@@ -100,7 +100,7 @@ To install and configure Sandboxed Google Play:
* Automatic updates are enabled in Google Play Store by default: **Google Play Store Settings → Network Preferences → Auto-update apps**.
* Notifications for Google Play Store and Google Play Services need to be enabled for auto-updates to work: **Settings → Apps → Google Play Store / Google Play Services → Notifications**. If you get notifications from the Play Store that it wants to update itself, [accept them](https://discuss.grapheneos.org/d/4191-what-were-your-less-than-ideal-experiences-with-grapheneos/18).
You can now install applications through the Google Play Store. The first applicatoin we will install is a [VPN](/glossary/#vpn-virtual-private-network). If you will be using a free VPN, RiseupVPN is recommended. If you want to anonymously pay for a VPN, both [Mullvad](https://www.privacyguides.org/en/vpn/#mullvad) and [IVPN](https://www.privacyguides.org/en/vpn/#ivpn) are also recommended. VPNs are per-profile, so must be installed in each user profile separately. All default connections made by GrapheneOS will be forced through the VPN (other than [connectivity checks](https://grapheneos.org/faq#default-connections), which can optionally be disabled).
You can now install applications through the Google Play Store. The first application we will install is a [VPN](/glossary/#vpn-virtual-private-network). If you will be using a free VPN, RiseupVPN is recommended. If you want to anonymously pay for a VPN, both [Mullvad](https://www.privacyguides.org/en/vpn/#mullvad) and [IVPN](https://www.privacyguides.org/en/vpn/#ivpn) are also recommended. VPNs are per-profile, so must be installed in each user profile separately. All default connections made by GrapheneOS will be forced through the VPN (other than [connectivity checks](https://grapheneos.org/faq#default-connections), which can optionally be disabled).
Using the example of RiseupVPN, once it is installed, accept the 'Connection request' prompt. A green display will mean that the VPN is successfully connected. Navigate to **Advanced settings** in the RiseupVPN menu, click **Always-on VPN**, and follow the instructions. Moving forward, the VPN will automatically connect when you turn on your phone. Continue to install any other apps - for ideas, see [Encrypted Messaging for Anarchists](/posts/e2ee/).
...
...
@@ -158,7 +158,7 @@ Make sure to turn the phone off overnight and when you leave it at home. If poli
# Linux Desktop Phones
Why recommend a Pixel, and not a Linux desktop phone? Linux desktop phones such as the [PinePhone Pro](https://en.wikipedia.org/wiki/PinePhone_Pro)have sought to address closed-source hardware and firmware but fall short. Although slightly more trust can be placed in the hardware of some Linux desktop phones, they are [significantly easier to hack than GrapheneOS](https://madaidans-insecurities.github.io/linux-phones.html), as they do not have modern security features such as full system MAC policies, verified boot, strong app sandboxing, and modern [exploit](/glossary/#exploit) mitigations. For this reason, we don't recommend Linux desktop phones.
Why recommend a Pixel, and not a Linux desktop phone? Linux desktop phones such as the [PinePhone Pro](https://en.wikipedia.org/wiki/PinePhone_Pro) are [significantly easier to hack than GrapheneOS](https://madaidans-insecurities.github.io/linux-phones.html), as they do not have modern security features such as full system MAC policies, verified boot, strong app sandboxing, and modern [exploit](/glossary/#exploit) mitigations. Their hardware is architecturally lacking modern security features like hardware based encryption (via a TEE/Secure Element) and has questionable integration of components such as the modem. For this reason, we don't recommend Linux desktop phones.
@@ -63,5 +63,33 @@ Buy a paper map of your region and bring it with you. For trips that are longer
They still make MP3 players! For a way cheaper price, you can play music and podcasts, but the device has neither GPS nor radio hardware. This does not mean they can't be used for geolocation. If your Wi-Fi is on, the approximate location of your MP3 player can be determined from the IP address.
It's ubiquitous, it's always on, no matter where we are or what we're doing. It informs us about everything and everyone: what our friends are doing, when the next subway leaves and what the weather will be tomorrow. It cares about us, wakes us up in the morning, reminds us of important appointments and listens to us all the time. It knows everything about us, when we go to bed, where and when we stop, who we communicate with, who our best friends are, what music we listen to and what our favorite pastimes are. And all it needs is a little electricity from time to time?
When I stroll through the neighborhood or take the subway, I observe almost everyone and no one lasts more than a few seconds without putting their hand in their pocket with a sudden gesture: quickly the cell phone is out, a message is sent, an email is checked, a photo is liked. It is put away again, a short break, and here we go again, skimming over the news of the day and looking at what all the friends are doing...
It's our companion when we're on the toilet, at work or at school, and it apparently helps against boredom while we're waiting or working, etc. Perhaps this is one of the reasons for the success of all these technological devices that surround us, that real life is so damn boring and monotonous that a screen of a few square centimeters is almost always more exciting than the world and the people around us. Is it like an addiction (at least there are people who have withdrawal syndromes...) or is it even already part of our bodies, without it not knowing how to orientate ourselves, and feeling that we are missing something? It has even become more than an aid or a toy but a part of us that also exerts a certain control over us, to which we adapt, for example through the fact that we leave our home only once after having fully charged the battery? The smartphone as a first step to blur the differences between human and robot? When we see what technocrats of all kinds are prophesying to us (Google Glasses, implanted chips, etc.), it seems that we are almost on the way to becoming Cyborgs, people with implanted smartphones that we control by our thoughts (until our thoughts are eventually controlled themselves one day). That the spokesmen of domination, the media, only show us the positive aspects of this development is not surprising, but it is shocking that hardly anyone questions this view, not even on principle. This is probably the most exciting dream for all domination: to be able to surveil everyone's thoughts and actions all the time and to intervene immediately at any disturbance. To allow the good workers to have a little (virtual) fun as a reward while a few fill their pockets.
Social control and surveillance has also reached a whole new level with the huge amounts of data that are so easily available to everyone and everything at any time of day. This now goes far beyond tapping cell phones or sifting through messages (like during the 2011 London riots). By having access to an incredible amount of information, intelligence agencies are able to define a status that is "normal." They can tell which places we stay are "normal," which contacts are "normal," etc. In short, they can establish immediately and in almost real time whether people are deviating from their "normal" way of acting. This gives enormous power to some people, which will be used whenever there is an opportunity to take advantage of this power (i.e. to surveil people). Technology is part of power, it results from it and needs it. It requires a world where people have a lot of power in order to make it possible to produce something like the smartphone. All technology is a product of the current oppressive world, is part of it and will reinforce it.
Nothing is neutral in today's world, everything that is or has been developed so far serves both to extend control and to make money. Many of the innovations of the last decades (like GPS, nuclear power or the internet) even come directly from the military.
Most of the time, these two aspects go hand in hand, but the "welfare of humanity" is surely not a reason to develop anything, and especially not when it is developed by the military.
It is possible that by taking the example of architecture this better illustrates something as complex as technology: let's take an empty and disused prison, what should be done with this building, if not demolish it? Its architecture alone, its walls, its watchtowers and its cells already contain the purpose of this building: to lock people up and destroy them psychologically. To live there would be impossible for me, simply because the building already carries the oppression in it.
It is the same with all technologies, which are presented to us as progress and something that makes life easier. They have been developed with the intention of making money and controlling us and will always carry that. No matter how many supposed benefits your smartphone brings you, those who get rich by collecting your data and monitoring you will always benefit more than you.
If in the past it was said "knowledge is power", today it should be said "information is power". The more the rulers know about their sheep, the more they can dominate them - in this sense, technology as a whole is a powerful instrument of control to predict and indeed prevent people from finding each other and attacking what oppresses them.
These smartphones seem after all to require a little more than just a little electricity... In our generation, which at least knew the world without smartphones, there are maybe still some people who understand what I'm talking about, who still know what it's like to hold a discussion without looking at your cell phone every thirty seconds, to get lost while walking around and thus discover new places or to debate about something without being immediately given the answer by Google. But I don't want to go back to the past, even if it wouldn't be possible anyway, but the more technology interferes in our lives, the harder it will be to destroy it. What if we were one of the last generations still able to stop this evolution of human beings becoming completely controlled robots?
And what if, sooner or later, we could no longer reverse this evolution? In view of history, humanity has reached a new stage with technology. A stage where it is able to annihilate all human life (atomic energy) or to modify it (genetic manipulation). This fact underlines once again the need to act today to destroy this society. To do this, we need to encounter other people and communicate our ideas.
However, it should be obvious that it will have long term effects if, instead of talking to each other, we communicate in messages of five sentences maximum. This is apparently not the case. First of all, our thinking influences our speaking. And the reverse is also true: just as our way of speaking and communicating influences our way of thinking. If we are only able to exchange the shortest and most concise messages possible, how can we talk about a totally different world? And if we can't even talk about a different world anymore, how can we reach for it?
Direct communication between autonomous individuals is the basis of any common rebellion, it is the starting point of shared dreams and common struggles. Without unmediated communication, a struggle against this world and for freedom is impossible.
Therefore, let's get rid of the smartphones and meet face to face in an insurgency against this world! Let's become uncontrollable!
@@ -134,17 +134,28 @@ Another reason to not use Persistent Storage features is that many of them persi
#### Passwords
[Encryption](/glossary#encryption) is a blessing—it's the only thing standing in the way of our adversary reading all of our data, if it's used well. The first step to secure your encryption is to ensure that you use very good passwords—most passwords don't need to be memorized because they will be stored in a password manager called KeePassXC, so can be completely random (see [Password Manger](/posts/tails/#password-manager-keepassxc) to learn how to use it). In the terminology used by KeePassXC, a [*password*](/glossary/#password) is a randomized sequence of characters (letters, numbers and other symbols), whereas a [*passphrase*](/glossary/#passphrase) is a random series of words. Never reuse a password/passphrase for multiple things ("password recycling") - KeePassXC makes it easy to save unique ones that are dedicated to one purpose. For Tails, you will need to memorize two passphrases:
[Encryption](/glossary#encryption) is a blessing—it's the only thing standing in the way of our adversary reading all of our data, if it's used well. The first step to secure your encryption is to ensure that you use very good passwords—most passwords don't need to be memorized because they will be stored in a password manager called KeePassXC, so can be completely random. To learn how to use KeePassXC, see [Password Manger](/posts/tails/#password-manager-keepassxc).
>In the terminology used by KeePassXC, a [*password*](/glossary/#password) is a randomized sequence of characters (letters, numbers and other symbols), whereas a [*passphrase*](/glossary/#passphrase) is a random series of words.
Never reuse a password/passphrase for multiple things ("password recycling") - KeePassXC makes it easy to save unique ones that are dedicated to one purpose. LUKS encryption can be [brute-force attacked](/glossary#brute-force-attack) with [massive amounts of cloud computing](https://blog.elcomsoft.com/2020/08/breaking-luks-encryption/). Your passwords/passphrases should ideally have an entropy of around 128 bits (diceware passphrases of approximately **ten words**, or passwords of **21 random characters**) and shouldn't have less than 90 bits of entropy (approximately seven words).
What is a diceware passphrase? As [Privacy Guides notes](https://www.privacyguides.org/en/basics/passwords-overview/#diceware-passphrases), "Diceware passphrases are a great option when you need to memorize or manually input your credentials, such as for your password manager's master password or your device's encryption password. An example of a diceware passphrase is `viewable fastness reluctant squishy seventeen shown pencil`." The Password Generator feature in KeePassXC can generate diceware passphrases and random passwords. If you prefer to generate diceware passphrases using real dice, see [Privacy Guides](https://www.privacyguides.org/en/basics/passwords-overview/#diceware-passphrases).
Our recommendations are:
1) Memorize diceware passphrases of 7-10 words for anything that is not stored in a KeePassXC database
2) Generate passwords of 21 random characters for anything that can be stored in a KeePassXC database. Maintain an offsite backup of your KeePassXC database(s) in case it is ever corrupted or seized.
Diceware passphrases can be easy to forget when you have several to keep track of, especially if you use any irregularly. To mitigate against the risk of forgetting a diceware passphrase, you can create a KeePassXC file with all "memorized" passphrases in it. Store this on a LUKS USB, and hide this USB somewhere offsite where it won't be recovered during a police raid. You should be able to reconstruct both the LUKS and KeePassXC passphrases if a lot of time has passed. One strategy is to use a memorable sentence from a book - this decrease in password entropy is acceptable if the USB is highly unlikely to ever be recovered due to its storage location. This way, if you ever truly forget a "memorized" passphrase, you can access this offsite backup.
For Tails, you will need to memorize two passphrases:
1) The [LUKS](/glossary/#luks) 'personal data' USB passphrase, where your KeePassXC file will be stored
2) The KeePassXC passphrase
If you use Persistent Storage, that is another passphrase which will have to be entered on the Welcome Screen upon booting but it can be the same as 1.
Your passwords/passphrases should have an entropy of around 128 bits (passphrases of approximately ten words, or passwords of 21 random characters from the Password Generator in KeePassXC), and the ones you must memorize should be hard to forget. LUKS encryption can be [brute-force attacked](/glossary#brute-force-attack) with [massive amounts of cloud computing](https://blog.elcomsoft.com/2020/08/breaking-luks-encryption/), so your passwords/passphrases shouldn't be less than 90 bits of entropy (approximately seven words).
[Diceware passphrases](https://www.eff.org/dice) can be easy to forget when you have several to keep track of, but a similar option is to choose a book, turn to a memorable chapter title or sentence with at least ten words, and add on a word/number that is meaningful to you. This will be hard to forget even if months pass without using it because you can reference the book if your memory flags, and the appended meaningful word/number should be memorable. You can choose whether to remove spaces and capitalization, or to leave it exactly as is, or to reverse the word order, but be consistent across all of your passphrases.
#### Encrypted containers
[LUKS](/glossary#luks) is great, but 'defense-in-depth' can't hurt. If police seize your USB in a house raid, they can try to unlock it with a [brute-force attack to guess the password](/glossary#brute-force-attack), so a second layer of defense with a different encryption implementation can make sense for highly sensitive data.
