Contributing guidelines should IMHO also make it clear that any upload of new binaries such as pictures should be cleaned from all metadata using exiftool.

Now personally, for ease of use, I recommend https://exifcleaner.com/ (available on all platforms) which will do the same (it's just a GUI front-end of exiftool) but you can just drag and drop files in the interface (multiple if you want).

Works on all file formats and not only on pictures.

Contrary to the name "exif" which concerns only pictures, it works for all metadata on all types of files.

Get a VPS for a Mjolnir bot and a Tor Mirror.

Where and what has already been discussed.

I volunteer for the setup since I've done it before for the previous Tor Mirror and Mjolnir base install.

First wait for this request I made: https://github.community/t/is-there-a-way-to-make-youtube-also-publish-the-jekyll-build-in-a-repo-folder-when-pushing-commits/259902

We should add a command using Bundler for this

This requires the installation of Bundler and Jekyll.

Detailed Instructions are here: https://docs.github.com/en/pages/setting-up-a-github-pages-site-with-jekyll/testing-your-github-pages-site-locally-with-jekyll

bundle exec jekyll build

This will create a _site or docs folder with the static html files exactly like online.

The folder should be in .gitignore but another "mirror" repository should be created. The files built in the bundler built site should be copied to the other repository root.

I can then set up gitlab for example to auto-fetch / mirror that "mirror repository" and have a mirror auto-updated without human intervention.

Most of those tasks have to be done by the person able to execute the makefile of course. We can't do much with our permissions.

To consider: use Cloudlare CDN as front-end for caching and analytics

I've gone ahead and drawn up a template for the Issues and PRs and explained why this is necessary:

See #130.

https://anonymousplanet-ng.org/export/guide.pdf > 404 errror

One method of mitigating telemetry collection on Android devices is installing an alternative OS.

Examples being GrapheneOS and CalyxOS. These are sometimes referred to as "deGoogled" OS's as they do not include any Google apps/services in the default installation.

These two examples are only supported on Googles Pixel devices. LineageOS is another option with wider device support.

GrapheneOS in particular also has a lot of additional security features built in. Eg. Hardened memory allocator (https://github.com/GrapheneOS/hardened_malloc), device integrity monitoring (https://attestation.app/about) and sandboxed Google Play services (https://grapheneos.org/features#sandboxed-google-play)

I think this is worth including in the guide. As a long time user of GrapheneOS I can begin drafting a PR.

Add sponsoring feature linking to the donate page on GitHub

Don't abandon it please please

We need to add information about their anti-evil-maid system (https://www.qubes-os.org/doc/anti-evil-maid/) in our https://anonymousplanet-ng.org/guide.html#hardening-qubes-os section.

But this works only on an Intel CPU.

Babba and myself are AMD.

We need to find someone to write not a "tutorial" but more like an experience report, issues you might encounter, things should be careful for etc etc in addition to linking to their tutorial (if their is one). If there is none, we have to make one.

As it was in the past "manual" and inefficient flow:

For the sake of never appearing sus:

• Run pdfid.py on the generated PDFs , download on https://blog.didierstevens.com/programs/pdf-tools/.Result should be like shown on the https://anonymousplanet-ng.org/verify.html page at the bottom ... all 0s.
• Run exiftool on both PDF and ODT at the end to remove any potential metadata that might be left on the files

Either we need to find a way to re-gain control of it?

Or we need to find a way to disable it?

Or we let it be?

https://privacy-security-anonymity.github.io/chatrooms-rules/ is 404

The markdown table in the Qubes route section looks fine in markdown however when converted to PDF the columns are squashed to fit on the page.

The addition of a tor mirror would be nice but would required funding for a cheap VPS somewhere

ODT file missing , 404 , https://anonymousplanet-ng.org/guide.odt

Pandoc/ConText are tampering and shrinking the images in ODT/PDF

Some kind of solution needs to be found ...

See image from Tor Browser with Standard level

Making PR

We need to resume our social networks presence.

Especially twitter. Somewhat Reddit. A bit Mastodon. And from time to time Hackernews.

This using official accounts obviously.

Solutions need to be found. I'm very good at this and volunteer.

Replace all:

<sup>[[blabla]][746]<sup>

end of document

[746]: https://...

by

<sup>[[blabla]](https://...)<sup>

To facilitate updates/creation, reduce the error risks with pandoc, removing a thousand useless lines/references

Basically getting rid of the remains of a past conversion from a word processor

Some suggestions:

• Only the pdf and releases files need signing and checksum
• All the other files can stay as is and not be in the export folder at all
• Instead, use GitHub features, let's make a 1.1.6 release with the related 1.1.6 tag which will generate 2 files:
  • thgtoa_1.1.6.tar.gz
  • thgtoa_1.1.6.zip
    And just sign/checksum those instead of signing each separate file, just sign the whole repo release?
• Reinstate the virustotal check for the PDF files and add the results to a separate file for guide.md/pdf and the releases. Why? Because of such things: https://threatresearch.ext.hp.com/stealthy-opendocument-malware-targets-latin-american-hotels/
• Update changelog as "unreleased" when committing. To avoid having to go back through all the changes since 1.1.6pre1 when going to 1.1.6.

Please assign this issue to Dan-Kir

The goal is to check the flow of the routes to see if well ... the flow is correct and you don't get stuck at some point or sent to a wrong section or something.

Skiff

Threat model

Skiff, unlike most other collaboration workstations, provides private and secure collaboration. Skiff’s threat model is an adversary that, according to them, "may access any data sent over a network to or from a client (even data sent over encrypted network connections). It also assumes that data stored with a cloud provider cannot be assumed to be confidential."

Tor signup

This is possible but you may encounter things such as regular Captcha's and other annoyances, but that wouldn't make it unusable. They don't have a Tor V3 onion service.

Skiff is an ecosystem, much like Google's products. It has both a free and priced ("pro") tier, from which you can benefit from its use of extended version history for files, more options for collaboration, etc. But payment isn't required and isn't necessary for base usage. They offer an e-mail extension (in terms of its reach not an actual extension for your browser; i.e., it offers its own collaboration e-mail that functions like a server e-mail); pages for creating wikis and other documents; and a Google Drive-esque product that, overall, has the ability to perform much like Google Docs, but with the addition of data protection and privacy enhancing techniques. The product is open-source, on top of this. I don't know whether this is the full source for everything yet)

Skiff is a document editor at its roots. Similar to Google Docs, it allows you to "write, edit and collaborate in real time with colleagues with privacy baked in." Skiff doesn’t have the ability to access anyone’s data and most, if not all, metadata. "Only users, and those who are invited to collaborate, do."

It’s an idea that has already attracted the attention of investors. Skiff’s co-founders Andrew Milich (CEO) and Jason Ginsberg (CTO) announced today that the startup has raised $3.7 million in seed funding[^2] from venture firm Sequoia Capital, just over a year since Skiff was founded in March 2020. Alphabet chairman John Hennessy, former Yahoo chief executive Jerry Yang and Eventbrite co-founders Julia and Kevin Hartz also participated in the round.

Skiff isn’t that much different from WhatsApp or Signal, which are also end-to-end encrypted, underneath its document editor. “Instead of using it to send messages to a bunch of people, we’re using it to send little pieces of documents and then piecing those together into a collaborative workspace[.]”

The co-founders acknowledged that putting your sensitive documents in the cloud requires users to put a lot of trust into the startup, particularly one that hasn’t been around for long. That’s why Skiff published a whitepaper with technical details of how its technology works, and has begun to open source parts of its code, allowing anyone to see how the platform works. Milich said Skiff has also gone through at least one comprehensive security audit, and the company counts advisors from the Signal Foundation to Trail of Bits.

Products (w/ E2E encryption)

• Mail
• Pages
• Drive

Availability

Skiff is currently available through:

• Any browser,
• iOS app,
• Android app,
• Mac desktop app

Document types supported

You can upload .docx, .pdf, or .md files, or import documents directly from your Google Docs using our instant migration tool. You can also embed files of any type into your Skiff pages for collaborators to download. Read more about Skiff’s file embeds here.

"/" Commands

“/” commands allow you to access all the cool features Skiff has to offer without lifting your hands from your keyboard. By hitting the “/” key on your keyboard, a dropdown list of commands will pop up for your selection. Select commands such as “Code” to insert a code block, “Equation” to insert a mathematical equation, and many more awesome features.

Document encryption

Every document is associated with a short-term symmetric session_key as well as an asymmetric “hierarchical” key-pair. The session_key is used to encrypt all document contents and metadata that are stored on the server. In order to support real-time collaboration and simple sharing mechanisms, all collaborators - say Alice and Bob - have access to the same session_key. However, because Alice and Bob have different asymmetric key pairs, they each have unique encrypted copies of the same session key (encrypted with public_key_Alice and public_key_Bob, respectively). Using this symmetric session_key, we can outline processes for creating, editing, and sharing documents ... a document’s hierarchical key can be used for constructing a scalable filesystem out of many thousands of documents.

Document history

You can always use the Version History feature to view and restore previous versions of your pages. Free tier users can look back up to 24 hours

Account recovery

When users forget their password, it’s convenient for them to have a way to recover their account and reset their password. This is achieved using a recovery key (a symmetric key similar to the password_derived_secret). A user can enable account recovery in their settings, which generates a recovery key. The recovery key is used to encrypt the user’s private data (i.e. private keys); this encrypted user data is stored by Skiff but inaccessible.

My reasoning is that:

• we can track changes in a more linear and informative way
• we can show exact changes (major and minor) over time
• compare across tags: v1.1.4...v1.1.5-pre2
• set up plans with tags like v1.1.5-pre2 ... "See v1.1.5.2" ... for issues we have assigned
• there will be many issues and each should have an assigned target/tag(s)

If that's not cool

I don't know what is. Tags were made for a reason, we should utilize them.

Seriously, why aren't we already doing this?

Create a dedicated PSA repo for PSA related issues ?

Please consider the addition of an IPFS mirror using: https://pinata.cloud/

You can then just make a DNS redirect from like "ipfs.anonymousplanet-ng.org" to the domain provided by Pinata.cloud.

PrivacyTools.io recently seems to be controversial with regard to claims of just being affiliate links and FUD. I'm creating this issue to allow people to provide their thoughts and reach a decision regarding this.

Pr List:

• 94
• 93
• 78 but no clue what it is
• 60 IMHO We should have

We need to harass them to re-gain control of what we paid for.

We have (Babba has) the wallets with the transactions.

We can tell them exactly the destination address (their receiving one which only the customer and them should know).
We can tell them the time, the exact amount (again only the customer and them should know).

We need to harass them until they become nuts and cave in and give us back the VPS, they're prepaid for a damn year.

Needs to be said that Secuchart https://bkil.gitlab.io/secuchart/ is a fantastic resource when deciding between chat/IM clients. It involves a lot of things such as the safety of the protocol (audits), E2EE status, PFS status, and whether or not there are F-droid APKs and where to see the source, etc. I've recommended this resource to many already with great feedback. I would like to place it in the list of additional resources before the comparison in the guide, so people can see a updated and maintained chart for help choosing an app to communicate safely with.

All credit to bkil on Matrix.

The footnotes at the bottom of the document are not displayed properly.

Solution:

They should be re-numbered to avoid skips and no longer trigger Pandoc errors.

Notes:

Need to number footnotes ^273 and on; since ^274 was removed, and it wasn't re-numbered in that commit.

I did accomplish this with regex and sed but I checked the links afterward and they're fine:

#!/bin/bash

sed -i 's/\[\^329\]/\[\^328\]/g' guide.md
sed -i 's/\[\^330\]/\[\^329\]/g' guide.md
sed -i 's/\[\^331\]/\[\^330\]/g' guide.md
... snip ...
sed -i 's/\[\^538\]/\[\^537\]/g' guide.md

Proposal: remove projects, remove wiki, add discussions, add automatic mirroring to GitLab including a mirror website

Sadly, they decided to leave the community. They should be removed from the PSA space and placed in the other rooms sections.

Our logo needs to be updated. See attachment. All their rights should also be removed if they have any. If they're admin on a section or some space. They should unadmin their privileges. If lower we should remove all their privileges.

Also see #91

.

Please assign this issue to Dan-kir

It has been reported to me that sometimes you have low skilled user (in the low skilled routes) sent suddenly to an advanced user section. Which they won't understand.

We need to identify those. I asked Dan-kir to do this.

First of all, I would like to say that I fully appreciate the effort of the writer(s) who brilliantly put this document together. As near as I can tell they remain unidentified and go unpraised. But I just did here.
Because it is a many days long slog to work my way through this document, if I actually make it, my first comments are not regarding content but on User Interface or UI. These comments reflect the pdf version read in (a communications crippled) Adobe Acrobat in Read Mode zoomed to fill the 24 inch portrait screen at a 1080x1920 resolution. This being probably one of the most ideal screen reading environments currently available. Many people including myself, have difficulty reading long documents on a screen and typically print them out. This should be taken into serious consideration here.

The writer is clearly a technologist and not a typographer or graphic design artist as the text typeface is somewhat faded and difficult to read, and the graphics all seem to require zooming in to read them, and seem to be randomly sized and arranged in a not easily readable form. A project of such importance and magnitude, not to mention the significant existing effort that was expended in writing this, deserves some additional attention to properly bring it home comfortable to the readers eyes.

Beyond the UI, the writer(s) is clearly not an academic as the organization and structure are too scattered and would be much better in an organized chapter form. In addition, the services of a professional editor would be welcomed here as well. For example: I would like to see some information structured by access device type and by geographical location. This would make the information more accessible by being able to ignore what is not specifically relevant to each individual reader. For example: I like Richard Stallman, Dave Eggers etc. do not use a smart (sic) phone, aka a cellular Newton. Nor do I live under a repressive government, well at least under the common understanding of that phrase.

The document also suffers from the lack of a page numbered and a more clearly identified hyperlinked Table of Contents. A TOC and an Index are also quite easy to generate these days in adequate word processing software.
All of this is to say that a reader, however well motivated and well intentioned, must be drawn into the content and not repelled from it. This should be a more rich text document with color and formatting that are inviting to the reader. Graphical notations for Tips and Tricks and Notes could be used to catch the eye of the reader. The web links in the body text and footnotes should be hyperlinked, even if url defanged.

The footnotes at the bottom of pages, rather than at the end of the document, are welcomed and useful. The Archive.org, Wikiless, Scrtibe.rip, and Invidious links are a very good idea.
This review is not unlike something I would give a Kindle book on Amazon. Although with the Kindle sausage grinder text and graphics conversion, there is little the author can do about its inherent flaws.

Regarding content, some searches of the document have revealed that it does not contain any information regarding mixnets or decentralized VPN’s (dVPN).

RIP, Lena

See OnionBrowser/OnionBrowser#117

Update https://anonymousplanet-ng.org/guide.html#ios ASAP

Now that we use Github as source, we can re-activate the transifex translation.

The issue encountered before was that since updates were done in the ODT, the numbering of references would change the whole document in markdown/kramdown.

Then transifex would be "fucked up". Translators couldn't work.

This is no longer an issue. We can re-enable this. Babba should have the transifex creds and I doubt those are deleted.

I think it would be wise to create an organization for this project rather than a single repository on one account.

Eventually with time you might even designate a co-maintainer in case something happens to you.

What do you think?

https://anonymousplanet-ng.org/about.html

Github Discussions: https://github.com/AnonyPla-ng/thgtoa/discussions

It's not there 404 ... and I continue to suggest removing Projects/Wiki

The domain is paid until 2029 ... we need to re-gain control.

We (Babba) has all the keys.

We need to harass their support until they cave in? WDYT?

It's not meant to sound like clickbait, just to get your attention.

Admin is AWOL.

Project dead?

Need guidance on where to go from here.

Possibly migrate repo without all the signatures?

Would be nice if we could self-assign ourselves and even label the issues.

I mean the approved collaborators inside the org of course, not externals.

WDYT

Sorry for the long title, but the PDF shows on the last page where it should be a references section, but it's for the footnotes which don't get rendered to the document. The only references shown are the [^23] footnotes, not the [23] style ones, important distinction. Let's clean this up?

Please assign this task to Dan-kir

It's been reported to me that the https://anonymousplanet.org/guide.html#your-browser-and-device-fingerprints section is outdated and needs some love and improvement. So well, let's check that.

This task has been given to Dan-kir

Please review:

• https://officercia.mirror.xyz/
• https://hackernoon.com/a-cia-agents-guide-to-steganography-fooling-the-kgb-and-protecting-your-crypto
• https://hackernoon.com/a-view-on-opsec-through-the-prism-of-time
• https://github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap

This is from a person who was kind enough to retweet us, like us, link us and recommend us.

@officer_cia on twitter

Urgent priority, due tomorrow. Thanks to this person we might recover a lot of our lost community on twitter.

Need to remove the references to CTemplar soon. All services are shutdown.

References:

https://ctemplar.com/ctemplar-is-shutting-down/

Please migrate all your data out of this email service by May 26 of 2022, after this day all the stored that will be permanently erased.

- The CTemplar Team

Obvious :) But for the record :) Made an issue :)

There is currently a discussion on Privacy Guides that I want to bring up here since it is important to both the guide and in the interest of public safety. Those who are wanting to add an Android route, while bringing several points that I find valid, I do not see a large enough reason to put one in. The guide doesn't contain an Android route because these devices are inherently easy to turn into spying and surveillance devices, as well as trackers. It may seem like using a cellular device can be made secure, and it's been brought to me several times to add a route to the guide, but I have addressed these concerns each time by stating that the scope of the guide only includes using a trusted device. Android simply isn't secure. Even hardened. And this is just a simple PoC to why Android is outside of the scope. I will try to keep this as short as possible but the aim is to provide an accurate representation to why Android is out of reach.

Android is a system that uses permissions per-app. There are apps that, for instance, remove metadata. This requires specific legacy permissions to work, such as access to the filesystem - which we don't want at all, ideally, because you don't control what exactly is being done at the FS level and is extremely difficult to limit and even eliminate completely from a privacy standpoint.

Case in point

PrivacyGuides/Discussion #1457

Hi, I wanna suggest this app which also removes metadata and gives a report of which metadata is removed except the embedded ICC Profile, EXIF, Photoshop Image Resources and XMP/ExtendedXMP metadata upon saving

Edit: as @matchboxbananasynergy indicated, images are saved without those metadata. My mistake

repo: https://github.com/Tommy-Geenexus/exif-eraser

I agree with this. Though it seems that in the project's Github, what it removes is worded in a weird way that's not completely clear:

JPEG: Images will be saved excluding the embedded ICC Profile, EXIF, Photoshop Image Resources and XMP/ExtendedXMP metadata

PNG: Images will be saved excluding the embedded ICC Profile, EXIF and XMP metadata
WebP: Images will be saved excluding the embedded ICC Profile, EXIF and XMP metadata

I think that the metadata mentioned above is what it does remove.

Furthermore, ExifEraser is written in Kotlin and requests no permissions. It uses scoped storage and will be using the photo picker with Android 13, which it seems has just been integrated:

Tommy-Geenexus/exif-eraser@1f00415

By comparison, both Imagepipe and Scrambled Exif require the storage permission, which makes them a worse choice.

As you can see, the apps being discussed require full filesystem access using legacy permissions that aren't necessary. The app, Scrambled Exif, while being very useful in removing EXIF, requires access to the FS to do its work, whereas ExifEraser doesn't. This might seem like it's a good choice for Android, but it only increases the likelihood that you are trusting another app with your information and the entire premise of the guide we have is to create a safe system requiring least permissions using a zero-trust model. This is simply made painful on Android because - even though it utilizes a form of SELinux and contains per-app security conditions, there is no way anybody has time to view every single permission on base Android. It is possible, and even made easier with flashing another ROM, etc., that may limit exposure, but it's not a risk that our readers should have to deal with. The guide should stay oriented toward the technical and non-technical usage of a computer that can be made secure and relied upon without risking exposure in a meaningful way and without sacrificing stability for security and privacy. Android OS is simply designed to be a tracking device and while a desktop solution includes this same risk, it is much easier to implement changes directly to it than breaking the terms of service to Android devices for the possibility of more security because you have flashed a supported device with an image that may or may not do what it's intended to do.

That's not to say that Graphene OS or other systems used commonly aren't secure, but it's the device itself that cannot be entirely trusted, even when extensively hardened. These systems have their uses but they simply cannot be relied on to secure a purposefully deceitful operating system built to control users and their data, and be a window into their everyday lives to intrude on their safety and privacy.

Tags should be added:

• privacy
• security
• anonymity
• activism
• tutorials
• guides

others will be suggested I think

Re-add the twitter button on the header of the website since it's back active!