updated

2025-07-02 11:56:40 +00:00 · 2024-11-03 18:16:29 +01:00 · 2024-11-03 18:16:29 +01:00 · db4fd98c94
commit db4fd98c94
parent c72d6719ec
19 changed files with 327 additions and 21 deletions
--- a/opsec/0_anon/index.html
+++ b/opsec/0_anon/index.html
@ -62,7 +62,7 @@
 				<div class="col-lg-8 col-lg-offset-2">
  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist - 00 / 00 / 00</ba></p>
 <h1>SRVNAME Setup </h1>
-<img src="0.png" style="width:250px">
+<img src="0.png" class="imgRz">
 <p> </p>
 	       </div>
--- a/opsec/anonprotest/index.html
+++ b/opsec/anonprotest/index.html
@ -218,7 +218,7 @@
 					<h4 class="readable">As we have discussed the various methods that Law Enforcement agencies can track you down
 						precisely, and there isn't much you can do to stop it, leaving your personal mobile phone, smart
 						watch, or any other smart device at home is the best way to stay anonymous in a protest, leaving
-						no proof that you took part in it and <a href="../encryption/index.html">denying</a> that
+						no proof that you took part in it and <a href="../deniability/index.html">denying</a> that
 						you ever left your home.</h4>
 				</div>
--- a/opsec/deniability/1.png
+++ b/opsec/deniability/1.png
--- a/opsec/deniability/2.png
+++ b/opsec/deniability/2.png
--- a/opsec/deniability/3.png
+++ b/opsec/deniability/3.png
--- a/opsec/deniability/4.png
+++ b/opsec/deniability/4.png
--- a/opsec/deniability/5.png
+++ b/opsec/deniability/5.png
--- a/opsec/deniability/6.png
+++ b/opsec/deniability/6.png
--- a/opsec/deniability/7.png
+++ b/opsec/deniability/7.png
--- a/opsec/deniability/index.html
+++ b/opsec/deniability/index.html
@ -121,7 +121,7 @@ The door is closed, the conversation remains between Alice and Bob, their conver
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
-          <h2><b>Why is Plausible Deniability is Vital?</b></h2> </br> </br>
+          <h2><b>Why is Deniable Encryption Vital?</b></h2> </br> </br>
 <p>From a legal standpoint, the only way to be protected against that scenario where you're forced to decrypt your harddrive <b>is to be able to deny the existence of said encrypted volume (Plausible Deniability)</b> . If the encrypted volume does not exist, there is no password to be given for it.</p>
 <p>So here we need a technology that can provide us Plausible Deniability. <b>That is what Veracrypt can do for us</b>.</p>
 <img src="5.png" class="imgRz">
@ -134,6 +134,24 @@ The door is closed, the conversation remains between Alice and Bob, their conver
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /white -->
  <!-- +++++ Second Post +++++ -->
 	<div id="anon2">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
          <h2><b>Live mode - Protecting your Deniability</b></h2> </br> </br>
 <p>Now when there is an adversary busting down your door, running towards your computer to collect as much incriminating evidence as possible on you, you need to make sure that they are not finding anything incriminating on you. Thing is, if he were to seize your computer, there are many places he can check inside your computer for anything incriminating (system logs, kernel logs, non-standard log-files, the contents of the RAM, etc)</p>
 <p>In the context of you using <a href="../veracrypt/index.html">deniable encryption</a>, <b>the adversary must not able to prove the existance of said encrypted volume</b> that you are trying to keep hidden. This is where using an operating system in live mode comes in the picture:</p>
 <img src="7.png" class="imgRz">
 <p>To make it short, if you start your operating system in live mode, <b>you are not writing anything on the system disk</b>, but rather <b>you are loading the entire operating system in the RAM</b>. Everthing that you write on the system drive while in live mode gets erased upon rebooting. </p>
 <p>The idea behind using live mode is that <b>every forensic trace regarding the hidden encrypted volume</b> that would normally be written into the system logs, kernel logs, and various other system files <b>(that we would normally need to manually clean up after closing the hidden volume)</b> will all be written into RAM instead of being written onto Disk, and then <b>will all be completely erased upon rebooting the computer.</b> </p>
 <p>As you'll see in <a href="../livemode/index.html">this tutorial</a> </p>
 				</div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /white -->
 	<!-- +++++ Footer Section +++++ -->
--- a/opsec/haveno-client-f2f/index.html
+++ b/opsec/haveno-client-f2f/index.html
@ -190,8 +190,74 @@ May-29 20:55:27.427 [JavaFX Application Thread] INFO  h.d.c.c.c.PopOver: hide:20
 <img src="100.png" class="imgRz">
 <p>Then make sure you have the persistant storage enabled, with the dotfiles enabled:</p>
 <img src="101.png" class="imgRz">
-<p>Then, to install it at the current latest version (as of the 6th of october 2024, version 0.) you need to run the following command:</p>
+<p>Then, to install it at the current latest version (as of the 6th of october 2024, version 1.0.12) you need to run the following commands:</p>
 <pre><code class="nim">
 amnesia@amnesia:~$ curl -x socks5h://127.0.0.1:9050 -fsSLO https://github.com/haveno-dex/haveno/raw/master/scripts/install_tails/haveno-install.sh  && bash haveno-install.sh https://github.com/retoaccess1/haveno-reto/releases/download/v1.0.12/haveno-linux-deb.zip DAA24D878B8D36C90120A897CA02DAC12DAE2D0F
 amnesia@amnesia:~$ ./Persistent/haveno/App/utils/exec.sh 
 </pre></code>
 <!--<pre><code class="nim">
 amnesia@amnesia:~$ cd Persistent
 amnesia@amnesia:~/Persistent$ wget -e use_proxy=yes -e http_proxy=127.0.0.1:9050 https://github.com/retoaccess1/haveno-reto/releases/download/v1.0.12/haveno-linux-deb.zip
 amnesia@amnesia:~/Persistent$ unzip haveno-linux-deb.zip 
 Archive:  haveno-linux-deb.zip
  inflating: desktop-1.0.12-SNAPSHOT-all.jar.SHA-256  
  inflating: haveno-v1.0.12-linux-x86_64-installer.deb
 amnesia@amnesia:~/Persistent$ wget -e use_proxy=yes -e http_proxy=127.0.0.1:9050 https://raw.githubusercontent.com/BrandyJSon/haveno-install-tails/refs/heads/main/haveno-install.sh
 </pre></code>
 <p>Here we basically need to edit the script to make sure it uses the correct haveno .deb file that we unzipped above:</p>
 <pre><code class="nim">
 amnesia@amnesia:~/Persistent$ sed -i s'/haveno_1.0.7-1_amd64.deb/haveno-v1.0.12-linux-x86_64-installer.deb/gi' haveno-install.sh 
 amnesia@amnesia:~/Persistent$ 
 amnesia@amnesia:~/Persistent$ sudo ./haveno-install.sh 
 [sudo] password for amnesia:          
 Installing dpkg from persistent, (1.07-1, if this is out of date change the deb path in the script or manually install after running
 (Reading database ... 150142 files and directories currently installed.)
 Preparing to unpack .../haveno-v1.0.12-linux-x86_64-installer.deb ...
 Unpacking haveno (1.0.12-1) over (1.0.12-1) ...
 Setting up haveno (1.0.12-1) ...
 Allowing amnesia to read tor control port cookie, only run this script when you actually want to use haveno
 !!! not secure !!!
 Updating apparmor-profile
 Adding rule to iptables to allow for monero-wallet-rpc to work
 Updating torsocks to allow for inbound connection
 Restarting onion-grater service
 Everything is set up just run
 source ~/.bashrc
 Then you can start haveno using haveno-tails
 amnesia@amnesia:~/Persistent$ source ~/.bashrc
 amnesia@amnesia:~/Persistent$ haveno-tails 
 </pre></code>-->
 <!--<pre><code class="nim">
 # Install Haveno like any other `.deb` file
 amnesia@amnesia:~$  cd Persistent
 amnesia@amnesia:~/Persistent$ wget -e use_proxy=yes -e http_proxy=127.0.0.1:9050 https://github.com/retoaccess1/haveno-reto/releases/download/v1.0.12/haveno-linux-deb.zip
 amnesia@amnesia:~/Persistent$ unzip haveno-linux-deb.zip
 amnesia@amnesia:~/Persistent$ sudo apt update -y
 amnesia@amnesia:~/Persistent$ sudo dpkg -i ./haveno*.deb
 # Disable Tor Cookie Authentication
 amnesia@amnesia:~/Persistent$ echo "CookieAuthentication 0" | sudo tee -a /etc/tor/torrc
 # Reload Tor Service
 amnesia@amnesia:~/Persistent$ sudo systemctl reload tor
 # Run Haveno with Built-in Tor and saving the data on the persistent storage
 amnesia@amnesia:~/Persistent$ /opt/haveno/bin/Haveno --torControlPort=9051 --torStreamIsolation --socks5ProxyXmrAddress=127.0.0.1:9050 --useTorForXmr=ON --userDataDir=/home/amnesia/Persistent
 </pre></code>-->
 <!--<pre><code class="nim">
 amnesia@amnesia:~$ curl --socks5-hostname socks5://127.0.0.1:9050 -fsSLO https://github.com/haveno-dex/haveno/raw/master/scripts/install_tails/haveno-install.sh && bash haveno-install.sh "https://github.com/retoaccess1/haveno-reto/releases/latest/download/haveno_amd64_deb-latest.zip" "DAA2 4D87 8B8D 36C9 0120 A897 CA02 DAC1 2DAE 2D0F"
 Installing dependencies ...
@ -236,8 +302,8 @@ Haveno binaries have been successfully verified.
 Files moved to persistent directory /home/amnesia/Persistent/haveno/Install
 Haveno installation setup completed successfully.
-</pre></code>
+</pre></code>-->
-<img src="102.png" class="imgRz">
+<!--<img src="102.png" class="imgRz">-->
 <img src="103.png" class="imgRz">
 <img src="104.png" class="imgRz">
 <!--<p>Download the latest haveno package just like on debian, then put it in the persistant storage:</p>
--- a/opsec/hypervisorsetup/index.html
+++ b/opsec/hypervisorsetup/index.html
@ -216,7 +216,16 @@ nihilist@debian:~$ sudo chown nihilist:libvirt -R ISOs
 <img src="38.png" class="imgRz">
 <img src="39.png" class="imgRz">
 <p>Then Bob can use the windows VM for his public usage (such as KYC services, and closed-source software), and use the debian VM for his private usage (any personal matter, with only open source software)</p>
-<p>Next, Bob can setup a  <a href="../vpn/index.html">VPN</a> by default into his debian VM.</p>
+<p>From inside the Debian VM, you can run the following from a terminal to be able to copy and paste from inside the VM out, and from outside the VM in:</p>
 <pre><code class="nim">
 su -
 apt update -y
 apt install spice-vdagent -y
 reboot now
 </pre></code>
 <p>Do not do the same for the windows VM, otherwise you'd be allowing the Windows VM to spy on what your clipboard contains, from outside the VM. Make sure it is kept isolated as it is by default here.</p>
 <p>Next, Bob can setup a  <a href="../vpn/index.html">VPN</a> by default into his debian VM to prevent his ISP from spying on what he is doing.</p>
 				</div>
--- a/opsec/index.html
+++ b/opsec/index.html
@ -171,7 +171,6 @@
 				<li><a href="https://git.nowhere.moe/nihilist/blog-contributions/issues/42">❌ How to setup and navigate Qubes OS</a></li>
                <li><a href="torbrowsing/index.html">✅ Tor Web Browser setup</a></li>
                <li><a href="MobileTor/index.html">✅ How to use the Tor Browser on Mobile</a></li>
                <li><a href="tailsqemuvm/index.html">✅ Tails OS QEMU VM for Temporary Anonymity</a></li>
                <li><a href="whonixqemuvms/index.html">✅ VMs for Long-term Anonymity (Whonix QEMU VMs)</a></li>
                <li><a href="whentorisblocked/index.html">✅ How to Anonymously access websites that block Tor</a></li>
 				<li><a href="anonsimplex/index.html">✅ Easy Anonymous Chats - SimpleX</a></li>
@ -281,15 +280,16 @@
        <p>📝 Explaining Plausible Deniability</p>
        <ol>
-                <li><a href="encryption/index.html">✅ What is Plausible Deniability ? Why is it Important ?</a></li>
+                <li><a href="deniability/index.html">✅ What is Plausible Deniability ? Why is it Important ?</a></li>
                <li><a href="anonsensitive/index.html">✅ Why Anonymity isn’t enough for Sensitive use ? </a></li>
                <li><a href="sensitiveremotevshome/index.html">🟠 Sensitive Services: Self-Host or Host Remotely ?</a></li>
        </ol></br>
        <p>💻 Clientside - Getting Started </p>
        <ol>
-                <li><a href="veracrypt/index.html">✅ The main source of Plausible Deniability: Veracrypt Hidden Partitions</a></li>
+                <li><a href="veracrypt/index.html">✅ The main source of Plausible Deniability: Deniable Encryption</a></li>
-                <li><a href="sensitivevm/index.html">✅ Sensitive use VMs Setup (Whonix VMs in a Veracrypt Hidden Volume)⭐</a></li>
+                <li><a href="tailsqemuvm/index.html">✅ Tails OS QEMU VM for Temporary Sensitive Use</a></li>
                <li><a href="livemode/index.html">❌ Using the Host-OS in live-mode to prepare for long-term Sensitive Use</a></li>
                <li><a href="sensitivevm/index.html">🟠 Sensitive use VMs Setup (Whonix VMs in a Veracrypt Hidden Volume)⭐</a></li>
                <li><a href="plausiblydeniabledataprotection/index.html">🟠 Plausibly Deniable Critical Data Backups</a></li>
        </ol></br>
 <p>💻 Steganography - Hiding secrets in plain sight</p>
@ -322,11 +322,12 @@
                <li><a href="failover-wan/index.html">✅ Internet Failover (Dual WAN pfsense setup)</a></li>
                <li><a href="https://git.nowhere.moe/nihilist/blog-contributions/issues/66">❌ Isolating on-premise hidden services (VM-based restrictive networking)</a></li>
                <li><a href="https://git.nowhere.moe/nihilist/blog-contributions/issues/33">❌ Deniable Encryption Protection (emergency shutdown script, shortcut, + systemd service)</a></li>
-                <li><a href="physicalsecurity/index.html">✅ Automating Deniable Encryption Protection (USB Changes, detecting movements, and SSH bruteforce attempts)</a></li>
+                <li><a href="physicalsecurity/index.html">🟠 Automating Deniable Encryption Protection (USB Changes, detecting movements, and SSH bruteforce attempts)</a></li>
                <li><a href="endgame/index.html">✅ Endgame V3 (.onion service Anti DDOS / Load Balancer / WAF + Captcha) ⭐</a></li>
 </ol></br>
 <p>🧅 Serverside - Remote Plausible Deniability (⚠️ <a href="sensitiveremotevshome/index.html">Remote Hosting = Safer!</a>)</p>
 <ol>
                <li><a href="sensitiveremotevshome/index.html">🟠 Sensitive Services: Self-Host or Host Remotely ?</a></li>
                <li><a href="https://git.nowhere.moe/nihilist/blog-contributions/issues/36">❌ When the Adversary is the cloud provider himself</a></li>
                <li><a href="https://git.nowhere.moe/nihilist/blog-contributions/issues/37">❌ Protecting against cold boot attacks, with RAM encryption (no hardware access!)</a></li>
                <li><a href="https://git.nowhere.moe/nihilist/blog-contributions/issues/38">❌ System Intrusion / Integrity monitoring (kernel modules, binary files, unwanted processes, hardwre changes)</a></li>
--- a/opsec/livemode/index.html
+++ b/opsec/livemode/index.html
@ -0,0 +1,194 @@
 <!DOCTYPE html>
 <html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="">
    <meta name="author" content="">
    <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
    <title>Using the Host-OS in live-mode to prepare for long-term Sensitive Use</title>
    <!-- Bootstrap core CSS -->
    <link href="../../assets/css/bootstrap.css" rel="stylesheet">
 	<link href="../../assets/css/xt256.css" rel="stylesheet">
    <!-- Custom styles for this template -->
    <link href="../../assets/css/main.css" rel="stylesheet">
    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
    <!--[if lt IE 9]>
      <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
      <script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
    <![endif]-->
  </head>
  <body>
    <!-- Static navbar -->
    <div class="navbar navbar-inverse-anon navbar-static-top">
      <div class="container">
        <div class="navbar-header">
          <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
          </button>
          <a class="navbar-brand-anon" href="\index.html">The Nihilism Blog</a>
        </div>
        <div class="navbar-collapse collapse">
          <ul class="nav navbar-nav navbar-right">
            <li><a  href="/about.html">About</a></li>
            <li><a  href="/blog.html">Categories</a></li>
 <li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
            <li><a  href="/contact.html">Contact</a></li>
          </ul>
        </div><!--/.nav-collapse -->
      </div>
    </div>
 	<!-- +++++ Posts Lists +++++ -->
 	<!-- +++++ First Post +++++ -->
 	<div id="anon2">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-11-03</ba></p>
 <h1>Using the Host-OS in live-mode to prepare for long-term Sensitive Use </h1>
 <img src="../deniability/7.png" class="imgRz">
 <p> </p>
 	       </div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /grey -->
 	<!-- +++++ Second Post +++++ -->
 	<div id="anon3">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
          <h2><b>Initial Setup </b></h2>
 <p></p>
 <img src="" class="imgRz">
 <pre><code class="nim">
 </code></pre>
 <p></p>
 <img src="" class="imgRz">
 <pre><code class="nim">
 </code></pre>
 <p></p>
 <img src="" class="imgRz">
 <pre><code class="nim">
 </code></pre>
 				</div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /white -->
  <div id="anon2">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
          <h2><b>Setup</b></h2> </br> </br>
 <p></p>
 <img src="" class="imgRz">
 <pre><code class="nim">
 </code></pre>
 <p></p>
 <img src="" class="imgRz">
 <pre><code class="nim">
 </code></pre>
 <p></p>
 <img src="" class="imgRz">
 <pre><code class="nim">
 </code></pre>
 				</div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /white -->
  <!-- +++++ Second Post +++++ -->
 	<div id="anon1">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
          <h2><b>Setup</b></h2> </br> </br>
 <p></p>
 <pre><code class="nim">
 </code></pre>
 <p></p>
 <pre><code class="nim">
 </code></pre>
 <p></p>
 <pre><code class="nim">
 </code></pre>
 				</div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /white -->
 	<!-- +++++ Footer Section +++++ -->
 	<div id="anonb">
 		<div class="container">
 			<div class="row">
 				<div class="col-lg-4">
 					<h4>Nihilism</h4>
          <p>
 						Until there is Nothing left.</p></br></br><p>Creative Commons Zero: No Rights Reserved</br><img src="\CC0.png">
 					</p>
 				</div><!-- /col-lg-4 -->
 				<div class="col-lg-4">
 					<h4>My Links</h4>
 					<p>
 						<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FL5jrGV2L_Bb20Oj0aE4Gn-m5AHet9XdpYDotiqpcpGc%3D%40nowhere.moe%2FH4g7zPbitSLV5tDQ51Yz-R6RgOkMEeCc%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAkts5T5AMxHGrZCCg12aeKxWcpXaxbB_XqjrXmcFYlDQ%253D&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22c3Y-iDaoDCFm6RhptSDOaw%3D%3D%22%7D">SimpleX Chat</a><br/>
 					</p>
 				</div><!-- /col-lg-4 -->
 				<div class="col-lg-4">
 					<h4>About nihilist</h4>
 					<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@contact.nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
 				</div><!-- /col-lg-4 -->
 			</div>
 		</div>
 	</div>
    <!-- Bootstrap core JavaScript
    ================================================== -->
    <!-- Placed at the end of the document so the pages load faster -->
  </body>
 </html>
--- a/opsec/serversideencryption/index.html
+++ b/opsec/serversideencryption/index.html
@ -74,7 +74,7 @@
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
          <h2><b>Clientside Encryption: Who can be trusted ? </b></h2>
-<p>As we discussed <a href="../encryption/index.html">previously</a>, Encryption is about providing privacy, Bob and Alice use encryption, for their conversation to remain private from the adversary Jack.</p>
+<p>As we discussed <a href="../deniability/index.html">previously</a>, Encryption is about providing privacy, Bob and Alice use encryption, for their conversation to remain private from the adversary Jack.</p>
 <img src="1.png" class="imgRz">
 <p>One way to close the door on Jack, is to use PGP encryption:</p>
 <img src="2.png" class="imgRz">
--- a/opsec/tailsqemuvm/20.png
+++ b/opsec/tailsqemuvm/20.png
--- a/opsec/tailsqemuvm/index.html
+++ b/opsec/tailsqemuvm/index.html
@ -8,7 +8,7 @@
    <meta name="author" content="">
    <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
-    <title>Tails OS QEMU VM for Temporary Anonymity</title>
+    <title>Tails OS QEMU VM for Temporary Sensitive Use</title>
    <!-- Bootstrap core CSS -->
    <link href="../../assets/css/bootstrap.css" rel="stylesheet">
@ -60,11 +60,13 @@
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
-  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-06-14</ba></p>
+  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-10-03</ba></p>
-<h1>Tails OS QEMU VM for Temporary Anonymity </h1>
+<h1>Tails OS QEMU VM for Temporary Sensitive Use </h1>
 <img src="0.png" style="width:250px">
 <p>In this tutorial we're going to look at how you can run Tails OS (The Amnesic Incognito Linux System) in a QEMU VM, following the official documentation <a href="https://tails.net/doc/advanced_topics/virtualization/virt-manager/index.en.html">here</a>. </p>
 <p><b>Tails OS is suitable for Short Term Sensitive Use due to it's default live-mode feature</b>, where upon shutting down the OS, every forensic trace of what you were doing is completely erased from memory, where the entire OS is loaded into. There are no disk-writes at all by default. (Unless if you use the persistent storage, which is not suitable for sensitive use, due to not being deniable encryption like <a href="../veracrypt/index.html">Veracrypt</a> ).</p>
 <p><h2><u>OPSEC Recommendations:</u></h2></p>
 <ol>
    <li><p>Hardware : (Personal Computer / Laptop)</p></li>
@ -72,7 +74,7 @@
    <li><p>Hypervisor: <a href="../hypervisorsetup/index.html">libvirtd QEMU/KVM</a></p></li>
    <li><p>Application: <a href="../index.html">Host-based VPN</a> (if your ISP doesn't allow Tor traffic)  </p></li>
 </ol>
-<p>I recommend using this setup into one of the above mentionned VMs, for <a href="../anonymityexplained/index.html">Anonymous use</a>, as per the <a href="../opsec4levels/index.html">4 basic OPSEC levels</a>.</p>
+<p>I recommend using this setup for <a href="../anonymityexplained/index.html">Anonymous use</a> if you store anything into the persistent storage, <b>or for short-term <a href="../deniability/index.html">Sensitive use</a> if you are not storing anything sensitive in the persistent storage</b>, as per the <a href="../opsec4levels/index.html">4 basic OPSEC levels</a>.</p>
 <p><u>Sidenote:</u> If your ISP does not allow Tor traffic, make sure that you <a href="../vpnqemu/index.html">route the  QEMU VMs traffic through a VPN</a>, to hide the tor traffic from your ISP (You -> VPN -> Tor) Setup</p>
@ -177,6 +179,21 @@ Nsyh+-..+y+-   yMMMMd   :mMM+   DE: GNOME 43.9
 </code></pre>
 <p>And that's it! We managed to run tails OS from a QEMU VM and install some software into the persistent storage.</p>
 				</div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /white -->
  <div id="anon1">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
          <h2><b>Deniability Context</b></h2> </br> </br>
 <p>Now suppose you are living in a country where using Tails OS and Tor is not going to be a reason to immediately throw you in jail, the adversary is busting down your door, while you are browsing a sensitive website with it, and you want to make sure that there is no incriminating evidence to be found against you when the adversary seizes your computer.</p>
 <p><b>Reminder, this is only for temporary sensitive use, do not save anything sensitive in the persistent storage because otherwise the adversary can force you to unlock it to reveal the contents.</b></p>
 <img src="20.png" class="imgRz">
 <p>All you need is to shutdown the VM, and everything forensic trace of what you were doing in it gets immediately erased from memory, as if there was nothing there to begin with. <b>Effectively leaving the adversary empty-handed with no incriminating evidence to use against you in court.</b></p>
 <p>And that's it! You now have a dedicated VM for your temporary sensitive uses.</p>
 				</div>
 			</div><!-- /row -->
--- a/opsec/veracrypt/index.html
+++ b/opsec/veracrypt/index.html
@ -8,7 +8,7 @@
    <meta name="author" content="">
    <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
-    <title>Plausible Deniability Setup</title>
+    <title>The main source of Plausible Deniability: Deniable Encryption</title>
    <!-- Bootstrap core CSS -->
    <link href="../../assets/css/bootstrap.css" rel="stylesheet">
@ -61,7 +61,7 @@
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-01-31</ba></p>
-<h1>Plausible Deniability Setup </h1>
+<h1>The main source of Plausible Deniability: Deniable Encryption </h1>
 <img src="0.png" style="width:250px">
 <p>VeraCrypt is a free open source disk encryption software for Windows, Mac OSX and Linux. It is based on Truecrypt, This tool will be used for Plausible Deniability. </p>
 <p>But why is Plausible Deniability important first of all ? From a legal perspective, depending on jurisdictions, you may be forced to type your password into an encrypted drive if requested. All it takes is for an adversary to be able to prove the existence of an encrypted drive to be able to force you to reveal the password to unlock it. Hence for example the regular LUKS encryption is not enough, <b>because you need to be able to deny the existence of the encrypted volume</b>. If that is the case, we have to use Veracrypt, which is an encryption tool used to provide protection (which is Plausible Deniability) against that scenario where you're forced to provide a password.</p>
--- a/opsec/vpn/index.html
+++ b/opsec/vpn/index.html
@ -181,6 +181,7 @@ mullvad-vpn/unknown,now 2024.4 amd64 [installed]
 <p>So now currently, Bob has managed to setup a Debian VM (with only open source software) with a VPN in order to use it and gain privacy from his ISP.</p>
 <img src="10.png" class="imgRz">
 <p>Currently, Bob's setup is suitable for Public use (thanks to his windows VM), AND suitable for Private use too (thanks to his debian VM with the VPN setup).</p>
 <p>However you can also setup the <a href="../vpnqemu/index.html">VPN from the Host OS directly</a>, so that every VM in it goes through the VPN. </p>
 <p>Next, Bob can setup KeepassXC to implement proper <a href="../passwordmanagement/index.html">Password Management</a>.</p>
 				</div>