Using Mullvad VPN in Qubes

Posted November 1, 2019 in qubes

A friend wanted my help configuring Mullvad VPN on their Qubes computer. Instead of just helping them, I decided to write a quick blog post explaining how I normally set up VPNs in Qubes. There are many different ways -- Mullvad even has its own Qubes guide -- but I prefer using NetworkManager system tray applets, so I can always see if my VPN is connected or not. I also use a simple script that I set to run when my AppVM boots to automatically connect to the VPN, and reconnect if it disconnects, and Qubes firewall rules to prevent non-VPN internet traffic from sneaking by.

Continue reading →

New version of OnionShare makes it easy for anyone to publish anonymous, uncensorable websites

Posted October 13, 2019 in onionshare code

I’m excited to announce that OnionShare 2.2 is released! You can download it from onionshare.org.

When I first wrote OnionShare in 2014, it let you anonymously and securely send files to people. It worked like this: OnionShare zips up the files, starts a local web server on your computer with a link to this zip file, makes this website accessible as a Tor onion service, and shows you the URL of the web server. You send someone this .onion URL, they load it in Tor Browser (loading the website hosted directly on your computer), and then they can download the zip file. As soon as the download is complete, OnionShare shuts down the web service.

In the years since then it has gotten a whole lot better (largely thanks to a growing community of volunteer contributors). Instead of just sending files, you can use it to receive files now, allowing you to turn your computer into an anonymous dropbox. But it has always worked the same way: hosting an anonymous website locally on your computer. But since OnionShare hosts a website on your computer anyway, why not use it to host actual websites?

Continue reading →

With Semiphemeral you can delete your old Twitter likes, but it's noisy

Posted July 21, 2019 in semiphemeral code

I don't know if others use Twitter the same way that I do, but I tend to like things quite a bit more frequently than I tweet or retweet things. I'd imagine that if you analyzed my last 10 years of Twitter likes, you could learn much more about me than just by looking at my timeline. My likes probably reveal exactly which political, technical, and social arguments I followed, and which sides I took in all of them.

I recently programmed a tool called semiphemeral to automate deleting all of my old tweets (except for ones that I want to keep), and it also goes back and unlikes all of the tweets that I liked more than 60 days ago -- or, so I initially thought. It soon became clear that semiphemeral only actually deleted the most recent 4,000 likes.

Continue reading →

Semiphemeral: Automatically delete your old tweets, except for the ones you want to keep

Posted June 5, 2019 in code semiphemeral

In the almost 10 years that I've been using Twitter, I tweeted about 13,700 times, retweeted about 9,000 tweets, and liked (or "favorited", as we called liking back in the day) about 14,000 tweets. I decided to delete most of them using a tool I just finished programming called semiphemeral. Here is why, and how.

Continue reading →

OnionShare 2 adds anonymous dropboxes, supports new Tor addresses, and is translated into a dozen new languages

Posted February 18, 2019 in onionshare security tor

After nearly a year of work from a growing community of developers, designers, and translators, I'm excited that OnionShare 2 is finally ready. You can download it from onionshare.org.

OnionShare is an open source tool for securely and anonymously sending and receiving files using Tor onion services. It works by starting a web server directly on your computer and making it accessible as an unguessable Tor web address that others can load in Tor Browser to download files from you, or upload files to you. It doesn't require setting up a separate server, using a third party file-sharing service, or even logging into an account.

Continue reading →

Lies That WikiLeaks Tells You

Posted January 11, 2019 in drama wikileaks

Last weekend, WikiLeaks sent an email to journalists with a list of 140 things not to say about WikiLeaks and Julian Assange because they are "false and defamatory." Reuters first broke the story, and the next day Emma Best published the complete list. Many of the things on the list can't actually be "false" because they're subjective or nuanced ("It is false and defamatory to suggest that Julian Assange is a 'hacker'"), and many aren't defamatory, even if they are false ("It is false and defamatory to suggest that Julian Assange’s profession is 'computer programmer'.").

And many of the the things on the list are true, and WikiLeaks/Assange are being misleading. Some directly relate to me -- they came from Twitter fights I've with WikiLeaks and its minions. So I thought I'd fact check WikiLeaks' "false and defamatory" censorship list. This is by no means an exhaustive fact check -- for example, I'm not not covering the list items about the two Swedish women who accused Assange of rape, though I'm pretty confident a lot of that stuff is misleading as well. Before digging into the misinformation, I first want to take a moment to discuss how pathetic this is.

Continue reading →

Do you want to contribute to the next major version of OnionShare?

Posted December 22, 2018 in onionshare

OnionShare lets you securely and anonymously send and receive files. It works by starting a web server, making it accessible as a Tor onion service, and generating an unguessable web address so others can download files from you, or upload files to you. It does not require setting up a separate server or using a third party file-sharing service.

Over the last 10 months volunteer developers, designers, translators, and I have been hard at work on OnionShare 2.0, and it’s nearly ready. If you’d like to chip in during the month or so before the final release, try out the latest development version and report any bugs. The best way to report bugs is by opening an issue on GitHub and describing the problem, or you can send me an email at micah@micahflee.com if you don’t have a GitHub account.

Continue reading →

OnionShare has some exciting new features

Posted February 26, 2018 in onionshare

It’s been some time since I’ve written about OnionShare, so I thought I’d write an update on all of the latest work. Today we released version 1.3 (and last month we released 1.2, so the releases are getting more frequent). You can get the latest version at onionshare.org.

But first, I owe a huge thanks to Miguel Jacq for churning out new features, taking over a lot of the GitHub issue triaging responsibilities, and becoming a core OnionShare developer.

If you haven’t tried it out in awhile, here are some things that are new:

Continue reading →

Breaking the Security Model of Subgraph OS

Posted April 11, 2017 in hackers linux qubes subgraph

I recently traveled to Amsterdam to attend a meeting with Tor Project staff, volunteers, and other members of the wider Tor community. Before trips like this, I prepare a separate travel computer, only bringing with me data and credentials that I might need during my trip. My primary laptop runs Qubes, but this time I decided to install Subgraph OS on my travel laptop. I had only briefly messed with it before, and there’s no better way to learn about a new operating system than by forcing yourself to actually use it for a few days.

Subgraph OS is an “adversary resistant computing platform.” It’s similar to Tails in that it’s based on Debian and all traffic is forced through Tor (that’s changing though: there’s now basic support for clearnet Chromium and OpenVPN). It uses a grsecurity Linux kernel, and many apps run in “oz sandboxes”, a homebrew sandbox solution that protects you even if an attacker manages to exploit a bug in one of these apps. Subgraph OS also includes the Subgraph Firewall, an application firewall similar to Little Snitch for macOS — something that’s pretty awesome, and hasn’t really existed in the Linux ecosystem before. Basically, it’s designed to be an easy-to-use Linux distro that’s extremely secure.

Continue reading →

Qubes Tip: Making Yubikey OpenPGP smart cards slightly more usable

Posted December 1, 2016 in qubes openpgp

Qubes 3.2 has support for USB passthrough. This one feature has made Qubes so much more useful for me. It means that a wide variety of devices — from my laptop’s internal webcam, to plugging in smartphones to transfer data or do Android development — are finally supported. I used to have to use a separate non-Qubes computer for several tasks that I can now more conveniently and securely do within Qubes.

Continue reading →