Chargen19
Basic
- Joined
- 02.10.20
- Messages
- 99
- Reaction score
- 115
- Points
- 43
I. TAILS
Tails is an operating system (OS) designed to hide your identity everywhere you go.
You have to always keep in mind that you are NOT in any case safe enough using Tor on regular operating systems like Windows or MacOS. You need to use an OS specifically designed to keep you safe and anonymous. Tails is one of them.
1. What is Tails?
tails.boum.org
2. How Tails works and why you should use it?
tails.boum.org
3. Read the Tails documentation
tails.boum.org
4. Download Tails and start using iP
tails.boum.org
II. PGP encryption
To use your PGP keys and configuration across different working sessions, you MUST turn on the GnuPG feature of the Persistent Storage. If you do not do it, any PGP key you will create or import will be gone once Tails is restarted!
What is PGP?
First and foremost, you might come across or came across many terms like PGP, OpenPGP, GPG or GnuPG. These terms file under the same category but refer to slightly different things.
PGP: It stands for Pretty Good Privacy. It was created in the 1990s by PGP Corporation and is owned since 2010 by the cybersecurity company NortonLifeLock (formely known as Symantec Corporation until 2019).
Over the course of nearly three decades, PGP has been developed, improved, and updated, making it one of the standard option for encryption today.
OpenPGP: It is an open source standard that allows PGP to be used in software that is typically free and open-source. The term OpenPGP is often applied to tools, features, or solutions that support open-source PGP encryption technology.
GPG/GnuPG: It stands for GNU Privacy Guard. GnuPG (or shortened GPG) is a slightly different implementation of the OpenPGP standard and a strong alternative to NortonLifeLock’s owned PGP software.
This is the one everyone refer to when mistakenly refering to PGP.
To briefly summarize, when you read PGP or GPG it's actually refering to the same thing: GnuPG. That's simply a language abuse. But since it's the most widely used word and you will see it written everywhere, we will continue to use that word PGP here to not confuse users often used to it and not to GPG.
PGP allows you to:
Decrypt messages
Verify messages: It's used to check the authenticity of a message. If you have the PGP public key of the supposed sender you can use it to verify that the message was indeed written and signed by that sender and that the message is legitimate.
Encrypt messages
Sign messages:You can sign a message to prove that you created it. Anyone that has your PGP public key can verify that you signed it. (as stated above)
PGP is an asymetric encryption method. That means it uses a public key-private key pairing: data encrypted with the private key can only be decrypted with the public key and vice versa. So when we talk about PGP/GPG, two keys are always involved.
The PGP Private key:You are to not, at any time or for any reason, to give anyone your private key. It is for your eyes only!
This key is used to decrypt and sign messages.
The PGP Public key: This is the key you are able to be give out so others can encrypt messages with your public key, send them to you, and then only YOU can decrypt them with your private key.
Creating a PGP key pair
Since it is not described in the Tails documentation, we decided to add this section.
Click on the clipboard icon on task bar at the top of your screen and select the option Manage Keys
On the new window that appeared, click on File at the top and select the New option. Then a list of items shows up that you can create, choose PGP key and click Continue.
Then in Full Name enter a PSEUDO. Obviously do not use your real name because everybody that has your public key can see that name. Never ever use an username that can be linked to your real identity. If you want to ONLY use this particular key for Dread, entering your Dread username is a good option.
It is STRONGLY ADVISED you leave the other fiel
Two main end-to-end encryption protocols can be used with XMPP: OTR or OMEMO.
OTR: Stands for Off-The-Record encryption. The primary motivation behind the protocol was providing deniable authentication for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with cryptography tools that produce output which can be later used as a verifiable record of the communication event and the identities of the participants
The initial introductory paper was named Off-the-Record Communication, or, Why Not To Use PGP
Pidgin only support this form of encryption.
OMEMO: It is a recursive acronym for OMEMO Multi-End Message and Object encryption. In comparison with OTR, the OMEMO protocol offers many-to-many encrypted chat, offline messages queuing, forward secrecy, file transfer, verifiability and deniability at the cost of slightly larger message size overhead.
To use XMPP you not only need a client but also to register an account on a XMPP server. You can choose the server of your choice but we strongly recommend jabber.calyxinsitute.org, run by the Calyx Insitute. You can find more infos about this public XMPP server here:
calyxinstitute.org
If you don't want to use it, you can find more public XMPP servers here:
xmpp.net
Policies are decided entirely by each individual XMPP server administrator. Some have strongly privacy practices, don't log anything and allow you to connect to them through Tor. Some are less privacy friendly.
It is up to you to choose a public XMPP server accordingly. Some may require registering your account through their website and cannot be registered through your client. The registration is usually quick and easy.
Setuping Pidgin and OTR
First open Pidgin by going to Applications (at the top left of your screen) -> Internet -> Pidgin Internet Messenger. On the one window called Buddy List go Tools -> Plugins and scroll down the alphabetically sorted list till you see an entry called Off-the-Record Messaging. Make sure the checkbox on the left of it is checked, then select the entry and click on Configure Plugin. Ensure that the following options are selected:
Enable private messaging
initiate private messaging
Require private messaging
Don’t log OTR conversations.
Now close the configuration window and the plugin overview window.
Registering an account
For this guide we will use the Calyx Institute's server. You don't have to use it if you don't want to. You can choose another one on the list above but its settings will be different from this guide. In the Buddy List window go Accounts -> Manage Accounts. Click on the Add button and select the following options:
Protocol: XMPP
Username: Username you want to use
Domain: jabber.calyxinstitute.org
Resource: Leave blank.
Password: choose a strong randomly generated password by using the app KeePassXC
Check the checkbox called Create this new account on the server at the bottom
Next Click the tab that says Advanced:
Connection Security: Require encryption
Connect Port: 5222
Connect server: ijeeynrc6x2uy5ob.onion
File transfer proxies: Leave blank
BOSH URL: Leave blank
NOTE: You should always try to use a hidden service server. To finish click on the Add button and wait a short time. Then you should get automatically presented a window to enter your username and password which you previously set in the configuration. Enter them and click OK. Then you should get the message that the registration of your account was successful. Note: You will get a notification to accept a certificate. After that go to the account window and check the checkbox on the left of your new account to enable it. This should ask you again for your password and after a short time the status at the bottom of the Buddy List window will change to Availablewith a green circle on the left of it. For the XMPP server used in this example you also get a welcome message.
Messaging someone
After setting up your jabber account to chat with someone you will need to add them by going to Buddies > Add Buddy(close and re-open all the Pidgin windows if the Add Buddy selection is disabled). Now enter the username the the other person gave you. It could for example be [email protected]. Optionally you can also set an alias for him in the line below which gets shown in the chat window when you chat with that person (instead of the long username which you previously entered). To confirm click the button Add . The user you want to add will receive a notification when he comes online again where he gets asked to authorize you (he sees your username). He has to click the Authorize button and confirm the new dialog window where he can also set a local alias for your username. When he did that and he is currently online, you will see him in your Buddies list. You may also see the small authorization notification at the bottom of your Buddy List window where the other user wants to add you to their buddy list. Click on authorize. That’s it! Now double-click on his name in the buddy list, click on the red Not private at the bottom right and select Start private conversation. Then the chat window will print some messages like Attempting to start a private conversation with other user’s username here. You should see at the bottom right it says unverified while you have established a secure chat with some other user. That means you could chat the whole time with a wrong person who might be malicious. In most cases the other person (your are now ch
atting on XMPP with) gave you his XMPP username through an encrypted message or a similar channel so there should be no issue but we never know. So if you are sure that the message (where he told you his XMPP username) that the other user sent you could not be manipulated, then you can skip the authentication / verification. If however you received the username through for example a clear text message on a DNM, this message may have been tampered with by LE who might have taken over the market. So to be sure that you are chatting with the right user, do the following. Click on the Unverified at the bottom right and select Authenticate Buddy. Now you can enter a question and a secret answer. It is sufficient if you choose for example check your email account as a question and a random string like Af!J}m as the secret answer. Before you click on the Authenticate button, send the other user that secret answer through a secure channel first. For example using his PGP key you have saved and sending an encrypted email to his email address that he usually uses. The content can be like The answer to my authentication question is secret answer here. Now click the Authentication button and you should get a window waiting for the authentication to be completed. The other user now gets prompted to enter the answer for your authentication question and if he does it successfully then you will see the content of your authentication progress window change to Authentication successful. You can close it by clicking OK. Now you have confirmed that you not only established a secure chat with some user, but also with the correct user. The other user can also decide to ask you such a authentication question so you are marked as authenticated on his side too. It should now say in Green Private. You can now both chat securely.
IV. Monero (XMR)
What is Monero?
Monero (XMR) is a decentralized cryptocurrency. Monero has the third largest developer community among cryptocurrencies, behind bitcoin and Ethereum. In contrast to bitcoin, where all transaction details, user addresses, and wallet balances are public and transparent, all transaction details are obfuscated. In other words, Monero, if properly used, is perfectly untraceable unlike Bitcoin.
Installing a Monero Wallet
Tails comes with Electrum as BTC wallet software but nothing regarding Monero. So to use Monero, the first thing you are going to need is a wallet software. We recommend using the Monero GUI. http://xmrguide25ibknxgaray5rqksrclddxqku3ggdcnzg4ogdi5qkdkd2yd.onion/tails
Buying Monero
You can buy Monero either in peer-to-peer exchanges like
Clearnet: localmonero.co
Onion: http://nehdddktmhvqklsnkjqcbpmb63htee2iznpcbs5tgzctipxykpj6yrid.onion
You can even use localmonero without JavaScript.
Or you can buy Monero directly on KYC exchange like binance, kraken, etc. As Monero is untraceable, for most threat model it is safe to simply buy XMR on an exchange and send it on your wallet.
It is advised AGAINST first buying Bitcoin for example and then converting it to Monero. As a rule of thumb, try to minimize your interactions with transparent blockchains (such as Bitcoin, Litecoin, etc) as much as possible.
XOXO N3UR0
Tails is an operating system (OS) designed to hide your identity everywhere you go.
You have to always keep in mind that you are NOT in any case safe enough using Tor on regular operating systems like Windows or MacOS. You need to use an OS specifically designed to keep you safe and anonymous. Tails is one of them.
1. What is Tails?
Tails - Home
2. How Tails works and why you should use it?
Tails - How Tails works
3. Read the Tails documentation
Tails - Documentation
4. Download Tails and start using iP
Tails - Install Tails
To use your PGP keys and configuration across different working sessions, you MUST turn on the GnuPG feature of the Persistent Storage. If you do not do it, any PGP key you will create or import will be gone once Tails is restarted!
What is PGP?
First and foremost, you might come across or came across many terms like PGP, OpenPGP, GPG or GnuPG. These terms file under the same category but refer to slightly different things.
PGP: It stands for Pretty Good Privacy. It was created in the 1990s by PGP Corporation and is owned since 2010 by the cybersecurity company NortonLifeLock (formely known as Symantec Corporation until 2019).
Over the course of nearly three decades, PGP has been developed, improved, and updated, making it one of the standard option for encryption today.
OpenPGP: It is an open source standard that allows PGP to be used in software that is typically free and open-source. The term OpenPGP is often applied to tools, features, or solutions that support open-source PGP encryption technology.
GPG/GnuPG: It stands for GNU Privacy Guard. GnuPG (or shortened GPG) is a slightly different implementation of the OpenPGP standard and a strong alternative to NortonLifeLock’s owned PGP software.
This is the one everyone refer to when mistakenly refering to PGP.
To briefly summarize, when you read PGP or GPG it's actually refering to the same thing: GnuPG. That's simply a language abuse. But since it's the most widely used word and you will see it written everywhere, we will continue to use that word PGP here to not confuse users often used to it and not to GPG.
PGP allows you to:
Decrypt messages
Verify messages: It's used to check the authenticity of a message. If you have the PGP public key of the supposed sender you can use it to verify that the message was indeed written and signed by that sender and that the message is legitimate.
Encrypt messages
Sign messages:You can sign a message to prove that you created it. Anyone that has your PGP public key can verify that you signed it. (as stated above)
PGP is an asymetric encryption method. That means it uses a public key-private key pairing: data encrypted with the private key can only be decrypted with the public key and vice versa. So when we talk about PGP/GPG, two keys are always involved.
The PGP Private key:You are to not, at any time or for any reason, to give anyone your private key. It is for your eyes only!
This key is used to decrypt and sign messages.
The PGP Public key: This is the key you are able to be give out so others can encrypt messages with your public key, send them to you, and then only YOU can decrypt them with your private key.
Creating a PGP key pair
Since it is not described in the Tails documentation, we decided to add this section.
Click on the clipboard icon on task bar at the top of your screen and select the option Manage Keys
On the new window that appeared, click on File at the top and select the New option. Then a list of items shows up that you can create, choose PGP key and click Continue.
Then in Full Name enter a PSEUDO. Obviously do not use your real name because everybody that has your public key can see that name. Never ever use an username that can be linked to your real identity. If you want to ONLY use this particular key for Dread, entering your Dread username is a good option.
It is STRONGLY ADVISED you leave the other fiel
Two main end-to-end encryption protocols can be used with XMPP: OTR or OMEMO.
OTR: Stands for Off-The-Record encryption. The primary motivation behind the protocol was providing deniable authentication for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with cryptography tools that produce output which can be later used as a verifiable record of the communication event and the identities of the participants
The initial introductory paper was named Off-the-Record Communication, or, Why Not To Use PGP
Pidgin only support this form of encryption.
OMEMO: It is a recursive acronym for OMEMO Multi-End Message and Object encryption. In comparison with OTR, the OMEMO protocol offers many-to-many encrypted chat, offline messages queuing, forward secrecy, file transfer, verifiability and deniability at the cost of slightly larger message size overhead.
To use XMPP you not only need a client but also to register an account on a XMPP server. You can choose the server of your choice but we strongly recommend jabber.calyxinsitute.org, run by the Calyx Insitute. You can find more infos about this public XMPP server here:
Calyx Public Jabber/XMPP Server - Calyx Institute
The Calyx Institute operates an experimental free public conferencing server that provides chat service using jabber, also known as XMPP.
calyxinstitute.org
If you don't want to use it, you can find more public XMPP servers here:
IM Observatory
xmpp.net
It is up to you to choose a public XMPP server accordingly. Some may require registering your account through their website and cannot be registered through your client. The registration is usually quick and easy.
Setuping Pidgin and OTR
First open Pidgin by going to Applications (at the top left of your screen) -> Internet -> Pidgin Internet Messenger. On the one window called Buddy List go Tools -> Plugins and scroll down the alphabetically sorted list till you see an entry called Off-the-Record Messaging. Make sure the checkbox on the left of it is checked, then select the entry and click on Configure Plugin. Ensure that the following options are selected:
Enable private messaging
initiate private messaging
Require private messaging
Don’t log OTR conversations.
Now close the configuration window and the plugin overview window.
Registering an account
For this guide we will use the Calyx Institute's server. You don't have to use it if you don't want to. You can choose another one on the list above but its settings will be different from this guide. In the Buddy List window go Accounts -> Manage Accounts. Click on the Add button and select the following options:
Protocol: XMPP
Username: Username you want to use
Domain: jabber.calyxinstitute.org
Resource: Leave blank.
Password: choose a strong randomly generated password by using the app KeePassXC
Check the checkbox called Create this new account on the server at the bottom
Next Click the tab that says Advanced:
Connection Security: Require encryption
Connect Port: 5222
Connect server: ijeeynrc6x2uy5ob.onion
File transfer proxies: Leave blank
BOSH URL: Leave blank
NOTE: You should always try to use a hidden service server. To finish click on the Add button and wait a short time. Then you should get automatically presented a window to enter your username and password which you previously set in the configuration. Enter them and click OK. Then you should get the message that the registration of your account was successful. Note: You will get a notification to accept a certificate. After that go to the account window and check the checkbox on the left of your new account to enable it. This should ask you again for your password and after a short time the status at the bottom of the Buddy List window will change to Availablewith a green circle on the left of it. For the XMPP server used in this example you also get a welcome message.
Messaging someone
After setting up your jabber account to chat with someone you will need to add them by going to Buddies > Add Buddy(close and re-open all the Pidgin windows if the Add Buddy selection is disabled). Now enter the username the the other person gave you. It could for example be [email protected]. Optionally you can also set an alias for him in the line below which gets shown in the chat window when you chat with that person (instead of the long username which you previously entered). To confirm click the button Add . The user you want to add will receive a notification when he comes online again where he gets asked to authorize you (he sees your username). He has to click the Authorize button and confirm the new dialog window where he can also set a local alias for your username. When he did that and he is currently online, you will see him in your Buddies list. You may also see the small authorization notification at the bottom of your Buddy List window where the other user wants to add you to their buddy list. Click on authorize. That’s it! Now double-click on his name in the buddy list, click on the red Not private at the bottom right and select Start private conversation. Then the chat window will print some messages like Attempting to start a private conversation with other user’s username here. You should see at the bottom right it says unverified while you have established a secure chat with some other user. That means you could chat the whole time with a wrong person who might be malicious. In most cases the other person (your are now ch
atting on XMPP with) gave you his XMPP username through an encrypted message or a similar channel so there should be no issue but we never know. So if you are sure that the message (where he told you his XMPP username) that the other user sent you could not be manipulated, then you can skip the authentication / verification. If however you received the username through for example a clear text message on a DNM, this message may have been tampered with by LE who might have taken over the market. So to be sure that you are chatting with the right user, do the following. Click on the Unverified at the bottom right and select Authenticate Buddy. Now you can enter a question and a secret answer. It is sufficient if you choose for example check your email account as a question and a random string like Af!J}m as the secret answer. Before you click on the Authenticate button, send the other user that secret answer through a secure channel first. For example using his PGP key you have saved and sending an encrypted email to his email address that he usually uses. The content can be like The answer to my authentication question is secret answer here. Now click the Authentication button and you should get a window waiting for the authentication to be completed. The other user now gets prompted to enter the answer for your authentication question and if he does it successfully then you will see the content of your authentication progress window change to Authentication successful. You can close it by clicking OK. Now you have confirmed that you not only established a secure chat with some user, but also with the correct user. The other user can also decide to ask you such a authentication question so you are marked as authenticated on his side too. It should now say in Green Private. You can now both chat securely.
IV. Monero (XMR)
What is Monero?
Monero (XMR) is a decentralized cryptocurrency. Monero has the third largest developer community among cryptocurrencies, behind bitcoin and Ethereum. In contrast to bitcoin, where all transaction details, user addresses, and wallet balances are public and transparent, all transaction details are obfuscated. In other words, Monero, if properly used, is perfectly untraceable unlike Bitcoin.
Installing a Monero Wallet
Tails comes with Electrum as BTC wallet software but nothing regarding Monero. So to use Monero, the first thing you are going to need is a wallet software. We recommend using the Monero GUI. http://xmrguide25ibknxgaray5rqksrclddxqku3ggdcnzg4ogdi5qkdkd2yd.onion/tails
Buying Monero
You can buy Monero either in peer-to-peer exchanges like
Clearnet: localmonero.co
Onion: http://nehdddktmhvqklsnkjqcbpmb63htee2iznpcbs5tgzctipxykpj6yrid.onion
You can even use localmonero without JavaScript.
Or you can buy Monero directly on KYC exchange like binance, kraken, etc. As Monero is untraceable, for most threat model it is safe to simply buy XMR on an exchange and send it on your wallet.
It is advised AGAINST first buying Bitcoin for example and then converting it to Monero. As a rule of thumb, try to minimize your interactions with transparent blockchains (such as Bitcoin, Litecoin, etc) as much as possible.
XOXO N3UR0
