What's new

Welcome to Incels.is - Involuntary Celibate Forum

Welcome! This is a forum for involuntary celibates: people who lack a significant other. Are you lonely and wish you had someone in your life? You're not alone! Join our forum and talk to people just like you.
Log in Register

Follow Us On Social Media

Theory Guide to a Hardened Setup (NOT EVEN NSA CAN TRACK YOU)

Tjaldur

Tjaldur

I'm so sad
★★★
Joined
Dec 15, 2021
Posts
744
Requirements
1. A cheap dogshit USB (to install the OS)
2. A SSD USB with good read/write speeds (for your host OS)
3. A laptop/computer with 16GB RAM (Recommended as we will be running 2 Virtual Machines)
4. A Hard Drive (Not a solid state drive)

Instructions
1. Go to https://www.kicksecure.com/wiki/USB_Installation#ISO_LIVE_Mode and download the ISO file. Use Rufus to make a bootable USB stick on the dogshit $10 USB. Then shutdown your PC.

2. Plug the USB in, boot your PC and press the F-key needed to load the boot menu. The F-key needed is different based on manufacters. For example: it's F12 on ASUS and F2 on Dell.
Also make sure virtualization support and USB boot is enabled in your BIOS. Disable Secure Boot.

3. In your boot menu, select the option for the bootable USB. Should say something like "Kicksecure" or it will be the name of your USB.

4. Plug your fast SSD USB into your PC and Follow the instructions on https://www.kicksecure.com/wiki/ISO#Download.2C_Create_Live_USB to create a bootable Kicksecure OS on new USB. Set an encrypted password of at least 20 characters when requested.
Once completed, shut down your PC.

5. This is really finicky and buggy. But I found the following procedure to work to prevent broken boots. Plug BOTH your dogshit USB and your fast SSD Stick.
Boot your PC and go to the boot menu as before. You will see a bunch of boot options like "Kicksecure".
NOW UNPLUG YOUR DOGSHIT USB.
Using your arrow keys, select the Kicksecure option and press ENTER to boot into your Kicksecure OS.
Once again, using your arrow keys, select the PERSISTANT MODE | SYSMAINT boot option.

6. Connect to your internet and Install Updates and wait for it to complete.
Then click Purge Unused Packages. You may have to open terminal and type "sudo apt autoremove" - this will remove old packages you don't need.

7. IMPORTANT to fix a bug:
Click Open Terminal. And type "sudo cp /boot/efi/EFI/Kicksecure/grub.cfg /boot/efi/EFI/boot/grub.cfg"
This fixes a boot issue in the OS.

8. Shutdown and boot back into Kicksecure. You can discard the dogshit USB. Boot into "PERSISTANT MODE | Kicksecure" (should be the first one)
RECOMMENDED: Boot into SYSMAINT and choose the option to remove SYSMAINT. It's alot of hassle dealing with sudo permissions imo. Sometimes it's useful to bypass it. We'll be doing all internet related activities inside a Virtual Machine anyway. Kicksecure serves as a secure operating system that does not spy on you and is hardened against attackers. Run systemcheck program and set user passwords.

9. Download mullvad vpn and mullvad browser. This will be for plausible deniability when you're being TORTURED.
Open terminal (Black square icon on top left or press CTRL + ALT + T) and follow the instructions in downloading Mullvad VPN. https://mullvad.net/en/download/vpn/linux
Then install mullvad browser by typing in "apt install mullvad-browser -y"

10. Now time to install Virtual Machines. We will KVM instead of VirtualBox, since it is open-source and lightweight.
We will use seperate Virtual Machines based on our usage.
1. One Windows VM - for unsafe usage. We're ok exposing our identity and data during this usage.
2. One Kicksecure VM - for private usage. This is for applications to send private messages through. Anonymity isn't the main priority here. So E2E encrypted messages, emails etc.
3. One Whonix VM - for anonymous usage. This is for complete anonymity. Whonix forces all connections through TOR, making DNS leaks impossible.

Open terminal and type
Code: 
sudo apt install libvirt0 virt-manager dnsmasq bridge-utils
sudo systemctl --now libvirtd
sudo usermod -a -G libvirt user
sudo usermod -a -G kvm user

Then edit the file /etc/libvirt/libvirtd.conf and replace the part to 'unix_sock_group="libvirt" ' and ' unix_sock_rw_perms="0770" '
Then edit /etc/libvirt/qemu.conf and replace ' group="libvirt" ' and ' user="user" '

In terminal type:
Code: 
systemctl restart libvirtd.service
cd /var/lib/libvirt/
mkdir dnsmasq
sudo chown user:libvirt -R dnsmasq

11. Now install the VMs you need. I recommend installing Whonix and following their KVM instructions https://www.whonix.org/wiki/KVM in setting up correctly.

12. Keep a clean Whonix qcow2 files as backup and clone the VM using those .qcow2 files. I can't be asked explaining everything on setting up Whonix on KVM. But it's worth putting a few hours reading the Whonix Documentation. I guarentee you will learn alot. Also if you've made it this far then you're capable off getting Whonix on KVM working.

13. It's recommended to store your Whonix VM files in an encrypted hard drive for plausible deniability reasons. You don't want your torturer knowing you are a TOR user. So go to https://veracrypt.io/en/Downloads.html and download the veracrypt-1.26.24-Debian-12-amd64.deb file.

14. Open terminal and cd into the file location that it was downloaded on and run "sudo dpkg -i veracrypt-1.<TAB>" By <TAB> I mean press TAB on your keyboard to load the entire filename. Then run "sudo apt install --fix-broken" and once more run "sudo dpkg -i veracrypt-1.<TAB>"

15. Plug your hard drive in and setup a encrypted Hidden Volume using veracrypt for full-disk encryption. There should be one partition on the hard drive and select this to encrypt with veracrypt.
MAKE SURE YOU SELECT THE EXTERNAL HARD DRIVE partition.
Select Hidden Volume and follow the instructions. Best option is the triple cascade encryption. Hidden volume password minimum 20 characters.

16. Store your virtual machines inside the encrypted drive. Moving forward, ALWAYS BOOT into Live Mode for Kicksecure, so it doesn't leave any traces off usage that might be useful for forensics. Only boot into Persistant Mode for updates.

17. Always use a no-log VPN like Mullvad, IVPN, Windscribe etc. Pay for these through TOR and using Monero.

This website is amazing in explaining the entire process and goes into more detail: https://blog.nowhere.moe/
 
Last edited:
Install gentoo with all the non freedom respecting drivers
 
Nigga be trying to escape from mossad
 
bad idea using PC that connected to your local ISP, better do such stuff with some used laptop that has no connection to you, away from place where you live.
 
nazianime said:
Install gentoo with all the non freedom respecting drivers
Click to expand...
No and yes. Hardened Linux Distro that does not spy on you is more important. Every software you use must be open-source. I know this is ultra-schizo but it's the only reliable way off knowing you're not spied on.

Buy Mullvad VPN via Tor and pay using Monero or Cash. Then access sites connected to Mullvad. Enable DAITA, Lockdown Mode, Multihop Enabled, Obfuscation (Shadowsocks), Quantum Resistance and DNS Blocking enabled. This is not true anonymity since it only adds one additional layer to your identity, as apposed to Tor which adds 3 layers of encryption. But using a VPN that does not log should be good enough for casual use.
 
Last edited:
You retards...
Diss is how you have A NASA FREE COMPUTAH:hax:

Gaming - Windows XP is STILL KING

I don´t give a shit about le "modernity" Just how many times will they have to update the system on Windows 10 ??? If not for internet, i wouldn´t even use this garbage. It´s not where i game anyway. Long live Windows XP. Long live The Eternal Gold Mine of The Greatest Games Ever Made...
incels.in

Windows XP SP3
Hardware HAS To be pre-2008.
No quadcores for you fags.

Leaving See Ya GIF by Matt Partridge
 
Tjaldur said:
No. Buy Mullvad VPN via Tor and pay using Monero or Cash. Then access sites connected to Mullvad. Enable DAITA, Lockdown Mode, Multihop Enabled, Obfuscation (Shadowsocks), Quantum Resistance and DNS Blocking enabled. This is not true anonymity since it only adds one additional layer to your identity, as apposed to Tor which adds 3 layers of encryption. But using a VPN that does not log should be good enough for casual use.
Click to expand...
Not even dark web admins or hackers get this level of OPSEC.
 
Tjaldur said:
No. Buy Mullvad VPN via Tor and pay using Monero or Cash. Then access sites connected to Mullvad. Enable DAITA, Lockdown Mode, Multihop Enabled, Obfuscation (Shadowsocks), Quantum Resistance and DNS Blocking enabled. This is not true anonymity since it only adds one additional layer to your identity, as apposed to Tor which adds 3 layers of encryption. But using a VPN that does not log should be good enough for casual use.
Click to expand...
VPNs are useless when the State gets involved. Casual use though, sure.

Otherwise, fair advice for the paranoid.
 
Seems like alot of effort just to post on an incel forum anonymously.
 
glutty said:
Not even dark web admins or hackers get this level of OPSEC.
Click to expand...
This is beyond the scope of a dark web admin. This guide is aimed at anonymous browsing. This setup is very strong against global-adversaries to greater extent than other setups like TailsOS. It also gives you alot of freedom to do casual stuff.

hardened OS > no-log VPN paid with monero and through TOR > Whonix (Tor) > Proxy(optional) to access sites blocked by TOR.

For hackers, they likely need something that is really fast and easy so a Jump-Box setup would be better. It's still optimal for them to use VPN/SSH/TOR before their VPS so the hosting provider would not know their identity.
 
Tjaldur said:
This is beyond the scope of a dark web admin. This guide is aimed at anonymous browsing. This setup is very strong against global-adversaries to greater extent than other setups like TailsOS. It also gives you alot of freedom to do casual stuff.
Click to expand...
Then what kind of person would have this kind of threat actor in mind? This is really next level stuff aside from using say TailsOS or Whonix.
 
glutty said:
Then what kind of person would have this kind of threat actor in mind? This is really next level stuff aside from using say TailsOS or Whonix.
Click to expand...
It's not much more advanced than using TailsOS, the difference is using a secure and hardened linux distro with Whonix, instead of Windows as your host operating system or an ordinary Linux distro like Ubuntu, Debian, Arch, which comes with some telemetry and lots of forensic-artifacts.

Kicksecure + Whonix is just QubesOS with extra steps. Whonix allows you to enable javascript and not worry about being exposed, since dns leaks are impossible.

Kicksecure is more user-friendly than Qubes and you have alot more freedom with it - it's like using any other linux distro, for example setting up a VPN is just as easy as if it were on Windows, but with Qubes it can take hours to do it right the first time.

As for threat actor:

This is great to access sites and services anonymously. You will need to setup a proxy/vpn after Tor (inside your Whonix Workstation) for sites that restrict Tor. If I wanted to be anonymous on incels.is and say crazy shit that would get serious attention then I would use this.

I would say it's good against National Law Enforcement like FBI, NCA, BKA and against strong government filters like The Great Firewall.

If someone in China and Saudi Arabia wanted to talk shit about their government and not worry about being identified then this setup is great. However, they'd need to find a VPN setup that allows them to bypass TOR. You can use v2ray or use a government approved proxy vpn then set your mullvad's Shadowsocks port to the one opened by the proxy vpn. Or setup a private obfs4 bridge and set obfuscation strength to iat-mode=2 and use this bridge for TOR.

I would like to believe this is good enough against intelligence agencies if they wanted to find someone quickly and very good against malware designed to target you since we are using virtual machines. Law enforcement agencies around the world can work together to bring a capablitity to that of a global-level adversary like a strong intelligence agency, If someone like this were to put resources into identifying you like a Dark Web Admin, Terrorist or Politician then this is not good enough.
 
Tjaldur said:
It's not much more advanced than using TailsOS, the difference is using a secure and hardened linux distro with Whonix, instead of Windows as your host operating system or an ordinary Linux distro like Ubuntu, Debian, Arch, which comes with some telemetry and lots of forensic-artifacts.

Kicksecure + Whonix is just QubesOS with extra steps. Whonix allows you to enable javascript and not worry about being exposed, since dns leaks are impossible.

Kicksecure is more user-friendly than Qubes and you have alot more freedom with it - it's like using any other linux distro, for example setting up a VPN is just as easy as if it were on Windows, but with Qubes it can take hours to do it right the first time.

As for threat actor:

This is great to access sites and services anonymously. You will need to setup a proxy/vpn after Tor (inside your Whonix Workstation) for sites that restrict Tor. If I wanted to be anonymous on incels.is and say crazy shit that would get serious attention then I would use this.

I would say it's good against National Law Enforcement like FBI, NCA, BKA and against strong government filters like The Great Firewall.

If someone in China and Saudi Arabia wanted to talk shit about their government and not worry about being identified then this setup is great. However, they'd need to find a VPN setup that allows them to bypass TOR. You can use v2ray or use a government approved proxy vpn then set your mullvad's Shadowsocks port to the one opened by the proxy vpn. Or setup a private obfs4 bridge and set obfuscation strength to iat-mode=2 and use this bridge for TOR.

I would like to believe this is good enough against intelligence agencies if they wanted to find someone quickly and very good against malware designed to target you since we are using virtual machines. Law enforcement agencies around the world can work together to bring a capablitity to that of a global-level adversary like a strong intelligence agency, If someone like this were to put resources into identifying you like a Dark Web Admin, Terrorist or Politician then this is not good enough.
Click to expand...
Interesting, looking at it again it does seem pretty simple in Theory but the set-up seems very finiciky and complex especially when having to go through the terminal and shit.

I know there is software available for TailsOS called HiddenVM
github.com

GitHub - aforensics/HiddenVM: HiddenVM — Use any desktop OS without leaving a trace.

HiddenVM — Use any desktop OS without leaving a trace. - aforensics/HiddenVM
github.com github.com

I've seen some issues though mainly with it breaking after TailsOS updates but they usually fix it within a short-time after a TailsOS patch. The main benefit of this is you don't have to deal with finniciky boot menus breaking and having to plug and unplug USB drives during setup or going to the command line.

With this you can put the HiddenVM software, your own VMs and binaries inside a hidden veracrypt volume on a hard-drive/SSD and mount it once you boot-up into tailsOS and unlocked the volume, by the way you can also use any VM in this not just Whonix so if for some reason you want to access a clearnet without having to through Tor while on TailsOS since it bypasses the force all connections through Tor that Tails has.

Unfortunately this project seems abandoned as of now and it only works with tails 6.5 so it seems the only thing is just your method.
 
Last edited:
glutty said:
With this you can put the HiddenVM software, your own VMs and binaries inside a hidden veracrypt volume on a hard-drive/SSD and mount it once you boot-up into tailsOS and unlocked the volume, by the way you can also use any VM in this not just Whonix so if for some reason you want to access a clearnet without having to through Tor while on TailsOS since it bypasses the force all connections through Tor that Tails has.

Unfortunately this project seems abandoned as of now and it only works with tails 6.5 so it seems the only thing is just your method.
Click to expand...
Hidden VM was good but it's outdated and the devs disappeared. It was never tested/audited, so there could have been nasty vulnerabilities in the software. The same problem lies with Whonix as there are fewer eyes observing the code. They've been audited, but it was a long time ago and they've made major updates since.

So in a way TailsOS is better and safer, but you're limited to only Tor. With Kicksecure, you can do just about anything and with VMs seperating your usage. Hell, you can even create Nested Chains of VPNs and Tor to anonymously host a website unless you've attracted a highly-skilled adversary.
 
Tjaldur said:
Hidden VM was good but it's outdated and the devs disappeared. It was never tested/audited, so there could have been nasty vulnerabilities in the software. The same problem lies with Whonix as there are fewer eyes observing the code. They've been audited, but it was a long time ago and they've made major updates since.
Click to expand...
Yeah, I dunno why they disappeared though seems a bit strange to me.
Tjaldur said:
So in a way TailsOS is better and safer, but you're limited to only Tor.
Click to expand...
For my use case of just browsing onion-sites and not doing really much anything TailsOS is good and of course using the Browser at the safest setting disabling JS.
 
All this just for me to type nigger on this forum








Nigger
 
Tjaldur said:
Requirements
1. A cheap dogshit USB (to install the OS)
2. A SSD USB with good read/write speeds (for your host OS)
3. A laptop/computer with 16GB RAM (Recommended as we will be running 2 Virtual Machines)
4. A Hard Drive (Not a solid state drive)

Instructions
1. Go to https://www.kicksecure.com/wiki/USB_Installation#ISO_LIVE_Mode and download the ISO file. Use Rufus to make a bootable USB stick on the dogshit $10 USB. Then shutdown your PC.

2. Plug the USB in, boot your PC and press the F-key needed to load the boot menu. The F-key needed is different based on manufacters. For example: it's F12 on ASUS and F2 on Dell.
Also make sure virtualization support and USB boot is enabled in your BIOS. Disable Secure Boot.

3. In your boot menu, select the option for the bootable USB. Should say something like "Kicksecure" or it will be the name of your USB.

4. Plug your fast SSD USB into your PC and Follow the instructions on https://www.kicksecure.com/wiki/ISO#Download.2C_Create_Live_USB to create a bootable Kicksecure OS on new USB. Set an encrypted password of at least 20 characters when requested.
Once completed, shut down your PC.

5. This is really finicky and buggy. But I found the following procedure to work to prevent broken boots. Plug BOTH your dogshit USB and your fast SSD Stick.
Boot your PC and go to the boot menu as before. You will see a bunch of boot options like "Kicksecure".
NOW UNPLUG YOUR DOGSHIT USB.
Using your arrow keys, select the Kicksecure option and press ENTER to boot into your Kicksecure OS.
Once again, using your arrow keys, select the PERSISTANT MODE | SYSMAINT boot option.

6. Connect to your internet and Install Updates and wait for it to complete.
Then click Purge Unused Packages. You may have to open terminal and type "sudo apt autoremove" - this will remove old packages you don't need.

7. IMPORTANT to fix a bug:
Click Open Terminal. And type "sudo cp /boot/efi/EFI/Kicksecure/grub.cfg /boot/efi/EFI/boot/grub.cfg"
This fixes a boot issue in the OS.

8. Shutdown and boot back into Kicksecure. You can discard the dogshit USB. Boot into "PERSISTANT MODE | Kicksecure" (should be the first one)
RECOMMENDED: Boot into SYSMAINT and choose the option to remove SYSMAINT. It's alot of hassle dealing with sudo permissions imo. Sometimes it's useful to bypass it. We'll be doing all internet related activities inside a Virtual Machine anyway. Kicksecure serves as a secure operating system that does not spy on you and is hardened against attackers. Run systemcheck program and set user passwords.

9. Download mullvad vpn and mullvad browser. This will be for plausible deniability when you're being TORTURED.
Open terminal (Black square icon on top left or press CTRL + ALT + T) and follow the instructions in downloading Mullvad VPN. https://mullvad.net/en/download/vpn/linux
Then install mullvad browser by typing in "apt install mullvad-browser -y"

10. Now time to install Virtual Machines. We will KVM instead of VirtualBox, since it is open-source and lightweight.
We will use seperate Virtual Machines based on our usage.
1. One Windows VM - for unsafe usage. We're ok exposing our identity and data during this usage.
2. One Kicksecure VM - for private usage. This is for applications to send private messages through. Anonymity isn't the main priority here. So E2E encrypted messages, emails etc.
3. One Whonix VM - for anonymous usage. This is for complete anonymity. Whonix forces all connections through TOR, making DNS leaks impossible.

Open terminal and type
Code: 
sudo apt install libvirt0 virt-manager dnsmasq bridge-utils
sudo systemctl --now libvirtd
sudo usermod -a -G libvirt user
sudo usermod -a -G kvm user

Then edit the file /etc/libvirt/libvirtd.conf and replace the part to 'unix_sock_group="libvirt" ' and ' unix_sock_rw_perms="0770" '
Then edit /etc/libvirt/qemu.conf and replace ' group="libvirt" ' and ' user="user" '

In terminal type:
Code: 
systemctl restart libvirtd.service
cd /var/lib/libvirt/
mkdir dnsmasq
sudo chown user:libvirt -R dnsmasq

11. Now install the VMs you need. I recommend installing Whonix and following their KVM instructions https://www.whonix.org/wiki/KVM in setting up correctly.

12. Keep a clean Whonix qcow2 files as backup and clone the VM using those .qcow2 files. I can't be asked explaining everything on setting up Whonix on KVM. But it's worth putting a few hours reading the Whonix Documentation. I guarentee you will learn alot. Also if you've made it this far then you're capable off getting Whonix on KVM working.

13. It's recommended to store your Whonix VM files in an encrypted hard drive for plausible deniability reasons. You don't want your torturer knowing you are a TOR user. So go to https://veracrypt.io/en/Downloads.html and download the veracrypt-1.26.24-Debian-12-amd64.deb file.

14. Open terminal and cd into the file location that it was downloaded on and run "sudo dpkg -i veracrypt-1.<TAB>" By <TAB> I mean press TAB on your keyboard to load the entire filename. Then run "sudo apt install --fix-broken" and once more run "sudo dpkg -i veracrypt-1.<TAB>"

15. Plug your hard drive in and setup a encrypted Hidden Volume using veracrypt for full-disk encryption. There should be one partition on the hard drive and select this to encrypt with veracrypt.
MAKE SURE YOU SELECT THE EXTERNAL HARD DRIVE partition.
Select Hidden Volume and follow the instructions. Best option is the triple cascade encryption. Hidden volume password minimum 20 characters.

16. Store your virtual machines inside the encrypted drive. Moving forward, ALWAYS BOOT into Live Mode for Kicksecure, so it doesn't leave any traces off usage that might be useful for forensics. Only boot into Persistant Mode for updates.

17. Always use a no-log VPN like Mullvad, IVPN, Windscribe etc. Pay for these through TOR and using Monero.

This website is amazing in explaining the entire process and goes into more detail: https://blog.nowhere.moe/
Click to expand...
:hax:

Emba said:
View attachment 1472157
Click to expand...
:dafuckfeels:
 
Better yet, use directional antennas to connect to free WiFi miles away. Even if they find the IP, they can’t trace your location.
 
You must log in or register to reply here.

Similar threads

svgmn1
Theory Waste your time effectively with linux
2
Replies
76
Views
2K
svgmn1
svgmn1
Stupid Clown
Cope "you have to learn to be happy by yourself before you can be happy with a girlfriend"
Replies
36
Views
2K
WomanKicker
WomanKicker
daydreamER
Theory Why it is impossible to ascend as a truly blackpilled sub5 male, even if you get extremely lucky
Replies
18
Views
1K
Ghost
G
sociology blackpill
Blackpill The best life you can lead in the 21st century is to be a supermodel
Replies
11
Views
622
SoycuckGodOfReddit
SoycuckGodOfReddit
WorthlessSlavicShit
Brutal Just rack up a million swipes on Tinder to get a single date (that almost certainly didn't even lead to another date, nevermind sex) theory
Replies
4
Views
565
The_McCheese
The_McCheese

Users who are viewing this thread

Total: 4 (Incels: 0, Bluepillers: 4)

Follow Us On Social Media

693,529Threads
16,708,615Posts
31,706Members
CunningJesterNew Lost Soul

About Us

Incels.is is a community for men that struggle with or are unable to get into romantic relationships with women despite trying. We welcome men from all walks of life, and from all cultural and racial backgrounds, as long as you are an incel.

Online statistics

Members online
203
Guests online
47,908
Total visitors
48,111
Totals may include hidden visitors.
shape1
shape2
shape3
shape4
shape5
shape6
Back
Top