Howto: Nextcloud As Tor Hidden Service Initial Setup/Install/Shortcut

[ NOTE: While we use a Pine64 board you can also follow along this on a Raspberry Pi or other compatible board using the correct image ]

Today we looked at the Pine64 A64 LTS Single Board Computer (SBC) and cover both setup and a shortcut…

To Nextcloud As Tor Hidden (.onion) Service:

1st we download & flash a Dietpi image onto it (as a shortcut option to install Nextcloud). Then we convert the Nextcloud install over to a Tor Hidden (.onion) Service.

We go over all steps up to this point and will cover more on hardening this in later videos (as I get time to do them).

Watch the video walkthrough/tutorial here:

https://odysee.com/@RTP:9/howto-nextcloud-tor-hidden-service:d

From here you should work on hardening the setup. Something that has been covered in previous Nextcloud Tor Hidden Service videos of mine and and more howto’s on onion hardening will become a topic for future videos.

Originally post and additional thoughts at: https://www.buymeacoffee.com/politictech/howto-nextcloud-tor-hidden-service-onion

FOLLOW ME:

Twitter Fosstodon

VIDEO CHANNELS/MIRRORS:

Youtube Odysee Bitchute Peertube

SUPPORT/DONATION OPTIONS (Channels Are Not Monetized):

CASHAPP: $HumanRightsTech
BMAC BLOG/SUPPORT: https://www.buymeacoffee.com/politictech/
BTC: 3QDdTcLwLTPXKMBp5dLUhKJG6KbDxWsYWS

Video Demo/Howto: crypto_homes

Update:

I have been adding more options to crypto_homes.sh, including choice of cipher, filesystem, and other multi distro compatible options.

Will make a video demonstration coming up to show how to best use it (and not break anything), showing USB hardware + converted $HOME directory to sdcard (a common theme to maximize space,

An extra layer of privacy by compartmentalizing the (USB) key from the device (allowing you to leave usb key at home if you like.

I’ve made hardware keys for my desktops/laptops in the past using Truecrypt, but wanted something accessible for users who might be nervous about doing it manually.

For the moment it uses luks as this is universal (using normally preinstalled commands).

It automates these processes for you, only asking you to verify devices (usb stick/sdcard /dev location).

I’ve been looking at this for a while (I like exploring fun ways to security/’privatize’ devices) but only recently put it into a script to share with others.

More soon, with video demo.

‘crypto_homes’ Initial Script: Mult Options, Creates usb hardware key, Encrypted sdcards

I made this mainly for my Pinephone/Pinetab and wanted to share it.

You can use on other devices as well (if single username).

Reason for single user basis: it grabs the username using username=$(ls /home) for syncing directories.

Anyhow it is for creating encrypted home directories on sdcards using USB key (which it creates and sets in fstab/crypttab).

(For the moment it is set to work with luks but in future may offer veracrypt volumes/truecrypt).

Take a look at what I have (Tor access only [for now]):

http://gg6zxtreajiijztyy5g6bt5o6l3qu32nrg7eulyemlhxwwl6enk6ghad.onion/RightToPrivacy/crypto_homes

I will be expanding on this later. It offers you a menu with options. More info will be found here first: https://www.buymeacoffee.com/politictech/crypto-homes-as-many-sdcard-luks-encrypted-home-dir-usb-key

This is the backup blog (lower in search rankings).

Leave a comment/question below. 🙂

Introductions: Singleboard Computers vs Microcontrollers

A few video/tutorial series upcoming and thus made this basic introduction video break down video displaying Single Board Computers and Microcontrollers, and discussing differences.

(Follow along to learn how to self host/learn linux on single board computers, or how to use Arduino to compile/edit/upload code onto microcontrollers)

A few of the hardware items shown here include:

Single Board Computers Shown In Video [SBC]-> Pine64 Gateway, Pinephone, Pinetab,
Pine64 A64 LTS, Raspberry Pi (SBC’s)

See the video here:https://www.youtube.com/embed/Gaxk3wo5Dw4

FOLLOW ME:

Twitter Fosstodon

VIDEO CHANNELS/MIRRORS:

Youtube Odysee Bitchute Peertube


Encryption Things

I thought it could be fun to come up with some encryption ideas.

I am experimenting with a couple different ideas/concepts I have for expanding encryption options on the Pinephone/Pinetab among other Linux devices.

I have a few vastly different ideas and have yet to settle on the initial release upload. This is why for now, we see just a video covering one of the concepts.

For one we know by default LUKS does not allow for multiple key requirements (simultaneously, and thus other additions must be built in/enhanced).

(not experimenting with encryption setups that may become problematic)

Made a short recording/video (but still playing with different concepts/ideas).

Take a look one of the ideas discussed in a brief video, found here:

Of course I will be posting a link here for anyone interested, for open/available download once it is ready. Along with brief talk on setup.

Until nextime. 🙂

Block Program Backdoors/Privacy Violations. + RELATED EX: Use Audacity? Your Data May Now Be Shared

Take a look at your Desktop and/or interface. Be it MATE (desktop/laptop), Phosh (Pinephone/Librem), or KDE. We use several buttons/shortcuts to programs everyday.

Some of these programs need the internet.

Some do not.

Have you minimized access to programs which do not need the internet?

Did you know some programs secretly “call home” and share data/your ip address with 3rd parties (sometimes this data is sold)?

The most ideal setup is restricted where possible, but not to the point where a given setup becomes unusable.

Here we are going to use a Hot Off the Press News example to demonstrate how to restrict networking only to those programs requiring it (such as web browsers, encrypted messengers, etc).

Other applications like a Media player, GIMP (image manipulation), and Libre Office do NOT need ANY networking for full functionality. A compromised update to any given program can cause it to act outside the scope of its description (including reverse shells, collecting data/sending and more bad ideas).

So why do we allow it?

Because this is default behavior.

We can change that.

We can go through and edit each shortcut to EASILY block network access for every single shortcut/button for programs who do not require internet access.

This can block/prevent not only personal data sales (by program creators/developers), even potential backdoors (such as a reverse shell or other example) from communicating.

This is really important.

I want you to go through every single shortcut and decide if it needs the internet or not. Don’t worry, you can always change it back later if it harms functionality. But for the programs unaffected, this will prevent your personal data from leaving via their execution.

Next we are going to look at a real world example with this exact potential issue.

I then want you to go through each and every shortcut and decide/edit it to block access to those where it is not necessary for a program to reach the internet.

EXAMPLE USING LINUX CURRENT EVENTS

(This example is a real/current problem, follow/fix this):

Do you minimize network access only to programs which need it to function?

I have to admit, I like using Audacity.

Those subscribed to my channels might remember my video “Your Computer Speakers Can Act As Remote Listening Devices.” There I tuned into frequencies coming from my laptop, discovered my speakers were acting as a remotely transmitting microphone anytime I had sound playing from my laptop speakers (I was able to demonstrate this 15 feet away: with a more sensitive device, through walls would not be hard to imageine [see: rf retro reflecting]).

After which, I demonstrated how to remove the static from the radio signal recordings using Audacity.

See that video here:

And YT Mirror Is Here:https://www.youtube.com/embed/bK-CcnfP_ws

To anyone who has been paying attention lately, the highly popular audio editor, Audacity was recently acquired by a private company (Muse).

What this means for the long term future of Audacity, is still somewhat unknown…

Although we are starting to feel some abrasions.

Not long ago a new data google collection/analytics announcement was snuck into Audacity under this new ownership. The outcry was far reaching: https://www.msn.com/en-us/money/other/audacity-reverses-course-on-plans-to-add-opt-in-telemetry-after-outcry/ar-BB1gOOlS

After much rebuttal, this plan was scrapped.

However, there is a new equally concerning Audacity Privacy Policy.

In this new Privacy Policy there are clear implications for users and data collection.

“”Why we collect it Personal Data we collect Legal grounds for processing

• App analytics
• Improving our App• OS version
• User country based on IP address
• OS name and version
• CPU
• Non-fatal error codes and messages (i.e. project failed to open)
• Crash reports in Breakpad MiniDump format• Legitimate interest of WSM Group to offer and ensure the proper functioning of the App• For legal enforcement• Data necessary for law enforcement, litigation and authorities’ requests (if any)• Legitimate interest of WSM Group to defend its legal rights and interests


  1. Minors
    1. The App we provide is not intended for individuals below the age of 13. If you are under 13 years old, please do not use the App.
  2. Who does Audacity share your Personal Data with?
    1. We may disclose the Personal Data listed above (your hashed IP address) to the following categories of recipients:
      1. to our staff members. We take precautions to allow access to Personal Data only to those staff members who have a legitimate business need for access and with a contractual prohibition of using the Personal Data for any other purpose.
      2. to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, or (ii) to exercise, establish or defend our legal rights;
      3. to our auditors, advisors, legal representatives and similar agents in connection with the advisory services they provide to us for legitimate business purposes and under contractual prohibition of using the Personal Data for any other purpose.
      4. to a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your Personal Data only for the purposes disclosed in this Notice;
      5. to any other person if you have provided your prior consent to the disclosure.””

FIXES FOR RUNNING PROGRAMS WITH UNKNOWN NETWORK CONTACT (ASSUMING SAFE OTHERWISE):

NOTE: Just because I use Audacity in this example, doesn’t meant the best solution is one of the A-G options. Audacity is used in the example.

It usually it is better to wait for a trusted fork– still, if unsure what is existing inside Audacity code– it never hurts to restrict using these options.

Keep in mind these are meant to be options for all potential programs which do not need network access to function.

There are tools to remedy data collection. One such tool is Firejail.

If you love Audacity and aren’t ready to give it up, there are a few options for you.

You could:

A.) hold back Audacity updates in your package manager (or wait for a fork)

Or

B.) use Firejail to restrict Audacity’s access to the internet, which will completely cut off it’s ability to share your personal data.

Use this command to open Audacity while restricting networking:

firejail –net=none audacity

(You can also optionally use –private to further compartmentalize the program)

C.) Use Bubblewrap as an alternative to Firejail sandboxing

D.) Run Audacity inside a Whonix jail or a virtual machine with network restrictioned.

E.) Torify Audacity (or use under other non direct connection- sudo not suggested unless you trust software)

F.) Firewall it (iptables/nftables)

G.) Flatpak disable net

sudo flatpak override --unshare=network org.audacityteam.Audacity

Example Command (NOTE: this is an example- sudo should not be used w/programs considered untrusted):

torify audacity

SHORTCUT EDITING:

Now replace the exec= line on all shortcuts for your devices. Be it: Linux Laptop or Pinephone or Pinebook or Pinetab, or otherwise.

If you have a Pinephone or other .desktop Linux shortcut, this means editing the:

Exec=

line inside that .desktop file.

Example line:

Exec=firejail --net=none --private audacity

Your shortcut files may be found in .local or at /usr/share/applications.

Example Shortcut/Button directory location (each application has its own .desktop file):

/usr/share/applications/

Or:

~/.local/share/applications

You can use this same option (firejail –net=none) for ALL apps on your system which do not require networking to protect yourself from needless data collection/backdoor communication.

Now go through all your other programs and their corresponding shortcuts .desktop files. Block internet access to ALL programs which do not need the internet to prevent them from sending your data, or worse yet, communicating via backdoor.

Thank You For Sharing Any Posts You Find Helpful/Useful/Interesting

FOLLOW ME:

Twitter Fosstodon

VIDEO CHANNELS/MIRRORS:

Youtube Odysee Bitchute Peertube

SUPPORT/DONATION OPTIONS:

CASHAPP: $HumanRightsTech
BMAC: https://www.buymeacoffee.com/politictech/
BTC: 3QDdTcLwLTPXKMBp5dLUhKJG6KbDxWsYWS

Relevant Links:

Audacity Audio Editor: https://www.audacityteam.org

Firejail: https://firejail.wordpress.com/

For Linux Absolute Beginners: Cheat Sheet

I realize those reading make up a diverse group of various ages, experience levels, and interests.

Some beginning, Linux curious, maybe hoping to get started.

To those: I’m going to be mixing in more ‘just beginning’ Linux content.

Are there any topics you want to see covered? Leave a comment below. 🙂

To start, today I made this cheat sheet list of only the most important commands to get you started using the Linux commandline (shell).

Once you run the install script, you have a new Linux command you can enter anytime to print out the most common essential commands needed to get started.

This simple starter cheatsheet isn’t meant to be an all encompassing reference. Only what you need to get started. From here you can build onto more commands using “Finding Help” commands like apropos (search for new commands based on topics of interest).

I may add more to this over time and created it with recent questions in mind.

Add the cheatsheet to your linux terminal/shell (includes graphic cheat sheet): https://github.com/RightToPrivacy/linux-cheat-sheet

https://www.buymeacoffee.com/politictech (creator: RTP)

Memorize/practice these. You should be able to find your way around the commandline, even discover new commands be using what I have listed under “Finding Help”.

This post isn’t the only Linux Beginner content available today.

I’ve recently started putting together/organizing playlists (on Youtube).

Take a look through the current Linux Beginner playlist HERE to learn commandline from the start in an intuitive way that can help you teach yourself more.

Later you can check out the first in my basic shell scripting guide which includes writing our own automatic upgrade script to start at each boot (including process).

Found on the playlist link above.

SUBSCRIBE/FOLLOW ME:

Video Channels: Peertube Odysee Bitchute Youtube 

Social Media: Mastodon Twitter

Thank you for visiting. If you appreciate my work consider grabbing me a coffee.

Pinetalk Podcast (Guest Interview)

Pinetalk is the Community run Podcast built around Pine64 hardware and Linux.

Pine64? Pine64 is a crowd sourced maker of hardware geared towards serving the open source community (memorable products include: Pinephone, Pinebook, Pinetab, Pinedio, A64 LTS, Rock64 single board computers).

A few photos of Pine64 hardware:

A peek inside Pinedio Gateway (Pine64)
Pinephone photo
Pine64’s Pinedio USB module (attach antenna to SMA threading)
(Pinephone seen in photo above) Run the arm64 Tor Browser fork on Pine64 hardware. See my video on setting this up.
Pine64’s Pinetab using internal rtl-sdr to pick up Pinedio (Semtech LoRa) Gateway beacons
Pinetab running internal rtl-sdr card (software defined radio)

You might notice many of my videos feature Pine64 hardware (like the Pinephone Linux Smartphone). As of late I have been playing with the latest project: Pinedio (new posts on that in the future). I created a fork of Rakwireless common for gateway fork for Pine64’s Pinedio Gateway can be found on my github:

Single Board Computers

I have been working with single board computers over the last few years: small complete Linux system computer boards making affordable & portable options for customizing networks.

Recently acquired Pine64 A64 LTS board and have future videos planned to take a closer look. This board carries a similar hardware/chip profile to the Pinephone/Pinetab/Pinebook and additionally makes up the underlying board inside the Pinedio gateway (tutorials are in planning stages).

Linux newbie or not, welcome.

Based on recent conversations I have new content coming up geared towards the absolute beginner interested in starting with Linux.

Single board computers can be the perfect place to start.

This Week:

In the next Pinetalk Episode (out this Friday/Saturday) I join hosts, Peter/Ezra as a guest.

Subscribe to Pinetalk’s to catch it! 🙂

More here: https://www.pine64.org/pinetalk/

[Once the episode airs I will make an additional post linking it]

SUBSCRIBE/FOLLOW ME:

Video Channels: Peertube Odysee Bitchute Youtube 

Social Media: Mastodon Twitter

Privacy Benefits: Tails OS vs Whonix

Coming up I have planned a video on the proper way to install Tails OS (ensuring no backdoor images are installed/downloaded).

In the lead up to this I wanted to cover benefits between Whonix-Qubes and Tails OS.

Running Whonix over Qubes requires vast computing resources, and isn’t accessible to most users (8gb ram for minimal use, 16gb ram is recommended).

On the other hand Tails OS is accessible to just about any laptop/desktop (4gb ram sufficient).

See my benefits comparison video on Peertube HERE:

COMING UP: Installing Tails OS the proper way by integrity checks to prevent backdoored installations.

SUBSCRIBE/FOLLOW ME:

Video Channels: Peertube Odysee Bitchute Youtube 

Social Media: Mastodon Twitter

Thank you for visiting! If you appreciate my work consider grabbing me a coffee. I’d love that. 🙂