Kapisi/roles/DarkNet
2022-12-18 22:24:44 -06:00
..
tasks Updating DarkNet VPN setup 2022-12-18 22:24:44 -06:00
README.md Whitespace cleanup to get in sync with AniNIX/Uniglot hooks 2022-11-20 20:03:01 -06:00

The DarkNet VM is the privacy protection of the AniNIX. The AniNIX does not believe in security by obscurity or in censorship; as such, everyone should have a voice. VPN access is an assurance to content despite censorship and obfuscation for cases where free speech would normally come with some form of repercussions, despite the UN standards for human rights.

Etymology

The DarkNet is named for an anonymous network whose access is controlled only by the admins and whose usage is known only to them. It's entirely closed and anonymous.

Capacity and Components

A basic VM to provide DarkNet functionality in an AniNIX replica only needs the following resources:

  • ShadowArch
  • 1 core
  • 1024M of RAM
  • Virtualized NIC
  • 150G of storage for any AniNIX/WolfPack downloads, preferably on a unique physical harddrive that can be pulled and drilled

Hosted Services

The DarkNet uses a small package list. It uses a couple services to achieve its goals. First, it uses NordVPN to protect all traffic -- very simply, all one has to do to connect to the VPN is to run nordvpn connect and provide your login credentials to the service. We also use TOR for further anonymity -- torsocks and tor-browser-en provide functionality to cover that.

We recommend whitelisting your replica's subnet so that NordVPN doesn't see local traffic and services like log aggregation and administration can happen without exposing access across the VPN.

nordvpn whitelist add subnet $subnet/$cidr

Abilities

  • Encrypted storage by default to a passphrase known only to admins.
  • Tor proxy service, integrated with both text lynx and GUI tor-browser-en browsers.
    • Lynx is aliased to "torsocks lynx" globally
  • Anonymous VPN via NordVPN