fixed the anonsimplex tutorial

2025-07-02 11:56:40 +00:00 · 2024-12-22 16:04:36 +01:00 · 2024-12-22 16:04:36 +01:00 · 973165e568
commit 973165e568
parent 019b428fdc
62 changed files with 1173 additions and 71 deletions
--- a/opsec/.$OPSEC.drawio.bkp
+++ b/opsec/.$OPSEC.drawio.bkp
--- a/opsec/OPSEC.drawio
+++ b/opsec/OPSEC.drawio
--- a/opsec/OPSEC.drawio.png
+++ b/opsec/OPSEC.drawio.png
--- a/opsec/anonsimplex/20.png
+++ b/opsec/anonsimplex/20.png
--- a/opsec/anonsimplex/21.png
+++ b/opsec/anonsimplex/21.png
--- a/opsec/anonsimplex/22.png
+++ b/opsec/anonsimplex/22.png
--- a/opsec/anonsimplex/23.png
+++ b/opsec/anonsimplex/23.png
--- a/opsec/anonsimplex/24.png
+++ b/opsec/anonsimplex/24.png
--- a/opsec/anonsimplex/25.png
+++ b/opsec/anonsimplex/25.png
--- a/opsec/anonsimplex/26.png
+++ b/opsec/anonsimplex/26.png
--- a/opsec/anonsimplex/27.png
+++ b/opsec/anonsimplex/27.png
--- a/opsec/anonsimplex/28.png
+++ b/opsec/anonsimplex/28.png
--- a/opsec/anonsimplex/29.png
+++ b/opsec/anonsimplex/29.png
--- a/opsec/anonsimplex/30.png
+++ b/opsec/anonsimplex/30.png
--- a/opsec/anonsimplex/31.png
+++ b/opsec/anonsimplex/31.png
--- a/opsec/anonsimplex/32.png
+++ b/opsec/anonsimplex/32.png
--- a/opsec/anonsimplex/33.png
+++ b/opsec/anonsimplex/33.png
--- a/opsec/anonsimplex/34.png
+++ b/opsec/anonsimplex/34.png
--- a/opsec/anonsimplex/index.html
+++ b/opsec/anonsimplex/index.html
@ -166,18 +166,356 @@ sudo apt install tor</pre></code>
        <div class="row">
          <div class="col-lg-8 col-lg-offset-2">
            <h2><b>Step 3. SimpleX Server Setup</b></h2>
-            <p>It's important to note that in theory, it doesn't matter which SimpleX server you connect to, as all communication is end-to-end encrypted. When you connect via Tor, it further ensures that the server itself won't be able to trace your connection back to you. Your anonymity is maintained through the use of Tor, and your conversations are protected by SimpleX's encryption.</p>
+            <p>It's important to note that in theory, it doesn't matter which SimpleX server you connect to, as all communications are end-to-end encrypted. When you connect via Tor, it further ensures that the server itself won't be able to trace your connection back to you. Your anonymity is maintained through the use of Tor, and your conversations are protected by SimpleX's encryption.</p>
-            <p>HackLiberty has a great guide on how to install and configure a
+            <p>We're going to make use of <a href="https://forum.hackliberty.org/t/simplex-server-docker-installation-guide-smp-xftp/140">HackLiberty's tutorial</a> on how to install and configure a
              SimpleX server using Docker.</p>
-            <ul>
+
-              <li><strong>1. </strong> Navigate to the <a
+
-                  href="https://forum.hackliberty.org/t/simplex-server-docker-installation-guide-smp-xftp/140">Simplex
+<p>First we're going to create the docker-compose.yml file and the .env file as follows:</p>
-                  Server Docker Installation Guide from HackLiberty</a> and
+<pre><code class="nim">
-                follow the instructions.</li>
+[ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
-              <li><strong>2. </strong> Note your SMP and XFTP server addresses.</li>
+→ cat docker-compose.yml
-            </ul>
+version: '3.7' #this version is obsolete, change me
-            <p>Once you have configured and started your server, carry on with
+
-              this guide.</p>
+networks:
  tor-test:
    driver: bridge
    ipam:
      config:
        - subnet: 10.6.0.0/24
          gateway: 10.6.0.1
 services:
  simplex-smp-server:
    image: simplexchat/smp-server:latest
    container_name:  simplex-smp
    restart: always
    user: "1000:1000" #user uid - change if necessary
    ports:
      - "5223:5223" #this will expose port 5223 to internet
    volumes:
      - ./smp/config:/etc/opt/simplex:Z
      - ./smp/logs:/var/opt/simplex:Z
    environment:
      - ADDR=${SIMPLEX_ADDR}
 #     - PASS=${SIMPLEX_PASSWORD} #for non public servers
    networks:
      tor-test:
        ipv4_address: 10.6.0.5
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
  simplex-xftp-server:
    image: simplexchat/xftp-server:latest
    container_name:  simplex-xftp
    user: "1000:1000" #user uid - change if necessary
    ports:
      - "5233:443" #port mapping to expose xftp to internet on port 5233
    restart: always
    volumes:
      - ./xftp/config:/etc/opt/simplex-xftp:Z
      - ./xftp/logs:/var/opt/simplex-xftp:Z
      - ./xftp/files:/srv/xftp
    environment:
      - ADDR=${XFTP_ADDR}
      - QUOTA=150gb #change to set your own quota
    networks:
      tor-test:
        ipv4_address: 10.6.0.6
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
  tor:
    image: osminogin/tor-simple
    container_name: tor-simplex
    volumes:
      - ./tor-data:/var/lib/tor
      - ./tor-data/torrc:/etc/tor
    networks:
      tor-test:
        ipv4_address: 10.6.0.4
 [ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
 → cat .env
 SIMPLEX_ADDR="nowhere"      #If using FDQN, make sure to set DNS record
 SIMPLEX_PASSWORD="dawiuhwaihyawy4129y89u0u1"
 XFTP_ADDR="nowhere"         #If using FDQN, make sure to set DNS record
 #yes no clearnet at all
 </pre></code>
 <p>Then we're going to create the folders as follows:</p>
 <pre><code class="nim">
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → mkdir -p  {xftp,smp}/{config,logs}
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → tree .
 .
 ├── docker-compose.yml
 ├── notes.txt
 ├── smp
 │   ├── config
 │   └── logs
 └── xftp
    ├── config
    └── logs
 7 directories, 2 files
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → mkdir -p xftp/files
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → ls
 docker-compose.yml  notes.txt  smp  xftp
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → cd xftp
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex/xftp]
 → ls
 config  files  logs
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex/xftp]
 → cd ..
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → ls
 docker-compose.yml  notes.txt  smp  xftp
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → mkdir -p tor-data/torrc
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → mkdir -p tor-data/{simplex-xftp,simplex-smp}
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → mkdir -p  {xftp,smp}/{config,logs}
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → chmod 700 tor-data/simplex-xftp
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → chmod 700 tor-data/simplex-smp
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → sudo chown 100:65533  tor-data/simplex-xftp
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → sudo chown 100:65533  tor-data/simplex-smp
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → chown -R 100:65533 tor-data/
 chmod 777 -R smp
 chmod 777 -R  xftp
 </pre></code>
 <p>Then we're going to configure torrc for the tor docker daemon as follows: </p>
 <pre><code class="nim">
 [ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
 → vim tor-data/torrc/torrc
 [ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
 → cat tor-data/torrc/torrc
 SOCKSPort 0
 HiddenServiceNonAnonymousMode 1
 HiddenServiceSingleHopMode 1
 HiddenServiceDir /var/lib/tor/simplex-smp
 HiddenServicePort 5223 simplex-smp:5223
 HiddenServicePort 80 simplex-smp:80
 HiddenServiceDir /var/lib/tor/simplex-xftp
 HiddenServicePort 5233 simplex-xftp:5233
 </pre></code>
 <p>Then we're going to run the docker containers so that it creates the tor hostnames for both the smp and xftp services, so that we can use both in the .env file:</p>
 <pre><code class="nim">
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → docker-compose up
 [ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
 → tree tor-data
 tor-data
 ├── simplex-smp
 │   ├── authorized_clients
 │   ├── hostname
 │   ├── hs_ed25519_public_key
 │   └── hs_ed25519_secret_key
 ├── simplex-xftp
 │   ├── authorized_clients
 │   ├── hostname
 │   ├── hs_ed25519_public_key
 │   └── hs_ed25519_secret_key
 └── torrc
    └── torrc
 [ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
 → cat tor-data/simplex-smp/hostname
 b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion
 [ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
 → cat tor-data/simplex-xftp/hostname
 wg54vc6p3dscshywvt2wninachqoarrodtunapds7t7p47sn5e3qonid.onion
 [ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
 → vim .env
 [ Wonderland ] [ /dev/pts/15 ] [/srv/simplex]
 → cat .env
 SIMPLEX_ADDR="b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion"      #If using FDQN, make sure to set DNS record
 SIMPLEX_PASSWORD="dawiuhwaihyawy4129y89u0u1"
 XFTP_ADDR="wg54vc6p3dscshywvt2wninachqoarrodtunapds7t7p47sn5e3qonid.onion"         #If using FDQN, make sure to set DNS record
 </pre></code>
 <p>Then we'll save both the private keys in our keepass and then shred them:</p>
 <pre><code class="nim">
 #save both the private keys it in your keepass and then shred it
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → cat smp/config/ca.key
 -----BEGIN PRIVATE KEY-----
 REDACTED
 -----END PRIVATE KEY-----
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → shred -u smp/config/ca.key
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → cat xftp/config/ca.key
 -----BEGIN PRIVATE KEY-----
 REDACTED
 -----END PRIVATE KEY-----
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → shred -u xftp/config/ca.key
 </pre></code>
 <p>Then we edit the smp config correctly as we will NOT use the clearnet at all, the config parts regarding port 443 https are to be commented.</p>
 <pre><code class="nim">
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → cat smp/config/smp-server.ini | tail -n3
 #https: 443
 #cert: /etc/opt/simplex/web.crt
 #key: /etc/opt/simplex/web.key
 [TRANSPORT]
 # Host is only used to print server address on start.
 # You can specify multiple server ports.
 host: nowhere
 #port: 5223,443 ## we dont need 443!
 port: 5223
 log_tls_errors: off
 </pre></code>
 <p>Then we also configure it so that the simplex smp server goes through the docker tor daemon to connect to other servers:</p>
 <pre><code class="nim">
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → vim smp/config/smp-server.ini
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → cat smp/config/smp-server.ini
 [PROXY]
 # Network configuration for SMP proxy client.
 # `host_mode` can be 'public' (default) or 'onion'.
 # It defines prefferred hostname for destination servers with multiple hostnames.
 host_mode: onion
 required_host_mode: on
 # The domain suffixes of the relays you operate (space-separated) to count as separate proxy statistics.
 # own_server_domains:
 # SOCKS proxy port for forwarding messages to destination servers.
 # You may need a separate instance of SOCKS proxy for incoming single-hop requests.
 socks_proxy: 10.6.0.4:9050
 #socks_proxy: tor-simplex:9050
 # `socks_mode` can be 'onion' for SOCKS proxy to be used for .onion destination hosts only (default)
 # or 'always' to be used for all destination hosts (can be used if it is an .onion server).
 socks_mode: always
 # Limit number of threads a client can spawn to process proxy commands in parrallel.
 # client_concurrency: 32
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → vim xftp/config/file-server.ini
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → cat xftp/config/file-server.ini
 [STORE_LOG]
 # The server uses STM memory for persistence,
 # that will be lost on restart (e.g., as with redis).
 # This option enables saving memory to append only log,
 # and restoring it when the server is started.
 # Log is compacted on start (deleted objects are removed).
 enable: on
 # Expire files after the specified number of hours.
 expire_files_hours: 48
 log_stats: off
 [AUTH]
 # Set new_files option to off to completely prohibit uploading new files.
 # This can be useful when you want to decommission the server, but still allow downloading the existing files.
 new_files: on
 # Use create_password option to enable basic auth to upload new files.
 # The password should be used as part of server address in client configuration:
 # xftp://fingerprint:password@host1,host2
 # The password will not be shared with file recipients, you must share it only
 # with the users who you want to allow uploading files to your server.
 # create_password: password to upload files (any printable ASCII characters without whitespace, '@', ':' and '/')
 # control_port_admin_password:
 # control_port_user_password:
 [TRANSPORT]
 # host is only used to print server address on start
 host: nowhere
 port: 5233
 log_tls_errors: off
 # control_port: 5226
 [FILES]
 path: /srv/xftp
 storage_quota: 10gb
 [INACTIVE_CLIENTS]
 # TTL and interval to check inactive clients
 disconnect: off
 # ttl: 21600
 # check_interval: 3600
 </pre></code>
 <p>Then we simply run the docker containers again:</p>
 <pre><code class="nim">
 [ Wonderland ] [ /dev/pts/14 ] [/srv/simplex]
 → docker-compose down ; docker-compose up -d
 Starting simplex-xftp ... done
 Starting simplex-smp  ... done
 Starting tor-simplex  ... done
 simplex-smp            | Server address: smp://BD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI=@nowhere
 simplex-xftp           | Server address: xftp://emX7ForsbdpIscNiDZ6b0HTbfFUayn00C1wmeVTofYA=@nowhere
 <b>#need to manually change the @nowhere to be the onion urls:
 smp://BD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI=@b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion
 xftp://emX7ForsbdpIscNiDZ6b0HTbfFUayn00C1wmeVTofYA=@wg54vc6p3dscshywvt2wninachqoarrodtunapds7t7p47sn5e3qonid.onion:5233</b>
 </pre></code>
 <p>And from there we simply add the servers in our simplex client:</p>
          </div>
        </div>
      </div>
@ -189,34 +527,24 @@ sudo apt install tor</pre></code>
        <div class="row">
          <div class="col-lg-8 col-lg-offset-2">
            <h2><b>Step 4: Configure SimpleX To Use Your Server</b></h2>
-            <p>After setting up your SimpleX server, you need to configure your
+<p>Now from our simplex client we need to make sure that we are using our own simplex servers, which have the following URL:</p>
-              client to route its traffic through it.</p>
+<pre><code class="nim">
-            <p>Open the kebab menu at the bottom left again, and navigate to
+SMP server:
-              <strong>Settings &gt; Network and servers</strong>, then press
+smp://BD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI=@b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion
              <strong>Message servers</strong>.</p>
            <img src="13.png" class="imgRz" alt="SimpleX message server settings">
            <p>If you desire, you can remove all the default SimpleX instances
              individually before proceeding; this ensures that SimpleX will
              only ever use your server.</p>
            <p>Press <strong>Add server</strong>, then <strong>Enter server
                manually</strong>. Specify your SMP server address and save.
              Make sure to check the <strong>Use for new connections</strong>
              option.</p>
            <img src="Simplex8.png" class="imgRz" alt="Adding a SimpleX server">
-            <p>Repeat the same steps for your XFTP address by navigating to
+XFTP server:
-              <strong>Settings &gt; Network and servers</strong>, then press
+xftp://emX7ForsbdpIscNiDZ6b0HTbfFUayn00C1wmeVTofYA=@wg54vc6p3dscshywvt2wninachqoarrodtunapds7t7p47sn5e3qonid.onion:5233
-              <strong>Media & file servers</strong>.</p>
+
-            <p>Similarly, you can remove all default instances here if you
+</pre></code>
-              desire. Then add your XFTP server address by pressing <strong>Add
+<img src="20.png" class="imgRz">
-                server &gt; Enter server manually</strong>. Specify your XFTP
+<img src="21.png" class="imgRz">
-              address and save. Don't forget to tick the <strong>Use for new
+<img src="22.png" class="imgRz">
-                connections</strong> option.</p>
+<img src="23.png" class="imgRz">
-            <img src="12.png" class="imgRz" alt="SimpleX message server settings">
+<img src="24.png" class="imgRz">
-            <img src="11.png" class="imgRz" alt="Adding a SimpleX server">
+<img src="25.png" class="imgRz">
-            <h3><b>Congratulations!</b></h3>
+<img src="26.png" class="imgRz">
-            <p>You have now successfully configured your SimpleX server and
+<img src="27.png" class="imgRz">
-              client.</p>
+<p>And now that our simplex client is ONLY using our onion-only simplex servers, we can create our own chatrooms:</p>
          </div>
        </div>
      </div>
@ -228,29 +556,38 @@ sudo apt install tor</pre></code>
        <div class="row">
          <div class="col-lg-8 col-lg-offset-2">
            <h2><b>How to Create Chatrooms in Incognito mode</b></h2>
-            <p>After configuring your SimpleX client through Orbot and your own
+<p>Now that we are using our own simplex servers, we can create a chatrooms in incognito mode (meaning that our username will simply be a random noun and adjective):</p>
-              server, you are ready to create and join chatrooms. Here is how to
+<img src="28.png" class="imgRz">
-              create a chatroom in Incognito mode:</p>
+<img src="29.png" class="imgRz">
-            <h3><b>Step 1: Create the Chatroom</b></h3>
+<img src="30.png" class="imgRz">
-            <p>Press the pen icon in the bottom right of the screen. This will
+           <p>Enter a name for your group. You can also add a photo for the
              bring up a menu. Select <strong>Create group</strong>.</p>
            <img src="Simplex9.png" class="imgRz"
              alt="Creating a group in SimpleX">
            <p>Enter a name for your group. You can also add a photo for the
              group.</p>
            <p>Tick the <strong>Incognito</strong> option. Doing this ensures
              your profile name and image is hidden from your group members and
              allows for anonymous connections with other people without shared
              data. Once you have filled out the necessary information, press
              <strong>Create group</strong>.</p>
-            <img src="Simplex10.png" class="imgRz"
+
-              alt="SimpleX incognito mode settings">
+<img src="31.png" class="imgRz">
-            <h3><b>Step 2: Invite Members</b></h3>
+<p>as noted above, since you are only using tor-only simplex servers, <b>this means that you are forcing the users to use Tor to be able to join your invite links.</b> Here's what the invite link looks like:</p>
-            <p>After creating your chatroom, you will be met with an invite
+<pre><code class="nim">
-              link. You will use this link to invite other people to your
+https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FBD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI%3D%40<b>b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion</b>%2FSMvbQfvtczzC7r6Sv3gEgy_s01_ZYPh_%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEA9kSAhfaJMzC8YWZzkpoCL8mnBmq2U8VE8_v5HYk0nyE%253D&data=%7B%22groupLinkId%22%3A%22zjrwnXSNIBJO9ZhoHcRRkQ%3D%3D%22%7D
-              chatroom.</p>
+
-            <img src="Simplex11.png" class="imgRz" alt="SimpleX invite link">
+</pre></code>
-          </div>
+<p>as you can see the default invite link looks like that, and as you can see the onion server address appears in the link, which is the reason why if the user that wants to join doesnt have tor connectivity, he won't be able to join. If you don't want to use any of simplex's servers, you can simply replace the <b>https://simplex.chat/</b> at the beginning with your simplex smp server onion url as follows:</p>
 <pre><code class="nim">
 <b>http://b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion/</b>contact#/?v=2-7&smp=smp%3A%2F%2FBD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI%3D%40b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion%2FSMvbQfvtczzC7r6Sv3gEgy_s01_ZYPh_%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEA9kSAhfaJMzC8YWZzkpoCL8mnBmq2U8VE8_v5HYk0nyE%253D&data=%7B%22groupLinkId%22%3A%22zjrwnXSNIBJO9ZhoHcRRkQ%3D%3D%22%7D
 </pre></code>
 <p>If you want to not contact any simplex server to be able to view the invite link, you can simply replace the server address to <b>simplex:/</b>, which will transform the link as follows:</p>
 <pre><code class="nim">
 <b>simplex:/</b>contact#/?v=2-7&smp=smp%3A%2F%2FBD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI%3D%40b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion%2FSMvbQfvtczzC7r6Sv3gEgy_s01_ZYPh_%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEA9kSAhfaJMzC8YWZzkpoCL8mnBmq2U8VE8_v5HYk0nyE%253D&data=%7B%22groupLinkId%22%3A%22zjrwnXSNIBJO9ZhoHcRRkQ%3D%3D%22%7D
 </pre></code>
            </div>
        </div>
      </div>
    </div>
@ -265,17 +602,16 @@ sudo apt install tor</pre></code>
              join it by pressing the input field at the bottom of the screen
              labeled <strong>Search or paste SimpleX link</strong>.</p>
            <p>Paste your invite link into the input field and press <strong>Enter</strong>.</p>
-            <img src="Simplex12.png" class="imgRz"
+
-              alt="Joining a SimpleX chatroom">
+<img src="32.png" class="imgRz">
            <p>You will be met with a window asking whether you'd like to
              connect using your current profile or using an Incognito profile.</p>
            <p>Select <strong>Use new incognito profile</strong>. </p>
            <img src="Simplex13.png" class="imgRz"
              alt="Selecting an incognito profile in SimpleX">
 			<p>This is because we don't want to reveal what our simplex username is, we just want to join the chatroom using a random username that is not tied to our identity.</p>
-            <img src="Simplex14.png" class="imgRz"
+
-              alt="Simplex group">
+<img src="33.png" class="imgRz">
 			<p>And there as you can see, everyone that joins in in incognito gets a random pseudonym with the format "Random Adjective Random Word" effectively helping the users maintain their anonymity while in the chat.</p>
 <img src="34.png" class="imgRz">
          </div>
        </div>
      </div>
--- a/opsec/qubesos/Screenshot
+++ b/opsec/qubesos/Screenshot
--- a/opsec/qubesos/Screenshot
+++ b/opsec/qubesos/Screenshot
--- a/opsec/qubesos/Screenshot
+++ b/opsec/qubesos/Screenshot
--- a/opsec/qubesos/Screenshot
+++ b/opsec/qubesos/Screenshot
--- a/opsec/qubesos/Screenshot
+++ b/opsec/qubesos/Screenshot
--- a/opsec/qubesos/Screenshot
+++ b/opsec/qubesos/Screenshot
--- a/opsec/qubesos/Screenshot
+++ b/opsec/qubesos/Screenshot
--- a/opsec/qubesos/Screenshot
+++ b/opsec/qubesos/Screenshot
--- a/opsec/qubesos/Screenshot
+++ b/opsec/qubesos/Screenshot
--- a/opsec/qubesos/Screenshot
+++ b/opsec/qubesos/Screenshot
--- a/opsec/qubesos/Screenshot
+++ b/opsec/qubesos/Screenshot
--- a/opsec/qubesos/Screenshot
+++ b/opsec/qubesos/Screenshot
--- a/opsec/qubesos/Screenshot
+++ b/opsec/qubesos/Screenshot
--- a/opsec/qubesos/Screenshot
+++ b/opsec/qubesos/Screenshot
--- a/opsec/qubesos/Screenshot
+++ b/opsec/qubesos/Screenshot
--- a/opsec/qubesos/Screenshot
+++ b/opsec/qubesos/Screenshot
--- a/opsec/qubesos/Screenshot
+++ b/opsec/qubesos/Screenshot
--- a/opsec/qubesos/Screenshot
+++ b/opsec/qubesos/Screenshot
--- a/opsec/qubesosnetwork/QubesManager.png
+++ b/opsec/qubesosnetwork/QubesManager.png
--- a/opsec/qubesosnetwork/banking.png
+++ b/opsec/qubesosnetwork/banking.png
--- a/opsec/qubesosnetwork/copy_destination.png
+++ b/opsec/qubesosnetwork/copy_destination.png
--- a/opsec/qubesosnetwork/copy_in_vm.png
+++ b/opsec/qubesosnetwork/copy_in_vm.png
--- a/opsec/qubesosnetwork/create.png
+++ b/opsec/qubesosnetwork/create.png
--- a/opsec/qubesosnetwork/destination_paste.png
+++ b/opsec/qubesosnetwork/destination_paste.png
--- a/opsec/qubesosnetwork/disp_whonix.png
+++ b/opsec/qubesosnetwork/disp_whonix.png
--- a/opsec/qubesosnetwork/dom0_exec.png
+++ b/opsec/qubesosnetwork/dom0_exec.png
--- a/opsec/qubesosnetwork/file_arrived.png
+++ b/opsec/qubesosnetwork/file_arrived.png
--- a/opsec/qubesosnetwork/file_await_transfer.png
+++ b/opsec/qubesosnetwork/file_await_transfer.png
--- a/opsec/qubesosnetwork/firewall-net.png
+++ b/opsec/qubesosnetwork/firewall-net.png
--- a/opsec/qubesosnetwork/firewall-service.png
+++ b/opsec/qubesosnetwork/firewall-service.png
--- a/opsec/qubesosnetwork/manager.png
+++ b/opsec/qubesosnetwork/manager.png
--- a/opsec/qubesosnetwork/master_pasteboard.png
+++ b/opsec/qubesosnetwork/master_pasteboard.png
--- a/opsec/qubesosnetwork/master_pasteboard_wiped.png
+++ b/opsec/qubesosnetwork/master_pasteboard_wiped.png
--- a/opsec/qubesosnetwork/template_install.png
+++ b/opsec/qubesosnetwork/template_install.png
--- a/opsec/qubesosnetwork/template_shutdown.png
+++ b/opsec/qubesosnetwork/template_shutdown.png
--- a/opsec/qubesosnetwork/terminal.png
+++ b/opsec/qubesosnetwork/terminal.png
--- a/opsec/qubesosnetwork/text_arrived.png
+++ b/opsec/qubesosnetwork/text_arrived.png
--- a/opsec/qubesosnetwork/torrent_transmission.png
+++ b/opsec/qubesosnetwork/torrent_transmission.png
--- a/opsec/qubesosnetwork/torrent_vm.png
+++ b/opsec/qubesosnetwork/torrent_vm.png
--- a/opsec/qubesosnetwork/transmission_on.png
+++ b/opsec/qubesosnetwork/transmission_on.png
--- a/opsec/qubesosnetwork/whonix-usage.png
+++ b/opsec/qubesosnetwork/whonix-usage.png
--- a/opsec/qubesosnetwork/whonix_dread.png
+++ b/opsec/qubesosnetwork/whonix_dread.png
--- a/pull.sh
+++ b/pull.sh