fix stuff

anonaccess/index.md

@@ -6,7 +6,7 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU
 ---
 # Remote anonymous access setup (SSH through tor) 
 
-
+![](../context/anon_remote.png)
 
 ## **Initial Setup**
 

anonclearnetservices/index.md

@@ -6,6 +6,8 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU
 ---
 # Where to host Anonymous Clearnet Services ? 
 
+![](../context/anon_remote.png)
+
 ![](0.png)
 
 In this tutorial we're going explain how you can have anonymous clearnet services, which can either remotely or self-hosted. 

anoncreditcard/index.md

@@ -23,7 +23,7 @@ With the growing economy and increasingly aggressive marketing, every company is
   4. Virtual Machine: [Whonix](../whonixqemuvms/index.md) or [Tails](../tailsqemuvm/index.md)
 
 
-
+![](../context/anon.png)
 
 Every steps listed below are to be done via the Tor browser, in order to preserve our anonymity.
 

anondomain/index.md

@@ -6,6 +6,8 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU
 ---
 # How to rent remote domains anonymously (Registrar resellers) 
 
+![](../context/anon_remote.png)
+
 Not many people know that it is possible to operate a clearnet website, anonymously. That can be done using a [non-KYC registrar reseller](https://kycnot.me/?t=service&q=domain), that allows you to purchase a domain using Monero. It is crucial to maintain Anonymity when you are purchasing the domain, and when you are using it, to do so you'll need to at least keep Tor in between you and the service, as we have explained [previously](../anonclearnetservices/index.md).
 
 ![](../anonclearnetservices/0.png)

anonemail/index.md

@@ -8,7 +8,7 @@ xmr: 8AHNGepbz9844kfCqR4aVTCSyJvEKZhtxdyz6Qn8yhP2gLj5u541BqwXR7VTwYwMqbGc8ZGNj3R
 
 ![](0.png)
 
-
+![](../context/anon.png)
 
 ## **Introduction**
 

anonprotest/index.md

@@ -106,6 +106,8 @@ To minimize the risk of being identified by police or surveillence devices like
 
 # **How to have a phone for anonymous use?**
 
+![](../context/anon_mobile.png)
+
 ###  WARNING: The safest and simplest way to stay anonymous is to keep your phone at home, as explained above, for deniability, where you can claim that you stayed at home during the protest. 
 
   

anonproxy/index.md

@@ -8,6 +8,8 @@ xmr: 87iB34vdFvNULrAjyfVAZ7jMXc8vbq9tLGMLjo6WC8N9Xo2JFaa8Vkp6dwXBt8rK12Xpz5z1rTa
 
 While Tor is a requirement to protect your anonymity online, some services refuse to be accessed anonymously, and are intentionally blocking connections coming from Tor exits nodes. These services are against your anonymity, but there are still ways to access them anonymously:
 
+![](../context/anon.png)
+
 ![](AccessDenied.jpg)
 
 A residential proxy will reroute your access through a residential ip address, which makes your connection look like it is coming from your ISP or your mobile carrier.

anonsimplex-server/index.md

@@ -8,7 +8,9 @@ tags:
 ---
 # Anonymous Simplex SMP & XFTP Servers setup
 
-### **If you do not have SImpleX installed please refer to this tutorial [post](../anonsimplex/index.md)**
+![](../context/anon_self.png)
+
+ **If you do not have SimpleX installed on the clientside please refer to this tutorial [post](../anonsimplex/index.md)**
 
 ## **Only using your own onion-only simplex server doesn't isolate you.**
 

anonsimplex/index.md

@@ -60,7 +60,7 @@ You'd be surprised to see that as of right now (November 2024) there is only Sim
   4. Applications: Orbot and SimpleX 
 
 
-
+![](../context/anon_mobile.png)
 
 ## _Desktop OPSEC Recommendations:_
 
@@ -74,8 +74,7 @@ You'd be surprised to see that as of right now (November 2024) there is only Sim
 
   5. Application: Tor (if not on Whonix or Tails), and SimpleX 
 
-
-
+![](../context/anon.png)
 
 We will be going through how to set up your own SimpleX server through Tor, and how to configure your Android client to route your traffic through it.
 

anonsms/index.md

@@ -8,7 +8,7 @@ xmr: 8AHNGepbz9844kfCqR4aVTCSyJvEKZhtxdyz6Qn8yhP2gLj5u541BqwXR7VTwYwMqbGc8ZGNj3R
 
 ![](sms0.png)
 
-
+![](../context/anon.png)
 
 ## **Introduction**
 

anonymous_server_monitoring/index.md

@@ -14,6 +14,8 @@ In this tutorial we're going to cover how you can monitor the resource consumpti
 
 ## **What is the targeted setup?**
 
+![](../context/anon_remote.png)
+
 In this setup, we have 3 servers. Server A is going to monitor Server B and C.
 
 ![](0.png)

anonymousremoteserver/index.md

@@ -10,7 +10,7 @@ tags:
 
 ![](../hiddenservice/1.png)
 
-
+![](../context/anon_remote.png)
 
 ## **Finding out a non-KYC Cloud Provider and Email Provider**
 

anonzulucrypt/index.md

@@ -6,6 +6,8 @@ xmr: 84TTjteLVhkYuHosBoc1MjWaB1AmnFSWPgeM7Lts4NdigCmE9ndHTjsXEaxJFTb7JGj55GNERXf
 ---
 # Hiding files in videos (small or large files) with zuluCrypt
 
+![](../context/sensitive.png)
+
 zuluCrypt is a feature rich Linux-based encryption application that can manage a wide range of volumes including: PLAIN dm-crypt, LUKS, TrueCrypt, VeraCrypt and Microsoft Bitlocker. One feature that sets zuluCrypt apart from other encryption tools is the ability to hide (small or large) files and folders within video files via the "Encrypted Container Hidden In Video/Cover File (Steganography)" option, leaving the video file fully functional and therefore acting as an ideal method of hiding important information in plain sight.
 
 ![](0.png)

cloud_provider_adversary/index.md

@@ -6,6 +6,8 @@ xmr: 86NCojqYmjwim4NGZzaoLS2ozbLkMaQTnd3VVa9MdW1jVpQbseigSfiCqYGrM1c5rmZ173mrp8R
 ---
 # **When the Adversary is the cloud provider himself**
 
+![](../context/sensitive_remote.png)
+
 Since the 2010's VPS have become cheaper and widely available. From your local mom and pop datacenter where you can rent a baremetal Pi equivalent to highly secured Amazon datacenters and on-demand cpu/bandwidth allocation you can now find a broad range of options for your operational and security needs.   
   
 If clandestinity is a requirement, there also are cryptocurrency-based options in jurisdictions without LEO cooperation treatises with your own.   

compilation/index.md

@@ -13,6 +13,8 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU
   2. OS : [Linux](../linux/index.md)
 
 
+![](../context/private.png)
+
 
 
 I recommend using this setup for [Private use](../privacy/index.md), as per the [4 basic OPSEC levels](../opsec4levels/index.md).

darknetlantern/index.md

@@ -63,6 +63,8 @@ This project also takes into account that malicious webring participants may sho
 
 ## **How to setup your own Darknet Lantern Instance ?**
 
+![](../context/anon_remote.png)
+
 Now that we got that out of the way, let's see how you can install your own Darknet Lantern Instance:
 
 First, git clone the repository in your directory of choice (i recommend using /srv/):

dns/index.md

@@ -12,7 +12,7 @@ In this tutorial we're going to take a look at how to setup DNS servers using bi
 
 _Disclaimer:_ If you want this service to remain anonymous, make sure you at least keep [TOR between you and the service](../sensitiveremotevshome/index.md) from the [VPS acquisition](../anonymousremoteserver/index.md) to actual service usage. 
 
-
+![](../context/anon_remote.png)
 
 ## **Initial Setup**
 

endgame/index.md

@@ -21,7 +21,7 @@ In this tutorial we're going to setup the EndGameV3 Anti DDOS / Load Balancer /
 
 Now we'll first cover how to have a single Endgame V3 front, to redirect to 2 onion backends, but keep in mind that there is very high latency involved here. The ideal setup as we'll see later, is to have local redirection behind the Endgame front. And we'll also make use of the onionbalance technology to setup multiple Endgame fronts for the same Master Onion!
 
-
+![](../context/sensitive_remote.png)
 
 ## **Prerequisites**
 

failovers/index.md

@@ -8,6 +8,9 @@ tags:
 ---
 # Electrical Failover (basic UPS setup) 
 
+
+![](../context/sensitive_self.png)
+
 **Threat Model:**
 
 What if an adversary tells your electricity provider to temporarily power off your electricity to check if it manages to shut down a particular hidden service ? How do you ensure that your hidden service running at home remains accessible even without the main electrical input ?

file-verification/index.md

@@ -5,6 +5,9 @@ gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.
 xmr: 89g3MMq1mo9C5C4vDisyAoCU5GuukXJ2FedUwyLXJWpmTsKHdi1rCPZaeT1d9V4NViTTXyaL9qtKzSbVdKGdEghhCH5oRiT
 ---
 # File Verification
+
+![](../context/private.png)
+
 Today we download files like it is nothing, multiple times a day, but we never wait and ask what have we just downloaded, how can i trust the file?, how will i know if its not a virus?
 
 Small note: i will not provide any type of files during this post.

forgejo-anon/index.md

@@ -47,6 +47,8 @@ Now let's suppose you setup your potentially sensitive repositories on a clearne
 
 ## _OPSEC RECOMMENDATIONS:_
 
+![](../context/anon_remote.png)
+
 This is why the Forgejo instance needs to be setup behind Tor, as a [.onion hidden service](../torwebsite/index.md). Now you have a few options as to where to host the the Forgejo service. It can be on a [remote VPS that you acquired anonymously](../anonymousremoteserver/index.md) (where the cost will be the renting of that VPS, such as 5 euros per month):
 
 ![](../hiddenservice/1.png)

haveno-arbitrator/index.md

@@ -24,7 +24,7 @@ Check out [this tutorial](../haveno-client-f2f/index.md) if you want to know how
 
   5. Application: [Haveno DEX Setup](../hypervisorsetup/index.md)
 
-
+![](../context/anon.png)
 
 
 I recommend using this setup into one of the above mentionned VMs, either for [Private use](../privacy/index.md), or [Anonymous use](../anonymityexplained/index.md), as per the [4 basic OPSEC levels](../opsec4levels/index.md). (Note that Deanonymization will happen during the Fiat transaction, but it is minimized as you're revealing your identity to an other peer, rather than to a centralised exchange)

haveno-cashbymail/index.md

@@ -24,7 +24,7 @@ In this tutorial we're going to cover how to buy Monero, for cash by mail on the
 
   5. Application: [Haveno DEX Setup](../hypervisorsetup/index.md)
 
-
+![](../context/anon.png)
 
 
 I recommend using this setup into one of the above mentionned VMs, either for [Private use](../privacy/index.md), or [Anonymous use](../anonymityexplained/index.md), as per the [4 basic OPSEC levels](../opsec4levels/index.md). (Note that Deanonymization will happen during the Fiat transaction, but it is minimized as you're revealing your identity to an other peer, rather than to a centralised exchange)

haveno-client-f2f/index.md

@@ -47,7 +47,7 @@ You can check out my quick coverage of Haveno DEX on Monero Topia [here](https:/
   4. Virtual Machine: [Linux](../hypervisorsetup/index.md) or [Whonix](../whonixqemuvms/index.md) or [Tails](../tailsqemuvm/index.md)
 
 
-
+![](../context/anon.png)
 
 I recommend using this setup into one of the above mentionned VMs, either for [Private use](../privacy/index.md), or [Anonymous use](../anonymityexplained/index.md), as per the [4 basic OPSEC levels](../opsec4levels/index.md). (Note that Deanonymization will happen during the Fiat transaction, but it is minimized as you're revealing your identity to an other peer, rather than to a centralised exchange)
 

haveno-crypto/index.md

@@ -6,6 +6,8 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU
 ---
 # Convert Monero into other Cryptocurrencies Anonymously (XMR -> LTC) 
 
+![](../context/anon.png)
+
 ![](0.png)
 
 In this tutorial we're going to cover how you can anonymously obtain another cryptocurrency (in this case litecoin), using XMR and Haveno. 

haveno-seednode/index.md

@@ -8,6 +8,8 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU
 
 ![](../haveno-client-f2f/0.png)
 
+
+
 In this tutorial we're going to take a look at how you can contribute to an existing Haveno Network, by running a Seed Node, in order to make the Haveno Network of your choice more resillient to potential takedowns. 
 
 _Disclaimer:_ I am not running any seednodes for any Haveno Network, this is only to showcase how it works for whoever wants to run a seednode. **Obviously you don't want to get the TornadoCash treatment by publicly announcing that you are helping with the infrastructure for an exchange with your public identity since this is potentially sensitive use.** Therefore make sure you remain Anonymous (meaning you use a disposable identity) when saying that you are running a haveno seed node (see how to properly segment your internet uses [here](../internetsegmentation/index.md)). See the explanation on where to host sensitive hidden services [here](../sensitiveremotevshome/index.md).
@@ -26,7 +28,10 @@ It is possible for anyone out there to create a Haveno Seed Node, for any Haveno
 
 ## **What is required ?**
 
+
+
 In short, as detailed in the official documentation [here](https://github.com/haveno-dex/haveno/blob/master/docs/deployment-guide.md#seed-nodes-with-proof-of-work-pow), the requirement is that you have a device or a server (such as a VPS), running 24/7, with a local monero node. (hence requiring storage).
+![](../context/sensitive_remote.png)
 
 Before starting, make sure you have a device that is already running a monero node. To do that, follow [this tutorial](../monero2024/index.md) i wrote.
     

haveno-sepa/index.md

@@ -40,7 +40,7 @@ In short, keep in mind that this may not be a reliable way to purchase monero in
 
   5. Application: [Haveno DEX Setup](../hypervisorsetup/index.md)
 
-
+![](../context/anon.png)
 
 
 I recommend using this setup into one of the above mentionned VMs, either for [Private use](../privacy/index.md), or [Anonymous use](../anonymityexplained/index.md), as per the [4 basic OPSEC levels](../opsec4levels/index.md). (Note that Deanonymization will happen during the Fiat transaction, but it is minimized as you're revealing your identity to an other peer, rather than to a centralised exchange)

hiddenservice/index.md

@@ -12,6 +12,8 @@ In this tutorial we're going to look at where exactly you can host Hidden Servic
 
 ## **Hosting a Hidden Service Remotely**
 
+![](../context/anon_remote.png)
+
 One way to host a Hidden Service is remotely. You anonymously rent a VPS to a non-KYC cloud provider (using Tor and Monero), and use it anonymously (using SSH through Tor), to host a Tor Hidden Service. 
 
 ![](1.png)
@@ -28,6 +30,8 @@ _TLDR:_ it's safer in case if anything goes wrong, but you don't have physical c
 
 ## **Self-Hosting a Hidden Service**
 
+![](../context/anon_self.png)
+
 Another way to host a Hidden Service is locally, you Self-host it. You are running a server at home (which could be your previous PC), to run the hidden service. And if the ISP doesn't allow Tor traffic, you use a VPN to hide the Tor traffic.
 
 ![](2.png)

hypervisorsetup/index.md

@@ -13,7 +13,7 @@ tags:
 In this tutorial we're going to cover how to setup the open source hypervisor QEMU/KVM in [Linux](../linux/index.md) host OS, using the libvirt technology.
 
 ## _OPSEC Recommendations:_
-
+![](../context/private.png)
   1. Hardware : PC / Laptop / Homeserver / Remote Server
 
   2. Host OS : [Linux](../linux/index.md)

livemode/index.md

@@ -6,7 +6,7 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU
 tags:
   - Core Tutorial
 ---
-# Using the Host-OS in live-mode to enable Sensitive Use (April 2025 Update) 
+# Using the Host-OS in live-mode to enable Sensitive Use 
 
 ![](0.png)
 

mailprivate/index.md

@@ -14,7 +14,7 @@ Note that this setup involves self-hosting, [which I do not recommend if the ser
 
 ![](0.png)
 
-
+![](../context/anon_self.png)
 
 ## **Initial VPN over Tor Setup**
 

monero2024/index.md

@@ -8,9 +8,13 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU
 
 ![](0.png)
 
+
+
 In this tutorial we're going to take a look at how to setup a monero node 
 
+![](../context/anon_self.png)
 
+Context: i recommend you to self-host your own monero node, on your home server, because of the disk size the monero blockchain takes, due to that alone it won't be cheap at all to get a VPS to have that much diskspace in the long run.
 
 ## **Initial Setup**
 

monerofirst/index.md

@@ -8,7 +8,7 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU
 
 ![](5.png)
 
-
+![](../context/anon.png)
 
 ## **Why is this important ?**
 

moneroinheritance/index.md

@@ -10,7 +10,7 @@ tags:
 
 ![](0.png)
 
-
+![](../context/anon_remote.png)
 
 ## **Introduction**
 

monerowallet/index.md

@@ -23,6 +23,8 @@ else.
 
   4. Virtual Machine: [Linux](../hypervisorsetup/index.md) or [Whonix](../whonixqemuvms/index.md) or [Tails](../tailsqemuvm/index.md)
   
+![](../context/anon.png)
+
 I recommend using this setup into one of the above mentioned VMs, either for
 [Private use](../privacy/index.md), or [Anonymous use](../anonymityexplained/index.md), as per the [4 basic OPSEC levels](../opsec4levels/index.md).
 

monerowealth/index.md

@@ -8,14 +8,12 @@ tags:
 ---
 # Where to hide your Monero Wealth ? 
 
+![](../context/sensitive.png)
+
 Have you ever asked yourself **what you would do if you were to recieve 9000 moneros (which is worth approx 1.6M euros currently) to your wallet right now ?** Do you know where could you even store it safely in the long run? We're going to explore exactly that in this tutorial.
     
     
-    _Legal Disclaimer:_ as usual, i don't actually recommend you do anything illegal, this is strictly educational as detailed [here](../legal.html).
-    
-    
-
-
+    Legal Disclaimer: as usual, i don't actually recommend you do anything illegal, this is strictly educational.
     
 ## **Why is this important ?**
 

mysqlmastermaster/index.md

@@ -16,6 +16,8 @@ tags:
 
 ## **Introduction**
 
+![](../context/sensitive_remote.png)
+
 Your dark net [vegetable shop](../tornginxphpmysql/index.md) turned out to be a **wild success**!  
 With the influx of new users placing orders, you might want to consider high availability and replication across different locations. MySQL has a built-in mechanism for automatic replication between database instances, requiring only a TCP connection and an account with replication permissions.
 

nextcloud/index.md

@@ -16,7 +16,7 @@ Nextcloud is an indispensable tool for productivity, as you're going to see:
 
 What we are trying to achieve here, is **a setup where we can have a single folder synchronized on multiple devices,** so that any change done from any of those devices, to that same folder, gets to be automatically shared and synchronized accross all of the other devices aswell. And of course, we're going to achieve that while maintaining our anonymity, by routing all traffic through Tor. 
 
-
+**Sidenote:** We are self-hosting a nextcloud instance for privacy purposes, because we don't want an adversary to be able to see what our files contain, from VPSes for example.
 
 ## **Serverside Setup**
 

onionbalancelb/index.md

@@ -14,6 +14,8 @@ tags:
 
 ## **Introduction**
 
+![](../context/sensitive_remote.png)
+
 In our [last tutorial](../mysqlmastermaster/index.md), after setting up database replication between two instances of our vegetable shop, you might be wondering if there's a way for clients to access the service via a single frontend. Practically, this means users will go to your main onion v3 URL and may be presented with different backend instances in a transparent manner. 
 
 When one backend instance becomes unavailable, users will still be able to access the service on other backends. After the unavailable backend comes back online, changes made during its offline period will be automatically replicated to the database. It will also resume participating in load balancing. 

onionshare/index.md

@@ -6,6 +6,8 @@ xmr: 84TTjteLVhkYuHosBoc1MjWaB1AmnFSWPgeM7Lts4NdigCmE9ndHTjsXEaxJFTb7JGj55GNERXf
 ---
 # How to share files anonymously using OnionShare
 
+![](../context/anon.png)
+
 OnionShare is a free and open-source cross-platform tool that utilises the TOR network to anonymously share files (send and receive), host an onion website and create a simple chat room. Installation and setup is extremely simple and users only need the TOR browser for access, making OnionShare a quick and easy way to utilise the TOR network for various stasks. Additionally, OnionShare can also be a great way of bypassing network restrictions in cases where other file-sharing methods are not permitted and includes it's own full-featured TOR client with support for TOR bridges for situations where censorship circumvention is required..
 
 ![](0.png)

openwebuilocalllms/index.md

@@ -10,7 +10,7 @@ tags:
 
 ![](0.png) ![](1.png)
 
-
+![](../context/anon_self.png)
 
 ## **Current state of LLMs**
 

p2ptorrents/index.md

@@ -9,6 +9,8 @@ xmr: 8AHNGepbz9844kfCqR4aVTCSyJvEKZhtxdyz6Qn8yhP2gLj5u541BqwXR7VTwYwMqbGc8ZGNj3R
 ![](0.png)
 
 
+![](../context/private.png)
+
 
 ## **Introduction**
 

passwordmanagement/index.md

@@ -9,6 +9,8 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU
 ![](1.png)
 
 
+![](../context/private.png)
+
 
 ## **What is password management, and Why use Keepass?**
 

pgp/index.md

@@ -11,6 +11,8 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU
 In this tutorial we're going to look at how to setup PGP keys, and use them to encrypt messages 
 
 
+![](../context/private_remote.png)
+
 
 ## **Initial Setup**
 

pgpcanary/index.md

@@ -13,7 +13,7 @@ xmr: 8AHNGepbz9844kfCqR4aVTCSyJvEKZhtxdyz6Qn8yhP2gLj5u541BqwXR7VTwYwMqbGc8ZGNj3R
 ## **Introduction**
 
   
-  
+  ![](../context/anon_remote.png)
 
 
 When dealing with strangers on the internet you may not always want to reveal your real identity. Practising good OPSEC and maintaining your online anonymity can therefore be paramount in certain situations. But in an arena where anyone can be anonymous, how can you be sure people are truly who they claim to be and that you're talking to the same person across different situations? That is where Pretty Good Privacy (PGP), an encryption program that provides cryptographic privacy and authentication comes in to verify one's identity without actually revealing it. In this tutorial, we will build upon the PGP concepts [previously covered](../pgp/index.md), and expand these concepts to verifying not just messages, but entire personas and even control over infrastructure in hostile environments. 

physicalsecurity/index.md

@@ -27,7 +27,7 @@ For this tutorial we have the following threat model:
   8. What if an adversary forces you to type in your password to your encrypted data ?
 
 
-
+![](../context/sensitive_self.png)
 
 Let's take all those threat vectors into account, and setup our homeserver with the following physical security setup:
 

plausiblydeniabledataprotection/index.md

@@ -8,6 +8,8 @@ tags:
 ---
 # Sensitive Critical Data Backup Procedure 
 
+![](../context/sensitive.png)
+
 ![](31.png)
 
 In this tutorial we're going to cover how to backup the critical data that you would normally store inside of your [Sensitive use VM](../sensitivevm/index.md), in order to make sure that your critical data (meaning your keepass .kdbx file, your SSH keys, your PGP keys, your Monero seed files) can still be accessed and reused, even if the adversary were to seize and destroy your devices in multiple takedowns. 

privatesimplex-server/index.md

@@ -4,7 +4,9 @@ date: 2025-05-22
 gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/322"
 xmr: 8AHNGepbz9844kfCqR4aVTCSyJvEKZhtxdyz6Qn8yhP2gLj5u541BqwXR7VTwYwMqbGc8ZGNj3RWMNQuboxnb1X4HobhSv3
 ---
-## **Remote Hosting SimpleX Servers**
+# **Remote Hosting SimpleX Servers**
+
+![](../context/private_remote.png)
 
 Before diving into server hosting i will suggest going over the simplex client tutorial [post](../privatesimplex/index.md):
 

privatesimplex/index.md

@@ -8,6 +8,7 @@ xmr: 8AHNGepbz9844kfCqR4aVTCSyJvEKZhtxdyz6Qn8yhP2gLj5u541BqwXR7VTwYwMqbGc8ZGNj3R
 
 ![](0.png)
 
+
 ## **Introduction**
 
 Online communication is one of the most ubiquitous activities on all of the internet. From newsletters, corporate emails and even down to instant messaging with friends, its spread cannot be denied. With such wide reach, it would seem very important to protect these communication channels, yet this is almost an after-thought for most mainstream messengers. Platforms with millions of users market their services with the latest buzz words yet close-source their protocols leaving users with a "trust me bro". With so many options to choose from how can we best decide which app to use? In this article we'll compare a few options (Telegram, Signal and SimpleX) to see how their technical details stack up and determine which is best for easy private chats. 
@@ -45,6 +46,8 @@ From the above comparison, we can see that only SimpleX meets all of the criteri
 
 ## **SimpleX Desktop**
 
+![](../context/private.png)
+
 To download Simplex Desktop, you can go on [https://simplex.chat/](https://simplex.chat)
 
 ![](6.png)
@@ -162,8 +165,8 @@ And from there you'll also end up with a functional simplex binary to use, in ca
 
 ![](8.png)
 
-## **Using SimpleX**
-
+## **SimpleX on Mobile**
+![](../context/private_mobile.png)
 To also showcase how to use SimpleX from mobile, we'll be installing it from [F-Droid](https://f-droid.org/packages/chat.simplex.app/). Search for the app and then click Install. Navigate through the setup process, choose a username and click Create your profile. 
 
 ![](2.png)

sensitiveremotevshome/index.md

@@ -25,6 +25,8 @@ Out of those requirements, we have 2 possibilities as to where you can run a sen
 
 ## **Self Hosting : Full Physical Control but Risky!**
 
+![](../context/sensitive_self.png)
+
 ![](1.png) **Pros:**
 
 Everyone has an internet connection, and if you live in a country that does not actively sensor the tor network, it can be interesting to host your own physical server which runs your hidden .onion service
@@ -43,6 +45,8 @@ If the adversary has the ability to crack open the security of the technology us
 
 ## **Remote Hosting: No Physical Control but Safer!**
 
+![](../context/sensitive_remote.png)
+
 ![](2.png) **Cons:**
 
 Since the Idea here is to run the sensitive service (and most of the time, it's not allowed by the cloud provider), **If there is no redundancy / high availability, The longevity of the service would depend on how long the service remains unnoticed by the cloud provider.**

sensitivevm/index.md

@@ -6,7 +6,7 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU
 tags:
   - Core Tutorial
 ---
-# Sensitive VMs Setup (Whonix VMs in a Veracrypt Hidden Volume) (April 2025 Update) 
+# Sensitive VMs Setup (Whonix VMs in a Veracrypt Hidden Volume) 
 
 ![](0.png)
 

steghide/index.md

@@ -4,7 +4,9 @@ date: 2024-08-30
 gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/46"
 xmr: 46BYryUrGcrcRbXFFgTZMYKg8UVY1FpwVfNfHc4GxCXMFwvVtg2YDuf8x8pF36yh4XFWpC3V2WrDgZh7w46MYZEQ3zJQhhR
 ---
-# **Basic Use**
+# **Using Steghide to hide data in images**
+
+![](../context/sensitive.png)
 
 steghide is ubiquitously mirrored in various repositories and package managers. You can also find a clone of the sourceforge repository [on GitHub](https://github.com/StegHigh/steghide). If you use APT, simply install it with
     

stylometry/index.md

@@ -22,7 +22,7 @@ In this tutorial we're going to take a look at how you can run a LLM Locally to
 
   4. Virtual Machine: [Linux](../hypervisorsetup/index.md) or [Whonix](../whonixqemuvms/index.md) or [Tails](../tailsqemuvm/index.md)
 
-
+![](../context/anon.png)
 
 
 

syncthinganon/index.md

@@ -22,7 +22,7 @@ Syncthing has its own relays for supporting transmission of files between peers
 
   4. Virtual Machine: [Whonix](../whonixqemuvms/index.md)
 
-
+![](../context/anon.png)
 
 
 It is highly recommended to use whonix for this setup, because there are always cases that an app might not honor your proxy setting and somehow tries to connect to the syncthing relay directly without going through Tor. It is always a good idea to put any anonymous use app in a whonix workstation, so your clearnet ip doesn't get revealed. 

syncthingvpn/index.md

@@ -9,6 +9,8 @@ xmr: 8AHNGepbz9844kfCqR4aVTCSyJvEKZhtxdyz6Qn8yhP2gLj5u541BqwXR7VTwYwMqbGc8ZGNj3R
 ![](0.png)
 
 
+![](../context/private.png)
+
 
 ## **Introduction**
 

tor/bridge/index.md

@@ -8,6 +8,8 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU
 
 ![](../logo.png)
 
+![](../../context/anon_remote.png)
+
 Before we start, you will need a Debian VPS (you can get one on digitalocean for example), if you prefer to use your own self hosted server, make sure that port 80 and 443 are correctly port forwarded so that the public ip points to the server and not the router. Once that's done, go and ssh into your Debian server. 
 
 ## **Initial Setup**

tor/exit_node/index.md

@@ -8,6 +8,8 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU
 
 ![](../logo.png)
 
+![](../../context/anon_remote.png)
+
 Before we start, make sure you either rent a VPS anonymously (tor+XMR + ssh via tor) click [here](https://kycnot.me/search?q=hosting&type=service) for the list of anonymity-friendly hosting providers or rent a VPS on a cloud provider that [explicitly](https://community.torproject.org/relay/community-resources/good-bad-isps/) allows for tor exit nodes to be hosted on their platform.
 
 ![](2.jpg)

tor/relay/index.md

@@ -8,6 +8,8 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU
 
 ![](../logo.png)
 
+![](../../context/anon_remote.png)
+
 Before we start, you will need a Debian VPS (you can get one on digitalocean for example), if you prefer to use your own self hosted server, make sure that port 80 and 443 are correctly port forwarded so that the public ip points to the server and not the router. Once that's done, go and ssh into your debian 10 server. 
 
 You will also need to make sure that the VPS provider allows the hosting of a tor node! check torproject's good/bad isps page [here](https://community.torproject.org/relay/community-resources/good-bad-isps/). 

torbrowsing/index.md

@@ -4,7 +4,7 @@ date: 2024-01-31
 gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/90"
 xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
 ---
-# Tor Browsing Setup 
+# Using the Tor browser to browse the web Anonymously
 
 ![](0.jpeg)
 
@@ -18,19 +18,165 @@ In this tutorial we're going to cover how to browse the web anonymously, and som
 
   3. Hypervisor: [libvirtd QEMU/KVM](../hypervisorsetup/index.md)
 
-  4. Virtual Machine: [Linux](../hypervisorsetup/index.md) or [Whonix](../whonixqemuvms/index.md) or [Tails](../tailsqemuvm/index.md)
+  4. Virtual Machine: [Whonix](../whonixqemuvms/index.md) 
 
   5. Application: [VPN](../vpn/index.md) (if your ISP doesn't allow Tor traffic) 
 
 
-
+![](../context/anon.png)
 
 I recommend using this setup into one of the above mentioned VMs, for [Anonymous use](../anonymityexplained/index.md), as per the [4 basic OPSEC levels](../opsec4levels/index.md).
 
 
+Next, we'll do some slight configuration changes, starting with the automatic connection:
 
-## **Setting up the Tor Browser on your Desktop**
+![](1.png)
 
+Then we make sure that all javascript is disabled, using the shield option on the top right corner, make sure it's set to the "Safest" setting:
+
+![](2.png)
+
+Then a personal preference, let's switch on the dark theme:
+
+![](3.png) ![](4.png)
+
+And from there you can start browsing. You can browse the clearnet first to see how the tor connection works:
+
+![](5.png)
+
+As you can see here, when browsing to the clearnet, your traffic is being encapsulated threefold, meaning that you are entrusting your connection to 3 tor node owners around the globe. And on top of that, they are in 3 different countries.
+
+![](6.png)
+
+Next, when you browse to a website that can be accessed via a .onion link, you might get the above message that shows up. I prefer to not prioritize onions to avoid unnecessary page refreshes. Instead i click on the .onion available button if it appears.
+
+![](7.png)
+
+Now when you're connected to the .onion hidden service, you can see that your connection goes through more tor nodes, this is the best way to access websites online, you're not leaking any info they don't need to know that way. Plus, since we are on the "safest" setting, we are not loading any javascript that may be used to fingerprint our activity online. 
+
+## **How to get the Tor Browser when you are in a Heavily-censored country**
+
+There are situations when you cannot simply download tor browser from their official site because of censorship. There are alternative methods for you to get the tor browser
+
+Tor browser official offers an email address called gettor@torproject.org, which you can send email to them, and they will offer you a download link
+
+First prepare an email, for me I am using protonmail, you can also use outlook or apple email if protonmail is blocked. Any service provider allows you to email tor project will work.
+
+![](snow-flake-tutorial-migrate/1.png)
+
+Next simply send an empty email to tor project
+
+![](snow-flake-tutorial-migrate/2.png)
+
+Soon you will receive a reply from tor project, simply reply them with your OS name(select one from the list)
+
+![](snow-flake-tutorial-migrate/3.png)
+
+For me during this demo is linux64
+
+![](snow-flake-tutorial-migrate/4.png)
+
+After the reply they will send you a download link, very ironically the download link is a google drive link, many countries that block tor also block google, they actually are supposed to send the brower bundle in attachment
+
+![](snow-flake-tutorial-migrate/5.png)
+
+If you find out google drive does not work for you, try to check wheter if github is accessible. Tor browser also provides download on github officially, check the releases on [Tor browser github repository](https://github.com/TheTorProject/gettorbrowser)
+
+![](snow-flake-tutorial-migrate/6.png)
+
+## **Setting up the Tor Browser on your Mobile**
+
+## _OPSEC Recommendations:_
+
+  * Hardware: Google Pixel
+
+  * Host OS: [Graphene OS](../graphene/index.md)
+
+  * Configuration: Can be set in the Private or Anonymous Profile
+
+
+![](../context/anon_mobile.png)
+
+
+## **Installing the Tor browser on mobile**
+
+You can download Tor Browser for Android from F-Droid (as we want to maintain the open source requirement), using the Guardian Repository, or the apk directly from the official Tor website. Please do not download it from any other source. There have been malicious versions passed around on social media in the past.
+
+![](MobileTor/11.png) ![](MobileTor/12.png) ![](MobileTor/13.png) ![](MobileTor/14.png) ![](MobileTor/15.png) ![](MobileTor/16.png) ![](MobileTor/17.png) ![](MobileTor/18.png) ![](MobileTor/19.png) ![](MobileTor/20.png) ![](MobileTor/21.png)
+
+Note: To download from F-Droid you will have to enable Guardian Project Repositories under settings → My Apps → Guardian Project (guardianproject.info/fdroid/repo)
+
+When you open the Tor app for the first time you will be greeted with this screen:
+
+  
+![](MobileTor/1.png)   
+
+
+We'll do some slight configuration changes, starting with the automatic connection and then open settings: _toggle auto → settings_   
+![](MobileTor/2.png)   
+
+
+In settings, scroll down to Privacy and security. Open Security Level:
+
+  
+![](MobileTor/3.png)   
+
+
+Choose Safest for maximum security
+
+![](MobileTor/4.png)   
+
+
+Additionally in settings you can choose the Default search engine and to use (.onion) sites if you prefer.
+
+![](MobileTor/5.png)   
+
+
+And you are done, you should now be at the start page:
+
+  
+![](MobileTor/6.png)   
+
+
+If your connection is being censored or you are unable to connect to the Tor network then you may have to configure a bridge. Choose “Config Bridge” on the opening screen or under settings:
+
+  
+![](MobileTor/7.png)   
+
+
+Toggle “Use a Bridge” to open up three options: "obfs4", "meek-azure", and "snowflake".
+
+  1. Obfs4 is a pluggable transport that makes Tor traffic look random and also prevents censors from finding bridges by Internet scanning. 
+
+  2. Meek-Azure is a pluggable transport that makes it look like you are browsing a Microsoft web site instead of using Tor.
+
+  3. Snowflake involves a large number of volunteer proxies, which also makes them hard to pin point and prevents the blocking of proxy IP addresses.
+
+
+
+
+Additionally you can provide a trusted bridge to use if you know one.
+
+  
+
+
+## _Closing:_
+
+  1. Orfox is a sunsetted privacy focused web browser based on Tor. It is no longer maintained and is not recommended.
+
+  2. Orbot is a proxy app that allows other apps on your device to encrypt your internet traffic through Tor. After installing Orbot go to Choose apps under settings in order to route the apps of your choice through Tor.
+
+  3. Currently there is no official Tor browser available for iOS on iPhone. Using Orbot with the open source Onion Browser is better than nothing but does not have the same privacy protections as Tor Browser. Use at your own risk.
+
+
+
+
+
+
+By default, the Tor browser is installed on Whonix Workstation, you can use it there directly. If you want to install the Tor browser from elsewhere, follow those instructions:
+
+## **Setting up the Tor Browser if you are not on Whonix**
+![](../context/private.png)
 If you have a regular debian distribution, do as follows to install the tor browser:
     
     
@@ -141,147 +287,3 @@ If you have a regular debian distribution, do as follows to install the tor brow
     extraction percent done: 100 / 100
     
     
-
-Next, we'll do some slight configuration changes, starting with the automatic connection:
-
-![](1.png)
-
-Then we make sure that all javascript is disabled, using the shield option on the top right corner, make sure it's set to the "Safest" setting:
-
-![](2.png)
-
-Then a personal preference, let's switch on the dark theme:
-
-![](3.png) ![](4.png)
-
-And from there you can start browsing. You can browse the clearnet first to see how the tor connection works:
-
-![](5.png)
-
-As you can see here, when browsing to the clearnet, your traffic is being encapsulated threefold, meaning that you are entrusting your connection to 3 tor node owners around the globe. And on top of that, they are in 3 different countries.
-
-![](6.png)
-
-Next, when you browse to a website that can be accessed via a .onion link, you might get the above message that shows up. I prefer to not prioritize onions to avoid unnecessary page refreshes. Instead i click on the .onion available button if it appears.
-
-![](7.png)
-
-Now when you're connected to the .onion hidden service, you can see that your connection goes through more tor nodes, this is the best way to access websites online, you're not leaking any info they don't need to know that way. Plus, since we are on the "safest" setting, we are not loading any javascript that may be used to fingerprint our activity online. 
-
-## **How to get the Tor Browser when you are in a Heavily-censored country**
-
-There are situations when you cannot simply download tor browser from their official site because of censorship. There are alternative methods for you to get the tor browser
-
-Tor browser official offers an email address called gettor@torproject.org, which you can send email to them, and they will offer you a download link
-
-First prepare an email, for me I am using protonmail, you can also use outlook or apple email if protonmail is blocked. Any service provider allows you to email tor project will work.
-
-![](snow-flake-tutorial-migrate/1.png)
-
-Next simply send an empty email to tor project
-
-![](snow-flake-tutorial-migrate/2.png)
-
-Soon you will receive a reply from tor project, simply reply them with your OS name(select one from the list)
-
-![](snow-flake-tutorial-migrate/3.png)
-
-For me during this demo is linux64
-
-![](snow-flake-tutorial-migrate/4.png)
-
-After the reply they will send you a download link, very ironically the download link is a google drive link, many countries that block tor also block google, they actually are supposed to send the brower bundle in attachment
-
-![](snow-flake-tutorial-migrate/5.png)
-
-If you find out google drive does not work for you, try to check wheter if github is accessible. Tor browser also provides download on github officially, check the releases on [Tor browser github repository](https://github.com/TheTorProject/gettorbrowser)
-
-![](snow-flake-tutorial-migrate/6.png)
-
-## **Setting up the Tor Browser on your Mobile**
-
-## _OPSEC Recommendations:_
-
-  * Hardware: Google Pixel
-
-  * Host OS: [Graphene OS](../graphene/index.md)
-
-  * Configuration: Can be set in the Private or Anonymous Profile
-
-
-  
-
-
-## **Initial Download and Setup**
-
-You can download Tor Browser for Android from F-Droid (as we want to maintain the open source requirement), using the Guardian Repository, or the apk directly from the official Tor website. Please do not download it from any other source. There have been malicious versions passed around on social media in the past.
-
-![](MobileTor/11.png) ![](MobileTor/12.png) ![](MobileTor/13.png) ![](MobileTor/14.png) ![](MobileTor/15.png) ![](MobileTor/16.png) ![](MobileTor/17.png) ![](MobileTor/18.png) ![](MobileTor/19.png) ![](MobileTor/20.png) ![](MobileTor/21.png)
-
-Note: To download from F-Droid you will have to enable Guardian Project Repositories under settings → My Apps → Guardian Project (guardianproject.info/fdroid/repo)
-
-When you open the Tor app for the first time you will be greeted with this screen:
-
-  
-![](MobileTor/1.png)   
-
-
-We'll do some slight configuration changes, starting with the automatic connection and then open settings: _toggle auto → settings_   
-![](MobileTor/2.png)   
-
-
-In settings, scroll down to Privacy and security. Open Security Level:
-
-  
-![](MobileTor/3.png)   
-
-
-Choose Safest for maximum security
-
-![](MobileTor/4.png)   
-
-
-Additionally in settings you can choose the Default search engine and to use (.onion) sites if you prefer.
-
-![](MobileTor/5.png)   
-
-
-And you are done, you should now be at the start page:
-
-  
-![](MobileTor/6.png)   
-
-
-If your connection is being censored or you are unable to connect to the Tor network then you may have to configure a bridge. Choose “Config Bridge” on the opening screen or under settings:
-
-  
-![](MobileTor/7.png)   
-
-
-Toggle “Use a Bridge” to open up three options: "obfs4", "meek-azure", and "snowflake".
-
-  1. Obfs4 is a pluggable transport that makes Tor traffic look random and also prevents censors from finding bridges by Internet scanning. 
-
-  2. Meek-Azure is a pluggable transport that makes it look like you are browsing a Microsoft web site instead of using Tor.
-
-  3. Snowflake involves a large number of volunteer proxies, which also makes them hard to pin point and prevents the blocking of proxy IP addresses.
-
-
-
-
-Additionally you can provide a trusted bridge to use if you know one.
-
-  
-
-
-## _Closing:_
-
-  1. Orfox is a sunsetted privacy focused web browser based on Tor. It is no longer maintained and is not recommended.
-
-  2. Orbot is a proxy app that allows other apps on your device to encrypt your internet traffic through Tor. After installing Orbot go to Choose apps under settings in order to route the apps of your choice through Tor.
-
-  3. Currently there is no official Tor browser available for iOS on iPhone. Using Orbot with the open source Onion Browser is better than nothing but does not have the same privacy protections as Tor Browser. Use at your own risk.
-
-
-
-

torthroughvpn/index.md

@@ -6,6 +6,8 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU
 ---
 # Using Tor Safely: Tor through VPN or VPN through Tor? 
 
+![](../context/anon.png)
+
 ## **Tor and VPNs comparison Recap**
 
 As we went over this comparison in the previous blogpost [here](../torvsvpns/index.md) i will briefly recap it here:

torwebsite/index.md

@@ -8,7 +8,7 @@ tags:
 ---
 # Hidden Service with custom .onion Vanity V3 address 
 
-![](../hiddenservice/2.png)
+![](../context/anon_remote.png)
 
 In this tutorial we'll setup a Hidden Service with custom .onion Vanity V3 address, we'll set it up using nginx and Tor. 
 

veracrypt/index.md

@@ -6,7 +6,7 @@ xmr: 862Sp3N5Y8NByFmPVLTPrJYzwdiiVxkhQgAdt65mpYKJLdVDHyYQ8swLgnVr8D3jKphDUcWUCVK
 tags:
   - Core Tutorial
 ---
-# The main source of Plausible Deniability: Deniable Encryption (April 2025 update)
+# The main source of Plausible Deniability: Deniable Encryption
 
 ![](0.png)
 
@@ -44,7 +44,7 @@ Using Veracrypt encrypted volumes, you have a decoy volume which is there by def
 
   6. Packages: [grub-live and ram-wipe](../livemode/index.md)
 
-
+![](../context/sensitive.png)
 
 
 In this tutorial requires you to have implemented the following setup:

vpn/index.md

@@ -7,7 +7,7 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU
 # How to get privacy from your ISP using a VPN 
 
 ## _OPSEC Recommendations:_
-
+![](../context/private.png)
   1. Hardware : PC / Laptop / Homeserver / Remote Server
 
   2. Host OS : [Linux](../linux/index.md)

vpnqemu/index.md

@@ -6,7 +6,7 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU
 ---
 # Route QEMU VMs through a Host OS VPN 
 
-
+![](../context/private.png)
 
 ## **Initial Setup**
 

whentorisblocked/index.md

@@ -8,6 +8,8 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU
 
 In this tutorial we're going to cover how we can circumvent a website's attempts at blocking Tor traffic, by using a VPN. As we discussed [previously](../torthroughvpn/index.md), this is relating to the serverside context required to know if we should combine the use of Tor with the use of a VPN. 
 
+![](../context/anon.png)
+
 ![](../torthroughvpn/12.png)
 
 **Here we are using a VPN to hide from the website owner that we are connecting via Tor.** Effectively giving off the impression that we are only connecting via a VPN, while in reality Tor is protecting our Anonymity on the IP level. Now we also need to preserve our Anonymity when we are renting and using the VPN, that's why we have to use [MullvadVPN](../vpn/index.md) as they don't care who's using their service (they allow both [Tor connections](../torbrowsing/index.md) and[ Monero](../monero2024/index.md) payments). **We are also blending in their large userbase.** (which would not be the case if we were using a VPS with openvpn on it, in which we would be the only one to use it).

whonix_hiddenservice/index.md

@@ -19,6 +19,10 @@ Since the goal of self-hosting hidden services is to avoid revealing your home I
 
 ## Targeted Setup:
 
+![](../context/anon_self.png)
+
+Our targeted setup depends on a [previous tutorial](../whonixqemuvms/index.md), to setup the whonix QEMU Vms you can follow the same steps as we detailed on the clientside.
+
 ![alt text](image.png)
 
 For this targeted setup, we're going to re-use a set of QEMU Whonix VMs on our homeserver, the nginx service with the local website are going to sit on the whonix workstation, meanwhile the actual Tor daemon will remain on the Whonix Gateway. We're going to follow the [official whonix documentation](https://www.whonix.org/wiki/Onion_Services#Hidden_Webserver) to do this setup.
@@ -120,3 +124,40 @@ And it works! Now let's reboot the whonix workstation back into user mode since
 After rebooting the whonix workstation we see that it is still accessible as intended!
 
 The point of going back into the regular user mode is that in case if the service were to get hacked, the whonix hardening features are going to make it impossible for the attacker to do anything. For example they can't get the onion hidden service keys because those sit on the Whonix gateway, rather than on the Workstation.
+
+# Bonus: Shared folder on whonix workstation with the Host OS:
+
+Since you can't copy paste from the host OS into the guest OS of the whonix workstation (it's intentional to prevent clipboard attacks), you're going to require to get files in and out of the whonix workstation VM from time to time, to do so, you need a shared folder between the Host and the Guest OS:
+
+First power off the VM and enable shared memory:
+![alt text](image-7.png)
+
+Then create the shared folder on the host OS in /home/user/shared/:
+```sh
+[user ~]% mkdir /home/user/shared
+[user ~]% chmod 777 /home/user/shared 
+```
+
+Then, click add hardware to add a new "filesystem" in the /home/user/shared folder, using the virtiofs driver:
+![alt text](image-8.png)
+
+Then for this example we're going to boot into the sysmaint user session and run the following commands:
+![alt text](image-9.png)
+
+From the Host OS:
+```sh
+[user ~/shared]% vim /home/user/shared/test2  
+[user ~/shared]% cat /home/user/shared/test1  
+Hello from whonix workstation !
+```
+From the whonix workstation vm:
+```sh
+[workstation sysmaint ~]% sudo -i
+[workstation root ~]# cat mount.sh
+mount -t virtiofs shared /mnt/shared
+[workstation root ~]# vim /home/user/shared/test1  
+[workstation root ~]# cat /home/user/shared/test1
+Hello from Host OS
+```
+
+That way you'll be able to share files back and forth from inside the whonix workstation if you ever need it.

whonixqemuvms/index.md

@@ -24,7 +24,7 @@ Whonix is an open-source set of 2 VMs (one being used for networking, and the ot
 
   4. Application: [Host-based VPN](../index.md) (if your ISP doesn't allow Tor traffic) 
 
-
+![](../context/anon.png)
 
 
 I recommend using this setup into one of the above mentioned VMs, for [Anonymous use](../anonymityexplained/index.md), as per the [4 basic OPSEC levels](../opsec4levels/index.md).