From f8f84fcae6f182f2d208ef4161c599cbfed693c2 Mon Sep 17 00:00:00 2001 From: Tommy Date: Wed, 27 Jul 2022 04:29:53 -0400 Subject: [PATCH] Typo Fixes Signed-off-by: Tommy --- content/os/Using Lokinet on Qubes OS.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/os/Using Lokinet on Qubes OS.md b/content/os/Using Lokinet on Qubes OS.md index 7ad6542..5305db8 100644 --- a/content/os/Using Lokinet on Qubes OS.md +++ b/content/os/Using Lokinet on Qubes OS.md @@ -1,17 +1,17 @@ --- title: "Using Lokinet on Qubes OS" date: 2022-07-27 -tags: ['Operating Systems', 'Qubes OS', 'Anonimity', 'Privacy'] +tags: ['Operating Systems', 'Qubes OS', 'Anonymity', 'Privacy'] author: Tommy --- ![Lokinet](/lokinet.png) -[Lokinet](https://lokinet.org) is an Internet overlay network utilizing onion routing to provide anonimity for its users, similar to Tor network. This post will provide a quick (and non exhaustive) list of its [pros](#advantages) and [cons](#disadvantages) from an end user perspective and go over how to set it up on Qubes OS. +[Lokinet](https://lokinet.org) is an Internet overlay network utilizing onion routing to provide anonymity for its users, similar to Tor network. This post will provide a quick (and non exhaustive) list of its [pros](#advantages) and [cons](#disadvantages) from an end user perspective and go over how to set it up on Qubes OS. ## Advantages -- Provides anonimity by removing trust in a service provider (as opposed to a traditional VPN) +- Provides anonymity by removing trust in a service provider (as opposed to a traditional VPN) - Better versatility than Tor by supporting any IP based protocols (Tor only supports TCP) - Generally faster speed than the Tor Network @@ -24,7 +24,7 @@ author: Tommy ## Creating the TemplateVM -As mentioned [above](#disadvantages), the Lokinet client only works well with Debian-based distributions. This means that our template will have to be one of the Debian-based ones, and I would highly recommend that you convert the official Debian template by the Qubes OS team into a KickSecure template to use as a base. KickSecure reduces the attack surface of Debian with a substantial set of hardening configurations, and a nice feature to go with an anonimity network like Lokinet is [Boot Clock Randomization](https://www.kicksecure.com/wiki/Boot_Clock_Randomization) which helps defend against [time-based denonymization attacks](https://www.whonix.org/wiki/Time_Attacks). You will only need the `kicksecure-cli` meta package (`kicksecure-gui` is unnecessary), and experimental services like `proc-hidepid`, `hide-hardware-info` and `permission-hardening` work just fine with the Lokinet client. [Hardened Malloc](https://www.kicksecure.com/wiki/Hardened_Malloc) and [LKRG](https://www.kicksecure.com/wiki/Linux_Kernel_Runtime_Guard_LKRG) do not cause any problem with Lokinet, either. +As mentioned [above](#disadvantages), the Lokinet client only works well with Debian-based distributions. This means that our template will have to be one of the Debian-based ones, and I would highly recommend that you convert the official Debian template by the Qubes OS team into a KickSecure template to use as a base. KickSecure reduces the attack surface of Debian with a substantial set of hardening configurations, and a nice feature to go with an anonymity network like Lokinet is [Boot Clock Randomization](https://www.kicksecure.com/wiki/Boot_Clock_Randomization) which helps defend against [time-based denonymization attacks](https://www.whonix.org/wiki/Time_Attacks). You will only need the `kicksecure-cli` meta package (`kicksecure-gui` is unnecessary), and experimental services like `proc-hidepid`, `hide-hardware-info` and `permission-hardening` work just fine with the Lokinet client. [Hardened Malloc](https://www.kicksecure.com/wiki/Hardened_Malloc) and [LKRG](https://www.kicksecure.com/wiki/Linux_Kernel_Runtime_Guard_LKRG) do not cause any problem with Lokinet, either. Since DNS with Lokinet does not work if it is installed inside of a ProxyVM, we will need to have Lokinet running inside the same AppVM as the applications you intend to run. This is less than ideal, as a compromised AppVM could reveal your IP address. Beyond that, accidental leaks can happen, too.