oxeo0/opsec-blogposts
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/opsec-blogposts.git synced 2025-05-16 15:07:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: oxeo0:894a9d10114a61e1ef277378fed37835fee06630
Branches Tags
oxeo0:main
..
compare: oxeo0:f8fe66ba6e723149532d5363e39ec7f1a016bd46
Branches Tags
oxeo0:main

2 commits
894a9d1011 ... f8fe66ba6e

Author SHA1 Message Date
nihilist
f8fe66ba6e Merge remote-tracking branch 'refs/remotes/origin/main' 2025-05-08 21:52:09 +02:00
nihilist
d43e7a15b1 fix alot of shit, post-mkdocs contribute guides fixed 2025-05-08 21:51:34 +02:00
41 changed files with 452 additions and 553 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
0_template/0.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 53 KiB

After

Width:  |  Height:  |  Size: 73 KiB

Before After
Before After

BIN
0_template/1.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 86 KiB

BIN
0_template/2.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 470 KiB

BIN
0_template/3.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 161 KiB

BIN
0_template/image.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 541 KiB

98
0_template/index.md
View file

@ -1,66 +1,68 @@
---
author: nihilist
date: 2001-01-30
author: Anonymous
date: 2001-09-11
gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/260"
xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
---
# SRVNAME Setup
# Tutorial Title
In this tutorial we're going to explain A,B,C and showcase how to do X,Y,Z.
This blogpost reuses elements from these other tutorials:
- [What is Privacy ?](../privacy/index.md)
- [How to install Kicksecure as a Host OS](../linux/index.md)
- [How to install QEMU as a Hypervisor](../hypervisorsetup/index.md)
## **Why is this important ? In which context ?**
Context: You are at home, in your bedroom, and you want to do something privately.
Situation: Let's suppose that you want to do something private in your bedroom but the neighbor is watching what you're doing through your window.
Drawio Graph representation of the Problem:
![](0.png)
In this context, the problem is that the neighbor can see through your window. And because we want privacy, we need to find a way to prevent it.
## **Initial Setup**
![]()
## **What is the solution ?**
![]()
Drawio Graph representation of the Solution:
![]()
![](1.png)
## **Setup**
Prerequisites:
- Get a house or apartment
- the bedroom must have a window
![]()
![]()
## How can I implement the solution ?
![]()
1) Order the blinds through the commandline to look cool:
## **Setup**
```sh
curl -H 'Content-Type: application/json' \
-d '{ "title":"my_cool_order","item":"blinds", "id": 1}' \
-X POST \
https://thatonewebsitethatsellsblindsformonero.onion
```
2) once the package arrives, unpack it, and then screw it onto the wall
![alt text](3.png)
3) then assemble it just above the window
![alt text](2.png)
4) and finally close the blinds to prevent the annoying neighbor from peeking in
![alt text](image.png)
## Conclusion
And that's it! thanks to this tutorial you now know how to get privacy in your bedroom!

BIN
contribute/1.6.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 77 KiB

BIN
contribute/1.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 27 KiB

After

Width:  |  Height:  |  Size: 431 KiB

Before After
Before After

BIN
contribute/10.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 18 KiB

After

Width:  |  Height:  |  Size: 51 KiB

Before After
Before After

BIN
contribute/100.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 175 KiB

BIN
contribute/101.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 90 KiB

BIN
contribute/11.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 79 KiB

After

Width:  |  Height:  |  Size: 366 KiB

Before After
Before After

BIN
contribute/14.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 30 KiB

After

Width:  |  Height:  |  Size: 60 KiB

Before After
Before After

BIN
contribute/15.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 28 KiB

After

Width:  |  Height:  |  Size: 83 KiB

Before After
Before After

BIN
contribute/16.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 28 KiB

After

Width:  |  Height:  |  Size: 52 KiB

Before After
Before After

BIN
contribute/17.5.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 94 KiB

BIN
contribute/17.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 47 KiB

After

Width:  |  Height:  |  Size: 151 KiB

Before After
Before After

BIN
contribute/18.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 53 KiB

After

Width:  |  Height:  |  Size: 24 KiB

Before After
Before After

BIN
contribute/19.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 40 KiB

After

Width:  |  Height:  |  Size: 108 KiB

Before After
Before After

BIN
contribute/5.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 74 KiB

After

Width:  |  Height:  |  Size: 421 KiB

Before After
Before After

BIN
contribute/81.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 8.4 KiB

After

Width:  |  Height:  |  Size: 33 KiB

Before After
Before After

BIN
contribute/83.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 350 KiB

BIN
contribute/84.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 152 KiB

BIN
contribute/9.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 30 KiB

After

Width:  |  Height:  |  Size: 102 KiB

Before After
Before After

247
contribute/index.md
View file

@ -6,25 +6,25 @@ xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAU
---
# How to become a Contributor
In this tutorial we're going to look at how you can contribute to the opsec blog, we'll look into how the work is being organized, and how to contribute via gitea.
In this tutorial we're going to look at how you can contribute to the opsec blog, we'll look into how the work is being organized, and how to contribute via Forgejo.
## The Nihilism Blog Organisation
First, look at all the blogposts that are yet to be completed from the [opsec index page](../index.md) to see if there are some you'd like to do:
First of all, to know what tutorials we'd like to have completed, check out our [Opsec Forgejo Project board](http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/projects/1):
![](1.png)
Each tutorial (even if completed) has it's own assigned issue on [gitea](http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues):
Each tutorial (even if completed) has it's own assigned issue on Forgejo
![](1.5.png)
You can pick one that you'd like to do, if you see one that is in either the "to be brainstormed" or the "to be assigned" columns (example: [Easy Private Chats - SimpleX](http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/61).
You can pick one that you'd like to do, if you see one that has a red cross you can click on it, it will redirect you to it's assigned gitea issue (example: [Easy Private Chats - SimpleX](http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/61). If there is no todolist on each assigned gitea issue, you are free to brainstorm it like so:
If there is no todolist on each assigned forgejo issue, you are free to brainstorm it like so:
![](2.png)
If a blogpost gitea issue doesn't have a todolist yet, please follow this general template to write it:
If a blogpost forgejo issue doesn't have a todolist yet, please follow this general template to write it:
Privacy - Easy Private Chats with SimpleX
@ -50,9 +50,8 @@ The idea being that each issue needs to have a clear todolist to bring clarity o
At first, I am assigning only **one contributor per tutorial** , and only **one tutorial per contributor** at a time, with a **default deadline of 1 month**. to complete the assigned tutorial. (if you want to extend the deadline, you'll have to contact me first).
In short, please **choose a tutorial that is neither done, nor assigned yet** , you can check the status of each tutorial on the project board [here](http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/projects/1):
In short, please **choose a tutorial that is neither done, nor assigned yet**, and then ask me directly if you can get assigned to it.
![](4.png)
The list of tutorials that are not assigned yet are in the second column, once you have chosen one just ping me on [Opsec SimpleX group chat](http://nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/simplex.html).
@ -66,27 +65,13 @@ After discussing with me what task you want to do, we'll confirm on the price fo
_Disclaimer:_ if you're not used to writing technical stuff, please aim for the tutorials that are labeled as "Simple" and that you actually understand. Don't try to bite more than you can chew, otherwise i might refuse further contributions coming from you. You should be at least familliar with the topic you intend to talk about.
## **What's Offtopic?**
## What's on topic and offtopic ?
Here are the list of things that are offtopic, and that we will NOT cover in the blog (for the foreseeable future at least):
1) _General security and hacking:_ (making sure a software is secure, how to test if it is secure or not) this is a BOTTOMLESS rabbithole that we won't go into again. I went down that rabbithole myself, in the [Hacking section](../../hacking/index.md). Point being, you anyway cannot defend against the threat that you don't know anything about (0days). You're never going to eliminate all 0day risks by going for ultra minimalism, since every damn line of code your minimal software contains can potentially contain a vulnerability. **Trying to protect against the threat you don't know about (0days) IS a pointless and futile endeavor.** You can reduce the risks of 0days by going for ultra-minimalism, but we'll leave that at the discretion of the viewers. **TLDR: Tell the viewer to run the software on it's latest update. If a malicious commit is pushed into the software, don't trust that repository and maintainer anymore, fork it on your own .onion forgejo instance, remove the bad commits, and compile the software yourself.** We will consider some FOSS software as suitable for opsec use _until proven otherwise (so don't bring up the 0day excuse)_ , not the other way around.
![](65.png)
2) _Closed-source hardware privacy workarounds:_ no, we won't recommend to the 90% average joes out there to wire up cables to their CPU in order to disable intel ME, install coreboot, or whatever else, and risk bricking their motherboards/CPUs permanently. **We will recommend that average joe to purchase fully open hardware devices, that are free of potential backdoors in the first place, when they are available on the market.** We do with the tools at our disposal, so until those tools are made available, we use what we can use. **We will consider FOSS Host OS as suitable for privacy, even on closed-source hardware for the time being.** (so don't bring up the google pixel graphene OS or the Intel/AMD CPU hardware backdoor argument until you find an actual open hardware alternative that does the job aswell)
![](66.png)
3) _Unrealistic advice:_ the advice we bring forth in this blog should be doable by 90% of the average joes out there, by explaining it correctly. For instance, no, **90% of the average joes out there are not going to go dressed up in black coats, wear an anonymous mask, sit in mcdonalds, to try and use someone else's public wifi anonymously for entire days on end just to browse the web anonymously and avoid it being tied back to their irl identity. NOBODY is going to do that**. Keep that unrealistic advice off this blog, as it doesn't help anyone. The realistic approach to this is to just do a (you -> vpn -> tor -> destination) setup, it defeats 99% of the attack vectors, and 90% of the joes out there can do it if you explain it properly. End of the story. **I don't care about the 1% most unlikely scenario that only the top 1% non-average joe can pull off.** Simply mention the other options briefly, while focusing on the method that 90% of the people out there are the likely to be able to adopt.
![](64.png)
4) _Overcomplications:_ I want you to go for the simplest option that actually leads to the intended result. If, from point A you can go to point B, to arrive at result Z, then if you try to go from point A to B to C to D to E to G to H to then arrive at point Z, **you are offtopic because you are overcomplicating something that should have been simpler.** If a simpler solution exists, show that option only, do not waste diskspace writing innefficient methods that the readers don't need to read or know about. I will categorically refuse any overcomplications that isn't properly justified with adequate opsec scenarios and threat modeling.
check out [this tutorial](../offtopic/index.md) for the full explanation
## **How to contribute new tutorials**
Now you first need to sign up on gitea, click the **Register** button and fill out your details.
Now you first need to sign up on forgejo, click the **Register** button and fill out your details.
![](80.png)
@ -116,6 +101,8 @@ You can leave everything as default as shown below:
![](10.png)
![](1.6.png)
Now from there you continue from the commandline, do a git clone the repository you just forked, and do the edits you need to do:
@ -123,7 +110,7 @@ Now from there you continue from the commandline, do a git clone the repository
→ apt install git tor torsocks -y
[ mainpc ] [ /dev/pts/18 ] [~/Documents]
→ torsocks git clone http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/6dv9lk1pbaflulau/blog-contributions
→ torsocks git clone http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/optimist/opsec-blogposts
Cloning into 'blog-contributions'...
remote: Enumerating objects: 3400, done.
remote: Counting objects: 100% (3400/3400), done.
@ -133,80 +120,62 @@ Now from there you continue from the commandline, do a git clone the repository
Resolving deltas: 100% (1588/1588), done.
[ mainpc ] [ /dev/pts/18 ] [~/Documents]
→ cd blog-contributions
→ cd opsec-blogposts
If you are reusing the repository after you're done sending pull requests, don't forget to do a git pull to make sure you're working on an up-to-date repository, as i am [frequently pushing commits](http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/commits/branch/main).
If you are reusing the repository after you're done sending pull requests, don't forget to do a git pull to make sure you're working on an up-to-date repository, as i am [frequently pushing commits](http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/opsec-blogposts/commits/branch/main).
[ mainpc ] [ /dev/pts/18 ] [blog-contributions]
→ torsocks git pull http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/6dv9lk1pbaflulau/blog-contributions
→ torsocks git pull http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/optimist/opsec-blogposts
Now that you're on the latest commit, you can start to do your own changes:
Now that you're on the latest commit, you can start to do your own changes from inside vscodium directly:
wget -qO - https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg \
| gpg --dearmor \
| sudo dd of=/usr/share/keyrings/vscodium-archive-keyring.gpg
echo 'deb [ signed-by=/usr/share/keyrings/vscodium-archive-keyring.gpg ] https://download.vscodium.com/debs vscodium main' \
| sudo tee /etc/apt/sources.list.d/vscodium.list
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
→ ls
assets index.html opsec productivity pull.sh push.sh pushtoprod.sh README.md
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
→ cd opsec
sudo apt update && sudo apt install codium
codium
![](83.png)
now from there you can copy the template tutorial folder called "0_anon" into another folder:
[ mainpc ] [ /dev/pts/18 ] [Documents/blog-contributions/opsec]
→ cp -r 0_anon newtutorial
[ mainpc ] [ /dev/pts/18 ] [Documents/blog-contributions/opsec]
→ cd newtutorial
now from there if you have a new tutorial to create you can copy the template tutorial folder called "0_template" into another folder:
![](84.png)
In it you will find the index.html file that you can edit from the commandline still:
[ mainpc ] [ /dev/pts/18 ] [blog-contributions/opsec/newtutorial]
→ pwd
/home/nihilist/Documents/blog-contributions/opsec/newtutorial
[ mainpc ] [ /dev/pts/18 ] [blog-contributions/opsec/newtutorial]
→ ls
index.html
[ mainpc ] [ /dev/pts/18 ] [blog-contributions/opsec/newtutorial]
→ vim index.html
and you can also view your edits in real time from your browser of choice, just put the complete path to the index.html file to view it in real time, for me it is as follows: **/home/nihilist/Documents/blog-contributions/opsec/newtutorial/index.md** (just hit F5 to refresh in the browser, everytime you save (:w) in vim)
In the new tutorial folder (here it's **1_newtutorial**) you will find the template index.md file that you can edit from vscodium directly:
![](11.png)
You can also view your edits in real time from vscodium's built-in markdown visualizer as shown above.
Make sure that you follow the quality standard i described [here](../qualitystandard/index.md): **start with the Why, then the What, then the How**.
Make sure that you follow the quality standard i described [here](../qualitystandard/index.md): **start with the Why, then the What, then the How**. Follow the template and edit it accordingly to fit the tutorial you want to contribute.
_DISCLAIMER:_ We are not taking any shortcuts in this blog, I expect you to talk about the path, to list the steps that are on that path, **and more importantly want you to show the audience how YOU walk that path.**
For the "How" parts specifically, as you are expected to explain and show the audience how to do things, **make sure you use images and screenshots like so:**
<****img src="12.png" class="imgRz">
![](1.png)
` ![](12.png)
To take screenshots like i do, you can use [flameshot](../compilation/index.md), it has everything you need for screenshots. When you take screenshots, dont forget to draw arrows to mention where the user needs to click, add text if something needs to be clarified, etc. and then save your screenshot in the same folder as your blogpost contribution (in this case, in **blog-contributions/opsec/new-tutorial**)
To take screenshots like i do, you can use [flameshot](../compilation/index.md), it has everything you need for screenshots. When you take screenshots, dont forget to draw arrows to mention where the user needs to click, add text if something needs to be clarified, etc. and then save your screenshot in the same folder as your blogpost contribution (in this case, in **opsec-blogposts/1_newtutorial/1.png**)
apt install flameshot -y
flameshot
` ![](30.png)
@ -230,9 +199,17 @@ If you are showcasing a complex tutorial please make a graph to explain what you
` ![](31.png) ![](32.png) ![](33.png) ![](34.png) ![](35.png)
![](31.png)
If you want to use my logos for onymity, surveillance, centralisation, complexity, etc you can find them in the **blog-contributions/opsec/logos/** directory:
![](32.png)
![](33.png)
![](34.png)
![](35.png)
If you want to use my logos for onymity, surveillance, centralisation, complexity, etc you can find them in the **opsec-blogposts/logos/** directory:
![](36.png)
@ -240,47 +217,51 @@ Then, i'll let you go through the [drawio documentation](https://www.drawio.com/
![](37.png)
But in the end you should have a good looking graph like this one:
But in the end you should have a good looking graph like this one to both highlight the problem, and the solution as per the tutorial template:
![](38.png)
and if there are any commands (or terminal output) to be shown, **copy paste from your terminal directly into the index.html file** as this is going to help us save some disk space, into the **pre code blocks** :
<****pre> <****code class="nim">
[ mainpc ] [ /dev/pts/20 ] [~/Nextcloud/blog]
→ vim index.html <****/pre> <****/code>
[ mainpc ] [ /dev/pts/20 ] [~/Nextcloud/blog]
→ vim index.html
and if there are any commands (or terminal output) to be shown, **copy paste from your terminal directly into the index.md file** don't take screnshots of it, as this is going to help us save some disk space, you can use the **backticks code blocks** for that purpose :
```sh
[ localhost ] [ /dev/pts/23 ] [~]
→ neofetch
_,met$$$$$gg. user@localhost
,g$$$$$$$$$$$$$$$P. --------------
,g$$P" """Y$$.". OS: Debian GNU/Linux 12 (bookworm) x86_64
,$$P' `$$$. Host: KVM/QEMU (Standard PC (Q35 + ICH9, 2009) pc-q35-7.2)
',$$P ,ggs. `$$b: Kernel: 6.1.0-33-amd64
`d$$' ,$P"' . $$$ Uptime: 3 days, 6 hours, 13 mins
$$P d$' , $$P Packages: 1610 (dpkg), 6 (snap)
$$: $$. - ,d$$' Shell: zsh 5.9
$$; Y$b._ _,d$P' Resolution: 3840x2160
Y$$. `.`"Y$$$$P"' WM: i3
`$$b "-.__ Theme: Adwaita-dark [GTK2/3]
`Y$$ Icons: hicolor [GTK2/3]
`Y$$. Terminal: tmux
`$$b. CPU: 11th Gen Intel i7-11700K (4) @ 3.600GHz
`Y$$b. GPU: 00:01.0 Red Hat, Inc. Virtio 1.0 GPU
`"Y$b._ Memory: 11838MiB / 32096MiB
`"""
```
Preferably copy paste the command outputs into the pre code blocks, so we i can save on storage space as images take alot more space than regular text.
![](13.png)
Then once your tutorial is finished, don't forget to edit the footer to contain your contact details, your links if you have any, **and your monero donation address (which is important as i use that address to pay you for your contribution)**.
Now your tutorial is ready to be sent over for review. So now you need to git push it to your forked repository like so:
Now let's say that your tutorial is ready to be sent over for review. So now you need to git push it to your forked repository like so:
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
→ git config --global user.email "6dv9lk1pbaflulau@nowhere.moe"
[ mainpc ] [ /dev/pts/18 ] [~/Documents/opsec-blogposts]
→ git config --global user.email "optimist@nowhere.jez"
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
→ git config --global user.name "6dv9lk1pbaflulau"
[ mainpc ] [ /dev/pts/18 ] [~/Documents/opsec-blogposts]
→ git config --global user.name "optimist"
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
[ mainpc ] [ /dev/pts/18 ] [~/Documents/opsec-blogposts]
→ git add -A
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
[ mainpc ] [ /dev/pts/18 ] [~/Documents/opsec-blogposts]
→ git commit
new tutorial contribution
# Please enter the commit message for your changes. Lines starting
# with '#' will be ignored, and an empty message aborts the commit.
@ -289,15 +270,14 @@ Now your tutorial is ready to be sent over for review. So now you need to git pu
# Your branch is up to date with 'origin/main'.
#
# Changes to be committed:
# new file: opsec/newtutorial/index.md
# modified: push.sh
# new file: opsec/1_newtutorial/index.md
ESC :wq
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
[ mainpc ] [ /dev/pts/18 ] [~/Documents/opsec-blogposts]
→ git push
Username for 'http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion': 6dv9lk1pbaflulau
Password for 'https://6dv9lk1pbaflulau@git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion':
Username for 'http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion': optimist
Password for 'https://optimist@git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion':
Enumerating objects: 7, done.
Counting objects: 100% (7/7), done.
Delta compression using up to 4 threads
@ -305,34 +285,41 @@ Now your tutorial is ready to be sent over for review. So now you need to git pu
Writing objects: 100% (4/4), 388 bytes | 388.00 KiB/s, done.
Total 4 (delta 3), reused 0 (delta 0), pack-reused 0
remote:
remote: Create a new pull request for '6dv9lk1pbaflulau:main':
remote: http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/compare/main...6dv9lk1pbaflulau:main
remote: Create a new pull request for 'optimist:main':
remote: http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/optimist/opsec-blogposts/compare/main...optimist:main
remote:
remote: . Processing 1 references
remote: Processed 1 references in total
To http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/6dv9lk1pbaflulau/blog-contributions
To http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/optimist/opsec-contributions
7c759d3..7067b5c main -> main
Now you have pushed your changes to your [forked respository](http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/6dv9lk1pbaflulau/blog-contributions), from there you can make a Pull request (asking me to pull in your changes, to the [main repository](http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions)) as follows:
Now you have pushed your changes to your [forked respository](), from there you can make a Pull request (asking me to pull in your changes, to the [main repository](http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions)) as follows:
![](14.png) ![](15.png) ![](16.png)
![](14.png)
TODO
![](15.png)
![](16.png)
now from there your pull request is created, and I'll review it as soon as I get the time:
![](17.png)
If it's not complete, I'll comment in there asking you to add what's missing, **changes that you must actually finish before the deadline.** To add further changes simply add more commits to it
![](17.5.png)
[ mainpc ] [ /dev/pts/18 ] [~/Documents/opsec-blogposts]
→ vim newtutorial/index.md
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
→ vim opsec/newtutorial/index.md
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
[ mainpc ] [ /dev/pts/18 ] [~/Documents/opsec-blogposts]
→ git add -A
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
[ mainpc ] [ /dev/pts/18 ] [~/Documents/opsec-blogposts]
→ git commit
forgot to do this change!
@ -343,7 +330,7 @@ If it's not complete, I'll comment in there asking you to add what's missing, **
# Your branch is up to date with 'origin/main'.
#
# Changes to be committed:
# modified: opsec/newtutorial/index.md
# modified: newtutorial/index.md
ESC :wq
@ -352,8 +339,8 @@ If it's not complete, I'll comment in there asking you to add what's missing, **
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
→ torsocks git push
Username for 'http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion': 6dv9lk1pbaflulau
Password for 'https://6dv9lk1pbaflulau@git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion':
Username for 'http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion': optimist
Password for 'https://optimist@git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion':
Enumerating objects: 9, done.
Counting objects: 100% (9/9), done.
Delta compression using up to 4 threads
@ -362,9 +349,9 @@ If it's not complete, I'll comment in there asking you to add what's missing, **
` ![](18.png)
![](18.png)
Then wait for me to confirm the content is complete, and then i'll accept the pull request and merge it into the main repository.
Then wait for a maintainer (either me or Oxeo0) to confirm the content is complete, and then i'll accept the pull request and merge it into the main repository.
![](19.png)
@ -374,34 +361,22 @@ If you intend on becoming [a maintainer](../maintainers/index.md) you need to ke
## **Updating existing tutorials**
Sometimes it happens that a tutorial is outdated, has errors or just needs some methodology updates. If you have an idea for something that could be added, or if you want to fix some errors in the tutorial, contact us on simplex or open an issue on [gitea](http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues). We will discuss the changes and make sure they're going in the right direction. If it's a small change (like fixing typos or modifying just a few sentences), you can make a pull request with the changes without contacting us.
Sometimes it happens that a tutorial is outdated, has errors or just needs some methodology updates. If you have an idea for something that could be added, or if you want to fix some errors in the tutorial, contact us on simplex or open an issue on [Forgejo](http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues). We will discuss the changes and make sure they're going in the right direction. If it's a small change (like fixing typos or modifying just a few sentences), you can make a pull request with the changes without contacting us.
Usually, there are already a few issues for blog updates listed on the [project board](http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/projects/1). If you want to help, feel free to pick one and start working on it.
The steps are similar to what we have for creating new tutorial \- fork the repository, create a branch and edit appropriate blog post. When you're done with your changes, open a pull request so that we can review them.
Depending on how much of the tutorial is actually changed, you should credit yourself accordingly. For the sake of this example, let's say you're **oxeo0** (the person making an update) and **Nihilist** is the original author of the blog post.
## **Small change**
## **Minor fixes**
If the changes you've made are small (let's say less than 20% of the blog post), you should keep the name of the original author. You may change the date to inform readers it has been changed recently, but this is not strictly required. Do not add your XMR address in the footer. This doesn't mean that you won't be getting paid. If you're working on an issue on the project board, there's often a reward even for small edits.
![](71.png) ![](70.png)
![](100.png)
## **Considerable change**
If the changes you've made are considerable (let's say more than 20% of the blog post), you should credit yourself and the original author. Mention the tutorial has been updated by you at the top and keep both yours and author's XMR address in the footer.
![](72.png) ![](73.png)
## **Complete rewrite**
Sometimes the tutorial needs to be rewritten entirely (more than 90% changes). In this case, you can treat the tutorial as if it was written by you from the beginning.
![](74.png) ![](75.png)
## **Special Case - Collaboration**
If there is more than one person working on the tutorial, credit all as authors and list their XMR addresses.
![](76.png) ![](73.png)
Sometimes the tutorial needs to be rewritten entirely (more than 75% changes). In this case, you can treat the tutorial as if it was written by you from the beginning.
![](101.png)

BIN
maintainers/15.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 392 KiB

After

Width:  |  Height:  |  Size: 764 KiB

Before After
Before After

54
maintainers/index.md
View file

@ -69,24 +69,6 @@ When you decide to turn criticisms into todolists, follow the usual format as de
If you are not sure about if a particular todolist/criticism is valid or not, you can ask an administrator their opinion to know if it's OK or not aswell, to double check. But by default, as a maintainer your judgement is going to be trusted to write correct todolists. (With only other maintainers or administrators being able to overrule your judgement)
## **What's Offtopic?**
Here are the list of things that are offtopic, and that we will NOT cover in the blog (for the foreseeable future at least):
1) _General security and hacking:_ (making sure a software is secure, how to test if it is secure or not) this is a BOTTOMLESS rabbithole that we won't go into again. I went down that rabbithole myself, in the [Hacking section](../../hacking/index.md). Point being, you anyway cannot defend against the threat that you don't know anything about (0days). You're never going to eliminate all 0day risks by going for ultra minimalism, since every damn line of code your minimal software contains can potentially contain a vulnerability. **Trying to protect against the threat you don't know about (0days) IS a pointless and futile endeavor.** You can reduce the risks of 0days by going for ultra-minimalism, but we'll leave that at the discretion of the viewers. **TLDR: Tell the viewer to run the software on it's latest update. If a malicious commit is pushed into the software, don't trust that repository and maintainer anymore, fork it on your own .onion forgejo instance, remove the bad commits, and compile the software yourself.** We will consider some FOSS software as suitable for opsec use _until proven otherwise (so don't bring up the 0day excuse)_ , not the other way around.
![](../contribute/65.png)
2) _Closed-source hardware privacy workarounds:_ no, we won't recommend to the 90% average joes out there to wire up cables to their CPU in order to disable intel ME, install coreboot, or whatever else, and risk bricking their motherboards/CPUs permanently. **We will recommend that average joe to purchase fully open hardware devices, that are free of potential backdoors in the first place, when they are available on the market.** We do with the tools at our disposal, so until those tools are made available, we use what we can use. **We will consider FOSS Host OS as suitable for privacy, even on closed-source hardware for the time being.** (so don't bring up the google pixel graphene OS or the Intel/AMD CPU hardware backdoor argument until you find an actual open hardware alternative that does the job aswell)
![](../contribute/66.png)
3) _Unrealistic advice:_ the advice we bring forth in this blog should be doable by 90% of the average joes out there, by explaining it correctly. For instance, no, **90% of the average joes out there are not going to go dressed up in black coats, wear an anonymous mask, sit in mcdonalds, to try and use someone else's public wifi anonymously for entire days on end just to browse the web anonymously and avoid it being tied back to their irl identity. NOBODY is going to do that**. Keep that unrealistic advice off this blog, as it doesn't help anyone. The realistic approach to this is to just do a (you -> vpn -> tor -> destination) setup, it defeats 99% of the attack vectors, and 90% of the joes out there can do it if you explain it properly. End of the story. **I don't care about the 1% most unlikely scenario that only the top 1% non-average joe can pull off.** Simply mention the other options briefly, while focusing on the method that 90% of the people out there are the likely to be able to adopt.
![](../contribute/64.png)
4) _Overcomplications:_ I want you to go for the simplest option that actually leads to the intended result. If, from point A you can go to point B, to arrive at result Z, then if you try to go from point A to B to C to D to E to G to H to then arrive at point Z, **you are offtopic because you are overcomplicating something that should have been simpler.** If a simpler solution exists, show that option only, do not waste diskspace writing innefficient methods that the readers don't need to read or know about. I will categorically refuse any overcomplications that isn't properly justified with adequate opsec scenarios and threat modeling.
## **Assigning contributors onto todolists**
As a maintainer you also get to assign people to work on todolists:
@ -118,27 +100,24 @@ Going there you see that the contributor correctly made a PR, but you need to gi
![](10.png)
[ Mainpc-PrivateVM-Debian12 ] [ /dev/pts/11 ] [~]
→ cd Documents
[ Mainpc-PrivateVM-Debian12 ] [ /dev/pts/11 ] [~/Documents]
→ torsocks git clone http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/optimist/blog-contributions blog-contributions.optimist
Cloning into 'blog-contributions'...
remote: Enumerating objects: 6608, done.
remote: Counting objects: 100% (6608/6608), done.
remote: Compressing objects: 100% (5362/5362), done.
remote: Total 6608 (delta 3302), reused 3611 (delta 1133), pack-reused 0 (from 0)
Receiving objects: 100% (6608/6608), 342.55 MiB | 522.00 KiB/s, done.
Resolving deltas: 100% (3302/3302), done.
[ Mainpc-PrivateVM-Debian12 ] [ /dev/pts/11 ] [~/Documents]
→ cd blog-contributions.optimist
```sh
[ localhost ] [ /dev/pts/23 ] [~/Documents]
→ torsocks git clone http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/optimist/opsec-blogposts opsec-blogposts.optimist
Cloning into 'opsec-blogposts'...
remote: Enumerating objects: 2110, done.
remote: Counting objects: 100% (2110/2110), done.
remote: Compressing objects: 100% (2106/2106), done.
remote: Total 2110 (delta 62), reused 1996 (delta 0), pack-reused 0 (from 0)
Receiving objects: 100% (2110/2110), 193.91 MiB | 146.00 KiB/s, done.
Resolving deltas: 100% (62/62), done.
```
If they wrote their changes in a separate git branch, switch to the correct branch like so:
[ Mainpc-PrivateVM-Debian12 ] [ /dev/pts/11 ] [blog-contributions.optimist/opsec/nextcloud]
[ Mainpc-PrivateVM-Debian12 ] [ /dev/pts/11 ] [opsec-blogposts.optimist/nextcloud]
→ git switch branchname
@ -155,11 +134,10 @@ Then in the cloned repository, navigate to the new tutorial folder to get the pa
And in there from your local browser you can assess if the contribution is completed, and if it follows the quality standard:
And in there from your vscodium editor you can assess if the contribution is completed, and if it follows the quality standard.
![](11.png)
Here as you can see, this is clearly garbage. It does not follow the quality standard at all, and it even deviates from the todolist that the contributor agreed to work on. So you can either spend 10x more time reviewing what they took to write by making [the following assessment](http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/pulls/253#issuecomment-1997), or since this was a low effort you could simply post a low effort review like so:
Here as you can imagine, this is clearly garbage. It does not follow the quality standard at all, and it even deviates from the todolist that the contributor agreed to work on. So you can either spend 10x more time reviewing what they took to write by making [the following assessment](http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/pulls/253#issuecomment-1997), or since this was a low effort you could simply post a low effort review like so:
![](23.png)

BIN
offtopic/0.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 53 KiB

BIN
offtopic/1.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 709 KiB

BIN
offtopic/2.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 94 KiB

0
contribute/64.png → offtopic/64.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 57 KiB

After

Width:  |  Height:  |  Size: 57 KiB

Before After
Before After

0
contribute/65.png → offtopic/65.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.5 MiB

After

Width:  |  Height:  |  Size: 1.5 MiB

Before After
Before After

0
contribute/66.png → offtopic/66.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 229 KiB

After

Width:  |  Height:  |  Size: 229 KiB

Before After
Before After

130
offtopic/index.md Normal file
View file

@ -0,0 +1,130 @@
---
author: nihilist
date: 2001-01-30
gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/260"
xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
---
# What is On topic ?
The Nihilism Blog's Operational Security tutorial category is on purpose restricted to a few topics to avoid the subject from being too vast and to remain fully explorable.
## Topic 1: Privacy
Privacy topics are basically tutorials that explain what privacy is:
![](../aps/privacy.png)
It also involves clientside tutorials showcasing how to operate without having an adversary observe what we're doing. For instance, we showcase how to have privacy on your own computer by following the rules that are required to achieve privacy (which is by only using FOSS software, to prevent adversaries from spying on you)
![](../linux/52.png)
And we also talk about serverside privacy tutorials, which largely revoles around explaining the concept of self-hosting services.
## Topic 2: Anonymity
Anonymity topics are basically tutorials that explain what Anonymity is:
![](../anonymityexplained/10.png)
It also involves clientside tutorials that showcase how to operate without an adversary being able to determine what our identity is (meaning we have to remain identical to others in a given group, like among the Tor users). It generally involves explaining how to route apps through Tor to make them function while enforcing anonymity at the same time.
![](../monero2024/25.png)
We also cover how to enforce serverside-anonymity, by explaining how to acquire servers anonymously, and use them anonymously (maintaining Tor in between us and the servers), and how to make services work through Tor alone using .onion Hidden Services.
![](../nextcloud/60.png)
## Topic 3: Deniability
And Lastly, the holy grail of Operational Security being deniability, where we cover what it takes for your operations to survive the eventuality where you're forced to type your password to unlock what's encrypted on your computer.
![](../deniability/4.png)
This is where we showcase how to implement host OS livemode, and Veracrypt hidden volumes into one's setup, to make sure that there are no proofs left behind that could prove that the individual is behind said sensitive operations once his .
![](../veracrypt/20.png)
On the clientside, the core scenario is to explore how to ensure that the individual's operations can survive a police raid, and the order from the judge where he's forced to type his own password.
On the serverside, the core scenario is to explore how to ensure that a given service can survive multiple server takedowns. (meaning ensuring high availability, how to organize the multi-server setups, etc.)
# Side Topics: Anarchy, and Agorism
Anarchy is at the absolute core of Operational Security, because it is about protecting the individual's freedom by using the proper technology, in the proper way, following the proper opsec practices. This entire blog is there to enable individuals protect their freedom from Tyranny, essentially we're telling them how they can become ungovernable.
![](../whytheblog/7.png)
We also welcome topics relating to Decentralized Finances which massively enable Agorism the making of circular economies outside of the control of the state, it follows Anarchist principles where the individual should be able to transact freely, without state intervention. (see our tutorials on Monero, Xmrbazaar, and Haveno in particular)
![](1.png)
# **What's Offtopic?**
Here are the list of things that are offtopic, and that we will NOT cover in the blog (for the foreseeable future at least):
## General security and hacking:
Making sure a software is secure, how to test if it is secure or not, this is a BOTTOMLESS rabbithole that we won't go into again. I went down that rabbithole myself, in the [Hacking section](../../hacking/index.md). The Point being that you anyway cannot defend against the threat that you don't know anything about (0days).
This is also an oxymoron because every software out there is secure until you find a vulnerability in it. And upon a vulnerability being disclosed publicly, it gets patched anyway.
What can you do against that vulnerability that didn't get disclosed publicly yet, that you don't know about ?
![](2.png)
You're never going to eliminate all 0day risks by going for ultra minimalist software, since every damn line of code your minimal software can potentially contain a vulnerability. **Trying to protect against the threat you don't know about (0days) IS a pointless and futile endeavor.** You can reduce the risks of 0days by going for ultra-minimalism, but we'll leave that at the discretion of the viewers.
**Tell the viewer to run the software on it's latest update. If a malicious commit is pushed into the software, don't trust that repository and maintainer anymore, fork it on your own .onion forgejo instance, remove the bad commits, and compile the software yourself.** We will consider some FOSS software as suitable for opsec use _until proven otherwise (so don't bring up the 0day excuse)_ , not the other way around.
## Closed-source hardware privacy workarounds:
No, we won't recommend to the 90% average joes out there to wire up cables to their CPU in order to disable intel ME, install coreboot, or whatever else, and risk bricking their motherboards/CPUs permanently.
![](65.png)
**We will recommend that average joe to purchase fully open hardware devices, that are free of potential backdoors in the first place, when they are available on the market.**
We do with the tools at our disposal, so until those tools are made available, we use what we can use. **We will consider FOSS Host OS as suitable for privacy, even on closed-source hardware for the time being.** (so don't bring up the google pixel graphene OS or the Intel/AMD CPU hardware backdoor argument until you find an actual open hardware alternative that does the job aswell)
## Unrealistic advice:
The advice we bring forth in this blog should defeat 99% of the risks while still be doable by 90% of the average joes out there, by explaining it correctly.
For instance, no, **90% of the average joes out there are not going to go dressed up in black coats, wear an anonymous mask, sit in mcdonalds, to try and use someone else's public wifi anonymously for entire days on end just to browse the web anonymously and avoid it being tied back to their irl identity. NOBODY is going to do that**.
![](66.png)
Keep that unrealistic advice off this blog, as it doesn't help anyone. The realistic approach to this situation would be to just do a (you -> vpn -> tor -> destination) setup, since it defeats 99% of the attack vectors, and 90% of the joes out there can do it if you explain it properly. End of the story.
**I don't care about the 1% most unlikely scenario that only the top 1% non-average joe can pull off.** Simply mention the other options briefly, while focusing on the method that 90% of the people out there are the likely to be able to adopt.
## Overcomplications:
I want you to go for the simplest option that actually leads to the intended result. Especially if there are a ton of options that can actually lead to the destination like with chat applications.
For example, you can achieve private chats (E2EE) with both Signal and SimpleX, but on Signal you have to use a phone number to be able to get to the same result, which is an unjustifiable complication, (also given how many threat vectors it actually introduces).
![](../whytheblog/4.png)
If, from point A you can go to point B, to arrive at result Z, **then do not add steps in between, because you are offtopic in over-complicating it.**
If a simpler solution exists, show that option only and do not waste diskspace writing innefficient methods that the readers don't need to read or know about.
**I will categorically refuse any overcomplications that isn't properly justified with adequate opsec scenarios and threat modeling.**
## Technology that does not protect against anything
For example, showcasing how to install a [web radio](../../selfhosting/0_lainradio/index.md), is a preety cool thing to showcase, but it has absolutely ZERO justification to be showcased because it does not fit into any threat model.
![](../../selfhosting/0_lainradio/0.png)
You're not going to use a web radio to protect against any threat to your privacy, anonymity, or deniability.
You get the idea, I no longer care about regular sysadmin tutorials, like the ones i wrote in the selfhosting category of the blog.
The closest thing i'll accept to regular sysadmin tutorials is how to make a popular/very useful service work via a hidden .onion service like we did for the [Nextcloud](../nextcloud/index.md) or the [Anonymous Monitoring](../anonymous_server_monitoring/index.md) tutorials, because you essentially showcase how to implement a service while maintaining serverside anonymity.
The given technology that is being showcased has to fit into a proper threat model and opsec scenario, the showcased technology needs to either provide a solution to protect against a given threat, or serve a purpose for another technology that protects against a given threat, otherwise it is simply offtopic.

BIN
qualitystandard/50.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 53 KiB

After

Width:  |  Height:  |  Size: 246 KiB

Before After
Before After

60
qualitystandard/index.md
View file

@ -16,36 +16,36 @@ In order to make sure the content isn't rushed and the quality of the blog overa
![](50.png)
Rather than writing a gigantic wall of text and loose you halfway, as you can see i made a graph. This is the most effective way of conveying your ideas to your audience, so don't hesitate to make graphs using drawio (with colors preferably) instead of writing walls of text that nobody will read.
Rather than writing a gigantic wall of text and loose you halfway, as you can see i made a graph. DO IT. **Making a Graph is the most effective way of conveying your ideas to your audience**, so don't hesitate to make colorful graphs using drawio (with colors preferably) instead of writing walls of text that nobody will read.
First of all, the general structure of the content is with the **Why / What / How methodology** This following the minimalistic style where everything that is used and mentionned must be justified. (Everything that has no justification to be there, is to simply be removed.)
1. **Why should I care ?
1. **Why should I care ? In which context ?**
**
2. **What are my options ?
**
3. **How can i implement it ?
2. **What is the solution ?**
**
3. **How can i implement it ?**
Nobody cares about your message until you tell them **why they should care.** Usually that goes by telling them a short story that they can relate to, in our case it's an opsec scenario that explains what an adversary can do against you.
Nobody cares about your message until you tell them **why they should care.** Usually that goes by giving the context and telling them a short story that they can relate to, in our case it's an opsec scenario that explains what an adversary can do against you.
**The blog is structured around 3 core scenarios:**
1. _Privacy:_ The adversary can see you do something, how can you prevent it ?
1. Privacy: The adversary can see you do something, how can you prevent it ?
2. _Anonymity:_ The adversary knows that it's you who did it, how can you prevent it ?
2. Anonymity: The adversary knows that it's you who did it, how can you prevent it ?
3. _Deniability:_ The adversary busts down your door, and forces you to open your devices, how can you make sure he doesn't find anything in there ?
3. Deniability: The adversary busts down your door, and forces you to open your devices, how can you make sure he doesn't find anything in there ?
**If the scenario of your contribution doesn't fit into (or serve a purpose for) one of those 3, it's most likely off-topic.**
**WARNING: If the scenario of your contribution doesn't fit into (or serve a purpose for) one of those 3, it's most likely [off-topic](../offtopic/index.md).**
Context: In your house, in your bedroom, if there are windows to look outside
@ -104,7 +104,6 @@ Let's take a small todolist that is as follows:
` ![](51.png)
Here we have a combination of the 3 possible types of steps you may be expected to showcase, a physical step, a GUI digital step, and a CLI digital step.
@ -119,19 +118,17 @@ In the case of the physical step, you need to take a picture, and add arrows in
While editing the html file it will look like that (as you need to put the picture in the same folder as the tutorial you're editing):
<__img src="1.png">
![](1.png)
If you want to reuse an image from another tutorial like i just did above (it's totally fine), but rather than copying the image from another tutorial and waste diskspace, you can simply reuse the image of another tutorial by adding ../tutorialfolder/ before the path of the image like so:
<__img src="../graphene/10.png">
![](../graphene/10.png)
and lastly if you have a CLI step to show, you need to simply copy paste the terminal output in the pre code blocks while still highlighting what's important like so:
<__pre> <__code class="nim">
nowhere#**./flash-all.sh**
nowhere#./flash-all.sh
Warning: skip copying bootloader_a image avb footer (bootloader_a partition size: 0, bootloader_a image size: 14125140).
Sending 'bootloader_a' (13794 KB) OKAY [ 0.364s]
Writing 'bootloader_a' (bootloader) Flashing pack version slider-14.5-11677881
@ -167,7 +164,6 @@ and lastly if you have a CLI step to show, you need to simply copy paste the ter
**Finished. Total time: 0.150s**
nowhere#
<__/pre> <__/code>
If there are parts of the commandline output that don't matter, just replace them with [...] in order to stick to what the user needs to see.
@ -185,11 +181,29 @@ And lastly, if you are someone that makes alot of spelling and grammar mistakes
` ![](53.png) ![](54.png) ![](55.png) ![](56.png) ![](57.png) ![](61.png) ![](58.png) ![](59.png) ![](60.png) ![](62.png)
![](53.png)
![](54.png)
![](55.png)
![](56.png)
![](57.png)
![](61.png)
![](58.png)
![](59.png)
![](60.png)
![](62.png)
Now using this addon you can find your typos more easily (as it highlights them for you), effectively helping you find and fix them, so if english isn't your first language **definitely make sure that you run LTEX+ once after you finished writing your article, so that you don't leave spelling mistakes behind.**
**DISCLAIMER: a blogpost is NOT complete until it follows this quality standard** , if you find one that doesn't meet those requirements, do mention it on their [gitea issue](http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/projects/1) or ping me directly about it on SimpleX.
**DISCLAIMER: a blogpost is NOT complete until it follows this quality standard** , if you find one that doesn't meet those requirements, do mention it on their [Forgejo issue](http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/projects/1) or ping me directly about it on SimpleX.
Same thing if you want to contribute a blogpost that does not meet these quality requirements, **_i do not care, it is NOT finished until it meets those requirements._** Do not be suprised if i refuse your blog contribution for weeks on end if it doesn't meet the requirements. It may take a little more time to do things properly, but at least you're not lowering the quality of the overall blog by following it.
Same thing if you want to contribute a blogpost that does not meet these quality requirements, **_we do not care, it is NOT finished until it meets those requirements._** Do not be suprised if we refuse your blog contribution for weeks on end if it doesn't meet the quality requirements. It may take a little more time to do things properly, but at least you're not lowering the quality of the overall blog by following it.

BIN
runtheblog/0.5.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 54 KiB

BIN
runtheblog/0.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 6.8 KiB

After

Width:  |  Height:  |  Size: 23 KiB

Before After
Before After

BIN
runtheblog/26.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 264 KiB

414
runtheblog/index.md
View file

@ -20,338 +20,137 @@ The entire blog is meant to remain available for free, for everyone, over clearn
## **Clearnet Setup**
## **How to run an instance of the Blog**
Now if you are interested in helping me get the word accross, you can run the blog yourself like so:
On a debian server (VPS or not), install the following packages:
[ Datura ] [ /dev/pts/23 ] [~]
→ sudo apt install nginx wget curl tor torsocks -y
```
[ Wonderland ] [ /dev/pts/4 ] [~]
→ sudo apt install nginx nginx-extras wget curl tor torsocks docker.io docker-compose -y
[ Wonderland ] [ /dev/pts/4 ] [~]
→ cd /srv/
Then, you need to download the blog somewhere, you can simply git clone it from the blog-contributions forgejo repository into the /srv/ directory:
[ Datura ] [ /dev/pts/23 ] [~]
→ torsocks git clone http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions /srv/blog/
[ Wonderland ] [ /dev/pts/4 ] [/srv]
→ torsocks git clone http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-deploy
_Optional:_ if you want to also host the archived blog sections i wrote in the past (the hacking and selfhosting categories) you can do so as follows:
[ Wonderland ] [ /dev/pts/9 ] [/srv/blog-archive]
→ torsocks git clone http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-archive /srv/blog-archive
[ Wonderland ] [ /dev/pts/4 ] [~]
→ cd blog-deploy
Then we need to make sure that the blog repository stays updated regularly:
[ Wonderland ] [ /dev/pts/11 ] [/srv]
→ crontab -e
#blog
@hourly /usr/bin/torsocks /usr/bin/git -C /srv/blog/ pull
@hourly /usr/bin/torsocks /usr/bin/git -C /srv/blog-archive/ pull
[ Wonderland ] [ /dev/pts/4 ] [/srv/blog-deploy]
→ docker-compose up -d
[+] Running 2/0
✔ Container blogmk_server Running 0.0s
✔ Container blogmk_puller Running
```
then you can use this nginx configuration (and dont forget to enable it with a symlink to sites-enabled):
[ Datura ] [ /dev/pts/23 ] [~]
→ rm /etc/nginx/sites-*/default
[ Datura ] [ /dev/pts/23 ] [~]
→ vim /etc/nginx/sites-available/blog.nowhere.moe
[ Datura ] [ /dev/pts/23 ] [~]
→ ln -s /etc/nginx/sites-available/blog.nowhere.moe /etc/nginx/sites-enabled/
[ Datura ] [ /dev/pts/23 ] [~]
→ cat /etc/nginx/sites-available/blog.nowhere.moe
server {
listen 80;
listen [::]:80;
server_name blog.nowhere.moe;
return 301 https://$server_name$request_uri;
}
server {
######## TOR CHANGES ########
listen 4443;
listen [::]:4443;
server_name blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion;
add_header Onion-Location "http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion$request_uri" always;
######## TOR CHANGES ########
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name blog.nowhere.moe;
########################################## HARDENING SSL #############################################
ssl_certificate /root/.acme.sh/blog.nowhere.moe/fullchain.cer;
ssl_certificate_key /root/.acme.sh/blog.nowhere.moe/blog.nowhere.moe.key;
ssl_dhparam /root/.acme.sh/dhparam.pem;
# SSL Settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_ecdh_curve auto;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /root/.acme.sh/blog.nowhere.moe/fullchain.cer;
resolver 1.1.1.1 208.67.222.222;
add_header Strict-Transport-Security "max-age=63072000" always;
access_log off;
error_log off;
###################################END OF HARDENING SSL###########################################
rewrite ^/servers/anon.html http://$server_name/opsec/index.md permanent;
rewrite ^/servers/(.*)$ http://$server_name/opsec/$1 permanent;
index index.html;
root /srv/blog/;
#optional selfhosting + HTB locations in /srv/blog-archive:
location ~ ^/(selfhosting|HTB)/ {
root /srv/blog-archive/;
}
}
From there, the blog will start to git clone the [blog-contributions](http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions) repository and the submodules containing the opsec, productivity, selfhosting and hacking blogposts.
but as you can see we're missing the TLS certificates, so let's get them using acme.sh:
[ Datura ] [ /dev/pts/23 ] [~]
→ wget -O - https://get.acme.sh | sh -s email=nihilist@contact.nowhere.moe
[ Datura ] [ /dev/pts/23 ] [~]
→ systemctl stop nginx ; acme.sh --issue --standalone -d blog.nowhere.moe -k 4096; systemctl start nginx
![](0.5.png)
And now that we have them, let's see if the nginx config is correct:
[ Datura ] [ /dev/pts/23 ] [~]
→ nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
give it some time to git clone it, as it's rather massive to download through Tor.
Now that the nginx config is correct let's restart nginx to load in the new config:
[ Datura ] [ /dev/pts/23 ] [~]
→ systemctl restart nginx
```sh
[ Wonderland ] [ /dev/pts/4 ] [/srv/blog-deploy]
→ cat docker-compose.yml
services:
blogmk-puller:
image: alpine:latest
container_name: blogmk_puller
environment:
- SITE_URL=http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion
- BRANCH=main
- REPO_URL=http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions
- REFRESH_SEC=900
volumes:
- ./repo:/repo
- ./servable:/servable
- ./entry.sh:/entry.sh:ro
extra_hosts:
- "host.docker.internal:host-gateway"
entrypoint: ["sh", "/entry.sh"]
network_mode: "host"
restart: unless-stopped
And then we can see that the website is up and reachable at the clearnet domain:
blogmk-server:
image: nginx:alpine
container_name: blogmk_server
volumes:
- ./nginx.conf:/etc/nginx/sites-enabled/default:ro
- ./servable:/usr/share/nginx/html:ro
ports:
- "127.0.0.1:7080:80"
restart: unless-stopped
![](1.png)
## **Tor Hidden Service Setup**
```
Since clearnet websites are easily censorable nowadays, let's make sure it is censorship-resistant by making it available over Tor. Let's first install Tor:
[ Datura ] [ /dev/pts/23 ] [~]
→ apt install tor -y
Afterward however, the blog will be reachable via the local port 7080 on the server, so you can make the following reverse nginx proxy config to make sure that it is reachable via a .onion mirror:
Then we git clone the mkp repository to be able to generate an onion hidden service address:
[ Datura ] [ /dev/pts/23 ] [~]
→ apt install gcc libc6-dev libsodium-dev make autoconf tor
[ Datura ] [ /dev/pts/23 ] [~]
→ git clone https://github.com/cathugger/mkp224o /srv/mkp224o
[ Datura ] [ /dev/pts/23 ] [/srv/mkp224o]
→ cd /srv/mkp224o ; ./autogen.sh ; ./configure ; make
[ Datura ] [ /dev/pts/23 ] [/srv/mkp224o]
→ ./mkp224o datura
sorting filters... done.
filters:
datura
in total, 1 filter
using 12 threads
daturacccspczuluj2hbgqfcpkjo75hn7bzmuzsm5zys3az6k3su45ad.onion
daturaxnp7x4ubwlslgyeaft5dabaxotmsaxanayocnpxarc7wi36kid.onion
[ Datura ] [ /dev/pts/23 ] [/srv/mkp224o]
→ mkdir /var/lib/tor/onions
[ Datura ] [ /dev/pts/23 ] [/srv/mkp224o]
→ mv daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion /var/lib/tor/onions
[ Datura ] [ /dev/pts/11 ] [lib/tor/onions]
→ ls -lash
total 16K
4.0K drwx------ 4 debian-tor debian-tor 4.0K Jan 27 15:33 .
4.0K drwx--S--- 8 debian-tor debian-tor 4.0K Feb 1 15:08 ..
4.0K drwx------ 3 debian-tor debian-tor 4.0K Jul 12 2023 daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion
4.0K drwx------ 3 debian-tor debian-tor 4.0K Jan 27 15:48 nihilhfjmj55gfbleupwl2ub7lvbhq4kkoioatiopahfqwkcnglsawyd.onion
[ Datura ] [ /dev/pts/11 ] [lib/tor/onions]
→ ls -lash daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion
total 24K
4.0K drwx------ 3 debian-tor debian-tor 4.0K Jul 12 2023 .
4.0K drwx------ 4 debian-tor debian-tor 4.0K Jan 27 15:33 ..
4.0K drwx------ 2 debian-tor debian-tor 4.0K Jul 12 2023 authorized_clients
4.0K -r-------- 1 debian-tor debian-tor 63 Jul 12 2023 hostname
4.0K -r-------- 1 debian-tor debian-tor 64 Jul 12 2023 hs_ed25519_public_key
4.0K -r-------- 1 debian-tor debian-tor 96 Jul 12 2023 hs_ed25519_secret_key
```sh
[ Wonderland ] [ /dev/pts/4 ] [/srv/blog-deploy]
→ vim /etc/nginx/sites-available/blog.conf
Then after copying the hidden service files where they belong we change the directory rights accordingly:
[ Datura ] [ /dev/pts/11 ] [lib/tor/onions]
→ chmod 700 daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion
[ Datura ] [ /dev/pts/11 ] [lib/tor/onions]
→ chmod 400 daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/*
[ Datura ] [ /dev/pts/11 ] [lib/tor/onions]
→ chmod 700 daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/authorized_clients -R
[ Datura ] [ /dev/pts/11 ] [lib/tor/onions]
→ chown debian-tor: /var/lib/tor/onions -R
[ Wonderland ] [ /dev/pts/23 ] [~]
→ ln -s /etc/nginx/sites-available/blog.conf /etc/nginx/sites-enabled/
Then we edit the torrc config file to make sure it uses the correct hidden service directory, along with a port to be used to access the website:
[ Datura ] [ /dev/pts/11 ] [/srv/mkp224o]
→ cat /etc/tor/torrc
HiddenServiceDir /var/lib/tor/onions/daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/
HiddenServicePort 80 127.0.0.1:4443 # for web service HTTP (recommended!)
HiddenServicePort 443 127.0.0.1:4444 # for web service HTTPS (but not recommended!)
HiddenServicePort 18080 127.0.0.1:18080 # for monero nodes
HiddenServicePort 18081 127.0.0.1:18081 # for monero nodes
# to have another hidden service, you can append it afterward like so; but you need to use different ports:
HiddenServiceDir /var/lib/tor/onions/daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/
HiddenServicePort 80 127.0.0.1:4445
[ Wonderland ] [ /dev/pts/4 ] [/srv/blog-deploy]
→ cat /etc/nginx/sites-available/blog.conf
upstream blogbackend {
server 127.0.0.1:7080;
}
Then we restart Tor to refresh the configuration:
[ Datura ] [ /dev/pts/23 ] [/srv/mkp224o]
→ systemctl restart tor@default
[ Datura ] [ /dev/pts/23 ] [/srv/mkp224o]
→ systemctl status tor@default
● tor@default.service - Anonymizing overlay network for TCP
Loaded: loaded (/lib/systemd/system/tor@default.service; enabled-runtime; preset: enabled)
Active: active (running) since Sun 2024-11-10 21:39:43 CET; 2 days ago
Main PID: 2790923 (tor)
Tasks: 13 (limit: 77002)
Memory: 1.5G
CPU: 1d 12h 17min 42.199s
CGroup: /system.slice/system-tor.slice/tor@default.service
└─2790923 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0
And from there, we edit the nginx configuration to make sure the website is reachable over the tor domain aswell along with having the header set so that the user's tor browser mentions that there is a .onion link available:
[ Datura ] [ /dev/pts/23 ] [~]
→ vim /etc/nginx/sites-available/blog.nowhere.moe
[ Datura ] [ /dev/pts/23 ] [/srv/mkp224o]
→ cat /etc/nginx/sites-available/blog.nowhere.moe
server {
listen 80;
listen [::]:80;
server_name blog.nowhere.moe;
return 301 https://$server_name$request_uri;
}
server {
**######## TOR CHANGES ########
listen 4443;
listen [::]:4443;
server_name blog.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion;
add_header Onion-Location "http://blog.daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion$request_uri" always;
######## TOR CHANGES ########**
[...]
}
server {
listen 4443;
listen [::]:4443;
server_name blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion;
And then we refresh nginx and we see that the website can be reached over the .onion link aswell:
[ Datura ] [ /dev/pts/23 ] [~]
→ systemctl restart nginx
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
![](2.png) ![](3.png)
location / {
proxy_pass http://blogbackend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
And that's it! you now have made your own copy of the blog available over clearnet and Tor.
[ Wonderland ] [ /dev/pts/4 ] [/srv/blog-deploy]
→ systemctl restart nginx
_Sidenote:_ if you want to only have an onion mirror of the blog (and no clearnet at all), you can use this nginx config:
[ Wonderland ] [ /dev/pts/9 ] [/etc/nginx/sites-available]
→ cat blog.conf
server {
######## TOR WEBSITE ########
listen 4443;
listen [::]:4443;
server_name blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion;
rewrite ^/servers/anon.html http://$server_name/opsec/index.md permanent;
rewrite ^/servers/(.*)$ http://$server_name/opsec/$1 permanent;
index index.html;
root /srv/blog/;
#optional selfhosting + HTB locations in /srv/blog-archive:
location ~ ^/(selfhosting|HTB)/ {
root /srv/blog-archive/;
}
}
[ Wonderland ] [ /dev/pts/4 ] [/srv/blog-deploy]
→ nginx -t
2025/05/08 21:08:41 [info] 359817#359817: Using 116KiB of shared memory for nchan in /etc/nginx/nginx.conf:61
2025/05/08 21:08:41 [info] 359817#359817: Using 131072KiB of shared memory for nchan in /etc/nginx/nginx.conf:61
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[ Wonderland ] [ /dev/pts/4 ] [/srv/blog-deploy]
→ nginx -s reload
```
From there you just need to make sure that the website is reachable via it's onion mirror: (for more details on how to run hidden services with custom .onion vanity v3 domains, check out [this tutorial](../torwebsite/index.md))
```sh
[ Wonderland ] [ /dev/pts/4 ] [/srv/blog-deploy]
→ cat /etc/tor/torrc
HiddenServiceDir /var/lib/tor/onions/nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/
HiddenServicePort 80 127.0.0.1:4443
[ Wonderland ] [ /dev/pts/4 ] [/srv/blog-deploy]
→ systemctl restart tor@default
```
and then just check if you can reach it:
![](26.png)
## **Setting up Collaboration**
@ -399,3 +198,4 @@ And then to make sure the nihilism blog remains resistant to takedowns, you can
![](25.png)
And that's it! you now know how to run the blog yourself, and also how to make sure you can make sure the project keeps going if something were to happen to me in the future.

2
stancesensitive/index.md
View file

@ -48,7 +48,7 @@ These are just a few examples of what sensitive activities can be, there are any
The core scenario that our entire deniability category of tutorials revolve around is the following:
_Scenario:_ If the adversary were to bust down your door right now, and force you to type a password, would your sensitive activities be able to remain secret ?
Scenario: If the adversary were to bust down your door right now, and force you to type a password, would your sensitive activities be able to remain secret ?