move tutorials to new repo

0_template/index.md

@@ -0,0 +1,66 @@
+---
+author: nihilist
+date: 2001-01-30
+gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/260"
+xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
+---
+# SRVNAME Setup 
+
+![](0.png)
+
+
+
+## **Initial Setup**
+
+![]()
+    
+    
+    	
+    
+
+![]()
+    
+    
+    	
+    
+
+![]()
+    
+    
+    	
+    
+
+## **Setup**
+
+![]()
+    
+    
+    	
+    
+
+![]()
+    
+    
+    	
+    
+
+![]()
+    
+    
+    	
+    
+
+## **Setup**
+    
+    
+    	
+    
+    
+    
+    	
+    
+    
+    
+    	
+    
+

anonaccess/index.md

@@ -0,0 +1,70 @@
+---
+author: nihilist
+date: 2024-05-02
+gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/111"
+xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
+---
+# Remote anonymous access setup (SSH through tor) 
+
+
+
+## **Initial Setup**
+
+On your server, edit the torrc file like so:
+    
+    
+    [ Datura ] [ /dev/pts/9 ] [~]
+    → cat /etc/tor/torrc
+    
+    HiddenServiceDir /var/lib/tor/onions/daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/
+    HiddenServicePort 22 127.0.0.1:22
+    HiddenServicePort 80 127.0.0.1:4443
+    	
+    
+
+Then just edit your local .ssh config to access it:
+    
+    
+    [ mainpc ] [ /dev/pts/7 ] [~]
+    → cat .ssh/config
+    Host tortura
+            User root
+            hostname daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion
+            IdentityFile ~/.ssh/torified
+    
+    Host datura
+            User root
+            hostname 65.109.30.253
+            IdentityFile ~/.ssh/torified
+    	
+    
+
+Then connect to the host by forcing SSH to go through tor, thanks to torsocks:
+    
+    
+    [ mainpc ] [ /dev/pts/5 ] [~]
+    → systemctl restart tor@default
+    
+    [ mainpc ] [ /dev/pts/5 ] [~]
+    → torsocks ssh tortura
+    The authenticity of host 'daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion (<****no hostip for proxy command>)' can't be established.
+    ED25519 key fingerprint is SHA256:A0CFTeUixGoK96VenBQ7Z2U8kX5olDCqBvBNeJUfs6I.
+    This host key is known by the following other names/addresses:
+        ~/.ssh/known_hosts:144: [hashed name]
+    Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+    Warning: Permanently added 'daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion' (ED25519) to the list of known hosts.
+    Enter passphrase for key '/home/nihilist/.ssh/torified':
+    Linux Datura 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64
+    
+    The programs included with the Debian GNU/Linux system are free software;
+    the exact distribution terms for each program are described in the
+    individual files in /usr/share/doc/*/copyright.
+    
+    Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
+    permitted by applicable law.
+    Last login: Thu May  2 14:47:23 2024 from 178.255.149.178
+
+For instance, this is how you can access a server that is in an isolated LAN (such as in your home network), without requiring to port-forward anything.
+
+But keep in mind that the latency is going to be higher due to the 6 hops circuit (since we're doing it via the .onion link, rather than connecting to the IP directly). The length of the circuit is due to requiring to use the rendez-vous mechanism, since we're using the .onion domain.
+

anonclearnetservices/index.md

@@ -0,0 +1,38 @@
+---
+author: nihilist
+date: 2024-08-06
+gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/105"
+xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
+---
+# Where to host Anonymous Clearnet Services ? 
+
+![](0.png)
+
+In this tutorial we're going explain how you can have anonymous clearnet services, which can either remotely or self-hosted. 
+
+
+
+## **Hosting an Anonymous Remote Clearnet Service**
+
+The first way to have an Anonymous clearnet service, is Remotely, where you go through a non-KYC cloud provider, and a non-KYC domain provider, in order to obtain a remote VPS and Domain anonymously (using Tor and Monero).
+
+![](1.png)
+
+The idea here is that you always keep Tor between you and the services, so that it remains impossible to prove that you are the owner of said service, from the acquisition of the services, to their actual use (forcing SSH to go through Tor).
+
+## **Self-Hosting an Anonymous Clearnet Service**
+
+The second way to have an Anonymous clearnet service is by self-hosting it, like above, you also need to get yourself a VPS and a domain anonymously, using non-KYC providers/resellers. The VPS must have openvpn installed on it.
+
+Then you need to have a home server, running a local service (let's say with ports 80 and 443),
+
+That same local homeserver must connect to the OpenVPN server, but you must force the VPN connection to go through Tor, to avoid revealing your Home IP to the cloud provider.
+
+And from there, you will be able to port-forward the ports from your local service, to the VPS, while maintaining your Anonymity. 
+
+And of course, if your ISP doesn't allow Tor traffic, we can always hide it using a Trusted VPN, like MullvadVPN.
+
+![](2.png)
+
+Note that such a setup is to be done only when you want to have your server data at home (for example, [self-hosting a mail server, while maintaining Anonymity](../mailprivate/index.md)), if this is not a concern, then you should just host the service remotely as seen above.
+

anoncreditcard/index.md

@@ -0,0 +1,111 @@
+---
+author: XMRonly
+date: 2024-11-06
+gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/28"
+xmr: 8AHNGepbz9844kfCqR4aVTCSyJvEKZhtxdyz6Qn8yhP2gLj5u541BqwXR7VTwYwMqbGc8ZGNj3RWMNQuboxnb1X4HobhSv3
+---
+# How to Get a Credit Card Anonymously (Credit Cards as a Service)
+
+![](0.png)
+
+## **Introduction**
+
+With the growing economy and increasingly aggressive marketing, every company is competing to earn your business. There are no shortages of ways to spend your hard-earned money, but you may not always want to have your purchases tied to your real identity. For in person purchases, there is the obvious choice of cash as no information about you is recorded. However, online is a different story. E-commerce is heavily reliant on the use of credit cards, which leave a digital trail of metadata that ties back to you, is shared with third parties and is repackaged and sold to data brokers. Some forward-thinking vendors accept cryptocurrency but given online markets as a whole, this is still relatively niche. If your preferred method of buying something is Monero and your target vendor doesn't accept Monero, wouldn't it be great if you could still just use Monero anyway? In this article, we will explore how to obtain an anonymous prepaid card for Monero using Cake Pay and how to use this prepaid card to purchase a VPS from Hostinger, a KYC web hosting provider. 
+
+## _OPSEC Recommendations:_
+
+  1. Hardware : (Personal Computer / Laptop)
+
+  2. Host OS: [Linux](../linux/index.md)
+
+  3. Hypervisor: [libvirtd QEMU/KVM](../hypervisorsetup/index.md)
+
+  4. Virtual Machine: [Whonix](../whonixqemuvms/index.md) or [Tails](../tailsqemuvm/index.md)
+
+
+
+
+Every steps listed below are to be done via the Tor browser, in order to preserve our anonymity.
+
+
+
+## **Obtaining the Card**
+
+Using the Tor Browser, navigate to **https://buy.cakepay.com**. Here we are going to select the Mastercard Prepaid USD Debit (Virtual Only) option. Click Buy Now. ![](1.png)
+
+When prompted, enter an [anonymous email](../anonemail/index.md) and then retrieve and enter the one-time password emailed to us. ![](2.png)
+
+The next screen has some important information on it. It informs us that a name and email will be required for sign-up. It just doesn't specify that it has to be _our_ name and address. This card will not work in Apple Pay or Google Wallet, not that we were planning on using those anyway. Additionally, trying to redeem this card while using a VPN (or in our case, the Tor Browser) may fail. More on that later. Enter a desired amount and click Buy Now. ![](3.png)
+
+We are now presented with a payment screen. ![](4.png)
+
+Copy the destination address and amount into your Monero wallet and send the payment. ![](5.png)
+
+Cake Pay will quickly detect the payment, and after a few more on-chain confirmations it will say the invoice is paid. ![](6.png)
+
+Back in your inbox, you will now receive an email with Redemption Instructions and a Code. ![](7.png)
+
+Attempting to redeem the code through the Tor Browser or through a VPN will fail and after around 10 consecutive attempts your redemption link and code will be temporarily locked. ![](8.png)
+
+This is where a [residential proxy](../anonproxy/index.md) will come in handy. After setting one up, we can continue unimpeded using the Tor Browser. Input the code, confirm you are not a robot and click Submit. ![](9.png)
+
+Our card purchase was successful. Copy the code and navigate to the provided link. ![](10.png)
+
+Enter the code and click on Redeem Code. ![](11.png)
+
+Complete the captcha if prompted by sliding the puzzle piece in place. ![](12.png)
+
+We are now prompted to fill out the information we want for registering this card. We enter a name, an address that is for sale online, a phone number and email. After everything is populated click the checkboxes and finally hit Activate. Note that the phone number is not verified in any way. ![](13.png)
+
+Our card is ready! ![](14.png)
+
+## **Using the Card**
+
+With our (digital) card in hand, it's time to actually buy something. Hostinger is a clearnet web hosting company with no explicitly stated support for signing up anonymously. All of their payment options require some information about the user and while their site supports a long list of cryptocurrencies, they somehow forgot to accept Monero. That's OK, we have a prepaid card for that. ![](15.png)
+
+Using the Tor Browser, navigate to **https://hostinger.com** and click on Hosting -> VPS hosting. ![](16.png)
+
+If prompted, verify you are human. ![](17.png)
+
+We will select a plan that costs less than the amount on our prepaid card. ![](18.png)
+
+OPTIONAL: A quick online search found a promo code. Apply it and click Continue. ![](19.png)
+
+It is time to create an account. Enter an email address and password. ![](20.png)
+
+Enter the billing details we used to create our prepaid card. Note that a phone number is not required here. ![](21.png)
+
+Enter the card details and click Submit payment. ![](22.png)
+
+## **VPS Configuration**
+
+We are now prompted to configure our VPS. A few quick steps are required before we can start using it. Click through to choose a location, an OS, a malware scanner, set a root password and then click Finish setup. ![](23.png)
+
+## **Conclusion**
+
+After a short setup, our VPS is ready! ![](24.png)
+
+Let's try to connect via [SSH over Tor](../anonaccess/index.md). 
+    
+    
+    ~ ❯ torsocks ssh root@145.223.79.150
+    The authenticity of host '145.223.79.150 (145.223.79.150)' can't be established.
+    ED25519 key fingerprint is SHA256:bF9YlAl82SyfCu3X911lclJ0TwywiU6qgNtKCYDdnd0.
+    This key is not known by any other names.
+    Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+    Warning: Permanently added '145.223.79.150' (ED25519) to the list of known hosts.
+    root@145.223.79.150's password:
+    Linux srv636770 6.1.0-26-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.112-1 (2024-09-30) x86_64
+    
+    The programs included with the Debian GNU/Linux system are free software;
+    the exact distribution terms for each program are described in the
+    individual files in /usr/share/doc/*/copyright.
+    
+    Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
+    permitted by applicable law.
+    root@srv636770:~#
+    
+    
+
+And that's it ! we have managed to get access to a credit card anonymously, and we also managed to use it to get a VPS anonymously, all while maintaining our anonymity.
+

anondomain/index.md

@@ -0,0 +1,65 @@
+---
+author: nihilist
+date: 2024-09-05
+gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/110"
+xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
+---
+# How to rent remote domains anonymously (Registrar resellers) 
+
+Not many people know that it is possible to operate a clearnet website, anonymously. That can be done using a [non-KYC registrar reseller](https://kycnot.me/?t=service&q=domain), that allows you to purchase a domain using Monero. It is crucial to maintain Anonymity when you are purchasing the domain, and when you are using it, to do so you'll need to at least keep Tor in between you and the service, as we have explained [previously](../anonclearnetservices/index.md).
+
+![](../anonclearnetservices/0.png)
+
+## _OPSEC Recommendations:_
+
+  1. Hardware : (Personal Computer / Laptop)
+
+  2. Host OS: [Linux](../linux/index.md)
+
+  3. Hypervisor: [libvirtd QEMU/KVM](../hypervisorsetup/index.md)
+
+  4. Virtual Machine: [Linux](../hypervisorsetup/index.md) or [Whonix](../whonixqemuvms/index.md) or [Tails](../tailsqemuvm/index.md)
+
+
+
+
+
+
+In this tutorial we're going to try out nicevps.net, and as we are operating from within a Whonix VM, we'll use their onion mirror. So first we register an account there:
+
+![](1.png)
+
+Then we order a domain of our choice:
+
+![](2.png) ![](3.png) ![](4.png)
+
+For example we order the domain meduzzza.com for a yearly 15 euros, that we will obviously pay in monero as we want to maintain Anonymity: 
+
+![](5.png) ![](6.png)
+
+Then once paid you can access your services from the dashboard:
+
+![](7.png) ![](8.png)
+
+And from inside the control panel, you can set the Registered Glue Name Servers as follows, that way your domain's primary and secondary domain name servers are the ones of your choice. I recommend having an [Anonymously-acquired remote VPS](../anonymousremoteserver/index.md) with a [bind9 service](../dns/index.md) on it.
+
+![](9.png)
+
+Then once set, you can check the status of the NS record propagation [dnschecker.org](https://dnschecker.org), be warned that the DNS propagation can take up to 48 hours to propagate.
+
+![](10.png)
+
+Once the NS dns record propagated, your domain should resolve anywhere in the world:
+    
+    
+    [ mainpc ] [ /dev/pts/10 ] [~/Nextcloud/blog-contributions]
+    → ping ns1.nihilism.network
+    PING ns1.nihilism.network (23.137.250.140) 56(84) bytes of data.
+    64 bytes from mail.nihilism.network (23.137.250.140): icmp_seq=1 ttl=56 time=58.9 ms
+    64 bytes from mail.nihilism.network (23.137.250.140): icmp_seq=2 ttl=56 time=55.8 ms
+    64 bytes from mail.nihilism.network (23.137.250.140): icmp_seq=3 ttl=56 time=56.3 ms
+    
+    
+
+And that's it you can now have a public website using a domain that you acquired anonymously!
+

anonemail/index.md

@@ -0,0 +1,35 @@
+---
+author: XMRonly
+date: 2024-10-16
+gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/26"
+xmr: 8AHNGepbz9844kfCqR4aVTCSyJvEKZhtxdyz6Qn8yhP2gLj5u541BqwXR7VTwYwMqbGc8ZGNj3RWMNQuboxnb1X4HobhSv3
+---
+# How to Get an Email Account Anonymously (Emails as a Service)
+
+![](0.png)
+
+
+
+## **Introduction**
+
+Email is one of the most widely used forms of online communication, both for personal and professional interactions. With billions sent daily, you would expect email to be secure, accessible, and readable by only the intended recipient. Unfortunately, email is an old technology and this is not always the case. With metadata being visible, large email providers scanning emails, as well as potential government surveillance in some parts of the world, it is no surprise that email is hardly considered private. As such, you may want to send an email that is not tied to your real identity. In this article, we will explore how to sign up for email account anonymously. Specifically, we will explore a privacy-focused email provider, **Proton Mail** , and how to sign up using Tor without inputting any additional information whatsoever. 
+
+## **Setup**
+
+Using the Tor Browser, navigate to Proton Mail's onion address to create a free account. You can find the address on their [official site](https://proton.me/blog/tor-encrypted-email). It is also posted here for convenience:   
+**https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/** ![](1.png)
+
+At the time of writing, the next page produced an error resulting in some aspects not loading correctly. No matter, we carry on. Click to select a plan as shown. ![](2.png)
+
+We are not interested in a paid plan, so click to continue with free. ![](3.png)
+
+Enter a unique username and password and click Create Account. ![](4.png)
+
+At this point, you will be greeted with additional verification. Proton Mail does this to prevent abuse of their services by bots and spammers. If presented with the option requiring verification by email or [SMS](https://blog.nowhere.moe/opsec/anonsms/index.md), close the browser and restart from the beginning. After maybe a handful of attempts, you will be presented with Proton's Captcha option. Slide the puzzle piece in place and click Next. ![](5.png)
+
+Select a display name and deny a recovery method. ![](6.png)
+
+## **Conclusion**
+
+And your new anonymous email account is ready for use! In line with practicing good [OPSEC](https://blog.nowhere.moe/opsec/opsec4levels/index.md), this account is for use exclusively over the Tor network for activities unrelated to your real identity. ![](7.png)
+

anonprotest/index.md

@@ -0,0 +1,438 @@
+---
+author: nanoanon
+date: 2024-10-10
+gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/32"
+xmr: 88Vc2wutSzzCXdFjepFzp9ZhAW6eYCUq2iiME5H7Sdda689fcHeybfUZ3jaVPqRN5T1FK6R1dq4bsPaEPpD3RMTG1rQbU4L
+---
+# How to remain Anonymous during a protest
+
+You just turned on your TV and saw that there is a **protest** near the white house because the government decided that end to end encryption leads to terrorism and are passing a law to ban it. You feel patriotic and know that it isn't right. **You show up to the protest without telling anyone** for a few hours and you get back home proud that you showed your support to the people. However, the police bangs your door and **arrests you for taking part in the protest**.
+
+
+
+## **Phones are tracking devices for Law Enforcement**
+
+  
+
+
+**Government** , **Internet Service Providers** (ISPs), **Cellular network providers** can all **find out where you are** with the help of your device emitting and receiving radio waves. These entities use various methods to track you down at **any given time**. This is called **Geofencing**.
+
+  
+
+
+### **Tower Triangulation**
+
+![](tower-triangulation.png)
+
+This is where multiple cellular towers are used to geometrically locate devices connecting or pinging them by measuring the strength of the connection from each tower.
+
+more towers present around you = more accurate location
+
+**Towers even at a distance of 5 miles from you can be used to triangulate your location precisely.**
+
+### **Wifi Triangulation**
+
+![](wifi-triangulation.png)   
+  
+
+
+Wifi routers often interact together especially when they're from the same ISP. When your device recognizes a wifi network nearby (as seen in the wifi details option of your phone) which also allows them to determine the **signal strength** of each router.
+
+This can be used to geometrically determine your device's location based on how strong the nearby signals are, **even when you're not connected to it.**
+
+**Two routers are enough to track you precisely upto a 6 feet error. You're surrounded by tens of them.**
+
+On Android and Apple devices, wifi can also be used to geofence you with GPS through Google or Apple Network Location Provider (NLP) service. Making it even easier to geo-locate your device.
+
+### **GPS/A-GPS**
+
+Your phone constantly searches for satellites to connect to Global Positioning System (GPS) signals.
+
+Both Android and Google devices use Google-SUPL service for gps queries - [supl.google.com:7275]. This **happens even if you do not connect your phone to a WiFi or Cellular data**.
+
+Blocking this service greatly impacts cellular data connectivity and disables location services on your device.
+
+(A-GPS stands for 'Assisted GPS'. It is when the SUPL GPS service works with the on-device GPS module to be even efficient in location tracking.)
+
+### **TLDR; Unless if your phone is powered off in a faraday bag, wherever it goes, there exists a permanent record of where a phone has been and that record is known by Law Enforcement entities.**
+
+## **Prevention - staying Anonymous outdoors.**
+
+**Reminder: Anonymity is when you are amongst a group of people, and you are indistinguishable from the other members of the group.**
+
+**⚠️ Read the entire article before taking any actions or steps as half-knowledge could easily land you in jail.⚠️**
+
+* * *
+
+### **Look the same**
+
+To minimize the risk of being identified by police or surveillence devices like CCTV, protestors including you should adopt a uniform. The best way to do this is implementing the following.
+
+![](sd-anons.png)
+
+#### 
+
+  * Wearing all black - (_long sleeve tshirts_ , pants, socks, shoes, _gloves_ , _glasses_ , and _masks_.) 
+  
+
+  * No jewellery - necklaces, watches, earrings, bracelets, etc.
+  
+
+  * Dress up such that you're always ready for a run.
+  
+
+  * Do not touch surfaces with your bare hands and leave potential fingerprints.
+  
+
+  * Do not carry any weapon, signal jammer, or any such device that might get you in trouble in the court.
+
+
+
+* * *
+
+### **⚠️ Leave your primary personal (public use) phone ACTIVATED at YOUR home. ⚠️**
+
+  
+
+
+#### Taking your phone to the protest, deactivating your phone or trying to mask the location of your phone can be a good reason for Law Enforcement agencies to put you on the suspicion list. All that the law enforcement needs to prove you guilty of participating in the protest is your primary phone (affiliated to you publically) to be nearby the protest, potentially landing you in jail and big trouble, even if you went just to buy grandma's medicine.
+
+  
+
+
+#### Leaving your phone activated at home leaves no digital trace of you ever being affiliated with the protestors.
+
+#### As we have discussed the various methods that Law Enforcement agencies can track you down precisely, and there isn't much you can do to stop it, leaving your personal mobile phone, smart watch, or any other smart device at home is the best way to stay anonymous in a protest, leaving no proof that you took part in it and [denying](../deniability/index.md) that you ever left your home.
+
+# **How to have a phone for anonymous use?**
+
+###  WARNING: The safest and simplest way to stay anonymous is to keep your phone at home, as explained above, for deniability, where you can claim that you stayed at home during the protest. 
+
+  
+  
+
+
+###  ⚠️ Proceed only if you need connectivity for communications while doing anonymous outdoor activities. ⚠️
+
+WARNING: Best preferred Android ROM is GrapheneOS. If you REALLY NEED a secondary phone and it is compatible with LineageOS, you can proceed with it, but remember, you WILL NEED to make changes to the LineageOS firewall (+ block supl.google.com:7275) for it to be even close to Graphene in terms of security.
+
+WARNING/TIP: If you're proficient with linux and have experience using ubuntu touch, you can proceed with the same steps of setting up and precautions after you have secured its firewall.
+
+### **Preparation - indoors:**
+
+  
+
+
+#### 
+
+  * Use your main pc to flash [grapheneOS](../graphene/index.md) on a pixel phone. Only proceed if you get one. Otherwise, don't use a secondary phone at all.
+  
+
+  * Get a decently reviewed _Faraday bag_ on amazon. However its recommended to buy it physically with cash or learn how to make Faraday bag [here](https://invidious.privacyredirect.com/watch?v=sQ_V9LYfiUg), [here](https://invidious.privacyredirect.com/watch?v=jfSe-xyQQzg), or [here](https://invidious.privacyredirect.com/watch?v=PYHvMXAXGE4).   
+  
+WARNING: Make sure to check wheter your faraday bag works on not at your home prior the protest by putting your or someone else's phone inside it with cellular data and gps/location enabled and trying to call/track it. 
+  
+
+  * After you have flashed your pixel with grapheneOS (first step), DO NOT CONNECT TO ANY WIFI OR CELLULAR NETWORK. Now switch your phone off and immediately put it in a faraday bag, making sure its completely sealed. Its is good to cover and disguise the faraday bag as a normal envelope or put it in a bag to avoid high-level suspicion. 
+  
+
+  * Use sites like [ Openwifimap](https://openwifimap.net) __through tor__ to pre-scan and find free open WiFi around the protest to use in a secondary phone and the place where you plan to use active internet (as shown later).  
+  
+_[WARNING: Do this only if you**NEED** to use secondary phone for the protest]. 
+_   
+
+  * ⚠️ Use a Faraday bag at all times to store your secondary phone when you don't _**need**_ to use it. ⚠️ 
+  
+
+Next steps (a) & (b) are for accessing internet anonymously ONLY AFTER you have completed the above steps.   
+  
+
+
+### **a. Accessing internet anonymously - eSIM**
+
+#### 
+
+  * Using [Whonix VM](../whonixqemuvms/index.md) or [Tails VM](../tailsqemuvm/index.md), via the tor browser and some [Monero](../finances/index.md) (XMR), purchase an eSIM from <https://silent.link> and note down the activation code on a piece of paper.   
+  
+
+
+WARNING: It is important to write the _combined activation code_ down on a piece of paper or print the QR activation code (both given by silent.link after the purchase), and not in any digital or audio format because you do not want to leave any evidence of you ever interacting with the anonymous eSIM providers and arise suspicion.
+
+  * Write down the activation instructions below on a piece of paper. Dress up all black and go to a random place insignificant to you, get your phone out of the faraday bag, and connect to an open wifi network. There activate the eSIM as instructed below.
+  
+
+
+### **How to activate eSIM**
+
+### Step 1
+
+Navigate to your grapheneOS setting and click on "Network and Internet" 
+
+![](eSIM/1.png)
+
+### Step 2
+
+There you will find that the "priviledged eSIM management is disabled. This is because the google play services and google play service framework is not present by-default in graphene."
+
+![](eSIM/2.png)
+
+### Step 3
+
+Navigate to your app drawer and click on "Apps"
+
+![](eSIM/3.png)
+
+### Step 4
+
+Now install "Google Services Framework" and "Google Play Services"
+
+![](eSIM/4.png)
+
+### Step 5
+
+Navigate back to "Network and Internet" in the settings. The eSIM managament option should be enabled now.
+
+![](eSIM/5.png)
+
+### Step 6
+
+Click on the eSIM management option. Then click "Download a SIM instead." 
+
+![](eSIM/6.png)
+
+### Step 7
+
+Click "Next."
+
+![](eSIM/7.png)
+
+### Step 8
+
+Here, either scan the printed QR code on the piece of paper. Otherwise, navigate to "Need Help?" and select the option to input the code manually. Input the _combined activation code_ from the silent site that you noted down on the piece of paper.
+
+![](eSIM/8.png)
+
+### Step 9
+
+You might see different sim name downloading when you activate the sim. Its fine.
+
+![](eSIM/9.png)
+
+### Step 10
+
+Navigate to "settings" after you've finished downloading the eSIM.
+
+![](eSIM/10.png)
+
+### Step 11
+
+Click on the downloaded eSIM option.
+
+![](eSIM/11.png)
+
+### Step 12
+
+Toggle "Use SIM"
+
+![](eSIM/12.png)
+
+### Step 13
+
+Make sure to enable use for data if you want to access internet. You now have access to your private and anonymous eSIM. If you encounter any abnormal issue, using tor browser, head to [silent help](https://silent.link/faq).
+
+![](eSIM/13.png)
+
+### Step 14
+
+**DO NOT FORGET TO REMOVE BOTH GOOGLE SERVICES THAT YOU DOWNLOADED EARLIER.**![](eSIM/14.png)
+
+  
+
+  * Make sure that while you're doing this, you're not under any security surveillence (cameras, law encorcement buildings, etc).
+  
+
+  * Once you validate that the eSIM works, power the device off, and put it in the faraday back again right away.
+
+
+
+* * *
+
+#### ⚠️ Although eSIM method works well, you need to remember that the moment you activate it, the systems _start tower-triangulation right away_ and doing it anywhere close to your location of interest might be _potentially risky_. You also need to be careful NOT to switch it on at your own home by any chance, or you could hear the _bang on your door soon_. This is why its best to use open public wifi.⚠️   
+  
+Leave your primary phone INDOORS and ACTIVATED while you are outdoors.   
+  
+
+
+###  ⚠️ Remember NEVER to carry both - your personal/primary and your secondary phones at the same time. If and only if need to for critical reasons, make sure to ALWAYS keep atleast one of them in a faraday bag at all times and do NOT switch on both of them simultaneously. ⚠️
+
+* * *
+
+### **b. Accessing internet anonymously - public wifi**
+
+#### 
+
+  * There are multiple advantages to use tools like [openwifimap](https://openwifimap.net) to find public WiFi cafe networks to connect to.
+  
+
+  * If for some reason the app/website does not show free open WiFi around your area, you might want to go for a walk like a normal person just to grab some coffee and note down the password without any suspicious movements.
+  
+
+  * Make sure to install [f-droid](https://f-droid.org/) on your grapheneOS and install [tor browser](https://blog.nowhere.moe../MobileTor/index.md) and [orbot](https://support.torproject.org/glossary/orbot/) vpn from it. Check "Setting up package managers" section of [this](../graphene/index.md) to be guided through how to install fdroid securely. 
+  
+
+  * Go in your grapheneOS settings and search for 'VPN' , find and select more options for orbot vpn after opening the orbot app once and giving it permission to start a VPN. Select the option to set orbot as an "Always-on VPN" and turn on "Block all connections not using this VPN".   
+  
+(or)   
+  
+Install Mullvad VPN and proceed with the same steps to block all connections not using Mullvad.   
+  
+
+
+### **Setting up orbot**
+
+  
+For routing internet traffic to specific servers anonymously, nothing beats tor. You can learn how to extensively do so [here](../torthroughvpn/index.md).   
+  
+  
+
+
+####  ⚠️ If tor is banned and illegal in your country, you NEED to access it through an untraceable anonymous [VPN like Mullvad](../vpn/index.md). 
+
+#### For now, we will just set up orbot as power user (socks proxy) through which we can safely route our SimpleX chat (below) messages securely.
+
+  
+  
+
+
+#### Step 1
+
+Navigate to the orbot app after you have installed from the steps above
+
+![](1.jpeg)
+
+#### Step 2
+
+Go to "More" (three dots) on the bottom left of the screen
+
+![](4.jpeg)
+
+#### Step 3
+
+Go to settings
+
+![](2.jpeg)
+
+#### Step 4
+
+Enable "Power User mode"
+
+![](3.jpeg)
+
+  
+  
+  
+We will be showcasing how to use the SOCKS5 proxy you just enabled to securely relay SimpleX messages and also a guide on setting up Mullvad VPN in our future article(s).   
+  
+
+
+##### ⚠️ Although Mullvad is one of the very few trustable VPNs out there, we can NEVER trust a single entity so its better and free to use orbot. ⚠️
+
+
+
+
+  
+  
+
+
+#### Now whenever you are outdoors onto doing something sensitive, being unidentifiable with the uniform and your gear, you can take the phone out of the faraday bag, power it on and use it.
+
+  
+  
+
+
+* * *
+
+* * *
+
+  
+  
+
+
+## **Anonymous Communications**
+
+  
+
+
+#### A trusted, decentralised communication platform for discussing things about the protest is the most important thing. Despite having all the proxies and anonymization tools in your hand, if the Law Enforcement already knows about the people going to protest, they can arrest them prior the protest.   
+  
+This is why you need a secure, decentralised, end-to-end encryption based messaging platform.   
+  
+
+
+  
+  
+
+
+### **Simplex Chat**
+
+  
+
+
+#### For sensitive communications while outdoors, it is suggested to use [SimpleX chat with disappearing messages](https://simplex.chat/blog/20230103-simplex-chat-v4.4-disappearing-messages.html#disappearing-messages) turned on.   
+  
+You NEED to make sure to turn on disappearing messages on both ends, incase authorities get hold of your device and search for your chats. Having messages set to disappear after a said amount of time allows you to use deniability.   
+  
+We will be also showing how to use SimpleX as an all-in-one privacy messenger for all your activities in one of our future tutorials. 
+
+# **Physical opSec**
+
+What you do in day-to-day life is a big part of who you are, your personality, your agenda, etc. You NEED to be aware of your physical operational security and take care of it properly. 
+
+## **Your body language**
+
+sourced from [cia assessment training](https://wikileaks.org/cia-travel/secondary-screening/WikiLeaks_CIA_Assessment_on_Surviving_Secondary_Screening.pdf) papers from wikileaks.
+
+  
+
+
+### While interacting with people of the protest, you need to take care make sure that you
+
+#### 
+
+  * **Do NOT tell anyone your real name**. Create a pseudonym for every group/contact. SimpleX chat offers this feature within their app to randomly generate one using "Incognito mode" within the app.
+  
+
+  * **Do NOT vocally talk about protest at home, near devices. SimpleX chat should be the _only_ place you talk about the protest**.
+  
+
+  * Do NOT share personal info (address, phone number, birth year, family background) with **ANYONE**.
+  
+
+
+
+  
+
+
+### When going outside to safely access services like eSIM or tor, as we talked earlier, always keep in mind to
+
+#### 
+
+  * NOT go to a location that holds a significance to you.
+  
+
+  * NOT go to a location that is near Law Enforcement premises or under surveillence (CCTV) without being sure you've not been followed and are unidentifiable.
+  
+
+  * ### Put your uniform in a bag (A) and put a bag (B) in the bag (A). Go to a subway washroom/restroom and wear the uniform making sure no cameras are watching you. Make sure to now put the bag (A) in bag (B) and proceed with your work as shown in the below diagram.
+
+![](popsec-1.png)
+  
+  
+
+
+### Again, keep the **secondary phone switched off** in a **faraday bag** at **all times**. Switch it on or remove it from the faraday bag STRICLY ONLY AFTER YOU HAVE DISGUISED (ONLY after reaching public washroom A). Put the phone back in before removing your disguise (BEFORE leaving public washroom B).
+
+![](popsec-2.png)   
+
+
+