From d61e9379656caccd5a72c65f82107f416f74ad9d Mon Sep 17 00:00:00 2001 From: Amolith Date: Wed, 24 Jul 2019 17:40:31 -0400 Subject: [PATCH] various --- ...root-certificates-what-you-need-to-know.md | 2 +- ...7-20-blocking-ads-on-mobile-and-desktop.md | 61 ++++++ ...07-20-setting-dns-on-mobile-and-desktop.md | 107 ++++++++++ _sass/_default.scss | 9 +- about.html | 12 +- assets/pages/dns.png | Bin 0 -> 4901 bytes assets/posts/adblock.png | Bin 0 -> 6781 bytes assets/svgs/dns.svg | 123 ++++++++++++ assets/svgs/ublock.svg | 189 ++++++++++++++++++ assets/svgs/xmr.svg | 65 ++++++ assets/vendor/highlight/styles/agate.css | 8 +- assets/xmr.png | Bin 0 -> 9934 bytes dns.md | 50 +++++ json/cards.json | 7 + privacy-policy.md | 8 + proxies.html | 2 +- tor-nodes.md | 13 +- 17 files changed, 638 insertions(+), 18 deletions(-) create mode 100644 _posts/2019-07-20-blocking-ads-on-mobile-and-desktop.md create mode 100644 _posts/2019-07-20-setting-dns-on-mobile-and-desktop.md create mode 100644 assets/pages/dns.png create mode 100644 assets/posts/adblock.png create mode 100644 assets/svgs/dns.svg create mode 100644 assets/svgs/ublock.svg create mode 100644 assets/svgs/xmr.svg create mode 100644 assets/xmr.png create mode 100644 dns.md diff --git a/_posts/2019-02-05-dns-and-root-certificates-what-you-need-to-know.md b/_posts/2019-02-05-dns-and-root-certificates-what-you-need-to-know.md index 1c3d9c737dd4f3395fc1805412f71d5427b3830c..26896dbcc94f2594952d31ff168132e425a842cb 100644 --- a/_posts/2019-02-05-dns-and-root-certificates-what-you-need-to-know.md +++ b/_posts/2019-02-05-dns-and-root-certificates-what-you-need-to-know.md @@ -101,7 +101,7 @@ If you do not know how to, don't install it in the first place. While we trust o ### 5.2 Live Demo -Here is the link: [https-interception.info.tm](http://https-interception.info.tm/) +Here is the link: **** - Set the provided DNS resolver - Install the provided root certificate diff --git a/_posts/2019-07-20-blocking-ads-on-mobile-and-desktop.md b/_posts/2019-07-20-blocking-ads-on-mobile-and-desktop.md new file mode 100644 index 0000000000000000000000000000000000000000..1eb5452ca244ae2bd8a9d52c11ea26d9dc04c70c --- /dev/null +++ b/_posts/2019-07-20-blocking-ads-on-mobile-and-desktop.md @@ -0,0 +1,61 @@ +--- +layout: post +title: Blocking ads on mobile and desktop +subtitle: Locally getting rid of ads on most™ platforms +description: A semi-quick and easy guide on getting rid of ads on most™ platforms (browsers, Android, & iOS) +cover: /assets/posts/adblock.png +date: 2019-07-20 19:09 -0400 +--- +# Forward +The more I interact with people who don't care about ads, the more I feel like I need to do something about it. To be quite honest, ads annoy the hell out of me and I can't stand them when I'm listening to audio (podcasts are an exception as long as they aren't **too** intrusive), browsing the web, or watching videos. It's a major inconvenience on both mobile and desktop so this article is aimed at the "normal" user and will cover how to block ads on (*hopefully*) all major platforms. I don't use iOS so I can't test the methods listed nor do I plan to do too much research into it. + +For quick navigation, if you're simply looking for uBlock Origin configuration tips, just jump to the [heading](#ublock-origin-configuration) + +# Desktop +The biggest one here is in your browser. In my *personal* opinion, any derivative of Chromium or Chrome isn't *really* worth talking about when it comes to ads because they're an advertising company before anything else and that's one of their main goals. I recommend [Firefox](https://www.mozilla.org/firefox/). It's fast, it's private, it's open source, and Mozilla isn't a company whose sole purpose is serving personalised ads. That said, I still recognise the fact that Chrome dominates the browser market. As such, I'll address it as well. + +## Firefox +For general browsing, I recommend [uBlock Origin](https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/). It's fast and lightweight yet very powerful and comprehensive. If you want to go a step further and have the ability to really *curate* your web experience, I recommend using [uMatrix](https://addons.mozilla.org/en-US/firefox/addon/umatrix/) *in addition to* uBlock Origin. It's harder to get used to the workflow and it takes quite a bit of time to develop a good setup but, once you do, it's phenomenal. Check the bottom section for my [configuration](#ublock-origin-configuration) recommendations! + +## Chrome +Same as with Firefox, I recommend [uBlock Origin](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm) and [uMatrix](https://chrome.google.com/webstore/detail/umatrix/ogfcmafjalglgifnmanfmnieipoejdcf) together. Check the bottom for my [configuration](#ublock-origin-configuration) recommendations! + +## Safari +Again, I recommend Firefox. If you're stuck on Safari, however, [uBlock Origin](https://safari-extensions.apple.com/details/?id=com.el1t.uBlock-3NU33NW2M3) is available as an extension there as well. There's some general information about who develops it on the main [GitHub repo](https://github.com/gorhill/uBlock#safari-macos). For instructions on installing it, read the related [wiki page](https://github.com/el1t/uBlock-Safari/wiki/Installation-and-Updates). If you do use it over Better (below), check the last section for my uBO [configuration](#ublock-origin-configuration) recommendations. + +You can also use [Better](https://better.fyi/) from [Aral Balkan](https://mastodon.ar.al/@aral). This is probably the . . . *Better* 😏 choice as Safari is known to disable uBlock Origin because it's "too heavy". I don't use macOS or iOS so I don't have any personal experience. I got some suggestions from other people, went through them, and chose two of the better ones. + +A close friend of mine is currently testing [AdGuard](https://apps.apple.com/app/apple-store/id1047223162), a free adblocker. I'll update this once she reaches a verdict. + +# Mobile +Phones are typically more limited than desktops so blocking ads here is a bit more difficult. In the past, the Firefox Android app had support for extensions but, starting with version 70, that will be no more. Other than that, the only decent way is to use VPN or DNS techniques. I prefer Android but I know iOS is also popular so I tried to find some solutions for it as well. + +## Android +### Rooted phones +If you have a rooted phone, [AdAway](https://adaway.org/) is 100% the way to go. It blocks ads not just in your browser but in every app as well. You can also define custom blocklists like the one I have at [/hosts.txt](/hosts.txt). Tap the menu in the top right then `Hosts sources`. In the box, type `nixnet.xyz/hosts.txt`. Go back to the homescreen, enable/refresh, reboot, then enjoy ad-free Android! + +### Non-rooted phones +If you **don't** have a rooted phone, try [Nebulo](https://smokescreen.app/). If you use F-Droid (which I also highly recommend), the repo is at `fdroid.frostnerd.com`. The source code for the app can be found on their [GitLab](https://git.frostnerd.com/PublicAndroidApps/smokescreen) instance as well. Nebulo is an app that lets you use DNS-over-TLS and DNS-over-HTTPS on Android. To actually block ads with it, there are a few steps you have to go through first. If you use F-Droid (recommended), follow that guide. If you stick to Google Play, follow that guide. + +#### F-Droid +In F-Droid, go to Settings > My Apps > Repositories then click the `+` button. Type `fdroid.frostnerd.com` in the box then `ADD`. Wait for your repos to update then search for `Nebulo` and install! + +Open the app, open the menu in the top right, tap DNS Rules, enable AdAway, CoinBlockerList, and Energized Basic, tap the icon, then toggle DNS Rules in the top right. Go back to the homescreen, tap the icon, pick which server you want to use (I recommend [mine](/dns/) or [UncensoredDNS](https://blog.uncensoreddns.org/)). Finally, tap start! You shouldn't see ads in any apps now! + +You *can* just use `fdroid.frostnerd.com` but I recommend using the link with the fingerprint for additional security: +`https://fdroid.frostnerd.com/fdroid/repo?fingerprint=74BB580F263EC89E15C207298DEC861B5069517550FE0F1D852F16FA611D2D26` + +There's actually a simpler way to add hosts and it works in both the F-Droid and Google Play versions. The section below details that. + +#### Google Play +Google doesn't like apps that block ads (being an advertising company and all). As such, the Play Store version doesn't have blocklists included by default; you'll have to add them manually. I have my own hosts file at [/hosts.txt](/hosts.txt) that you can use. All you have to do is follow everything in the second paragraph of the F-Droid section except you'll tap the icon instead of enabling the host sources. For the name, type something like NixNet lists. In the URL entry field, type `https://nixnet.xyz/hosts.txt`. Tap the add button, tap the icon, then follow the rest of the F-Droid section. + +## iOS +As I mentioned above, [Better](https://better.fyi) is what I would use if I was on iOS or macOS. I've heard good things about it from people and I think Aral is a trustworthy guy. + +A close friend of mine is currently testing [AdGuard](https://apps.apple.com/app/apple-store/id1047223162), a free adblocker. I'll update this once she reaches a verdict. + +# uBlock Origin Configuration +In my opinion, uBO is one of the most powerful adblocking tools there is. It has sane defaults for the new user, the settings are easy to understand nad navigate through, and there are many advanced features for people who know what they're doing. **Protip:** if there's an add on a page that you don't want to see, click the extension icon, then the icon, then find the element you want removed, click it, then click `Create`. That will hide the element in the future 👍 + +Personally, I recommend enabling the majority of the filter lists. I have all the Built-in lists enabled, Ads, Privacy, Malware domains, Annoyances, and Multipurpose. I've also added my own [hosts file](/hosts.txt) (generated with [`hblock`](https://github.com/hectorm/hblock)) in the custom section. Other than enabling additional lists, my setup is the same as default! diff --git a/_posts/2019-07-20-setting-dns-on-mobile-and-desktop.md b/_posts/2019-07-20-setting-dns-on-mobile-and-desktop.md new file mode 100644 index 0000000000000000000000000000000000000000..cd0191b55e5142bf59640747f9723edeb2f86668 --- /dev/null +++ b/_posts/2019-07-20-setting-dns-on-mobile-and-desktop.md @@ -0,0 +1,107 @@ +--- +layout: post +title: Setting DoT on mobile and desktop +subtitle: Enhancing your personal privacy by setting custom DoT servers on all your devices +description: Enhancing your personal privacy by setting custom DoT servers on all your devices +cover: /assets/pages/dns.png +date: 2019-07-20 19:09 -0400 +--- +Changing your default DNS servers to ones that use DNS-over-TLS can do a lot to make your systems more secure and private. DNS is also a serious tool for censorship and tracking if used foolishly. Before choosing a provider, make ***sure*** you actually read their privacy policy and terms of service. There are some good recommendations [here](https://wiki.lelux.fi/dns/resolvers/) (I'm partial to UncensoredDNS) and of course I have to shill [my own](/dns/). Once you've chosen a provider, you'll need to get set up. + +# Basic Information +For the *very* basics, I recommend reading sections 1 - 2 of a [previous post](/blog/dns-and-root-certificates-what-you-need-to-know/#1-what-is-dns-and-why-does-it-concern-you). It has good information and sets you up for this article. + +Another useful term to know is [Anycast](https://en.wikipedia.org/wiki/Anycast). A lot of servers (including mine) have it set up so you only have to set and remember one IP address or hostname and you automatically use the server geographically nearest to you, the one with the lowest latency. + +DoT stands for [DNS-over-TLS](https://en.wikipedia.org/wiki/DNS_over_TLS). It's a protocol that wraps DNS queries and responses in the [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security) protocol. By default, most systems use plaintext DNS and this is very insecure. Plaintext is . . . plaintext; anyone can snoop on your connection and see what websites you're visiting. If you're using DNS-over-TLS, the only parties that know where you're going is you and the DNS server itself. This article focuses on that because it's more secure and private. DNS-over-HTTPS ([DoH](https://en.wikipedia.org/wiki/DNS_over_HTTPS)) is another option but far fewer clients support it, it's more difficult to set up, and there are far fewer DoH providers. + +# Setup +Linux, Windows, and Android are all fairly simple to set up. I don't have any Apple products so I the information there likely won't be complete or particularly good. I still recommend reading it, however. + +## Linux +[Unbound](https://wiki.archlinux.org/index.php/Unbound) is what I use for DNS on all of my systems. It's wonderfully easy to use and works very well. Once you've used it for a while and have built up a cache, it's much faster than third-party resolvers. + +*(stolen from [here](https://wiki.lelux.fi/dns-over-tls/unbound/linux/))* + +Filename: `/etc/unbound/unbound.conf` + + +### Debian + +``` +include: "/etc/unbound/unbound.conf.d/*.conf" + +server: + tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt + +forward-zone: + name: "." + forward-tls-upstream: yes + + forward-addr: 198.251.90.114@853#uncensored.any.nixnet.xyz + forward-addr: 212.83.138.44@853#resolver1.lelux.fi + forward-addr: 91.239.100.100@853#anycast.censurfridns.dk + forward-addr: 185.95.218.42@853#dns.digitale-gesellschaft.ch +``` + +### Arch + +``` +include: "/etc/unbound/unbound.conf.d/*.conf" + +server: + use-syslog: yes + do-daemonize: no + username: "unbound" + directory: "/etc/unbound" + # TODO: fix DNSSEC check + # trust-anchor-file: trusted-key.key + tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt + +forward-zone: + name: "." + forward-tls-upstream: yes + + forward-addr: 198.251.90.114@853#uncensored.any.nixnet.xyz + forward-addr: 212.83.138.44@853#resolver1.lelux.fi + forward-addr: 91.239.100.100@853#anycast.censurfridns.dk + forward-addr: 185.95.218.42@853#dns.digitale-gesellschaft.ch +``` + +### Using Unbound as a local resolver +```bash +echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf && sudo chattr +i /etc/resolv.conf +``` +This sets `127.0.0.1` as your nameserver and locks the file by adding the *immutable* flag (`chattr +i`). To remove the flag and make it editable again, run `chattr -i /etc/resolv.conf`. + +## Windows +I know the title is for DNS-over-TLS but, from what I've found, DoT on Windows is **incredibly** difficult and I can't find much on it. This tell you how to change your plaintext DNS configuration. +1. Open the **Control Panel** +2. Click **Network and Internet** +3. Click **Network and Sharing Center** +4. Click **Change adapter settings** in the left pane +5. Right-click the network interface connected to the internet, and select the **Properties** option +6. Select and check the **Internet Protocol Version 4 (TCP/IPv4)** option +7. Click the **Properties** button +8. Click **Use the following DNS server addresses** +9. Enter your primary and secondary DNS addresses. If you're using mine, the primary would be `198.251.90.114` and secondary would be from some other provider (such as [UncensoredDNS's](https://blog.uncensoreddns.org/dns-servers/) `91.239.100.100`) +10. Click **OK** +11. As with all things Windows, **reboot** to finish applying the changes. + +## macOS +I got this tutorial from [phiffer.org](https://phiffer.org/writing/dns-over-tls-on-macos/). I don't have anything from Apple so I can't test it but a friend of mine did and said it works. + +1. Use [Homebrew](https://brew.sh/) to install `knot-resolver` then set up a service so it runs on startup with `sudo brew services start knot-resolver` +2. Use your favourite text editor to modify `/usr/local/etc/kresd/config` and add this to the very end of the file: `{% raw %}policy.add(policy.all(policy.TLS_FORWARD({{'198.251.90.114', hostname='uncensored.any.dns.nixnet.xyz'}}))){% endraw %}` +3. Restart `kresd` with `sudo brew services restart knot-resolver` +4. At this point, you should check what DNS server you're currently using to make sure it actually changes. You can do that with `kdig nixnet.xyz` +5. Go to Apple **Menu** > **System Preferences** > **Advanced** > **DNS** then add `127.0.0.1` +6. Test again with `kdig nixnet.xyz`. This time, one of the last couple IP addresses you see should show up something like `127.0.0.1@53(UDP)`. + +That's it! + +## Android +Note that DoT is only available on Android Pie and up. For other versions, try [Nebulo](https://smokescreen.app). I go over the process of installing and using it in my last [post](/blog/blocking-ads-on-mobile-and-desktop/#non-rooted-phones). Once you've gone through that, you're pretty much good to. If you want to add additional servers tap the server icon, then the plus at the bottom, and add whatever IP addresses or hostnames you'd like. Mine is included by default as **NixNet Uncensored** so all you have to do is select it. + +# iOS +As far as I've been able to find, you can't. I'm sorry ¯\\\_(ツ)\_/¯ diff --git a/_sass/_default.scss b/_sass/_default.scss index 21e1f71076ea6933dc177a9c62893c8148e0a2cd..3964b0a1e549b4d7d66c811eec7da83546b7096b 100644 --- a/_sass/_default.scss +++ b/_sass/_default.scss @@ -93,6 +93,7 @@ a { } .content { margin-top: -20px; + word-wrap: anywhere; } .content .headerlink { display: none; @@ -118,13 +119,19 @@ a { border-bottom: 2px solid #fff; padding-bottom: 7px; } +.content > h3 { + font-size: 21px; +} +.content > h4 { + font-size: 19px; +} .content a { text-decoration: none; font-weight: bold; text-align: justify; white-space: nowrap; } -.content a::after { +.content p a::after { content: "\f08e"; font-size: 15px; font-family: "ForkAwesome"; diff --git a/about.html b/about.html index f7caca5a5aaae5b9a2d0916f4f341308cbf09ca8..d02699ce6ca6cf62af82cc9fc5530d5e098dfbd1 100644 --- a/about.html +++ b/about.html @@ -22,20 +22,20 @@ permalink: /about/
-

If you want to donate in crypto currencies, I accept Bitcoin and Litecoin though I do prefer Litecoin because of its speed. If you do crypto on mobile, you can scan the QR codes with your preferred app or tap them to open the appropriate app. The address is also below for other methods.

+

If you want to donate in crypto currencies, I accept Monero and Bitcoin though I do prefer Monero because of its privacy-by-default features. If you do crypto on mobile, you can scan the QR codes with your preferred app or tap them to open the appropriate app. The address is also below for other methods.

+
+

Monero QR code

+

Monero

+

44rQhN2PwB52RZnKbez5XGXweMdDvphMhZE8CRBhrtSq1nciTxGzZEReEmkhH19EnbKk4k884PrbVd4LaT1ZMqSHCpTUEcH

+

Bitcoin QR code

Bitcoin

1Q3o8Wtji2QS566BExdcPGMk76NjJgHrcz

-
-

Litecoin QR code

-

Litecoin

-

LUUbRvipXwcf3pFAXLVJV4jYmK3uBYBJcq

-
diff --git a/assets/pages/dns.png b/assets/pages/dns.png new file mode 100644 index 0000000000000000000000000000000000000000..a5a0bc8a2d1f05a44de8e8594b632d13ce3b1289 GIT binary patch literal 4901 zcmeHLc{G%5{~ufOBucU~l|+qrBw5E6Nn}Ye$Wjs|Np^-oi{11@C=87U^7-}#;M{_+0tI>(ta*L~mDT-W#W{Vdm=;$UaB z{};JmU@+Kz>x&jwU@(3Z48~`;cMllhWA8SA55W*~>#KXgAA0YtWbj?&!9~{)7)-1S z`saIr5R(UkvZ0o!P^X~Vp%FJ8`obb2A~f#Y4+!zO@xWIj=%HUe+ei)ulfYYBm|cx5 zSQv|~91h#=S>ox(kA{i~+NH!COf^i3%IrB}#kgSkU~6E+t$|O6_Nw-XO+eajYA>~1 z%r6DzydR;~mWk-sSXf_b)>klduo-M}$E%5oCDjQOtZXV{2yq)udd&S3a|&=QMt_2{ zn&{y}@t}nnySQGvcFhI`dsf!Q;)B5yGdlTU7f;l{V9!O=Vez;4_rZ?5{O{1er4qx< zpu(m22+p`x~vnOhe{Wqv(!>eMN`d*gjaN5_N6Xm0ZTu@*~LS62m-I3qbZIXsDE zEGI8t0zTF_6Y!X|`4nW#TG#iW4iB!EkXl|Rzj3xk+u}do5D1yGv$N}6s>TN&35#d; z_V#AS&}g(C95RN^!R*Ei4i8@l3=CAzdvIiG+;r2y`P#LiE8M;DbyZearKOh?^ohH7 z@8Vlp4EF4o3$=q|CP=Z4?(XvWxV)s;BI=$93jm* z>x3m%37LwMJb3W(<;%oi1{u{J9aibpVQg2R=g2({b&o;8>+?xuCYY${$7}_o1itOx zA2Lq+P1%aR)C0#(Y)$Jf^&+Yzk-`^`f%$#9k`FGGYQ~-{yPPjIHMKC8`@6fF+szM8 z_b+|&+Bx$s@Vhftp*TZOipq{%&MHd(R_E9ASmaPD?)lB{?*fVFjpfK6Gvy_v-I#u= zl8Acom>ekeD0-z&D{gBYUtVw+lslt4O}gikX2*4|d>~&BOSy259 zGMVh}@1I;^g}q>5;p;oqs@m$}?0lgkZhIWb7x(A0qkgNp(z`!s9pryJ*~gfC|HyAa zEB@Ufl<7x#!|;2f!99xo)m|NgnADsZ_(FY&)_rG;2KQ~d`+^i4kEEO=8|F<&X?DNbB@-V}1~}52t!jjrTpQNxfNNaWnv#4|}v3D(3IL zrtSd7-_sTJ&%}YIuqZN)bqkBNv9U4Q_&W>giLcEee#gznii2JP@hUcwRYvP}4fi*QTaWQy+T~*6YX|88#E4u{&$n`w8P~L}}o)Q$dk{>)% zn)`0{$J3`zn`X-LZ>~)Def$)!4ao7_!PQk3Yy88%f<6n73g)!)$g@KgHp^9=+K$f7 zQlN-f{gCOdC(@pgWSZ{Tvt8-3+VsW0KKR{Ge9&UBI!EISz4b#%I+-7Ww9(U0pM zjx}1o__@$fH+=qU{|&K8^u|;!&UtHbW?m-ni4B2cE* zFO8xeZcPfCB!4M1?BGxo4MNqVPP=8tNexCZ3wi8>*U}!Lj*$LDb6E!gV*TwgJkTI9 zJZe9q2irr6-5f{eapAk`R$wiq?3cgZFjq&_ObVD}4Udj0tS~9qh5%Zbu`$&Ef(kC_ zDu3=?@{@hiWd%M%poL^WXATYyS^!PB{_vwp@OTunVb)XCt{_>_FuZHJFW(2$j0pNb zFKYQ#zU~@(%y61g1V5x|ho+cFyEsG(N;y0qN7SAXrzxDfhq5g)MncWPEW*UOGfCyj zR+(KzJKXa15AdA>6eRC@K8N>26Mgi4%S_pB13hyt_K?jUPl zy?R9-b`J_1s5m<{H5J^aL+kqdQXA5n6dRMT1drC6-KmF(;R_>rVY62&I3YvVT)F}0 zN`PQ^HYZA)0QjDZTK;=|xRG?YarB`LP{opKJl5b_r_Xs>%C{*v#YcPgU-FE+4T<%q zTurPMJhpx)2%agYbBYb*64es=wkc5p>JwV2O|D)r-J*g}^~WEn95mDLq?b+B%#e#$ z27G5RiRk+&$Jt{d2Xkn09xy#=u-v{VPdCUD6rz2oyrgI!#7y`$%W4Vi=P**};^10! zsIZ#W(9jS>k|ywLmkbEUjzMf)U#-RzE|(6Q&OD&1QEz0wc+oxot&Z{T`~9@k)Knl| z@7QClJ@t16@GjM!#5)6J;TSpONOyn`|#kRmOr&vM*FsHx{MZGz`oc-(J+FY-Wvn?kOG@yh5tY1nUb)aK&jFXDvdf_lT8($j&Tp-1dTdnX)L9o2he=4$S_J}FS zY_2UJqRE?g#pM&URiUW3QS0~rN=U9uyf7>~6{HjyWOQggdx@T=Nd|G?xfI{Ri%$N? z9w3N5-)emWTYC2EjvkQLy>II#Sno1^Oz=N0n--=i!RqapUkZIXM%=OULq_NB)qW>6>ORf315i%$ z+5WL=Y0qaI-r5ymTF;rknkEOV5vq631(bA9EMJ>ymc2IabUsb`F1WLudY}!fspn!kXy7 z^gG34lxvDDASr_M73hwo{p-RRkmS(3)``>6dlrKPrLvPxI+Z~V(y#4b4%i?K+(8{& z5=#(LDXy$kCx8Or{it7JL4Tf(=KneF4J3JK35#iC$<~J`Ur0~3(P;jiC2P7@T}=ek z72Kxym?@FH2TU=UiXf;#-<9Qy&w}eHkjohOG>ucydlb8^-4N_j&f2B*O{0YwlLDb5()iv{MciD!@iKJ+#AV&yza5FQBhGKhOVR&zSZ0~ z58$sD!n%T^LDA+Y^9$>hPQY;2Ty@9zY|s4n#vt4Lb5%n$fi2AhAviz9XvKCEv%6hI zB7u$iDWHH#!F^U|hpOT}?`&@t1$!g67C-#-6_aV-Tn}JolK(D3`GSyn+7cTtUWce| zJCmc~;l>p;cvg+so?FW8*eYeoF20^V{C^)Oi@kwnssl*UnUa$B-e&KCFs0#4g$Jlq z2d?1Ha@PR)EP-l_b8;{Oz!*N5jCWDE7&8A=3qWcLo_Up@&uC`i5CBCBprrNn>#444 zuK*uvZhUx(SEZU6ZF2`K?P2ELX4a_I@IVl60IcDJw{K4>VYZg=ez2o8#m5zl(R$8R zZr8Y?Bh6MyQO7eC^sjJ5kAS93haAFq-mU@!8FhBY?hbf@a{%RVOiV%V03^oIdlm+f zywO8Jq>bDC+VK&fwT_A#uX}?t5eamq_S|q)T9Q)q8}+iiLzrLi z;=wDR4 zX#@{qimKZCXEgr3JILw6h?Xdnf)28fKf{ literal 0 HcmV?d00001 diff --git a/assets/posts/adblock.png b/assets/posts/adblock.png new file mode 100644 index 0000000000000000000000000000000000000000..c0a14287139392b539697ace156e1b7dcbad80ac GIT binary patch literal 6781 zcmeHMc{r4P+a4lHmdU=;f}*^#W>;xaB=yLWEsE@qY#~dj?8cIPE0kjFB3tM^M3!l-+$k6e1E)-gE63BpBw zFI`iwOYZhwzE^KvNBR2t9(8nc_O!eD=k=rRHytu&)dgV9n%*g$KW=5t39^NFX92e_R&6)mczSy)sgpUwQpho0p|m;cJFFxkS>;P&c! z>)7z{L_^KvCHT!X(=r^v4&Z zTE4a=+I>isGcq$v>$-=^F|?sO($R$x71r8X?X<&cEI;$E?=3PR#wZW-8ES2K#Y^mX zCVGdlicf8(>XJp!>Nk(6=LJfW6WPI=t9){{ry904f3+*{YrkQZ5%WBF@F4PM0=J0; z+Op2eu_pj$jn@oXsUK+#W!L1pe?olW9*T8;S%^M$s#m(CZmLj9R@U%mkmp24Oom(C zAs$()%&!|Lfs;0LX;RYCQBkr@Dmz&PmaKWpm5m=?2zTs$+S*rcXE)Pdtv4e0NRxr* z!XNN^)T>Y?;(cB#zAQCgH&QjJ)LPVc*v~ElTwW8+?&Gu^t{9Y!u)M@L7Y;PnNM z&(~90tpa9@d#X)JEcks#0)6$f)jw0sw2hc$9+@RQeAwba6y{B_@^`%bEyYOnrQO@;2qlNTg?{M$M!sqf*a+J6?F45EDfd4OUljAI_wzXiM)a3pr5d zJ10_*^-w|PUMOXw zix(59XACZ0y2OdZ5{XkZzr5{Gowpg5;p@X@dVy;-Lq1V?v8sogR@>cA=V%7zTGsoR zVS8i>3kz*YIJ1Qh@|`U>vr6>`OgA|0F!nf+Eq!AkX)0{Tzs5~=7Z@&0f0n1jA1lAL zFqSIsaDIJUbSs>Zg{Nhzx2RHN*Ns;UJRE4W+FXO@bkncdg;v?11?#P8{MKey@s%1J z#yS3Su{n2X)0&fvWu3yXKc)BL^10$55(3DE zkrY>MZtj>onRaa;cx9@nROx*V)0y}DGH)YlJtyon==qDDKaVI4oN+e8()FC|m&DPx z6S9cq?Ak%hGH-V=nS`u!n4*r0SBPsd@O-@&D!okimi-Rn@zF1lfvBG+ZFJ77ytEZX z7R7P0m7rF|%TPB@Ts!&u=II@AqVy~`U%yH^@i>mktgW#N_PoQmees0N)$RLW^D?pj zygB{Xu;#m&9HxCt|I4EPd;;}p{_RsT%lv&7?q8_wJ^%cZ@hx^cL56ZWiYh9OZLX2= zq}m}Pj4-#bnvcs*e`gXd0xITt$IN+^(R&i5Ne=r2VK=(1>+R`^a<^&osx<*iU6{Op zm01I;xoWai5!oN0T1=(Bd-pC?D>$fuO1iQDStepc1GzGkTq6?_68eIE&Ez?gOS&2Z zRwldhFhaM!-05lx{3X$8rBBcDJETD`s-4M%D#vcywWS~Be~!L>R#H+z?sNq_cuYPH zJH55JG2X&y7=1oVRdF%jz~OfWsH|bGtqBLujSUCP#o*V!$;Pa?SNbh}N5K6dOUNoQNue3ViwFX~r0?vLo{Or2>gvoiT#S zgq8@-@v83gQ3G!EM_#ymPO$m31PH4Tp?f9?Xb>;kXWyAEyn~4?S}##T@x6g^QDNcs zAu2mH)er_;-^e&?qw^Om$l>pg*2|DeEC;43Nab`ug{7)`J5`qUa{LW1^Fd6j%W%W- zAm|8$jg=AWDn-h_)7)wTtYAloj@ZR1aZTgwDOxJu&z2fyaY=^D8(vdAhu*z^KOVA! zEqr#Uo`_VLqN1XakrDb_%F!64z8m}&1-!(60qy2psc}minXGzZb(?)%83FdR?hKpi zS?^(OuQv}^7a-a#a12o>zoNxPmis5x=e9Q8mw@uyVvGgP0pw}n9DsCc za#44`{gcH69~SeR=o4@zTFb zGLxfb@a8!$Ae6SbUH}(uV=h>fN!aT`*1+a+4L%0asN~m9n3t3LT~b>kWc()e<>neC z4|ua}xDuGht$yZ3pF>Wd)6nc2cCBcw%>`^5$(7kb?yvf<aWeytf9{ywbB-hJ0Q*`jw zuaOMb2c6@4c(xDo42S#RfA0g*LC>rH$hWtiXjtrss;H-as7d3s3dPZi|x%Al`zhOI(<-0jZc6M@_^5&&I{1;(-jv70B=uiYC zA5U@}hU(pCuxR)@^0e?W+H${hskyc6GUndj>EN+0IG^Pd*x2X5J@YRLtfqnBaSm*( zs(Oh(@jtF=Zqmlht>*@7J>w--CI9B8BTaQp2UEv%x>-k~*tU@;LQ61Z}t;~(g9C|gyn3I=mFz;J~>bt)HkX~a1ya-(^iTlzAWYcYOf#=YEQ zoX{EA82D?sd}TO**EM@(Bp83gna)76Obnw*`w|K_k!vP2bWDAM%We^xj$2#OqF0j=tE~34b?zNQq09wHATiTI!v# zKUO98^90Seb*-N16Lg6Et*URK)hVfZOD0xH-bm*gox_e=)`g@+T{xS^gZryg^rtat@we3wL;K3EmhgwD#2Up{li0-#%d?B zi@Y;VvTIaz)Hf7--+$sQFGS+vhe|%E!hoy+8S5tXHgi_L8#leZz4r(z;mnTS$^nXw z7CK(hF#~Ec;r2|ON+{#%KIF0d;%0!Fvj#q79i%J3f`J#DdG+CKRWy2^7g0rR_O9d-%S^9NdU7_+Au7{lZ!}j#jFXa*wF3~KH@hw;!d(fL~u$H7KoxFI7%`|&@Zn-$040jjVr_TX5>Qb ziN_qJ_)UM39g4Nb9-I>`2VB=wX<^~voqPB=!2cZTPX|ZTRceg~&W?s=sz5PE?8@Vl zVT2X@*2b29@yRf@E`0Eo%H*TaF$jTc&qk$_=Uefx76auWu7aE(f6z4&KLV6V71!U} zzP`5$l&3;m)S!46_?PNjYcET4a{&_z4_%?ar7k2*w-(!#6H7h%u7R)QFvFtJ zXbPz~3Pd;IE+dOAq^$hrw|9MIS5G2#^02h@R<-3sN0wcfuunKpo%r&gXXmy&^q+i; zNIt|Y7Yyh+@_52A%yFoZKxiu85zY z7&#eBaoK{7ITF;7>;x7HNnmd9bGjR7-@adfFb&bG?i8Y-@kDbEQbAgn7M>tNL=E9boT(SlJ`) zz6L+f!N8Rv*o||@n`~JQsu@Q_?d352cvgLV{!K~iyKE6KG-fzGtggs@q;{Ux1$j_e|C_qIJ)`nWqVLdNUMfhvJW3VJoZ4) z?XCYFWHwd&0WoyI+U@>(rW^s5lZ>nS@7HCOXl1|BEvg-?&+ zliQbkE>U+K`<0U1rJ{tV-k zO-YJ)$agB3Nrdc${JzGUVJi$kI1bo;%GZMsaNTLX>)HYpnO9M9@!IvT09|arY^@}u zXCKnQ0y0<%mXp<(IMxdpH=t#U*m&L>Zf zzHvDZ8AZ;)u0F2~XVjG_vk_ccqm&W_-5bzEVP6Y`QYaqgPmWx9fjrvKJogKu%@z28 z%zG@nx^x#_F^PgxC|ZQq7MQC{z8WZF<%GjzfCxbR5JKrVjH4pY5pymOf>tu7WnvVg zkUhKLK*d&#sz>W4a}k$9%KJKu2#$b}UsgDa+GDULx^^c^IQS<*x1p9WQl9&<>c{$D zxMon#)B?vP^U2%m4?>TeO=mxKPu{c{p9am&;?Gx%<+oRV;xKJ7-`=MXK?KZY+-)vk zmiclCIfFx%_hn>4;^gF1AyS|lu)aVXuOHcP+vYQ)5T2*`4Gn|t7rw|-f$&Nim-~?( zP0Fj1g49J&O7WW65ON%b&Roi&ETmJ>p(7KTzy)u|=g#s%+}>%{YwS7?o^|Meje20ICv>0>z?W z24>p!<0Bo9A5T(F6Jv!dMGB0-b8z_%d7Hp&ad@cjjs&Nv_A#glXA7Ut*O3XHy~f#4 zL?p>M^+$5cYo<@{1e)ehVRV@;54E*5^@k_?)P-xL}bjm4_Xh9i?ZC#Q9% z9To5~Jfn#Nsunlf4tBv5VCTj(Ax6+{owndskE-H>k*yI#HRUC3ENXnI+pu(T4TlI% zh_WqE*X(PyDk)eK&!+MvgiqD$hLBI+)tuF}*Y{b*zh}6|0=IJe9Sf=3CG$vE4M=#r zu&5+b_Vy?X8ofQ*0%bI-D*Z?oG8jdM^za?Kb_Qm~5PZZ}E}TMDZx8MjJB2q + + + + + + Alternate Shield + + + + User Secret + + + + + + + + + + + image/svg+xml + + + + + + + + + + diff --git a/assets/svgs/ublock.svg b/assets/svgs/ublock.svg new file mode 100644 index 0000000000000000000000000000000000000000..7ff13a257e9a4b106ed668249e00b37e31cbdb3e --- /dev/null +++ b/assets/svgs/ublock.svg @@ -0,0 +1,189 @@ + + + + + + + Alternate Shield + + + + User Secret + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + + + + + diff --git a/assets/svgs/xmr.svg b/assets/svgs/xmr.svg new file mode 100644 index 0000000000000000000000000000000000000000..0c814364ed074ec622ba03d5e03e11b2f14e9a18 --- /dev/null +++ b/assets/svgs/xmr.svg @@ -0,0 +1,65 @@ + + + + + + + + image/svg+xml + + + + + + + + + diff --git a/assets/vendor/highlight/styles/agate.css b/assets/vendor/highlight/styles/agate.css index 50f8489de624c0a8329db7665ad6f6f3e1c74d5b..ef342f1bb43a406f4c0f5ebf45e91fe8f03a95af 100644 --- a/assets/vendor/highlight/styles/agate.css +++ b/assets/vendor/highlight/styles/agate.css @@ -10,7 +10,7 @@ * #fc9b9b * #ffa * #fff - * #333 + * #323234 * #62c8f3 * #888 * @@ -20,7 +20,7 @@ display: block; overflow-x: auto; padding: .5em; - background: #333; + background: #323234; color: white; -webkit-text-size-adjust: none; } @@ -117,12 +117,12 @@ .hljs-deletion { background-color: #fc9b9b; - color: #333; + color: #323234; } .hljs-addition { background-color: #a2fca2; - color: #333; + color: #323234; } .hljs a, diff --git a/assets/xmr.png b/assets/xmr.png new file mode 100644 index 0000000000000000000000000000000000000000..5dcfd4d8acfed8dfe871bc229e1f10c7f0f48956 GIT binary patch literal 9934 zcmZ{q1yq#p+U^mM5(xpNQ$j>gx?|{&?h<6^?g0d(J4RZ12vI~}=vGk}P`bOj8$s}U z*k_;p?Z0Oo)RfqIr9JbJ{xD zyIYvMSaLeMS!eEwQlg>JqbbTrX~VL1viaQ8uZG%U5W%9!)=sg_fagf0)tpySnD=^`6qD>0A!>oT zRpQmAdv1;2T+a{Jk5*ULB3lz_C#`E7f?Yd#+aHKK71PCWVmgOVZF-&I+MGH2PPL6 z*Tlhx($f6=e5u-*`7a?~Iy%DPWMpJPrsZkdW2Jgr;BJ{g>zrnSkw|X2)x|}0CnqPQ zZ*p3iw3b$qLsMcRQAI^Xq9ZHB!h%U#N2jay==2l|8ykDVYppjsBtD)%t7Mev_tn*x z-d@$(?8Knt)YPv$eWF7aMZVEVNhGh1dIVxWe*B2Pai5IrHWj}^BF$b^pLhsY>p7%$ zCP&Qg^VnD#{D}b)b8>R>;pJ^i%+J=j{v9a1J9o@ix>I5~#Kmb-xn6LVcAoA`EnM!k zr8%Z$X5KkHJw@)w2*UR19VV+4YiBM_witwk4Qpo(SAHyjZ;I8+T6KSvTXL8k`p z#n3;b$6&z0MM>g7&>84LBQi6oLPJB-H6O@$dGV9uV|DQp5D*ZNkhG(+va`+qTwfuV z?0G4N(>mX4z3Z2g)Yc~T@bXeRb@%j?MP6TB76^^l)g-o_oSZ1|J53Ar+wjKz?Cw_b z;-DS-WD>H}nZScgO}(G*t*xgQk;A~jfq!wl!8Fk~JxyJ#k}>FS*(9Z*K|DM<%D!1T zE(w7^=Hmor)hA6Nv$CiSFkHR8<$afzmp|K=x3Gv@KQ3=Z?-M)Aa%ifr7i8n&vWEKj z_?X$-Kb{&(mkPmR@E;l+oaYMsrCisEj;5fX@cQ#-Nm>86M^B!}`u@z|kze-VXmcF4Y<=O$^EsE?+`9QbR? z4(#8@#va_~G)AF%vxGvZ)oF!({T??Jm|_%oL@Qqcu<{=jTfamM8Ps>A4btwBo<_ zr6*cvXJ^+bjE#+>Y3ZC21 z2VNiLQW)6TeMk)2o@=8cpc9|o5t^Es8mPj?#KfUcaB+ExiH*&}U8Wm@4?SG&A|fXK zg35s{;<7z@WDc#Ytc(rv@bF-}HjR#nfzyi0s13^6*x6}*bcR5J74L?o>i>7Ur4M8O z;v=D?jAk@`PJx@JTgve48618<(50lL6iVG+W!=YUASZ|Ah5|jT-c(rlaFuuF>sR!R zj-|mOSXMvb&cT@QiH_Y+ywk@Q&UFk4KUUX9_!xUJ%2yO zbCV1Du&}W8V*z1d%Ce%f?Fo!Ozxo2nCkhpl%yy?6knYVFo27X}8v)l2*4Eh0ZCAAp zZRYLaUqE+pO{pfwQ3*giJ!_zuBHp`sC6)pL0{Sh!d`wir9&CeUg@u?W*?ji*Wn^Vf zB)8@W+LSSD9UNo`o^U;EMj+5@z<=V5rQnhCiYI%l`_y|-wg8QqnmV-Of$YQOS+l2k zYsUu%Qahj>LOe=8e1P~rfB&bP#_%Qaf6X^DO}dAioT{!etb5nBnjLXe*nVfbme7WV zhNt$U9CG)msA49I3JWDQHSaM^AuaFVlRte8_rLzN_S4hM6j6J4=$8LVPZSg_&d@ux zG{>`Ek-g8^BHrW^T54jqpFDZ;<_ZkNflG2eJ5sl4S%b=#x1;lR=i1s3mBuC}180oU z(`0kIFEud+YbK* zwD;{go7~N&zuNmgIEa*QOuzTfYt0+S?&|Fg2Ys)# z8Jwv66U*gHspP<9T``H}OQv(HPunm$+G`X_q2I1XBCxiuPClx}NAwWIRN=ZLCs%9T zN2{Q!n!3|uH^QFWe37Ikek(9Auq(i>hLV6<@H2{?ojsHhOGZ&eC3LU#G9JD&-9QqK zPr*1*UR6cX5l>^!Ee1oa=q5obgUIp2X`ef=<6~iPKWso^7E8VxdUkY3?L%v2WyN-s z-_S5FaR?gs_#v^wRI*?W8JSXSx zv)6N8ahP___d6bK_qte?h&vIC7CfQ6HojTEJu%o`%Nec?Cg#rZ z)>s03WOVc^D1GQ97A7Wr=llBl^addG-sl+yAtB-MtS|TllP2{pK|(y- z0s?7bD%+3v`1o9oR-enQZf!kYmVWCAKDzkWIXFn!F)OO@`0AI}*4ksZT1!gGZ4NiPl2~~x^FWO+tPd1K zuaa8sOxCdJk*5T);E?<;NkCK^LDj0$76xHpv+FMJFSM5oyFsB3r?(j2YqRI$EQW_; zefP;!%@z(*jgpp@ZXj4|S@#eowVi76b|!t_?XCb?x4-I$oZo?b5>v?cxMY8)-LJB$ zDx|+(U2e3_`Ni=pXt6MlCD-loXWH3Y3lVfy{9-VvB*U`%%p0o| zcyxYop>*2hxpkkLNKa3XLG1A8Xd&Bs7VcQ*b7TdjpQ?3~CM%ZN2crh-9ud*&;~o@B z-GP3p&N;$;t@jynd)vXq%PVzz4E*luE^dnsdyMXIos zl@*uueufFJ2VABy$dVE^*m`~h^pa9Oz{}I~OS8`r^wPk{NE+-S2N7CO|IrswnmRhS zu?cCRP;hmSK1*YCO0@X_c{ZU}2%1)#;H#bK~1_uYzv#~|O9cLPK zDudYWCIJMFcwh<(f`eBgrZI4F0VcV*x%Dghs;eg^2KE0oba6B#L)$x&2Pq^_@zLVYrB2)^JnK!&;w-o?Ujm~GCmU0Pqq3A`A} zC8yxRewH8|L69F}3dk0=lA=eRVYB;!0mIhD=Jo$U$~>tM(p>$+bTL2vBZK3IS7)C$ zhTaW`(D7KsGGbI#R7lP#8yIA~#8?p8ZRYM5Emq6z%_`jT5Qfrwd3i+#$^&>&H#Yu> zG7Y@)Oy_rei#YhJ9{N+JR#&YA-BT^u;@h+aJ?E?eEJ-?J2DFTBsGBRAw_s!+3vM|ul(ricV zYSs&9!Ru#XOLsMDEOBvgUW1F9@Y)(JlLmkQx$>#6ug{x#vIM08a%@~lS()NyRWtKq z{}WH2+NK!M(!JWhg=h4l-i5)CnSISAv1K*5#K6QG$LEPf}VrR_ycPftVF zFweQj6{MvxCTG@%-X(0)IHO6b+5ySbjdTL2&YNm8>7SE7Ix>>)BPJ$h$#b;fAv~-` zI-8AC}lg*I|s~*Y;FMye( z-KWk!qexg2X|>*|%3gr7Aeqq$+$yWYr$q@wVv_CCT@tr&nfaMpI3C@m=ag#t=A-n)*Kz!3PGhoGa;&s_FGBC(a{l7lybAZb96Q|zjSxwZM*~+7c2p8$Uv4TOj&;kt@pB_ zdYiL(Z#ezaCr%q%TXSf$Wl2#Hv#&E^r9@W4fqr0M074cflOflOl7g>ObG%qVG>G(PrO2JbVf57_+#wJIl=*@ChJV{@UT`sT_6=*j3QeU*J;125--_ z`cw5x3=9N$*xT5sdyHeFxoiwFuR17e3upkrt6{b|QmRL$vw%*-n|S8|Cr(PxDm*AfO^9b=Y;4w_CxzSrP#)Itn2k+R=k?e2_KYD`N?Dy~AP?iqkA$WpeTEBYtXmTuHCy6CN4Iqb;hI@1>4 zd~YX9%dm@RmNfq2($YI|L2hA{MkrD3i*2-b|FlIOy=C=#|~->;##DA!zm zN6HU|$#6Ks7XDnb56Q}+owIYq`8iBZS5q_i1J41uM1ZJpR9|oJ>S}Of+D*Y^nTf`> z_2oj9Ix~Sl-F6fQ_KvIt1{#ph?THN1Y65 za)yF8#z5~jOyvJgkoUfOJaR>SK#5{vAnwsyau*sN1?bR^$WXXYJd$TR(6G+S0ZBV%-CSb5dPXoZtM3#*h7O^jsfqu3h$lAJ>Mv4VSC{FL&7-_|dRc6OsA+aY>-9@(_q%_!HxLqSfB)AE?nXBW$4AEuc#s zane{XjSZhC16$zhkeWnU$zF*@L8$8B+1_0F`oozoUv9M!YPCO(xdLE3t9L_O4ds0! zgM;X~f!9JzRARoojY*u{tI~xmk{i*PbRyQHFt!LJ4T9Bp2J{*?9)f(fmh0G z=mJ7Q6k#3ZhBeVq!K)g;uHqNKx=V=(ya_WXuwSI$H3)~P+PeT>n5Xm&4H4f4#TI}t z4Faw~D*StAXFCecL>9*ir3dqO9doQ+WrB;rkoFwN4>s4VXU*&ylyTukc9Y}-g(RSk zAw}O*q5$+x>JSSVVAmU!&z_rpd&_4J{b4~h*K(`g&-v@Q3FY3bXG9XK+Sdm6wTDyt zZ=Rop0!@E@eYr=Gf!bS2%lqf7fap2-@CpdD11KWTsH&<`FI)v6Gtjaf9gUZ4E5^r{ z(q%e3If(}pFy~N5UmxN1#aJ6RvOqoou~h?zn23U+3w3d}m$1t+Hasi|wl$Mcja|w< z&4J&7NrRZ{BBn1EEqFWO0|oLt+yIt6?)m>ZwDe$G-`ndmCYc8dB8WhO%cL=sVEyge zw|T9tIq)dchO&?)!EX{D7c~mFN=;?sRb-i7z2*mNq>{HvT{s+m0BkMbA=a6KjRPp zqzevw_Uc$+zP{bH0~;O?ce@(Hd@o{RV#wZe(tqxjym7_8t}bHXTPDEo`1bAF(;Hvx z>-V*uOl%-nVq@2qB9qOi1e~ZjUbJSx{efc$!A%oz7)Jx|!5msvR)#z)$;`|&AN^*%O9z@vOifKK9sbzeeWPbEEh+4yHu~-3JSU*q|B&}n;T4QhPLgi zv$+RKoHoXCWyQsEHYD^cELi@1{QUfEQ&+{$Gt~!=mY1P81O%zs(v?Y{hBiWXo%ij~ z4((PCyi8;|#Y(f6C3J~}iRucUQJ1*9EKAys*;g`Z!O zx?qb!xICJ%*1)(~0Pbwlvg_rk<8i!J=_Ea5NxMrjC=x!$@#Dcre;v^EMzS6l9G}%VB!e}OPxFtGI4St-TVN3 zrAm~vU%e7_AoI&(@S< zV0i=#8a6InwZ9rDx=+gYZ1*l$eta2>BO@d0_y{oAT#I3rnS0X>Ax@nX^10W;WA!F# zy@bszEg5%1ZuaK^6(wc8Pi^c%Sy%asw)h;q;f1r)Q>#PjQf>BK5$@5R*;(3}D&SaM z%+$MLtY83#O+vWB6L{Ogpv|7HQG@5GKnRAl(`$Y{KHL^%ux}^$XBL9A(-)rspKs!E z-JiQM*&Y@^klZF=RfR&ElRPxQ>{nkGBFss0iq$O*+uwJQTU}bh*x1;J<&cn|GktX+ zE5~o$ORW#UpJ^#2$h0j$Oh#V*$ELlpd9)r@hG$)fZu_g zlBq&$x^HA-Q?mWO^!j+%5oy5qIL!bsOeiQpoY8wiKWtjj#dW zWh5uqfpr+m^ij7|BR?AyPM%VYC^`lP0~?z{?aV@ZghngZKxR@$STKzB0zpbf#_;Dc zxQZ>~%xKW3j1j+qp#br}gNN7u{4+p&#PbAsI{)NfIe;A*n3zIr+e;_?b|(3Tdx3~! zF5=|mT-7DvVPRy1uzffWB1bJHNW|~@122aj<5}K}=>LrDPWT)SoXABu?M^DxBxUkFgn_J|&_+ybo&%2I>&YD=Rm_ z4AYGvft$6nz1@Gc8TfmN?q`*up&{PNI1-6mEQWHg0>=z;JK*KZm;J(l0|?ol)L0?6 z#IKIEil1v~k-RzBKRS}W{sC-<1z^h{{k1eT&AvqvBX>weHpIon*&5PR-;r<=E!{H! za`$7bvNRQwFKf0uU=)y8Jw-;)`r=STx}qA{z^H(9^~&7%>sW64^HRg{4|a3jzU?Mg zu(p1uJ}5dMvH^m-d)!2(T}@zDa%0`7n^_|ros`5N<7OB!r)e|W)Th7dJQ&+ez258# zI=P?=J<}4+pus`SVQ(-> zAUZyAK&@5)b8^BM0UrX^d^wXS*|y-UE=)X&@vlVBUM!1k{mA+Gm)~&d&K>gx@6P;;Exl2Yp_h z&3LP@NCER)+i3@g`U>-Qtl_b7$>!!}b-v=SUm?}zPaP+DWp5a=K9jK7s{_jotmR<= zQ1t8Z-oT6N`T*hM=VufH<_J9K{MWCb+*~@QB}e*w)Q=xpg_*zt?Z14=_rKot4QEQC zuyOJ6LleX=BH==Uf_YvEVyEee&J3IMH{LluR(oG=;N3CjKt=|JAfZ^2o_jC!^>L2Y z`mCW$aixcS= zx@zRy(8#V1Za!dDMSI1(&CJy3ILgbT&p$IVFo?QnY-q@*VTKQ1gSFK2$Z+EQr%wbM zU)no6<<}cxiQiM+b~)orjHGS8WJdfo0U79)f!hNiOWYMuRaH$)P3=J4u;9eRL~N|L zW@b)K{HK?P)Dt!KV~C#D$;qVq$H&?qY8l1P=P|~cyt$bCHj2^`kGiKgel5murT4_0 zo_c{~kY%VCiM)5Ccu+91fGQ-ipTP`lFWjVNjx(ngF$Tht9-yBs5Z8yrbm@EHL{Hd0c{9Ae%t?;ywQK!GBPuN zn8J4+DW&m)PNtbYAUK5e<&8OO+ybWxuq1BI0&Hn0+O?P_jIQbG>Q3`D-TV3TXTSd0 z1<_1VRaKHtIFM1*$s3!Sn#SmvXW}v^HAv)3kB#1i@`EfB6BCftwJ9nqE9ZNOl2W0P zA8Dx=nn!m6z9*yT@}BdL=$1UvZ*XJ&*3rR@1Rgh{S-<&mx}&Sq4+63abtg6rL_vWD zh0RiFKd>wj4s)$0t~IPh1iwHy*e~+-nMHU%*&cW*UvEO)9_4>dN0mn0nd#}DPewR` zOG`@;Vh13yFDWgxfVz>T6|Rq!(B|LU|I5sbiPtMYh{r=) zCpNu6Z6Hdk5il4mkGsFaGUaCBuR7SoWiO*2DqWL1zCq z_0N7AlL~AIFz;Sn7lA+Pe%LK}h6zvf)JjTCWl3%}sVMkgIBy!Y39vE0WEsvR-|YkgLa;yx zJSdGOV7%pfC;|gP%&l;xqOvk*e%@@t3#=c7)rEziSt`OfIi|uNe`14xMUQI=TevM( z3nDpEtn92Td>{a~PR~Ks0i2GH3UwgrKqMaCP;$1e^LWLrmG9j>Jt;F{jczN^iLDC@ z3#f_NM$b}pZigZeM5!GpUL9`?X^(v&1CGQa3ksOJX?{o-X-a{Zk*Tz#gy^ls zjmq_ZuB)5sP+#BDA_l@CDX-r^F$wyeespL8)0bflcD}#Bwvzxze_J0Iy^M^E{}T1l z@nt0?l6%jKG;v#wz>ZCJv+hoQgk&9W-iwX^X$(FUze=r%xj94h!yDH?P)Mlj^s0v{ z5}cj@sheD_3D{Xm$t>OAKt~J|oD4wvR01KzRcHjtHZiF1-MjX)xxhZq_Qf(FZ;@+U zxv>g_z;IO3J^OvscSmgO_pc*(Q1kg>400?Sgi2;N8NpIt`ZH;iBsUL_2BHa!83v5M z+#!||DX=5}%;H90unV)Lk{0U#oVOC06R@AdJRWm$%3XiHffLor2Tu$i z`mweEqv!hitnEjyEilDB>>V9t{V~wd6WazrWW_rRpeOXhbTl}%@aQ-`oRE%_mo@=- z1en8iCw;j<45&xBYV_txa2*Hu5Thf~hb6&lW((5Zgd_D5%f&D#)8v z3`Fk~kqTXFz)j1u(-d7?TGDtaZd!i{Oof47k_0u0tK`f%WdaZn>Q~!n)LnXFFMSJ4 zO-+ryTUcFPEiVy3{Fm;3Nmp1>qTu?8LBscr==0F4%d>(+XH&ro5ZV)hhw_h>+9?3R;B;v9EK;wJMJ}*ulmjr zLS-syYvpu;stth$;}QfH0_g2GEDDlGGFByU(kQ(PIrXB+>#k7s?(QyxEJRsJsXzM| zIQhkcWnau*gTn!j2g`tgHovgIFtrN~4!JCK+@0`}l9Gz<_Nl9`b`emIb@lWN1Lu8s zkl=KWwq)nr9GzqHJ`o^=^A}This element requires JavaScript to be enabled + +\* Please note that your DNS-over-TLS client must support [SNI](https://en.wikipedia.org/wiki/Server_Name_Indication) (Server Name Indication). + +# Recommendations +I recommend setting fallbacks with other providers (such as [Lelux.fi's](https://lelux.fi/resolver/)) in case mine are down for some reason. Redundancy is always a good thing. A friend of mine has a page with a list of [DNS resolvers](https://wiki.lelux.fi/dns/resolvers/) on it that you can peruse as well. I highly recommend DNS-over-TLS (DoT). Plaintext is . . . well . . . plaintext; anyone can snoop on your traffic. DoT is end-to-end encrypted so no one but you and the DNS server can see your queries. DNS-over-HTTPS (DoH) is just as secure but it's supported by far fewer devices and applications. It's also more difficult to set up 😅 + +The best thing to do, in my opinion, is set your DNS at the OS level with [Stubby](https://wiki.archlinux.org/index.php/Stubby) or [Unbound](https://wiki.archlinux.org/index.php/Unbound), for example, and not at the application level i.e. with Firefox's DoH implementation. For more information about configuring custom DNS servers on various devices, read the related [blog post](/blog/setting-dns-on-mobile-and-desktop/). + +Until I get adblocking DNS set up, take a look at my post on blocking ads [locally](/blog/blocking-ads-on-mobile-and-desktop/). There are solutions for most™ devices and none of the guides are *particularly* difficult to implement. + + diff --git a/json/cards.json b/json/cards.json index 50238afbb0b19e18cb72bc326471b3a1e4207483..4e1a46737647a540aa843f7d6dfa65ccbe1a2494 100644 --- a/json/cards.json +++ b/json/cards.json @@ -23,6 +23,13 @@ "tor":"http://git.l4qlywnpwqsluw65ts7md3khrivpirse744un3x7mlskqauz5pyuzgqd.onion/" }, { + "name": "DNS", + "description": "I run three DNS servers that are available for public use. They are uncensored and located in Luxembourg, Las Vegas, and New York. Adblock with Pi-Hole is Coming Soon™", + "button_text": "Query!", + "link": "https://nixnet.xyz/dns/", + "tor":"http://l4qlywnpwqsluw65ts7md3khrivpirse744un3x7mlskqauz5pyuzgqd.onion/dns/" + }, + { "name": "Proxies", "description": "At the request of some users, I proxy a few websites. These include The Tor Project's main website, their bridges directory, the EFF's Self Defense guide, and some others.", "button_text": "Browse!", diff --git a/privacy-policy.md b/privacy-policy.md index 1a6a0df21d31083a91608fb94a9ada64bcf1f8e6..2faa66421cf96f5f5b6e9c332c630eef638cf698 100644 --- a/privacy-policy.md +++ b/privacy-policy.md @@ -27,6 +27,14 @@ Your web browser communicates uniquely identifying information to all websites i **For Nextcloud:** Whatever data is collected is stored on one server in my living room and won't be shared with any third parties either. User's files are encrypted at rest so no one can hack into my server and steal them. I do have the encryption key so I *could* decrypt and view your files. I'm not going to bother with that though because I don't have any interest in looking at your personal stuff. That's your business and I won't invade your privacy. +## DNS services +In short: +* Haproxy TCP/HTTP logs are disabled. No IP addresses are collected. +* Unbound query logs are enabled (log level verbosity: 1). +* Query amounts coming specifically from the DNS-over-TLS server aren't counted. +* Website/DNS-over-HTTPS gateway's nginx logs are disabled. + +There's no warranty, no uptime assurance, etc. so I recommend using multiple [resolvers](https://wiki.lelux.fi/dns/resolvers); that also improves privacy because the DNS queries are spread across multiple providers # Exceptions I do live in the US; one server is here and the other is in Germany. If, for whatever reason, I'm compelled by law enforcement to give up your email, IP address, or any other information, I will. *I don't want to*. As such, I do whatever I can to make sure *I don't have that information*. If I don't have it, I can't share it. diff --git a/proxies.html b/proxies.html index 10aa64b11f5d93bb0303f6592ac8bf41cabeb762..c0c67cb9dc7ca4e62070f06a47594360c3c16d7c 100644 --- a/proxies.html +++ b/proxies.html @@ -7,7 +7,7 @@ path: /proxies/ cover: /cover.png priority: 0.9 --- -
+
diff --git a/tor-nodes.md b/tor-nodes.md index 94a05f85a94747c059708a2c6a61a52dc46b3e5d..4f81125fa139881e1c7dd9386355b31d0b2c3b72 100644 --- a/tor-nodes.md +++ b/tor-nodes.md @@ -9,11 +9,15 @@ cover: /assets/pages/tor.png # Why am I here You're likely seeing this page because you had some issue with traffic from one of the following IP addresses: * 209.141.34.95 +* 104.244.78.231 +* 199.195.251.84 The machines at those addresses are part of the [Tor Anonymity Network](https://www.torproject.org/) and dedicated to [providing privacy](https://www.torproject.org/about/overview) to the people who need it most: average computer users. Unless they've been compromised, you should be seeing no other traffic originating from them. -You can verify that they are, in fact, part of Tor by looking at the relevant pages on The Tor Project's [Relay Search](https://metrics.torproject.org/rs.html) page. I've also listed them below. +You can verify that they are, in fact, part of Tor by looking at the relevant pages on The Tor Project's [Relay Search](https://metrics.torproject.org/rs.html). I've also listed them below. * 209.141.34.95 - [Illana](https://metrics.torproject.org/rs.html#details/7731E125924324B7405BA20E2759EE16780237E2) +* 104.244.78.231 - [Nika](https://metrics.torproject.org/rs.html#details/B135DDBA0C309640D8311575A334157EA28E3FAF) +* 199.195.251.84 - [Alina](https://metrics.torproject.org/rs.html#details/324E13FD795713BDD6E8B4DF02438742CA1FDBF1) # Who's running this The [exit relay](https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#Exitrelay) that directed you here is run by Amolith (me) under NixNet, a network of sites and services available to anyone free of charge. Despite the potential legal ramifications, I decided to run them because I am *very* passionate about online privacy, anonymity, and freedom of speech. In today's society, Tor is one of the very few ways to truly achieve that and I wanted to directly help those that need it by running fast exits. @@ -26,14 +30,13 @@ As such, there is little I can do to help you track the connection further. Thes Furthermore, these machines also serve as a carriers of email, which means that their contents are further protected under the ECPA. [18 USC 2707](http://www.law.cornell.edu/uscode/text/18/2707) explicitly allows for civil remedies ($1000/account **plus** legal fees) in the event of a seizure executed without good faith or probable cause (it should be clear at this point that traffic originating from the IPs listed above should not constitute probable cause to seize the machine). Similar considerations exist for 1st amendment content on this machine. # You're violating DMCA! -If you are a representative of a company who feels that this router is being used to violate the DMCA, please be aware that this machine does not host or contain any illegal content. Also be aware that network infrastructure maintainers are not liable for the type of content that passes over their equipment, in accordance with DMCA [safe harbor](http://www.law.cornell.edu/uscode/text/17/512) provisions. In other words, you will have just as much luck sending a takedown notice to the Internet backbone providers. Please consult EFF's [prepared response](https://www.torproject.org/eff/tor-dmca-response) for more information on this matter. +If you are a representative of a company who feels that this router is being used to violate the DMCA, please be aware that this machine does not host or contain any illegal content. Also be aware that network infrastructure maintainers are not liable for the type of content that passes over their equipment, in accordance with DMCA [safe harbor](http://www.law.cornell.edu/uscode/text/17/512) provisions. In other words, you will have just as much luck sending a takedown notice to the Internet backbone providers. Please review the EFF's [prepared response](https://www.torproject.org/eff/tor-dmca-response) for more information on this matter. -For more information, please consult the following documentation: +For general information, please consult the following documentation: 1. [Tor Overview](https://www.torproject.org/about/overview) 2. [Tor Abuse FAQ](https://www.torproject.org/docs/faq-abuse) 3. [Tor Legal FAQ](https://www.torproject.org/eff/tor-legal-faq) # I still have an issue - That being said, if you still have a complaint about these routers, you may [contact me](/contact). If complaints are related to a particular service that is being abused, I will consider removing that service from my exit policy, which would prevent my router from allowing that traffic to exit through it. I can only do this on an IP+destination port basis, however. Common P2P ports are already blocked. - + That being said, if you still have a complaint about these routers, you may [contact me](/contact). If complaints are related to a particular service that is being abused, I will consider removing that service from my exit policy, which would prevent my router from allowing that traffic to exit through it. I can only do this on an IP+destination port basis, however. You also have the option of blocking this IP address and others on the Tor network if you so desire. The Tor project provides a [web service](https://check.torproject.org/cgi-bin/TorBulkExitList.py) to fetch a list of all IP addresses of Tor exit nodes that allow exiting to a specified IP:port combination, and an official [DNSRBL](https://www.torproject.org/tordnsel/dist/) is also available to determine if a given IP address is actually a Tor exit server. Please be considerate when using these options. It would be unfortunate to deny all Tor users access to your site indefinitely simply because of a few bad apples.