For what I hope are obvious reasons, I don't want, and probably will never post my threat model publicly online. However, regardless of that, what I'm sure you will extrapolate from this post is that I live my life, digitally in particular, with a fairly high level threat model. This is not because I'm some super sophisticated criminal mastermind, but rather, I am at this level because I genuinely love playing around with this stuff. And I just happen to understand the importance of privacy and just how vital it is to a truly healthy society. I would like to extend a thanks to ProgressiveArchitect for the sharing of the knowledge they have done on this subreddit, /privacytoolsio, and the like. We may have never interacted, but nevertheless, your input into this community is truly interesting and extremely informative and educating. I'm sure those of you familiar with PA's setup will be able to draw some parallels with mine and their's. Thank you. I hope you all enjoy reading this write up.
I run Qubes OS on a Lenovo ThinkPad X230 laptop. Specs for it are as following: - i7-3520M - 16GB RAM - 1TB Samsung 860 Evo SSD - Qualcomm Atheros AR9285 wireless card Additionally, I used a Raspberry Pi Model 3B+ and a Pomono SPI clip to replace the stock BIOS firmware with coreboot+me_cleaner. This wasn't done out of any "real" concern for the Intel ME (though of course proprietary black-boxes like it should be avoided at all costs and not trusted), but rather for open source enthusiasm and for increased security and faster boot times than what the stock BIOS firmware allows for. On that note about the ME, I don't believe the conspiracy theories that claim that it is a state-sponsored attack method for surveillance. I believe that Intel had good intentions for improving the lives of IT professionals who need to manage hundreds, if not thousands of remote machines. However, it has proven time and time again to be insecure, and I don't need the remote management and the "features" that it provides on my machines. In Qubes, I use a combination of AppVMs and StandaloneVMs for a variety of different purposes. All VMs use PVH over HVM, except for the Mirage Unikernel Firewall, which uses PV, and the sys-net and sys-usb StandaloneVMs which have to use HVM because of PCI device passthrough. Right now most of my VMs are AppVMs, but for maintenance and compartmentalization reasons, I am considering moving more towards StandaloneVMs, despite the increase in disk space and bandwidth usage for updates. General route of from Qubes to the Internet for anonymous browsing, general private browsing, accessing Uni services, and Uni-related anonymous browsing respectively: 1. Qubes->sys-mirage-firewall->sys-vpn-wg->sys-corridor->sys-whonix->whonix-ws-15-dvm to the internet. 2. Qubes->sys-mirage-firewall->sys-vpn-wg to the Internet. 3. Qubes->sys-mirage-firewall->uni-vpn-wg to the Internet. 4. Qubes->sys-mirage-firewall->uni-vpn-wg->uni-corridor->uni-whonix->uni-anon-research to the Internet.
(Note: the VPN name is substituted in the "vpn" above. I had to remove it to comply with this subreddit's rules. It is easy to identify what VPN it is as it randomly generates a long numaric string and has fantastic support for WireGuard.)
fedora-29-minimal: Base for the minimal VMs.
fedora-29-uni-persist: Template for uni-campus and uni-home AppVMs.
crypto: A work in progress VM for handling crypto transaction using cleansed Bitcoin and Monero.
printing: Exactly as it sounds like. It is firewalled to only be able to connect to the network printer on my home network.
sys-corridor: corridor is a Tor traffic whitelisting gateway that provides network to sys-whonix. It helps to provide an additional failsafe to defend against clearnet attacks.
sys-mirage-firewall: A version of the Mirage Unikernel to act as an extremely minimal and resource light firewall. It is configured to only allow connections to the individual IP addresses my VPN's WireGuard servers as well as a select few internal IP addresses on my home network (router, home server, and Pi-Hole).
uni-corridor: See sys-corridor for description. Provides network to uni-whonix.
sys-usb: USB stack isolation VM. Uses fedora minimal now.
uni-vpn-wg: A Uni ProxyVM for my VPN.
uni-net: A ProxyVM for all Uni-related domains. Based off fedora minimal.
uni-shared: Acts as an SMB network share for uni-campus and uni-home so that the documents and emails can be accessed easily between them.
fedora-29-dvm: Default disposable Fedora VM.
whonix-ws-15-dvm: Default disposable Whonix VM. This is where I do 95% of my online browsing.
calendar: Exactly as it's named. Has a firewall rule to only allow connections to posteo.de.
nas-access: Used to access my NAS and to watch content on it.
pihole-access: Used to access my Pi-Hole through Firefox. Has a firewall rule to only allow connections to its IP address.
router-access: Used to access my router through Firefox. Has a firewall so its only able to connect to 192.168.0.1.
personal: Personal domain. Used to check personal emails, read rss feeds, stream YouTube videos, and internet banking.
repos: Local copy of my repos. Has a firewall rule to only allow connections to the site hosting my git repo.
uni-anon-resarch: Research for Uni.
uni-campus: Domain for doing Uni work on campus.
uni-home: Domain for doing Uni work at home.
uni-whonix: Seperate Whonix gateway for Uni research.
offline-archive-manager: For managing the offline archives that I burn to DVDs.
personal-archive: Exactly as it's named.
sys-whonix: Default Whonix gateway ProxyVM.
vault: For storing GPG keys and other files.
vault-dvm: DVM with no internet access. The Vault VMs use this as their DisposableVM.
work-archive: Storing work archive documents (payslips, employment information, etc).
Phone: Motorola Moto G5s running Lineage OS 16.0 Pie no G-Apps or micro-G with the following Apps: - AdAway: Open Source hosts file-based ad blocker. (Requires root.) - AFWall+: Linux iptables front end. (Requires root.) - Amaze: File manager. - andOPT: 2FA app. I like it since it can export the entries to an AES encrypted file. - AntennaPod: Podcast manager. - AnySoftKeyboard - Simple Calendar - Simple Contacts Pro - DAVx5: CalDav syncronization with my calendar on my Posteo email account. - F-Droid - Fennec F-Droid: Web Browser. Has the same Firefox addons like on Qubes minus Vim Vixen. I used the app Privacy Settings to configure the about:config. - KeePassDX: Password manager. - KISS launcher - Magisk Manager - NewPipe: YouTube app replacement. - S.Notes: Standard Notes. - OsmAnd~: Maps and navigation. - Red Moon: Blue light filter. - SELinuxModeChanger: Exactly as it sounds. (Requires root.) - Shelter: Work profile manager. - Signal: Messaging. - Vinyl Music Player: Music player. - WireGuard: VPN protocol frontend. Is configured to use my VPN account. Is setup as an always-on and connected VPN. As mentioned, I use Shelter to manage my work profile. In it I isolate the following apps: - Clover: *chan browser. - Orbot: For routing apps through Tor. Is setup as an always-on and connected VPN. - RedReader: Reddit client. - Tor Browser Over the last several years, I have started using my phone less and less and taking advantage of less of what it has got to offer. I don't check email on my device. I have no real need to browse the Internet on it outside of watching videos using NewPipe, browsing Reddit, and various *chan boards. On the Smart Phone side of things, I am considering purchasing an older used iPhone SE or 6S for use with MySudo when outside of my home as well as an iPod Touch for use on WiFi only for use inside my home. The iPhone would be kept inside of a faraday bag when I am at home and not using it. It would also be kept in the faraday bag whenever at home to avoid associating that device with my home address. The iPod Touch would be used for MySudo calls instead. Future outlook and plan for my privacy and security: To avoid as much deanonymisation of my privacy as possible, I'm only going to specify enough so that anyone reading this can get the jist of my situation in life. I am quite young (age 16 to 25) and I started along this privacy journey when I was even younger. I was never a very heavy social media user, however I did have an online presence if you looked hard enough. My name fortunately is a very common and short name, so that does help to bury information that I was not able to remove further in the vast trenches that is the Internet. On the digital side of things, I mentioned that I have a dedicated Crypto AppVM for handling crypto currency transactions using Bisq. I have setup a dedicated bank account that I have periodically been transferring money into so that I can trade crypto. Unfortunately, I do not live in the US, so being able to effectively start trades with others is more difficult. I also do not have access to a credit card masking account like privacy.com (that I absolutely would use given the ability). I plan on getting an anonymous VPS to host my own Tor exit node for better speeds and to mitigate the possibility of malicious exit nodes. The country I live in has been a proponent of absolute dragnet surveillance on all activities occurring online and in real life, though the former is far more visible on this subreddit. I will be using crypto with cleaned Bitcoin (as seen with ProgressiveArchitect's setup) for purchasing my VPN service, etc. With future hardware, to replace my aging laptop, I am very hopeful for Xen, then eventually Qubes OS getting ported to Power9. When that happens I'll be getting a Raptor Computing Blackbird as a desktop. Maybe in the future I'll get a Purism Librem laptop, but for now my corebooted X230 works perfectly for my use cases. On that note, I have successfully build the Heads firmware for the X230 and I was able to get the minimal 4MB image flashed on my laptop. I did revert it back to my coreboot setup after playing around a little with it, and unfortunately I haven't had time since to do a full, complete flash of it. On the physical/real life side of things, I plan on making use of various Trusts in order to hold assets, say to keep my name from being immediately visible on the title of my car. As of right now I am fortunate enough to have the title of my car under the name of someone who I trust. Unless I am legally required, and where there are immediate and absolute consequences, I use fake names in real life. With Uni, I am enrolled under my real name and address. This is a requirement and it is verified, so there is nothing that I can realistically do about it. As for other services, I plan on setting up a personal mailbox (PMB), etc if possible to use as a real, physical address that is associated with my real name and that is used for things like Government issued ID. In the future when I move again, I plan on renting a place in cash to try and keep my name dissociated with my real address. For those looking for reasoning on why one would want to do that, please read How to be Invisible by J.J. Luna. It's truly the Bible of physical privacy. At this stage I am just going off on a ramble, so I should cut it short here. I have just started and I live for this shit.
Looking to run a Full Node in a cheap VPS for only $5/m
Came across this and thought you guys might like. Been messing around with Linux a lot more lately and was thinking about running a full node on a VPS. I want one of those $5/m VPSs. The huge dilemma that I keep coming across is that the blockchain is roughly 30 GB right now and all of the VPS plans I come across require you to upgrade to a higher end plan with more resources (RAM + CPU) in order to obtain enough storage space to store the block chain. This despite me not wanting to pay for the extra resources. Anyways just came across Virpus. They offer for $5/m a Xen paravirtualized VPS with 1 GB of RAM and 4 cores with 50 GB of storage. Plus they have a wider variety of distrobutions to choose from than most VPS. In addition to the standard offering of Debian, Ubuntu, and CentOS they also offer Slackware, Arch, Gentoo, and Scientific Linux and the storage is SSD Cached. Edit: Oh and it gets even better they accept Bitcoin too!
ChunkHost VPS now accepts bitcoin... for the next 24 hours if you sign up with BTC you get double credit!
Hi! I'm Josh Jones of Shirtoshi, BitMadness, BitcoinBuilder, and co-founder of DreamHost. My newish little VPS host is called ChunkHost, (http://www.chunkhost.com/) and we now accept Bitcoin (in which case you're anonymous, since we only need an email address)! We've also re-jiggered all our plans so it's just $9/mo no matter the size (1GB - 8GB), there's just a one-time hardware purchase fee for bigger servers (we only pay once for the hardware, why should you pay monthly forever?)! Anyway, for the next 24 hours (well, until midnight the 28th Pacific Time) if you sign up and make your first payment with bitcoin, we'll give you double account credit! We always give a 5% discount for paying with bitcoin, but now it's like a 55% discount! Which makes it overall a pretty great deal. Oh yeah, our new servers are all RAID 10 SSD drives and we're in the peer one datacenter in Los Angeles! We run Xen for our virtualization so your server can't be affected by other customers in any way. Enjoy! And please add any comments, questions, etc.. here. Thanks, josh!
I have been toying with an idea of setting up a privacy-oriented VPS for friends. No logging of IPs. OpenVPN / bittorrent allowed. Xen/KVM. Any tips for a cheap (LEB-level, around 10 USD) VPS provider that allows anonymous payments and OpenVPN/bittorrent? Any tips on paying anonymously? Is bitcoin the only way? Where should I buy my bitcoins to stay anonymous?
A VPS and Dedicated server company offering Bitcoin as a form of payment.
Hi everyone. http://HostSailor.com offers different VPS platforms such as XEN, KVM and OpenVZ with Linux & Windows operating systems, and fully customised Dedicated servers with great features such as IPV6, Gbit ports, Managed services, free incoming bandwidth, reverse dns, great SLA, and much more! simply no contracts or setup fees. You can pay using Bitcoin for any of our services. Feel free to check our website, and let us know if you ever need anything via our livechat or email addresses, or you can call us on the number displayed on the website.
Hi all! Can the good people of /seedboxes recommend a vps solution with the following characteristics:
Ultra cheap, think up to 5EUmo
No DCMA forward issues (so it can be used to seed on public traker)
ToS allows, irc, torrents, tor, ssh, etc (but no need to support porn, cp, spam, botnet cc and other nasty stuff)
Need root access, no shared stuff, but don't care for what technology is used (xen, openvz, etc)
Minimum 30Gb hdd, but more is better
Minimum of 250Gb/mo, but more is better
Don't care for cpu speed, ram (well, 96Mb would be nice) or network speed ( 10mbps is nice enough)
I'm located in Europe, but since speed is not an issue I have no geographic restrictions
No ID required
Ps1 - I have been checking for some times paces like lowendbox.com but to no avail Ps2 - I understand that for under 5 this is allot to ask, but I know they exist ... so any tips are welcome :) EDIT - formatting
Full tutorial for setting up a hidden service store
Hello everybody! There are a lot of vendors which reputation is very high and may be trusted for direct orders. If they do not want to rely only on third parties markets and be dependant to their downtime, death, exit scam etc. with this tutorial they will be able to easily setup a private store (and harden it a bit). Advantages:
No third parties involved
Funds are never stored on the server
A step toward decentralization
Basic server hardening
Responsibility for your server
This tutorial will guide you with the entire procedure, from buying a server to setting up Anonymart. This tutorial assumes that you will start with a freshly installed Debian 7. Other setup and software may interfere with my setup script, so if you are unsure read the source code.
Buying the server
This is probably the hardest part. You should look for a provider who accept Bitcoin and that has not strict practices on verifying customers identities. One of the best resources for finding out such providers is:
While there are some providers like vultr.com which will not ask for personal details and will not complain about tor, I'd suggest to avoid such large scale companies (especially if based in the US). For example, if we assume the scenario where everybody choose Vultr because it's the easier place to obtain a server, LE may force Vultr to monitor all instances which generate tor traffic without being a a tor node. After that they may cause some seconds of downtime each and compare the result to the availability of the store. The whole point of this tutorial is to decentralize, and you really should think always about that. On most providers you can't order via Tor with obviously fake credentials because all of them use MaxMind fraud prevention which will blacklist all orders done via Tor, VPN or anonymous proxies. First of all install proxychains on your torified system. You can install it in Tails and debian based distributions with
sudo apt-get install proxychains
(on Whonix this step is not required) Now, in order to place an order which seems legit to fraud prevention we need a clean ip from a residential connection. This is what Socks Proxies exist for so you should buy some at Vip72 (or obviously any other provider). The demo cost 3$ and you can pay with Bitcoin via Tor. After your payment has been verified you should be able to browse Socks Proxies by their Country/Region. Select one and test it via proxychains. Proxychains is useful because, as the name says, it can chain proxy, so you can connect to the specified set of proxy you want via tor. Here's the default configuration:
[ProxyList] # add proxy here ... # meanwile # defaults set to "tor" socks4 127.0.0.1 9050
Now add the selected proxy to the conf:
sudo nano /etc/proxychains.conf
[ProxyList] # add proxy here ... # meanwile # defaults set to "tor" socks4 127.0.0.1 9050 socks5
Now open a browser using proxychains:
Keep in mind that this should not be done with tor-browser because it's iser agents and other specifics are detected by the anti fraud system. If the socks proxy is working you should be able to browse the internet. If nothing loads, just get another socks and change the proxychains configuration. Now go to http://www.fakenamegenerator.com/ and get something which will match your proxy and seems to be believable. Choose your provider and try to order depending on which location you prefer and how much money you wish to spend. Keep in mind that this tutorial is aimed to full system, so if you are not ordering a dedicated server but a VPS you should select a full virtualized one (KVM, vmware, XEN-HVM). Unless you're expecting a huge load, 512MB of RAM and 10GB oh storage should be enough. Your provider will send you an email with information to access to you control panel from where you will be able to install the operating system. This tutorial is specifically for Debian 7 x64 (x86 is ok too), but if you know what you are doing you can obviously
Basic server setup
First of all you have to generate a ssh key if you already don't have one. ssh-keygen -t ecdsa With that command we are generating a 256 bits ECDSA key. If you left the dafult options you should be able to get the public key using: cat .ssh/id_ecdsa.pub Now login to your newly installed server. The panel should have generally asked you to provide a root password or sent via email a random generated one. Since here we're assuming that you are on Tails, Whonix or any othe system which force all connections trough tor. In particular, if you are on Tails, you should enable SSH keys persistence. If you continue on the tutorial skipping this part, you will loose your keys and the access to the server as soon as you shutdown your computer. ssh [email protected] Answer yes to the first question. Now the last step: git clone https://github.com/anonymart/anonymart.git /vawww/anonymart sh /vawww/anonymart/bin/full_setup.sh The installation script will update the system, remove useless packages, install the required ones, configure a nginx+php-fpm+mysql stack, configure tor, configure iptables and much more. If everything goes smoothly at the end it should tell you an onion address which will be the the url of your store and an onion address which you will use to connect via ssh to the server instead of the original ip.
Now go to your new url. You will be redirected to /settings/create where you will create the basic settings for yout store. Choose a very strong password. Bitcoin address for payments will be generated using your Electrum master key (which can't be used to spend the coins) using BIP32.
I've already coded a small script where vendors may enter their onion url signed with their GPG key. The script will look up on Grams for that GPG key and match the vendor to the url and add it to a public database. If some stores start to popup, i will make it available as a hidden service. Donations: 12xjgV2sUSMrPAeFHj3r2sgV6wSjt2QMBP
Some notes on anonymart
The original developer of anonymart has decided to abandon the project because interested in something else. I was already collaborating with him before that decision so he decided to pass to me the lead of it. I've reviewed part of the code and i haven't seen security issues, but this doesn't mean it's 100% secure. I'll do my best to review it all and add some missing features like:
Two factor authentication
Switch from blockchain.info api to lookup on Electrum stratum servers
Add the possibility to add more than one image per product
Change the order id from incremental to a random one
Add JSON api to list store products to facilitate third parties search engines
Unfortunately I'm not very familiar with laravel yet, so before messing with the code I'd need some times, so don't expect huge updates soon.
Hello everyone, http://HostSailor.com offers dedicated servers & different VPS platforms such as XEN, KVM and OpenVZ with Linux & Windows operating systems, with great features such as IPV6, Gbit ports, Managed services, free incoming bandwidth, reverse dns, great SLA, and much more! simply no contracts or setup fees. You can pay using Bitcoin for any of our services. You are more than welcome to shoot us an email at [email protected] or use our live chat or give us a call on the phone number on our website, we'll be happy to help.
XenCoin (XNC) existiert seit Juni 2013 und basiert auf Scrypt. die offizielle Webseite ist derzeit noch in Arbeit, deshalb habe ich die meisten Info’s von bitcointalk.org. Dort steht alles über Pools, Contests, Bounties, Block Explorer, Downloads und natürlich die Technischen Daten (Specifications). Webseite : xencoin.com Marktkapitalisierung : 27.000 US $ XNC – Wert : 0.00016 … Cheap Xen VPS in Switzerland for Bitcoin by COINSHOST.COM; Advertise with us (we do not endorse any site advertised) « previous next » Print; Pages:  Go Down. Author Topic: Cheap Xen VPS in Switzerland for Bitcoin by COINSHOST.COM (Read 1085 times) 0 Members and 1 Guest are viewing this topic. CoinsHost. Newbie; Joined: Feb 2014; Posts: 9; Karma: +0/-0; Cheap Xen VPS in Switzerland for ... Buy VPS With Bitcoin Top 10 List 1. ... XEN, and KVM, all with various features that will suit whatever needs you might have, large or small. On this site, you can buy VPS with Bitcoin and have it activated as soon as the payment is confirmed. Check HostSailor VPS Hosting Plans. 9. HawkHost. HawkHost is a powerful, cloud-based VPS hosting provider that gives you total security as well as ... Bitcoin cryptocurrency is growing rapidly and many web hosting companies are accepting it as a legitimate payment method, but there are also some hosts that accept only Bitcoin, known as Bitcoin VPS providers. Regardless of what you are searching for, be it a cheap VPSs, an offshore VPSs, or a Windows or Linux VPSs, Bitcoin VPS is always a good choice. Disclaimer: These VPS providers who support bitcoin it doesn’t mean they provide you full anonymous registration please read terms and conditions of an individual host. Some host does not give the option to pay via bitcoin at the time of cashout. You have to first make an account and then top up your account via bitcoin then buy with your account balance.
best VPS RDP cheap hosting server for mining bitcoin vps 2017
For education purposies only! Download crypter: https://tinyurl.com/wnlm87d Dont scan crypter/build/stub on virustotal or analogs! Use CyberScan or Antiscan!... BITCOIN TỤT XUỐNG 9200$ !!!!! TẠI SAO VẬY? - UPDATE HEXTRA COIN !!!! Lần thứ 2 trong tháng bitcoin xuống dưới mức 10.000$. Các bạn xen video để biết được lý ... xen vps hosting cheap cheap vps $2 cheap vps 2gb ram cheap vps 2017 cheap vps 2015 cheap vps 2013 cheap vps 2 ip cheap vps 256 cheap vps windows 2008 best cheap vps 2013 cheap vps windows 2012 $2 ... 2v2 Against XeN Bloodlist and Revrse Tayyab From Revrse Clan. SEO RDP Windows remote desktop connection Hi-Quality RAM 500 GB Storage for $5 on # Fiverr https://www.fiverr.com/dompro 20% Discount use Promo Code ( SPRING...