mirror of
https://github.com/Anon-Planet/thgtoa.git
synced 2026-03-22 20:53:28 +01:00
Added important security notice
This commit is contained in:
Alex Anderson
15
guide.md
15
guide.md
@@ -126,6 +126,7 @@ Finally note that this guide does mention and even recommends various commercial
|
||||
- [Your Cryptocurrencies transactions:]
|
||||
- [Your Cloud backups/sync services:]
|
||||
- [Your Browser and Device Fingerprints:]
|
||||
- [Microarchitectural Side-channel Deanonymization Attacks:]
|
||||
- [Local Data Leaks and Forensics:]
|
||||
- [Bad Cryptography:]
|
||||
- [No logging but logging anyway policies:]
|
||||
@@ -1399,6 +1400,19 @@ It should also be noted that while some browsers and extensions will offer some
|
||||
|
||||
This guide will mitigate these issues by mitigating, obfuscating, and randomizing many of those fingerprinting identifiers by using Virtualization (See [Appendix W: Virtualization][Appendix V1: Hardening your Browsers:]), using specific recommendations (See [Appendix A5: Additional browser precautions with JavaScript enabled] and [Appendix V1: Hardening your Browsers][Appendix V1: Hardening your Browsers:]) and using by fingerprinting resistant Browsers (Brave and Tor Browser).
|
||||
|
||||
## Microarchitectural Side-channel Deanonymization Attacks:
|
||||
|
||||
There was an attack published that can deanonymize users if they have a known alias. For example, an attacker trying to track the activities of a journalist can use that journalist's public Twitter handle to link their anonymous identities with their public one. This breaks compartmentalization of identities and can lead to complete deanonymization, even of users who practice proper OPSEC.
|
||||
|
||||
The attack, published at <https://leakuidatorplusteam.github.io/> <sup>[[Archive.org]][1386]</sup>, can be mitigated using a browser extension:
|
||||
|
||||
- https://chrome.google.com/webstore/detail/leakuidator%2B/hhfpajcjkikoocmmhcimllpinjnbedll (Chrome, Edge, and other Chrome-based browsers)
|
||||
- https://addons.mozilla.org/en-US/firefox/addon/leakuidatorplus/ (Firefox and Firefox-based browsers)
|
||||
|
||||
It's generally not recommended to install extensions into Tor Browser, because the fact that you have an extension installed can be an extra data point for browser fingerprinting. As such, this extension is only a temporary solution until the fix can be implemented by the browsers' own developers.
|
||||
|
||||
Separating identities via separate browsers or even with VMs is not enough to avoid this attack. However, another solution is to make sure that when you start working with an anonymous identity, you entirely close all activities linked to other identities. The vulnerability only works if you're actively logged into a non-anonymous identity. The issue with this is that it can hinder effective workflow, as multitasking across multiple identities becomes impossible.
|
||||
|
||||
## Local Data Leaks and Forensics:
|
||||
|
||||
Most of you have probably seen enough Crime dramas on Netflix or TV to know what forensics are. These are technicians (usually working for law enforcement) that will perform various analysis of evidence. This of course could include your smartphone or laptop.
|
||||
@@ -15100,3 +15114,4 @@ See the [Some last OPSEC thoughts][Some last OPSEC thoughts:] section for some t
|
||||
[1383]: https://web.archive.org/web/20220714213939/https://officercia.mirror.xyz/4x2-M4R2cSnID1wpsTO4CQNrMQ5JUFouR-rZ_N4xO-Q
|
||||
[1384]: https://web.archive.org/web/20220718231735/https://officercia.mirror.xyz/5KSkJOTgMtvgC36v1GqZ987N-_Oj_zwvGatOk0A47Ws
|
||||
[1385]: https://web.archive.org/web/20220516000616/https://officercia.mirror.xyz/WeAilwJ9V4GIVUkYa7WwBwV2II9dYwpdPTp3fNsPFjo
|
||||
[1386]: https://web.archive.org/web/20220720023429/https://leakuidatorplusteam.github.io/
|
||||
|
||||
Reference in New Issue
Block a user