oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 11:56:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

official darknetlantern release + fix moneroinheritance

Browse source
This commit is contained in:
nihilist 2025-02-01 19:13:46 +01:00
parent 6ba40402a3
commit 81f72c07e8
57 changed files with 791 additions and 88 deletions
Download patch file Download diff file Expand all files Collapse all files

120
opsec/moneroinheritance/index.html
View file

@ -95,7 +95,7 @@ Uncle Rich has worked hard his entire life and has managed to save a large amoun
In order to avoid relying on third parties, we need a sovereign solution that is FOSS, self-hostable, end-to-end encrypted and that stores data in a zero-knowledge environment. Vaultwarden is the ideal candidate for this task as it is an alternative server implementation of Bitwarden that is written in Rust and is memory-safe. It is more light-weight than the full Bitwarden stack and can be easily deployed on a VPS for less than €5 per month.
</p>
<p>
<img src="1.png" style="display: block; margin-left: auto; margin-right: auto;">
<img src="1.png" class="imgRz">
</p>
<p>
Nephew Nick will start by setting up a self-hosted instance where both Uncle Rich and him will create an account. After setting up a reliable notification system, Uncle Rich will grant Nephew Nick Emergency Access to his account, where he has his seedphrase stored. After Nephew Nick accepts Emergency Access, everything will be set in place. In the future, when Nephew Nick requests access to Uncle Rich's vault, Uncle Rich will receive a notification and have a predetermined amount of time to reject the Emergency Access request. If Uncle Rich is still alive at this point, that is trivially easy to do. If Uncle Rich is no longer with us, he will not be able to reject the Emergency Access request. As a result, after the allotted time has expired, Nephew Nick will be notified his request has been granted and will be able to access Uncle Rich's vault where the seedphrase lies.
@ -124,12 +124,12 @@ Starting from Nephew Nick's perspective:
<p>
Prerequisites:
<br>
- A <a href=http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anondomain/index.html target=_blank>domain name</a> - Nephew Nick purchased one anonymously using Monero on <b>Njalla</b> using their onion link.
- A <a href="../anondomain/index.html">domain name</a> - Nephew Nick purchased one anonymously using Monero on <b>Njalla</b> using their onion link.
<br>
- A <a href=http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonymousremoteserver/index.html target=_blank>VPS</a> - Nephew Nick purchased one anonymously using Monero on <b>Kyun</b> using their onion link. Specs consisting of 1 core and 2 GB of memory are more than enough to self-host everything needed for the setup.
- A <a href="../anonymousremoteserver/index.html">VPS</a> - Nephew Nick purchased one anonymously using Monero on <b>Kyun</b> using their onion link. Specs consisting of 1 core and 2 GB of memory are more than enough to self-host everything needed for the setup.
<br>
<br>
<img src="2.png" style="display: block; margin-left: auto; margin-right: auto;">
<img src="2.png" class="imgRz">
<br>
Nephew Nick knows that Uncle Rich is getting quite old. Uncle Rich is still capable of using a computer but in order for this setup to work it must provide as little friction as possible. As such, we will keep things simple and use email notifications from a self-hosted server. While not overtly private, email is a suitable option in this case given its ease of use and because it is being used strictly for notifications with no sensitive information is being transmitted. Setting up a self-hosted mail server has been <a href=http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/mailprivate/index.html target=_blank>covered before</a>, however, in this article we will do things a little different in line with running all of our services independently as docker containers. All publicly accessible services will be protected by SSL and we will use Traefik reverse proxy both to automatically procure wildcard SSL certificates and renew them, and also to route traffic to each respective subdomain. Let's get started.
</p>
@ -148,13 +148,13 @@ Nephew Nick knows that Uncle Rich is getting quite old. Uncle Rich is still capa
Nephew Nick will start by setting up DNS records on Njalla (note: no trailing dot is needed). Required are A records pointing to the VPS IP address for xmronly.com, *.xmronly.com, and mail.xmronly.com. An MX record for mail.xmronly.com is also required as shown.
</p>
<p>
<img src="3.png" style="display: block; margin-left: auto; margin-right: auto;">
<img src="3.png" class="imgRz">
</p>
<p>
Over on Kyun, Nephew Nick will set a reverse DNS to point to mail.xmronly.com.
</p>
<p>
<img src="4.png" style="display: block; margin-left: auto; margin-right: auto;">
<img src="4.png" class="imgRz">
</p>
<p>
With this complete, Nephew Nick can test the DNS records to make sure they are set up correctly and have propagated. With the expected outputs as shown below, we're ready to move on.
@ -297,7 +297,7 @@ networks:
Start the containers with <b>docker compose -f traefik.yml up -d</b> then navigate to https://mail.xmronly.com and verify the SSL certificate is present.
</p>
<p>
<img src="5.png" style="display: block; margin-left: auto; margin-right: auto;">
<img src="5.png" class="imgRz">
</p>
<p>
Next we'll set up a docker-compose file (<b>mailserver.yml</b>) in /docker/mailserver.
@ -387,7 +387,7 @@ Content: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkifHSvSJUf3...
With everything complete, your DNS should look like this:
</p>
<p>
<img src="6.png" style="display: block; margin-left: auto; margin-right: auto;">
<img src="6.png" class="imgRz">
</p>
<p>
@ -404,10 +404,8 @@ docker compose -f mailserver.yml up -d
You can confirm everything is working correctly by configuring Thunderbird to use your mail server and sending out a test email on <b>https://mail-tester.com</b>.
</p>
<p style="display: flex; justify-content: center; align-items: center;">
<img src="7.png" style="margin: 10px;" width="400">
<img src="8.png" style="margin: 10px;" width="400">
</p>
<img src="7.png" class="imgRz">
<img src="8.png" class="imgRz">
<p>
The last step is to set up a docker-compose file (<b>vaultwarden.yml</b>) in /docker/vaultwarden.
@ -463,25 +461,21 @@ Start the container with <b>docker compose -f vaultwarden.yml up -d</b>. With th
Continuing with the same perspective, Nephew Nick will head to <b>https://vaultwarden.xmronly.com</b> and start by creating an account then using it to sign in.
</p>
<p style="display: flex; justify-content: center; align-items: center;">
<img src="9.png" style="margin: 10px;" width="400">
<img src="10.png" style="margin: 10px;" width="400">
</p>
<img src="9.png" class="imgRz">
<img src="10.png" class="imgRz">
<p>
When prompted, Nephew Nick will verify his email address.
</p>
<p style="display: flex; justify-content: center; align-items: center;">
<img src="11.png" style="margin: 10px;" height="100">
<img src="12.png" style="margin: 10px;" width="600">
</p>
<img src="11.png" class="imgRz">
<img src="12.png" class="imgRz">
<p>
With verification complete, Nephew Nick will confirm his account fingerprint phrase as this information will be needed for a future step. This is located on the sidebar under Settings -> My account.
</p>
<p>
<img src="13.png" style="display: block; margin-left: auto; margin-right: auto;">
<img src="13.png" class="imgRz">
</p>
</div>
@ -506,36 +500,28 @@ Switching over to Uncle Rich's perspective now:
Uncle Rich will start by creating an account and then using it to sign in.
</p>
<p style="display: flex; justify-content: center; align-items: center;">
<img src="9.png" style="margin: 10px;" height="400">
<img src="14.png" style="margin: 10px;" width="400">
</p>
<img src="9.png" class="imgRz">
<img src="14.png" class="imgRz">
<p>
When prompted, Uncle Rich will verify his email address.
</p>
<p style="display: flex; justify-content: center; align-items: center;">
<img src="11.png" style="margin: 10px;" height="100">
<img src="15.png" style="margin: 10px;" width="600">
</p>
<img src="11.png" class="imgRz">
<img src="15.png" class="imgRz">
<p>
With verification complete, Uncle Rich can proceed to set up an entry containing his seedphrase.
</p>
<p style="display: flex; justify-content: center; align-items: center;">
<img src="16.png" style="margin: 10px;" height="200">
<img src="17.png" style="margin: 10px;" width="600">
</p>
<img src="16.png" class="imgRz">
<img src="17.png" class="imgRz">
<p>
Next, Uncle Rich will add Nephew Nick as an Emergency Contact. This is found on the sidebar under Settings -> Emergency access.
</p>
<p style="display: flex; justify-content: center; align-items: center;">
<img src="18.png" style="margin: 10px;" height="350">
<img src="19.png" style="margin: 10px;" width="450">
</p>
<img src="18.png" class="imgRz">
<img src="19.png" class="imgRz">
</div>
</div><!-- /row -->
@ -560,19 +546,15 @@ Switching back to Nephew Nick's perspective now:
Nephew Nick receives an email notification that Uncle Rich has invited him to be an Emergency Contact. Clicking the link prompts a log in, automatically accepting the request.
</p>
<p style="display: flex; justify-content: center; align-items: center;">
<img src="20.png" style="margin: 10px;" height="400">
<img src="21.png" style="margin: 10px;" width="400">
</p>
<img src="20.png" class="imgRz">
<img src="21.png" class="imgRz">
<p>
Upon signing in, there is a notification indicating that the invitation has been accepted and that Nephew Nick's identity must be confirmed (by Uncle Rich). Nephew Nick can see the status of his designation as an Emergency Contact under Settings -> Emergency access on the sidebar.
</p>
<p style="display: flex; justify-content: center; align-items: center;">
<img src="22.png" style="margin: 10px;" height="200">
<img src="23.png" style="margin: 10px;" height="400">
</p>
<img src="22.png" class="imgRz">
<img src="23.png" class="imgRz">
</div>
</div><!-- /row -->
@ -597,7 +579,7 @@ Uncle Rich receives an email notification that Nephew Nick has accepted the invi
</p>
<p>
<img src="24.png" style="display: block; margin-left: auto; margin-right: auto;">
<img src="24.png" class="imgRz">
</p>
<p>
@ -605,8 +587,8 @@ Uncle Rich logs in and navigates to Settings -> Emergency access on the sidebar.
</p>
<p style="display: flex; justify-content: center; align-items: center;">
<img src="25.png" style="margin: 10px;" height="350">
<img src="26.png" style="margin: 10px;" width="500">
<img src="25.png" class="imgRz">
<img src="26.png" class="imgRz">
</p>
</div>
@ -632,7 +614,7 @@ Nephew Nick receives an email notification that he has been confirmed as an Emer
</p>
<p>
<img src="27.png" style="display: block; margin-left: auto; margin-right: auto;">
<img src="27.png" class="imgRz">
</p>
<p>
@ -643,9 +625,9 @@ With that, the setup is fully complete. Nephew Nick is able to request Emergency
<br>
<br>
<p style="text-align: center">
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------- Some times passes ----------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[Some times passes...]
</p>
<br>
<br>
@ -655,10 +637,8 @@ With that, the setup is fully complete. Nephew Nick is able to request Emergency
Nephew Nick has not heard from Uncle Rich in a long time and fears the worst has happened. After signing in, he navigates to Settings -> Emergency access on the sidebar and requests Emergency Access to Uncle Rich's vault.
</p>
<p style="display: flex; justify-content: center; align-items: center;">
<img src="28.png" style="margin: 10px;" height="350">
<img src="29.png" style="margin: 10px;" width="400">
</p>
<img src="28.png" class="imgRz">
<img src="29.png" class="imgRz">
@ -686,7 +666,7 @@ Uncle Rich receives an email notification that Nephew Nick has requested Emergen
</p>
<p>
<img src="30.png" style="display: block; margin-left: auto; margin-right: auto;">
<img src="30.png" class="imgRz">
</p>
<p>
@ -694,7 +674,7 @@ After logging into his account, Uncle Rich navigates to Settings -> Emergency ac
</p>
<p>
<img src="31.png" style="display: block; margin-left: auto; margin-right: auto;">
<img src="31.png" class="imgRz">
</p>
<p>
@ -706,7 +686,7 @@ From Nephew Nick's perspective, he will receive an email notification saying his
</p>
<p>
<img src="32.png" style="display: block; margin-left: auto; margin-right: auto;">
<img src="32.png" class="imgRz">
</p>
@ -733,24 +713,22 @@ From Nephew Nick's perspective, there is nothing to do but wait for the 30 day i
</p>
<p>
<img src="33.png" style="display: block; margin-left: auto; margin-right: auto;">
<img src="33.png" class="imgRz">
</p>
<p>
Nephew Nick signs into his account and navigates to Settings -> Emergency access. He is now able to view Uncle Rich's vault.
</p>
<p style="display: flex; justify-content: center; align-items: center;">
<img src="34.png" style="margin: 10px;" height="350">
<img src="35.png" style="margin: 10px;" width="400">
</p>
<img src="34.png" class="imgRz">
<img src="35.png" class="imgRz">
<p>
And just like that Nephew Nick has received Uncle Rich's seedphrase!
</p>
<p>
<img src="36.png" style="display: block; margin-left: auto; margin-right: auto;">
<img src="36.png" class="imgRz">
</p>
</div>
@ -768,7 +746,7 @@ Nephew Nick opens up his Monero Wallet GUI and navigates to "Restore wallet from
</p>
<p>
<img src="37.png" style="display: block; margin-left: auto; margin-right: auto;">
<img src="37.png" class="imgRz">
</p>
<p>
@ -776,7 +754,7 @@ He gives the wallet a name and chooses a location to save it. Finally Nephew Nic
</p>
<p>
<img src="38.png" style="display: block; margin-left: auto; margin-right: auto;">
<img src="38.png" class="imgRz">
</p>
<p>
@ -784,7 +762,7 @@ Proceeding to the next screen, Nephew Nick inputs a strong password and saves it
</p>
<p>
<img src="39.png" style="display: block; margin-left: auto; margin-right: auto;">
<img src="39.png" class="imgRz">
</p>
<p>
@ -792,7 +770,7 @@ Finally, he selects a node for the connection. Connecting to your own node is re
</p>
<p>
<img src="40.png" style="display: block; margin-left: auto; margin-right: auto;">
<img src="40.png" class="imgRz">
</p>
<p>
@ -800,7 +778,7 @@ With the connection established, all that is left to do is to wait synchronizati
</p>
<p>
<img src="41.png" style="display: block; margin-left: auto; margin-right: auto;">
<img src="41.png" class="imgRz">
</p>
<p>
@ -808,7 +786,7 @@ Nephew Nick has successfully restored Uncle Rich's wallet using the seedphrase!
</p>
<p>
<img src="42.png" style="display: block; margin-left: auto; margin-right: auto;">
<img src="42.png" class="imgRz">
</p>