuffixes .onion,.exit
 DataDirectory /var/lib/tor
 SOCKSPort 127.0.0.1:9050 IsolateDestAddr
 HiddenServiceDir /var/lib/tor/onion/grafana
 HiddenServicePort 80 127.0.0.1:3000
 ClientOnionAuthDir /var/lib/tor/auth_keys
 tor-client-auth-gen 
 private_key=descriptor:x25519:YCPURSYN4FL4QKQSXFTGLYNBHOVVRCQYRZLFHMZFCUFU5R6DCRMQ
 public_key=descriptor:x25519:UUQW4LIO447WRQOSRSNDXEW5NZMSR3CYOP65ZIFWH6G2PUKWV5WQ
 echo "YCPURSYN4FL4QKQSXFTGLYNBHOVVRCQYRZLFHMZFCUFU5R6DCRMQ" > ~/mygrafana_auth_key
 echo "descriptor:x25519:UUQW4LIO447WRQOSRSNDXEW5NZMSR3CYOP65ZIFWH6G2PUKWV5WQ" > /var/lib/tor/onion/grafana/0.auth
 chown debian-tor:debian-tor -R /var/lib/tor # make tor owner of this folder
 systemctl start tor #restart tor
 systemctl status tor #check that everything works
 </code></pre>
 And that's all you'll need! one hidden service for grafana. <br> You'll find your hostname in /var/lib/tor/onion/grafana/hostname.
 <h2>Prometheus server configuration on the central monitoring server</h2>
 Clean and simple: we scrape our server every 10s for new data, configure a proxy URL so scraping happens over tor, using our socksport and configure ou scraping targets.
 <br>
 <pre><code class="nim">
 vi /etc/prometheus/prometheus.yml
 cat /etc/prometheus/prometheus.yml
 alerting:
  alertmanagers: []
 global:
  scrape_interval: 10s
 remote_read: []
 remote_write: []
 scrape_configs:
 - job_name: remote-nodes
  proxy_url: socks5h://localhost:9050
  static_configs:
  - labels: {}
    targets:
    - <b>[clientaddr].onion:9100</b>
 - job_name: local-node
  static_configs:
  - labels: {}
    targets:
    - localhost:9100
 </code></pre>
 <br>
 This configuration will make the central monitoring server behave in the following way:
 <ul>
    <li>Scrap itself directly to collect its own data (prometheus is only exposed on loopback for this)</li>
    <li>Scrap the target monitored server through tor via the socks proxy</li>
 </ul>
 <h2>Grafana configuration on the central monitoring server</h2>
 Let's start grafana and make it available: as root, as tor is already configured we can then access it through our torbrowser
 <br>
 <pre><code class="nim">
    docker run -d -p 127.0.0.1:3000:3000 --name=grafana grafana/grafana
 </code></pre>
                    </p>
 </pre></code>
 <p>And now from there the server should be monitored as intended.</p>
 				</div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
-	</div><!-- /grey -->
+	</div><!-- /white -->
-	<div id="anon2">
+
  <!-- +++++ Second Post +++++ -->
 	<div id="anon1">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
-                    <p>
+          <h2><b>Visualizing the result</b></h2> </br> </br>
 <p>Now that the remote server's node-exporter is reachable via it's onion domain, we can see that the resource usage started to appear in the dashboard that we setup earlier:</p>
-                    <h1> <b>Connecting to our grafana instance</b></h1>
+<img src="20.png" class="imgRz">
-                    On your monitoring server you can find your hostname at /var/lib/tor/grafana/hostname. Use it in the tor browser to reach your instance. You will be prompted for your private key, you can find it where you saved it earlier ~/mygrafana_auth_key, paste the part after 
+<p>In this case, in the event of the remote server being seized, the adversary would only be able to see that it has been queried to from a tor exit node IP. This is to make sure that your anonymous infrastructure is able to sustain having each of it's individual servers being taken down, as long as they are not all taken down at once.</p>
-
+<p>And that's it ! We can now monitor our own remote servers, while maintaining serverside anonymity at the same time. </p>
                        <img src="grafana_login.png"/>
                        <br>
                        <h1><b>Configuring the data sources</b></h1>
                        Next we need to tell grafana to use prometheus as a data source: <br>
                        <img src="add_datasource.png"/>
                        <br>
                        <br>
                        Now, let's configure it (specifying localhost:9090 as the API port)<br>
                        <br>
                        <img src="datasource_config.png"/>
                        <br>
                        <br>
                        <br>
                        And Voila! we have simple system monitoring over tor in a dashboard: <br>
                        <img src="example_dashboard.png"/>
                    </p>
 				</div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
-	</div><!-- /grey -->
+	</div><!-- /white -->
 	<div id="anon3">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
                    <h1><b>Conclusion</b></h1>
                    In this article we saw why and how you need to implement anonymous server monitoring for your infrastructure. If you are running hidden services with any form of sensitive data stored on them, having them under constant monitoring is a must because you need to detect downtimes quickly, without compromising your identity or the rest of your infrastructure.
 	       </div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /grey -->
 	<!-- +++++ Footer Section +++++ -->
@ -404,9 +441,8 @@ Let's start grafana and make it available: as root, as tor is already configured
 				</div><!-- /col-lg-4 -->
 				<div class="col-lg-4">
-					<h4>About Mulligan Security</h4>
+					<h4>About nihilist</h4>
-                    <p style="word-wrap: break-word;"><u>Donate XMR:</u><br>86NCojqYmjwim4NGZzaoLS2ozbLkMaQTnd3VVa9MdW1jVpQbseigSfiCqYGrM1c5rmZ173mrp8RmvPsvspG8jGr99yK3PSs</p></br><p><u>Contact:</u> mulligansecurity@riseup.net <br><a href="http://msec2nnqtbwh5c5yxpiswzwnqperok5k33udj7t6wmqcleu3ifj34sqd.onion">website</a><br><a href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FiZJOs1BYKxD2nEndBtacHlBP-bNKv3gywICYPZZjXXE%3D%40chatnedvznvcnsovrm3e6jrgt6pkpai5i3rgslrrxlnv352ardboebid.onion%2FtT5R0tQWBzJPAkjvH-wai4PnpfTor89R%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEA_7oNMJAjBrt210CSc2LEIZJh5BFizPx7JUYFCmj8p1k%253D">SimpleX</a></p>
+					<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br>
 				</div><!-- /col-lg-4 -->
 			</div>
--- a/opsec/logos/grafana.png
+++ b/opsec/logos/grafana.png
--- a/opsec/logos/node-exporter.png
+++ b/opsec/logos/node-exporter.png
--- a/opsec/logos/prometheus.png
+++ b/opsec/logos/prometheus.png
--- a/rss/feed.xml
+++ b/rss/feed.xml
@ -4,10 +4,18 @@
 <channel>
-<title>Nihilism Network Blog</title>
+<title></title>
-<link>https://blog.nihilism.network</link>
+<link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/</link>
-<description>Nihilist`s Technical Blog</description>
+<description>Operational Security: Showing how Privacy, Anonymity and Deniability can be achieved online.</description>
-<atom:link href='https://blog.nihilism.network/rss/feed.xml' rel='self' type='application/rss+xml' />
+<atom:link href='http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/rss/feed.xml' rel='self' type='application/rss+xml' />
 <item>
        <title>Anonymous Monitoring (Grafana, Prometheus, Node-exporter)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonymous_server_monitoring/index.html</link>
        <guid isPermaLink='false'>2025042700</guid>
        <description>In this tutorial we're going to cover how you can monitor the resource consumption of your remote servers while maintaining your anonymity, using Grafana, Prometheus, and node exporter.</description>
        </item>
 <item>
        <title>Self-Hosted LLM Hidden Service</title>
@ -982,6 +990,7 @@
 </channel>
--- a/rss/feed.xmlold
+++ b/rss/feed.xmlold
@ -0,0 +1,990 @@
 <?xml version='1.0' encoding='UTF-8' ?>
 <rss version='2.0' xmlns:atom='http://www.w3.org/2005/Atom'>
 <!-- Made using rss-roller https://github.com/maxhebditch/rss-roller -->
 <channel>
 <title>The Nihilism Opsec Blog</title>
 <link>https://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion</link>
 <description>Operational Security: Showing how Privacy, Anonymity and Deniability can be achieved online.</description>
 <atom:link href='https://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/rss/feed.xml' rel='self' type='application/rss+xml' />
 <item>
        <title>Self-Hosted LLM Hidden Service</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/openwebuilocalllms/index.html</link>
        <guid isPermaLink='false'>2025042100</guid>
        <description>In this tutorial we're going to look at how you can replace services like ChatGPT with your own local, self-hosted LLM, and make it available via Tor using a hidden service.</description>
        </item>
 <item>
        <title>Where to hide your Monero Wealth ?</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/monerowealth/index.html</link>
        <guid isPermaLink='false'>2025042001</guid>
        <description>In this tutorial we're going to cover how and where you can safely store your monero wealth, even when an adversary seizes your harddrives.</description>
        </item>
 <item>
        <title>Public Chats / Private Chats / Anonymous Chats / Deniable Chats</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/chats/index.html</link>
        <guid isPermaLink='false'>2025041600</guid>
        <description>In this tutorial we're going to differentiate all 4 types of Chats, being the public, private, anonymous and deniable chats, and briefly showcase how simpleX fits all of our needs.</description>
        </item>
 <item>
        <title>How to Verify One's Identity While Maintaining Anonymity Using PGP Canaries</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/pgpcanary/index.html</link>
        <guid isPermaLink='false'>2025041300</guid>
        <description>In this tutorial we're covering how to verify someone's identity while maintaining their anonymity intact, thanks to PGP canaries</description>
        </item>
 <item>
        <title>Sensitive Critical Data Backup Procedure</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/plausiblydeniabledataprotection/index.html</link>
        <guid isPermaLink='false'>2025040601</guid>
        <description>In this tutorial we're going to cover how to backup the critical data that you would normally store inside of your Sensitive use VM, in order to make sure that your critical data (meaning your keepass .kdbx file, your SSH keys, your PGP keys, your Monero seed files) can still be accessed and reused, even if the adversary were to seize and destroy your devices in multiple takedowns.</description>
        </item>
 <item>
        <title>Why is Metadata detrimental to Anonymity?</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonymitymetadata/index.html</link>
        <guid isPermaLink='false'>2025040201</guid>
        <description>In this tutorial we're going to cover why exactly is Metadata detrimental to one's anonymity</description>
        </item>
 <item>
        <title>Sensitive use VMs Setup (Whonix VMs in a Veracrypt Hidden Volume) (April 2025 Update)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/sensitivevm/index.html</link>
        <guid isPermaLink='false'>2025040200</guid>
        <description>In this tutorial we're going to cover how to setup Whonix VMs for Sensitive use. This means that our OPSEC requirement is that we need to be able to deny the existance of the Sensitive Whonix VM if the adversary ever gets access to our laptop.</description>
        </item>
 <item>
        <title>The main source of Plausible Deniability: Deniable Encryption (April 2025 update)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/veracrypt/index.html</link>
        <guid isPermaLink='false'>2025040100</guid>
        <description>In this tutorial we're going to cover how to use zulucrypt to create hidden veracrypt volumes to enable long-term sensitive use.</description>
        </item>
 <item>
        <title>Using the Host-OS in live-mode to enable Sensitive Use</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/livemode/index.html</link>
        <guid isPermaLink='false'>2025040100</guid>
        <description>In this tutorial we're going to cover how to use livemode and ram-wipe from inside kicksecure to enable sensitive use</description>
        </item>
 <item>
        <title>Nextcloud .onion Setup (Anonymous File Hosting)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/nextcloud/index.html</link>
        <guid isPermaLink='false'>2025032701</guid>
        <description>In this tutorial we're going to cover how you can install an .onion only Nextcloud instance, Nextcloud is a FOSS alternative to replace popular file hosting websites like google cloud or onedrive, which can be ideal to make sure that your files are backed up somewhere, all while preserving anonymity. I recommend self-hosting this service at home, that way you make sure that your personal data stays at your home, rather than making it readable by an adversary on a remote server.</description>
        </item>
 <item>
        <title>How to become a Maintainer</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/maintainers/index.html</link>
        <guid isPermaLink='false'>2025032600</guid>
        <description>In this tutorial we're going to cover how to become a maintainer for the Opsec blog, which is the next step for you if you are already a good content contributor for the blog.</description>
        </item>
 <item>
        <title>Peer-to-Peer Large File Sharing (Torrents over I2P)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/i2ptorrents/index.html</link>
        <guid isPermaLink='false'>2025031700</guid>
        <description>In this tutorial we're covering how to torrent files via i2p</description>
        </item>
 <item>
        <title>Anonymous Server Monitoring</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonymous_server_monitoring/index.html</link>
        <guid isPermaLink='false'>2025031000</guid>
        <description>In this tutorial, we're going to cover how you can monitor your servers remotely, but while maintaining anonymity the whole time.</description>
        </item>
 <item>
        <title>OnionBalance for .onion domains load balancing</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/onionbalancelb/index.html</link>
        <guid isPermaLink='false'>2025022700</guid>
        <description>In this tutorial we're going to cover how to setup high availability on the domain level for .onion websites, using onionbalance</description>
        </item>
 <item>
        <title>How to setup a MySQL Master-Master replication over Tor</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/mysqlmastermaster/index.html</link>
        <guid isPermaLink='false'>2025022100</guid>
        <description>In this tutorial we're going to cover how to have a master-master mysql replication going but while keeping Tor in between each server, to prevent an adversary from figuring out where each server is.</description>
        </item>
 <item>
        <title>When the Adversary is the cloud provider himself</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/cloud_provider_adversary/index.html</link>
        <guid isPermaLink='false'>2025020600</guid>
        <description>In this tutorial we're going to cover what are the 2 main strategies when it comes to hosting a sensitive service remotely</description>
        </item>
 <item>
        <title>How to setup a basic NGINX / PHP / MySQL app</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/tornginxphpmysql/index.html</link>
        <guid isPermaLink='false'>2025020200</guid>
        <description>in this tutorial we're going to cover how to setup a basic nginx php and mysql web app accessible over Tor, which we'll use later on to showcase high availability</description>
        </item>
 <item>
        <title>How to join the Darknet Lantern Webring ?</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/darknetlantern/index.html</link>
        <guid isPermaLink='false'>2025020100</guid>
        <description>In this tutorial we're going to first explain why the Darknet Lantern is important in the current Darknet context, we'll cover what it is made of, and then we'll cover how to spin up a Darknet Lantern instance, how to maintain one's list of onion links, and lastly we'll cover how to join the Darknet Webring.</description>
        </item>
 <item>
        <title>Monero Inheritence Management (VaultWarden Emergency Contacts)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/moneroinheritance/index.html</link>
        <guid isPermaLink='false'>2025012900</guid>
        <description>In this tutorial we're going to cover how you can transfer your monero wealth to your successor safely without requiring a third-party.</description>
        </item>
 <item>
        <title>How to explore the Darknet? (Visibility and Discoverability)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/darknetexploration/index.html</link>
        <guid isPermaLink='false'>2024012500</guid>
        <description>In this tutorial we're going to take a look at what are the differences between the clearnet and the darknet, and how you can explore the darknet using the lantern project.</description>
        </item>
 <item>
        <title>Why is High Availability Important for Deniability ?</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/high_availability/index.html</link>
        <guid isPermaLink='false'>2024123000</guid>
        <description>In this blogpost we're going to look into why High Availability is essential to maintain deniability for a particular hidden service.</description>
        </item>
 <item>
        <title>How to navigate qubes OS and segment your internet uses</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/qubesosnetwork/index.html</link>
        <guid isPermaLink='false'>2024122000</guid>
        <description>In this tutorial we will set up the environment for public, private and anonymous online identities, and how to use qubes os.</description>
        </item>
 <item>
        <title>Stylography protection (Running a Local LLM and copy pasting messages)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/stylometry/index.html</link>
        <guid isPermaLink='false'>2024120400</guid>
        <description>In this tutorial we're going to take a look at how you can run a LLM Locally to rewrite your messages to prevent sylometry fingerprinting (in order to make sure you're not being deanonymized from the way you're typing)</description>
        </item>
 <item>
        <title>Why is the Darknet superior to Clearnet ?</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/clearnetvsdarknet/index.html</link>
        <guid isPermaLink='false'>2024120200</guid>
        <description>In this tutorial we're going to explain why you should host your services on the Darknet rather than the Clearnet.</description>
        </item>
 <item>
        <title>Easy Private Chats - SimpleX</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion//opsec/privatesimplex/index.html</link>
        <guid isPermaLink='false'>2024120100</guid>
        <description>In this article we'll compare a few options (Telegram, Signal and SimpleX) to see how their technical details stack up and determine which is best for easy private chats.</description>
        </item>
 <item>
        <title>How to access Tor when you are in Russia or China using v2ray (vmess / vless)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/v2ray/index.html</link>
        <guid isPermaLink='false'>2024112700</guid>
        <description>In this tutorial we're going to cover how you can access Tor while being in a heavily-censored country like russia or china, by using the censorship-circumvention tool called v2ray.</description>
        </item>
 <item>
        <title>Gitea .onion Setup (Anonymous Code Repositories and Collaboration)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/gitea-anon/index.html</link>
        <guid isPermaLink='false'>2024112302</guid>
        <description>In this tutorial we're going to take a look at how you can setup an anonymous gitea instance that is accessible over Tor, in order to be able to collaborate with people on projects, while maintaining everyone's anonymity.</description>
        </item>
 <item>
        <title>One on One large file sharing (Syncthing over Tor)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/syncthinganon/index.html</link>
        <guid isPermaLink='false'>2024112300</guid>
        <description>In this tutorial we're going to dive into how to transfer large files anonymously, using whonix and Syncthing</description>
        </item>
 <item>
        <title>Mental Energy: How are you good at spending it ?</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/productivity/mentalenergy/index.html</link>
        <guid isPermaLink='false'>2024111800</guid>
        <description>In this tutorial we're going to explain the 3 ways you can spend your mental energy, just like money you can spend it gradually, spend it all in one go, or invest it to get a return over investment.</description>
        </item>
 <item>
        <title>How to run the Blog Yourself</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/runtheblog/index.html</link>
        <guid isPermaLink='false'>2024111600</guid>
        <description>In this tutorial we're going to see how you can host the nihilism blog yourself, since it has no copyright restrictions whatsoever.</description>
        </item>
 <item>
        <title>How to Get a Credit Card Anonymously (Credit Cards as a Service)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anoncreditcard/index.html</link>
        <guid isPermaLink='false'>2024110800</guid>
        <description>In this tutorial we're going to look at how to get a credit card anonymously online</description>
        </item>
 <item>
        <title>Sensitive use VMs Setup (Whonix VMs in a Veracrypt Hidden Volume)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/sensitivevm/index.html</link>
        <guid isPermaLink='false'>2024110701</guid>
        <description>In this tutorial we're going to cover how to setup Whonix VMs for Sensitive use. This means that our OPSEC requirement is that we need to be able to deny the existance of the Sensitive Whonix VM if the adversary ever gets access to our laptop.</description>
        </item>
 <item>
        <title>How to get and use residential proxies anonymously</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonproxy/index.html</link>
        <guid isPermaLink='false'>2024110700</guid>
        <description>While Tor is a requirement to protect your anonymity online, some services refuse to be accessed anonymously, and are intentionally blocking connections coming from Tor exits nodes. A residential proxy will reroute your access through a residential ip address, which makes your connection look like it is coming from your ISP or your mobile carrier.</description>
        </item>
 <item>
        <title>The main source of Plausible Deniability: Deniable Encryption</title>
        <link>blog.nowhere.moe/opsec/veracrypt/index.html</link>
        <guid isPermaLink='false'>2024110501</guid>
        <description>In this tutorial we're going to explain why deniable encryption is important for sensitive use, and why we need to have the host OS in live mode to be able to use it.</description>
        </item>
 <item>
        <title>Using the Host-OS in live-mode to prepare for long-term Sensitive Use</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/livemode/index.html</link>
        <guid isPermaLink='false'>2024110400</guid>
        <description>The main usecase of using your Host OS in live mode, is that you want to use it for long term sensitive activities (meaning, you want to save sensitive files on a harddrive). As you're going to see, using the Host OS in live mode is effectively a hard requirement for deniability.</description>
        </item>
 <item>
        <title>Tails OS QEMU VM for Temporary Sensitive Use</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/tailsqemuvm/index.html</link>
        <guid isPermaLink='false'>2024110300</guid>
        <description>In this tutorial we're going to see why Tails OS is suitable for Short Term Sensitive Use due to it's default live-mode feature, where upon shutting down the OS, every forensic trace of what you were doing is completely erased from memory, where the entire OS is loaded into.</description>
        </item>
 <item>
        <title>One-on-One Large File Sharing (Syncthing over VPN)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/syncthingvpn/index.html</link>
        <guid isPermaLink='false'>2024110202</guid>
        <description>In this tutorial we're going to showcase how you can send large files privately to someone else by using Syncthing.</description>
        </item>
 <item>
        <title>How to Anonymously access websites that block Tor</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/whentorisblocked/index.html</link>
        <guid isPermaLink='false'>2024110200</guid>
        <description>In this tutorial we're going to cover how we can circumvent a website's attempts at blocking Tor traffic, by using a VPN. As we discussed previously, this is relating to the serverside context required to know if we should combine the use of Tor with the use of a VPN.</description>
        </item>
 <item>
        <title>Sensitive use VMs Setup (Whonix VMs in a Veracrypt Hidden Volume)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/sensitivevm/index.html</link>
        <guid isPermaLink='false'>2024110100</guid>
        <description>In this tutorial we're going to cover how to setup Whonix VMs for Sensitive use. This means that our OPSEC requirement is that we need to be able to deny the existance of the Sensitive Whonix VM if the adversary ever gets access to our laptop.</description>
        </item>
 <item>
        <title>Reflecting: Brainstorming Ideas while on the run</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/productivity/reflecting/index.html</link>
        <guid isPermaLink='false'>2024102702</guid>
        <description>In this tutorial we're going to cover what to do when you get a simple or complex idea when you are not at home, and how you can quickly grab a hold of that idea before you forget about it</description>
        </item>
 <item>
        <title>Productivity - Diet to favor cerebral activity</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/productivity/index.html</link>
        <guid isPermaLink='false'>2024102701</guid>
        <description>In this tutorial we're going to cover what fuel you need to use for your body and brain to function at their best, what to avoid, and what food to prefer. we'll also go over on the frequency of meals you should have, and how to correctly assess what food is best for your body.</description>
        </item>
 <item>
        <title>Reflecting: How to use graphs to help Brainstorming ideas (draw.io)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/productivity/graphs/index.html</link>
        <guid isPermaLink='false'>2024102604</guid>
        <description>In this tutorial we're going to see why graphs are important, and how to make them using drawio.</description>
        </item>
 <item>
        <title>Zero Email Workflow (in Thunderbird)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/productivity/zeroemail/index.html</link>
        <guid isPermaLink='false'>2024102602</guid>
        <description>In this tutorial we're going to cover how you can organize your mailbox in such a way that only the important parts remain in your focus. We'll go over what labels to use, and how to set your priorities straight from both the inbox folder and the sent folder.</description>
        </item>
 <item>
        <title>Pomodoro Focus times (Intentional pauses to prevent burnouts)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/productivity/pomodoro/index.html</link>
        <guid isPermaLink='false'>2024102601</guid>
        <description>In this tutorial we're going to go over why you need to take breaks, how often, how long, and what you can do during those breaks.</description>
        </item>
 <item>
        <title>Workspace Preparation: Mental Energy Optimisation</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/productivity/mentalopti/index.html</link>
        <guid isPermaLink='false'>2024102500</guid>
        <description>In this tutorial we're going to cover how you can remove all blockers from your ability to focus on your work. We'll go over IRL measures to take, and digital measures to take.</description>
        </item>
 <item>
        <title>Productivity: The Morning Routine</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/productivity/morningroutine/index.html</link>
        <guid isPermaLink='false'>2024102301</guid>
        <description>In this tutorial we're covering when and how i start the day, and why i do those things.</description>
        </item>
 <item>
        <title>Collaborative Project Management (Kanban in Gitea)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/productivity/kanban/index.html</link>
        <guid isPermaLink='false'>2024102203</guid>
        <description>In this tutorial we're going to showcase how to create a git repository on gitea, and how to manage projects with a Kanban-style.</description>
        </item>
 <item>
        <title>Micro Workflow: Todo Listing, Contextualizing, and Ordering Tasks</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/productivity/microworkflow/index.html</link>
        <guid isPermaLink='false'>2024102201</guid>
        <description>In this tutorial we're going to look at how you can manage your workflow on the micro level, by listing the things you have to do, contextualizing them, and ordering each task.</description>
        </item>
 <item>
        <title>Peer-to-Peer Large File Sharing (Torrents over VPN)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/p2ptorrents/index.html</link>
        <guid isPermaLink='false'>2024102002</guid>
        <description>In this article, we will explore how, after binding a VPN to their torrent clients, Sam the Seeder can privately share a large file with Larry the Leecher.</description>
        </item>
 <item>
        <title>Macro Time Management: Prioriting Projects and Calendar Scheduling</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/productivity/macrotime/index.html</link>
        <guid isPermaLink='false'>2024102000</guid>
        <description>In this tutorial we're going to cover how to schdule time for your work projects and your personal projects. We're going to cover how you can priorize your projects, and how you can schedule it from inside Thunderbird, and using nextcloud CalDAV.</description>
        </item>
 <item>
        <title>How to Get an Email Account Anonymously (Emails as a Service)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonemail/index.html</link>
        <guid isPermaLink='false'>2024101600</guid>
        <description>In this article, we will explore how to sign up for email account anonymously. Specifically, we will explore a privacy-focused email provider, Proton Mail, and how to sign up using Tor without inputting any additional information whatsoever.</description>
        </item>
 <item>
        <title>How to Receive Anonymous SMSes (Remote SMSes as a Service)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonsms/index.html</link>
        <guid isPermaLink='false'>2024101400</guid>
        <description>In this tutorial we're going to showcase how to recieve SMSes anonymously, using a remote SMS as a service that doesn't require any KYC to use.</description>
        </item>
 <item>
        <title>Easy Anonymous Chats Using SimpleX</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonsimplex/index.html</link>
        <guid isPermaLink='false'>2024101302</guid>
        <description>In this tutorial we're going to see how to setup a chat application for Anonymous use. This is especially important in a world where mass-surveillance is nearly-omnipresent. It has become the end users' responsibility to uphold their privacy and anonymity while communicating online.</description>
        </item>
 <item>
        <title>Macro Workflow: Listing Topics that truly matter</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/productivity/macroworkflow/index.html</link>
        <guid isPermaLink='false'>2024101301</guid>
        <description>In this tutorial we'll cover briefly how to choose topics based on the reason behind your actions, we'll go over some example topics, and how to label them to be able to easily order them.</description>
        </item>
 <item>
        <title>The right thing to do: What is the reason behind your actions?</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/productivity/rightthing/index.html</link>
        <guid isPermaLink='false'>2024101200</guid>
        <description>Introspection: What is it that truly matters to you? Acting out of self interest: Unfulfilling Immaturity, The right thing to do: The Fulfilling Maturity</description>
        </item>
 <item>
        <title>Nihilism: Mantras to reset the Mind</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/productivity/nihilism/index.html</link>
        <guid isPermaLink='false'>2024101004</guid>
        <description>In this tutorial we're going to cover the structure of your own mind, We're going to explain why it is not normal to follow the norm, and why Nihilism is vital for your own mental health.</description>
        </item>
 <item>
        <title>How to Maintain Multiple Identities Online</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/multiple_identities/index.html</link>
        <guid isPermaLink='false'>2024101001</guid>
        <description>In this tutorial, we’ll guide you through setting up and managing multiple online identities to enhance your privacy and security. We’ll discuss why this is crucial, how to establish distinct personas, and the steps you need to keep them isolated from each other.</description>
        </item>
 <item>
        <title>How to remain Anonymous during a protest</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonprotest/index.html</link>
        <guid isPermaLink='false'>2024101000</guid>
        <description>In this tutorial we're going to cover what must be taken into account when it comes to using phones outdoors, how you can remain anonymous outdoors, and what it takes to have a phone for anonymous use.</description>
        </item>
 <item>
        <title>How to contribute to The Nihilism Blog</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/contribute/index.html</link>
        <guid isPermaLink='false'>2024100602</guid>
        <description>In this tutorial we're going to look at how you can contribute to the opsec blog, we'll look into how the work is being organized, and how to contribute via gitea. We'll also look into how you can run the blog yourself since it's entirely public domain (Creative Commons Zero license).</description>
        </item>
 <item>
        <title>How to setup a Haveno Seed Node</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/haveno-seednode/index.html</link>
        <guid isPermaLink='false'>2024100600</guid>
        <description>In this tutorial we're going to take a look at how you can contribute to an existing Haveno Network, by running a Seed Node, in order to make the Haveno Network of your choice more resillient to potential takedowns.</description>
        </item>
 <item>
        <title>How to send small files Anonymously (Onionshare)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/onionshare/index.html</link>
        <guid isPermaLink='false'>2024093000</guid>
        <description>OnionShare is a free and open-source cross-platform tool that utilises the TOR network to anonymously share files (send and receive), host an onion website and create a simple chat room.</description>
        </item>
 <item>
        <title>Hiding files in images with steghide</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/steghide/index.html</link>
        <guid isPermaLink='false'>2024092800</guid>
        <description>steghide is a mature GPL-licensed CLI tool for hiding arbitrary data inside of of image files (and some archaic audio formats). Its official web presence is located at http://steghide.sourceforge.net/. it conceals data inside a larger coverfile in a way that is indistinguishable to first-order statistical analysis. This means there is are anomalies in the file histogram, making most pictures innocuous without having the original image to compare it to.</description>
        </item>
 <item>
        <title>Cold Exposure: Where Discipline takes over Comfort</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/productivity/coldshowers/index.html</link>
        <guid isPermaLink='false'>2024092600</guid>
        <description>What the body and mind doesn't want, but actually needs. The perfect discipline practice.</description>
        </item>
 <item>
        <title>Opus Nihil: Dissolving Compulsions</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/productivity/opus-nihil/index.html</link>
        <guid isPermaLink='false'>2024092601</guid>
        <description>What is it that you truly need ? What is it that you truly want ? Dissolve those compulsions yourself.</description>
        </item>
 <item>
        <title>New Tutorial Category : Productivity Introduction - Discipline over Comfort</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/productivity/discipline/index.html</link>
        <guid isPermaLink='false'>2024092500</guid>
        <description>Making sure that your Body and Mind are not getting in the way of your work, and making sure that you are working as efficiently as possible.</description>
        </item>
 <item>
        <title>XMPP Chat Server Setup (Clearnet + Onion + OMEMO E2EE)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/xmpp2024/index.html</link>
        <guid isPermaLink='false'>2024092100</guid>
        <description>In this tutorial, we're going to check out how to setup a XMPP chat server, that is accessible over Tor, as a hidden service, using Prosody. We'll also cover how to have a Clearnet XMPP server, and how to have OMEMO End to End encryption using the Gajim XMPP client.</description>
        </item>
 <item>
        <title>Why can't I trust Centralised Exchanges, and random Monero nodes ?</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/chainalysisattempts/index.html</link>
        <guid isPermaLink='false'>2024090700</guid>
        <description>As of September 5, 2024 the sech1 posted on monero.town the following post, which was a repost of the following reddit post talking about a leaked Chainalysis meeting video about what was their progress on tracing monero transactions back in August 2023. This is a great opportunity to highlight the opsec weaknesses they are targeting so let's dive into it.</description>
        </item>
 <item>
        <title>How to rent remote domains anonymously (Registrar resellers) ⭐</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anondomain/index.html</link>
        <guid isPermaLink='false'>2024090500</guid>
        <description>Not many people know that it is possible to operate a clearnet website, anonymously. In this tutorial we're covering how you can rent a clearnet domain, anonymously.</description>
        </item>
 <item>
        <title>Mine Monero with p2pool and xmrig</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/monerop2pool/index.html</link>
        <guid isPermaLink='false'>2024082500</guid>
        <description>how to mine Monero using p2pool and xmrig.</description>
        </item>
 <item>
        <title>How to use the Tor Browser on Mobile</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/MobileTor/index.html</link>
        <guid isPermaLink='false'>2024081901</guid>
        <description>Sometimes you are not always in front of your computer but need to browse the web anonymously while being away from your home. In this tutorial we're going to cover how to browse the web anonymously while on your mobile device.</description>
        </item>
 <item>
        <title>How to write good Tutorials</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/tutorial/index.html</link>
        <guid isPermaLink='false'>2024081900</guid>
        <description>Because after all, how can you expect people to write good tutorials without being shown how to write them in the first place ?</description>
        </item>
 <item>
        <title>Hiding files in videos (small or large files) with zuluCrypt</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/anonzulucrypt/index.html</link>
        <guid isPermaLink='false'>2024081800</guid>
        <description>Using Steganography to hide small or large files into Video files, using zulucrypt</description>
        </item>
 <item>
        <title>New Matrix Chat (Opsec, Sysadmin, hacking, Programming)</title>
        <link>http://matrix.to/#/#nowheremoe:nowhere.moe</link>
        <guid isPermaLink='false'>2024081500</guid>
        <description>As nowhere.moe and datura.network are being merged into nowhere.moe, feel free to join the new matrix chat</description>
        </item>
 <item>
        <title>Why isn’t Privacy enough for Anonymous Use?</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/anonuse/index.html</link>
        <guid isPermaLink='false'>2024081400</guid>
        <description>In this post we are going to see why Privacy is not enough for Anonymous Use, and what can be done about it.</description>
        </item>
 <item>
        <title>New domain: Nowhere.moe</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nowhere.moe.txt.asc</link>
        <guid isPermaLink='false'>2024081000</guid>
        <description>Explaining how the ownership of the services will change</description>
        </item>
 <item>
        <title>Route QEMU VMs through a Host OS VPN</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/vpnqemu/index.html</link>
        <guid isPermaLink='false'>2024080900</guid>
        <description>In this tutorial we're going to check how to have VMs use a Host OS VPN, which can be vital if your ISP doesn't allow Tor traffic</description>
        </item>
 <item>
        <title>Where to host Anonymous Clearnet Services ?</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/anonclearnetservices/index.html</link>
        <guid isPermaLink='false'>2024060801</guid>
        <description>In this tutorial we're going explain how you can have anonymous clearnet services, which can either remotely or self-hosted.</description>
        </item>
 <item>
        <title>Where to host Anonymous Hidden Services ?</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/hiddenservice/index.html</link>
        <guid isPermaLink='false'>2024060800</guid>
        <description>In this tutorial we're going to look at where you can host Hidden Services, while still remaining Anonymous, One way is to host the service remotely, and the other is to self-host it.</description>
        </item>
 <item>
        <title>Introduction to Self-Hosting Hidden Services</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/hiddenservices/index.html</link>
        <guid isPermaLink='false'>2024080300</guid>
        <description>Clearnet Services: Centralized, but can be used anonymously, Tor Hidden Services: Decentralized and Anonymous, But Warning, do not host anything sensitive at Home!</description>
        </item>
 <item>
        <title>Opening the Blog to contributions (earn XMR!)</title>
        <link>http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions</link>
        <guid isPermaLink='false'>2024072500</guid>
        <description>Long due, i'm now opening blog.nowhere.moe to contributions, i am offering monero (10-50euros per new complete blogpost), if you want to contribute a tutorial i didn't list yet, let me validate your idea beforehand.</description>
        </item>
 <item>
        <title>Tor through VPN or VPN through Tor?</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/torthroughvpn/index.html</link>
        <guid isPermaLink='false'>2024072400</guid>
        <description>In this tutorial we're going to justify the 4 possible Tor / VPN combinations, based on both clienside and serverside contexts. We'll also discuss specific contexts where anonymity is too risky to attempt.</description>
        </item>
 <item>
        <title>How to install GrapheneOS on a Pixel Phone</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/graphene/index.html</link>
        <guid isPermaLink='false'>2024071001</guid>
        <description>In this tutorial we're going to setup graphene OS, an open source android operating system for google pixel phones.</description>
        </item>
 <item>
        <title>The lack of Open Source Hardware (CPUs, Motherboards, GPUs)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/openhardware/index.html</link>
        <guid isPermaLink='false'>2024071000</guid>
        <description>In this article we'll look at why Open source Hardware is vital, the current status of the closed-source hardware monopoly on the market, and the current status of open source hardware on the market</description>
        </item>
 <item>
        <title>The main source of Anonymity: The Tor Network</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/torvsvpns/index.html</link>
        <guid isPermaLink='false'>2024063000</guid>
        <description>In this tutorial we're going to explain why VPNs are not enough when it comes to maintaining Anonymity, and in what way Tor is the main source of Anonymity online.</description>
        </item>
 <item>
        <title>What is Anonymity ? Why is it Important ?</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/anonymityexplained/index.html</link>
        <guid isPermaLink='false'>2024062900</guid>
        <description>In this tutorial we're going to explain what is Anonymity, What are the enemies of Anonymity, and why it is important, especially for international journalism.</description>
        </item>
 <item>
        <title>How to compile open source software + How to verify software integrity</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/compilation/index.html</link>
        <guid isPermaLink='false'>2024062803</guid>
        <description>In this tutorial we're going to cover Why compile even compile software yourself, how to compile c++ programs, and How to verify software integrity</description>
        </item>
 <item>
        <title>How to get privacy from your ISP using a VPN</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/vpn/index.html</link>
        <guid isPermaLink='false'>2024062801</guid>
        <description>In this tutorial we're going to cover Why does Bob need a VPN to begin with, how to purchase a VPN, How to download it, and how to verify that it is properly connected, from inside a debian VM, for private internet usage.</description>
        </item>
 <item>
        <title>Linux Hypervisor Setup (QEMU/KVM virtualisation)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/hypervisorsetup/index.html</link>
        <guid isPermaLink='false'>2024062800</guid>
        <description>In this tutorial we're going to cover how to setup the open source hypervisor QEMU/KVM in Linux host OS, using the libvirt technology.</description>
        </item>
 <item>
        <title>How to install Linux from a Windows PC</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/linux/index.html</link>
        <guid isPermaLink='false'>2024061601</guid>
        <description>In this tutorial, we're going to look at the first and foremost thing anyone can do to remove surveillance from their digital lives, by installing a free and open source software (FOSS) host operating system: Linux, in this case we're going to setup the latest Debian.</description>
        </item>
 <item>
        <title>What is Privacy ? Why is it Important ?</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/privacy/index.html</link>
        <guid isPermaLink='false'>2024061600</guid>
        <description>This is where the Journey begins. We're going to look at why you should bother with Privacy first of all, and what it is exactly.</description>
        </item>
 <item>
        <title>Tails OS QEMU VM for Temporary Anonymity</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/tailsqemuvm/index.html</link>
        <guid isPermaLink='false'>2024061400</guid>
        <description>In this tutorial we're going to look at how you can run Tails OS (The Amnesic Incognito Linux System) in a QEMU VM, following the official documentation, along with how to setup persistant storage</description>
        </item>
 <item>
        <title>Audit your OPSEC and determine the appropriate internet use</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/opsec4levels/index.html</link>
        <guid isPermaLink='false'>2024060900</guid>
        <description>In this tutorial we're going to explore how you can audit your own level of opsec, using the following 6 parameters:Complexity, Transparency, Surveillance, Centralisation, Onymity, and Deniability.</description>
        </item>
 <item>
        <title>Governments fear Decentralisation and Anonymity</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/govfear/index.html</link>
        <guid isPermaLink='false'>2024060701</guid>
        <description>In this tutorial we're going to explain why Decentralisation and Anonymity are essential in reducing the power of the government over it's citizens.</description>
        </item>
 <item>
        <title>Governments, Centralisation, and Law Enforcement</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/governments/index.html</link>
        <guid isPermaLink='false'>2024060700</guid>
        <description>In this tutorial we're going to cover and explain what are governments, and why they are trying to force us into mass surveillance and KYC procedures.</description>
        </item>
 <item>
        <title>OPSEC: The right technology and behavior</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/opsec/index.html</link>
        <guid isPermaLink='false'>2024060600</guid>
        <description>Operational Security, is a process aimed at identifying if your actions can be observed by an adversary. In this context, how good your OPSEC is, determines the level of your privacy and anonymity.</description>
        </item>
 <item>
        <title>Phone Numbers are incompatible with Privacy!</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/phonenumbers/index.html</link>
        <guid isPermaLink='false'>2024052600</guid>
        <description>Sim Cards: the Deanonymization Tool, You cannot have an anonymous Phone at home. If a service requires your phone number, it is against both your Privacy and Anonymity</description>
        </item>
 <item>
        <title>My Manifesto</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/manifesto/index.html</link>
        <guid isPermaLink='false'>2024052500</guid>
        <description>Explaining why I have a blog in the first place</description>
        </item>
 <item>
        <title>Haveno DEX Cash by Mail -> XMR transaction</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/haveno-cashbymail/index.html</link>
        <guid isPermaLink='false'>2024052400</guid>
        <description>In this tutorial we're going to cover how to buy Monero, for cash by mail on the Haveno Decentralised Exchange. This was the most popular payment method back on LocalMonero, due to being an improvement over bank transfers (like SEPA in the EU) when it comes to trading larger volumes in the long run, as Cash cannot easily be traced by adversaries unlike bank transfers, making Cash by Mail one of the most private ways to exchange real world money for Monero.</description>
        </item>
 <item>
        <title>Haveno DEX SEPA Instant -> XMR transaction</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/haveno-sepa/index.html</link>
        <guid isPermaLink='false'>2024052300</guid>
        <description>In this tutorial we're going to cover an instant SEPA transfer (which is a bank transfer) transaction for monero, this is one of the most popular payment options in the EU region, a favorite of mine due to the speed of the transaction.</description>
        </item>
 <item>
        <title>Haveno Decentralised Exchange Dispute resolution (Fiat -> XMR)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/haveno-arbitrator/index.html</link>
        <guid isPermaLink='false'>2024051900</guid>
        <description>In this tutorial we're going to cover how the Haveno DEX handles trade disputes, which can happen as, after all it's decentralised, and anonymous by default. We'll cover What protects the Buyer or the Seller, what happens when you encounter a scammer, and how the arbitration resolution plays out.</description>
        </item>
 <item>
        <title>Haveno Decentralised Exchange Face-to-Face Fiat to Monero Transaction</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/haveno-client-f2f/index.html</link>
        <guid isPermaLink='false'>2024140500</guid>
        <description>Setting up Haveno DEX locally, making it connect to a Tor bridge, creating a buying offer, transacting with a user directly, to exchange FIAT for Monero, and then withdrawing your funds from the Haveno Monero wallet.</description>
        </item>
 <item>
        <title>Internet usage segmentation (QEMU VMs + Identity Management)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/internetsegmentation/index.html</link>
        <guid isPermaLink='false'>2024030500</guid>
        <description>Different Internet Usage, Identity Management, Multiple Virtual Machines (VMs), Internet Usage Segmentation Recap</description>
        </item>
 <item>
        <title>Acquiring remote servers and domains anonymously (non-KYC providers)</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/anonymousremoteserver/index.html</link>
        <guid isPermaLink='false'>2024020501</guid>
        <description>Finding out a non-KYC Cloud Provider and Email Provider, Purchasing the server anonymously (using Monero), and Accessing the server anonymously (SSH through Tor)</description>
        </item>
 <item>
        <title>Clientside: Encryption is good, but you need Plausible Deniability</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/encryption/index.html</link>
        <guid isPermaLink='false'>2024050100</guid>
        <description>Encryption Provides Privacy, But what happens when Bob is forced to give out your password? Why is Plausible Deniability is Vital?</description>
        </item>
 <item>
        <title>Tor through VPN or VPN through Tor?</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/torthroughvpn/index.html</link>
        <guid isPermaLink='false'>202404301</guid>
        <description>Accessing websites that block Tor and Hiding Tor usage from your ISP</description>
        </item>
 <item>
        <title>Why can't I trust closed source software?</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/closedsource/index.html</link>
        <guid isPermaLink='false'>20240430</guid>
        <description>No, you still can't trust closed source software</description>
        </item>
 <item>
        <title>Sensitive .onion Services: Self-Host or Host Remotely ?</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/sensitiveremotevshome/index.html</link>
        <guid isPermaLink='false'>20240429</guid>
        <description>Explaining what hosting sensitive services implies</description>
        </item>
 <item>
        <title>Decentralized Finances</title>
        <link>http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/servers/finances/index.html</link>
        <guid isPermaLink='false'>1</guid>
        <description>Centralised currencies, Decentralised Currencies, and Centralised Exchanges, privacy cryptos and decentralised exchanges</description>
        </item>
 </channel>
 </rss>