sunknudsen / privacy-guides Goto Github PK

Branch

Draft

Guide

How to self-host a hardened strongSwan IKEv2/IPsec VPN server for iOS and macOS

Operating system and version

Description

Hey Sun, I recently found your YouTube channel and I’m wanting to setup my own VPN but hosted on 1984. Could you do an updated guide setting up via 1984? Thank you.

-----BEGIN PGP MESSAGE-----

hQIMA1V09LCw9n1/AQ/+MxCC53yXxfBr4kiuEQZW0qFSINTNf7LVw//PDngVlXT2
m3xef1jw8yV4E/1DXJ1nTRcRywZz5NAecXH8bDwqL7Etw/Tvtym4TyCs/93H3uG0
0N+yy2T2qwDeOxgGWhdp75nf1/C7JIyvQSmIcQSNFw7TZtZOlHrTb4dLY16HbUG7
zspr59rZ5CpUexKC7FI+t2tMHLQzWZaD5TDfvbn56cRbSy6tfQiqEWhDUfp0m2W8
dvxWvY5sod6U/A0NTVgkt/HA/L/Ff8p8qzxyONEVUnS3pFAvUto4KYjDFlzEWCPg
5QGAJ4p/x97D+cxGqYRwRcivPqFoNKUnYSX0dcZRF1VBjQdknDG9PUemsie9Zx6i
cPsAJIJlhRn9zmYVG+foOtDzj9q1Gyoch+ECLdiZ3BScVU9wOb2qEVNFK5lDxZFN
dXO1r8CIbmgtA6in4agluaDzvvDgekbwLCRr7brqY75VkY5Wy9ux0Ajw/BQ4DyFC
AbfTOgeUmx13TDhWvtBEMVMAJrsTTGbxuSR4RXSzsTphK0qdwM+UNcCoYbbzNWmv
qwAfG6f78Nh0toClzEkwSjPsZVOlSfadzpb0/vmEMveyuFApNslLfMmqOdPi1Dsn
3yFBsiH9nse2cnYJjDsFj9YNiTJqtOUapoRgyZtgjtcAfGMowkGu+XRg2ZwVIDPS
6QH42kbalMThrObEDviBIarDmH91Ty6mFk8LqxdFx84de3PmRKXDR8lXI4rcuF0M
dEZGg8o0vYPMZLmUn96WI4aFoFI4HErdPpFQ3sme0WdROc7ar8fVOeD720crYGJE
12/QdWl0t4dg6rXDY+yqPVa8C8Siz00HmwB1tMQ2YxQu+IAO9iTmK5O3hFkUkJRJ
5xesd+T/0z2GlnEulLF9b/yqt7F6QdXYmhoh8Tbg9knJKMZ2m6JSWWkVNdBpdnh7
8McPlYkMm+yLMgkQrZnIbNygSSXTRnqzbaHEj1fCQRSweIOTuDV/K0Y91NWxp3as
ryOhmQsoOAgiJ007F2e+LBLqN+jFhzWSbvpx3O2XXIRLOVaFRsRl4gqOAVv44QWb
Fr9nve8GMzm1m0gESiIIQ/cC9tPMM3vaWyovHSHbJeoBbEY7OG5rSmHnjLXJjZx4
aVuDT3M1+3MreeJ+++18cyaM1prm3L0Ve2GiOMJFl7CKJeTIGD+yyjIHSAPytA+x
oDi7RYAGd15h6XbaBoP8z/14Y49gqD042ZYx5tz1/6gJZcBwgDCNgG3iKuL1ON0J
Dv4l2t2n3TYzBXE4Ct1ZTtlZWILmpqLgDfFNGQxquzSfg+RfFhZYV6N0uC+2sVHd
Ea7B0z0zESPmrBhq3TdzX0vpIoGnUWhVvEHVH55r/6EOwN3KQALRpvf8Hf9da5yz
5A5kUls8XuHHwktPSA0RwO4FzaIYMI14cvosS4utHMbDIGv7DprjulaP53xQgTPA
ioWy955cHZ97QdZCPAcOTPAutURNEKFKfRo1dqpMXtbIprLIchtgu4+urzJ3kW9E
+ZBGgP4oITBUFNQBEbYKhS0/gj7ow6hUuAYAHhM0M/u2eZCB5iCF7XoQXj5d+Urm
Dyzm9I3m9DGhxwriUnLSbBd+bIL9gXNuHNotYrK8udL5lYOS7Ayu5kSB5uKs3pXG
H9RxyXKHcjoBUd6lV5RdTs9ClElc1+uSAlqgYB5INW6BC/hVbL7Cm/ictMn8jUZx
TAZPxqrw/5TvHHmB5o15ePRpBokbqdZ/QCCIFGkkSfOfIsSh/LdzHBpMj33TUrmK
RoLXchuWQz7AMRvf6yydcwJsxjUtk9BqfbxuIErIQN7M+rJZd23F7aOl/lEl0zKr
BdgUDlm48vB72aBX/KuBfPn4AkxjzqT+oY+TxllHRvcB6fzv5ttlh7Lj7c6d1xuO
/xCnXd4yORnw66Ks2p+ElA==
=YTD0
-----END PGP MESSAGE-----

Hey Sun, I am an enthusiast and watched many of your Youtube vids. For examples, I switched to Firefox and actively using it with containers. I also followed step by step your guide to set up my own VPN with Strongswan on Njalla and worked great.
I tried to install Pihole on the VPS but messed all up (Pihole installation error: DNS resolution is not available) and swiped/reinstalled everything.

How can I add Pihole to your awesome step by step guide? I watched a lot of youtube and hate ads!

Thanks a LOT in advance!

I had the hostname spoof running adequately on Catalina with Intel chip. I noticed after a while that despite rebooting, my hostname would remain at a specific random name. I went through the procedure of removing the script/files and launch daemon. I've been trying to get everything to work since, but can't get my hostname (or mac address) for the life of me... It constantly remains the same. I'm fairly new to coding, any guidance would be appreciated.

Guide

How to make sure app is not running in the background on macOS

Operating system and version

macOS Big Sur 11.2

Description

I get /Users/username/.zshrc:112: parse error nearfi' ` error everytime I open a new terminal.

Guide

incorrect tutorial

Summary

trezor suite is not working without trezor bridge.

How to install and use Trezor Suite on Tails
https://github.com/sunknudsen/privacy-guides/blob/master/how-to-install-and-use-trezor-suite-on-tails/README.md

torsocks is blocked also

OS

Tails 4.21

Steps to reproduce

Follow the guide How to use Trezor Wallet on Tails.

Actual result

At wallet.trezor.io, Trezor Bridge appears not to be installed. The following message is shown: 'Transport error: Error details: WebUSB is not available on this browser.'

At suite.trezor.io/web, the hidden text reads 'Trezor Bridge is not running'. The hidden text can be copied after selecting all text on the webpage.

Expected result

At wallet.trezor.io, Trezor Bridge should show as installed and a message such as 'Connect your Trezor' should be shown. Then if a Trezor is connected via USB, the webpage should recognise the Trezor.

At suite.trezor.io/web, the hidden text should read 'Connect your Trezor'.

Branch

draft or master?

Guide

Operating system and version

Description

What isn’t working?
Thanks for the awesome script!

Ran the script against Brave Browser Beta today and noticed it left behind the entire cache folder as in the title. I can see the script removed the "com.brave.Browser.beta" in Cache but not the mentioned one. Is this something that should be picked up in the bom and resource files?

Guide

How to clean uninstall macOS apps using AppCleaner open source alternative

Operating system and version

macOS Catalina 10.15.7

Description

If you use the app-clenaer.sh to remove an app installed via homebrew cask, it will leave the cask references dandling in the system. I've added a check that checks for a matching "cask link", and launches the uninstall to fully clean the app from the system. Maybe somebody else can benefit from the addition. Let me know what you think.

I've added it just after moving the app to Trash.

# Find brew casks linked to the app
brew_cask=$(find -L /usr/local/Caskroom -name "$app_name.app"  2>&1 | awk -F "/" '{print $5}')

if [ "$brew_cask" != "" ]; then
  printf "%s\n" "Cask found!"
  brew info --cask $brew_cask

  printf "${red}%s${nc}" "Uninstall cask (y or n)? "
  read -r answer
  if [ "$answer" = "y" ]; then
    printf "%s\n" "Uninstalling cask..."
    sleep 1
    brew uninstall --cask $brew_cask
  fi
fi

Branch

master

Guide

How to generate and air gap PGP private keys using GnuPG, Tails and YubiKey

Operating system and version

Tails 4.22

Description

First of all, thank you Sun for the great work you are contributing here :)

I wanted to know how I could provision a second YubiKey as a backup (in case I lose my primary key traveling for example)?
I tried to repeat the steps in the guide to move the keys to a new card but I get the error: gpg: KEYTOCARD: Unusable secret key
I have the primary card also plugged in and imported the private key stubs from the YubiKey to make sure.

Branch

branch: master

Guide

How to clean uninstall macOS apps using AppCleaner open source alternative

Description

The signature for the app-cleaner.sh script does not match the current version of the file, but the version at commit 78ee1e0.

Hi Sun!
I take your advice to open an issue here. (I'm from YouTube)

In this screenshot the error says: "Profile installation failed. Unable to install the “VPN Service” payload. The VPN service cannot be created."

In this screenshot you see the config about VPN section.

And this is the section about certificates.

Where is my error? Becouse I tried for another one time, but still not working.
Thank you for your time!

Hi there,
In your tutorial http://4qglscapey3nohrwudvx5f7g4qodr2zb5ymkdxdmnwao3rdjl6t5euid.onion/privacy-guides/how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos you say how to encrypt a message with this:

0xC1323A377DE14C8B
But how do I send a message with only someone's public key?

Hi @sunknudsen

I recently came across first do no harm project they have developed the Hippocratic license which I think would be very good fit to what you're trying to do here.

an Ethical Source license that specifically prohibits the use of software to violate universal standards of human rights, and embodying the principles of Ethical Source Software.

It seems to be very similar to MIT with the addition of this Human Rights angle

The purpose of this License is for the Licensor named above to permit the Licensee (as defined below) broad permission, if consistent with Human Rights Laws and Human Rights Principles

...

It's your own work after all, this is just a suggestion so feel free to close this if you don't feel like changing it.

Cheers,
Mustafa

Branch

Draft

Guide

How to self-host a hardened strongSwan IKEv2/IPsec VPN server for iOS and macOS

Operating system and version

macOS BigSur 11.2.3

Description

Hey Sun, I am an enthusiast and watched many of your Youtube vids, they're great and I am learning a lot! For example, I switched to Firefox and actively using it with containers. I also followed step by step your guide to set up my own VPN with Strongswan on Njalla and worked great.

Unfortunately, I tried to install Pihole on the VPS and messed it all up (Pihole installation error: DNS resolution is not available), so I swiped the server and reinstalled everything.
How can I integrate Pihole to your awesome step by step guide? I watch a lot of youtube and hate ads!

Thanks a LOT a LOT in advance!

Guide

How to spoof MAC address and hostname automatically at boot on macOSHow to spoof MAC address and hostname automatically at boot on macOS

Summary

Hi all,

My Time Machine backup does not seem to function when spoofing my hostname. The issue is that a .sparsebundle file is created on the Time Machine disk with my current hostname, and backup files seem to be deleted when I reconnect after rebooting. So the oldest backup I have access to is the first backup that was made after rebooting.

Branch

master

Guide

How to spoof MAC address and hostname automatically at boot on macOS

Operating system and version

macOS BigSur 11.6

Description

when I enter: source ~/.zshrc
This happen: /Users/johndoe/.zshrc:export:6: not valid in this context: /Users/johndoe/.zshrc

What I have to do ?

Thanks in advance

Branch

master?

Guide

N/A

Operating system and version

N/A

Description

Hi! :)

Not sure if this should go in Issues as a suggestion or just a thread in discussions 🤷

This is a suggestion that came to mind while checking out some of the guides. I noticed it would be helpful to be able to preview the list of steps and click on of them to scroll down to that one. The use case I imagine is coming back to a guide in the future, having memorized some of the steps, but maybe wanting to copy and paste some commands or reread an instruction. Having a table of contents at the beginning of the page would facilitate that kind of interaction. The main downside I see is adding a bit of cruft to the otherwise pretty minimal interface. I could imagine this being a downside from an aesthetic perspective.

Just thought I'd write it down somewhere before forgetting about it!

Thanks for sharing your knowledge as well as your tutorials and videos. Even as a beginner, I was able to spoof my Mac address and hostname successfully. Moreover, I installed homebrew 3.3.1 and then ran the command brew install gnupg but encounter an error message before...

macbookpro@Brocks-MacBook-Pro ~ % brew install gnupg
Updating Homebrew...
==> Auto-updated Homebrew!
Updated 1 tap (homebrew/core).
==> Updated Formulae
Updated 1 formula.

Error: Failed to link all completions, docs and manpages:
Permission denied @ rb_file_s_symlink - (../../../Homebrew/completions/zsh/_brew, /usr/local/share/zsh/site-functions/_brew)
Error: The following directories are not writable by your user:
/usr/local/share/zsh
/usr/local/share/zsh/site-functions

You should change the ownership of these directories to your user.
sudo chown -R $(whoami) /usr/local/share/zsh /usr/local/share/zsh/site-functions

And make sure that your user has write permission.
chmod u+w /usr/local/share/zsh /usr/local/share/zsh/site-functions
macbookpro@Brocks-MacBook-Pro ~ %

PS: Maybe I am doing something wrong or ran into an edge case. Please Sun, What can I do? Would you be able to provide me with a script to run this successfully? Thank you very much!

Hi Guys,

In step 24 of the Hardened-Strongswan setup guide the DNS is configured.
Has anybody tried to set up the Strongswan VPN and using the PiHole DNS as it's DNS server?

Cheers

Guide

How to clean uninstall macOS apps using AppCleaner open source alternative

Summary

I wanted to uninstall Chess from chess.com (iPad version) but got the error:

... % app-cleaner.sh /Applications/Chess.app
Cannot find app plist

I was able to reproduce the error for another iPhone app.

The error message is printed here. So for new Macs the if condition should be adapted.

Branch

master

Guide

How to clean uninstall apps on macOS using AppCleaner open source alternative

Operating system and version

macOS Big Sur 11.1

Description

Some applications also store data on the following paths. You can add them to the list of locations in app-cleaner.sh.

$home_dir/Library/Preferences/ByHost
$home_dir/Library/HTTPStorages
$home_dir/Library/Application Scripts
/Library/PrivilegedHelperTools

How to self-host a hardened strongSwan IKEv2/IPsec VPN server for iOS and macOS

Hi Sun,

I went over the guide and it's working as expected (thanks).
The only annoying thing about it is the long name (screenshot) it causes the menu to go very wide

Using find/replace techniques, I tried (a few times) renaming the ogranization name but I kept getting 'Error occured' when trying to connect to the VPN

So I had to revert to the first/old certificates with "Self-hosted strongSwan VPN" name

Any ideas/suggestions on how/if it could be done?

Thanks

PS:
I started changing the name from step 26 onward

Hey guys,

I followed the guide on setting up the self-hosted strongSwan server. The server is running and it works, the only thing I'm having issues with is the authentication, therefore I'm not able to connect to the VPN. I was researching and it the issue seems to be due to the CA certificate on the server. Can someone help me?

Hey Sun, I just noticed that the guide for resetting application permissions is missing the command for resetting all the permissions for a single app. Can't add the section to the guide myself right now, that is why I am opening this issue.

… reset All ApplicationID works for me (tested on macOS 11.3.1).

Branch

master

Guide

how-to-mitigate-fingerprinting-and-ip-leaks-using-firefox-advanced-preferences

Operating system and version

Firefox 95.0.2 (64-Bit) on macOS Big Sur

Description

the about:config setting privacy.resistFingerprinting.letterboxing has now only the options Boolean (default), Number or String. True (as stated in your guide) is not available anymore. I could not figure out which of these three option woud meet True best. If you have a good advice would be nice.

Hey Sun, thanks for all the great videos!
I've been trying to get the scripts you gave us for spoofing our host/MAC address to work; the hostname spoofs successfully but the MAC address does not. When I enter $ ifconfig en0 | grep ether | awk '{print $2}' and $ networksetup -listallhardwareports | awk -v RS= '/en0/{print $NF}' I get the same MAC address.
I tried to see if I made any mistakes when copying the commands into the terminal but could not find any. I attached screenshots of my daemon plist file and the spoofing script file in case the problem is just that I missed something when putting them into the terminal.

I am running macOS Big Sur 11.1. I know in another video you said something about Apple now being able to bypass VPNs in Big Sur-- is this the same thing here, just it won't let you spoof the MAC address?

Hey I was following the "How to backup and encrypt data using rsync and VeraCrypt on macOS (see change log)" video by Sun, but unfortunately I think I might've entered the wrong folder when I was creating an encrypted volume. I think the mistake was made at Step 9 (set temporary environment variable). Is there a way to delete the encrypted volume so I can correctly follow the steps this time round?

Thanks in advance.

Guide

How to self-host hardened strongSwan IKEv2/IPsec VPN server for iOS and macOS

Summary

I am trying to avoid using IPTables and have switched over to nftables.

Could you provide the equivalent nftables commands (along with the iptables) for Step 18.

I have tried using the auto-translate feature of nftables to convert the iptables commands to nftables syntax... but it does not translate all the commands.

Thanks..

Looking for a little tweak to the LaunchDaemon to make this run everytime I log back after closing my MacBook. I'm no coder, I have a very basic understanding of bash and therefore can't figure it out myself. not sure if it would be a simple change to the RunAtLoad or if it would need completely changing to something like .bash_profile. again I'm no coder lol.

Any help would be amazing

Many thanks

Guide

How to back up and encrypt data using rsync and VeraCrypt on macOS

Summary

In trying to implement these backup scripts for the first time, I noticed that the call to veracrypt in the dismount() function that's used in backup.sh and restore.sh errors out and fails to find a valid volume if the command is as written. I think it should check whether the mount point is an existing directory, then dismount the volume path, or am I missing something?

This is current state (errors out):

veracrypt --text --dismount "$mount_point"

But it seems not to work unless I change it to this:

veracrypt --text --dismount "$volume_path"

Which would change the whole function to:

function dismount()
{
  if [ -d "$mount_point" ]; then
    veracrypt --text --dismount "$volume_path"
  fi
}

Or, in the here document:

function dismount()
{
  if [ -d "\$mount_point" ]; then
    veracrypt --text --dismount "\$volume_path"
  fi
}

System:

• macOS Big Sur 11.6.5
• bash 5.1.16

Hey, I saw that in your benchmarking guide you use Okla's Speedtest. I'm not sure about the CLI, maybe it's fine to use, but it might be worth mentioning in the guide, that in general the service is not recommended since it engages in heavy tracking and data selling.

Branch

master

Guide

How to clean uninstall apps on macOS using AppCleaner open source alternative

Operating system and version

macOS Big Sur 11.1

Description

I have been testing the app cleaner script a few times these last few days. Works great so far.

One thing I noticed with a AppStore app is that the delete process asked me to give my admin password/fingerprint for a lot of files instead of asking for that once and then just doing the rest.

Maybe this could somehow be collected into one "move to trash" call instead of asking the password many times?

Would love to see this improved further and a big thank you for even starting the process of building thins.

Branch

Master

Guide

How to configure hardened Debian server

Operating system and version

not specific to Client OS or version

Description

What do you recommend?

Changing the default SSH port can be a simple security measure (to be configured in /etc/ssh/sshd_config). So many computers on the internet are just automatically probing for open port 22. So this would be additional security through obscurity.

Branch

master

Guide

How to configure Borg client on macOS using command-line

Potentially also:

• How to self-host hardened Borg server
• How to configure hardened Debian server
• How to configure hardened Raspberry Pi
• How to self-host hardened strongSwan IKEv2/IPsec VPN server for iOS and macOS

Operating system and version

N/A

Description

Is there a specific reason why RSA is being used to generate SSH keys instead of more modern and faster approach - Ed25519?
Of course, in the foreseeable future it doesn't really matter in terms of security, but I would personally consider using Ed25519 a good practice.
List of protocols and software that use it

In addition official BorgBase docs recommend using Ed25519 instead of RSA - https://docs.borgbase.com/faq/ssh/

Branch

Master

Guide

How to self-host a hardened strongSwan IKEv2/IPsec VPN server for iOS and macOS

Operating system and version

N/A

Description

As Strongswan deprecated the Stroke plugin along with 'ipsec.conf' and friends, might I suggest converting your configuration over to the new format?

I took a shot at this while following your guide as a base:

VPN Client/Server Connection Configuration lives under the swanctl directory e.g. /etc/swanctl/conf.d/.conf

connections {

        # A connection named 'ikev2'
        ikev2 {

                version = 2
                fragmentation = yes
                encap = yes
                proposals = aes256gcm16-prfsha512-ecp384
                dpd_delay = 300s # (see dpd_action below)
                rekey_time = 0
                reauth_time = 0

                local_addrs = 0.0.0.0/0 # left=%any
                send_cert = always

                remote_addrs = 0.0.0.0/0 # right=%any
                send_certreq = no

                pools = dhcp # rightdns=, rightsourceip=%dhcp

                # Local authentication rounds ( 'left=' )
                local {
                        id = vpn-server.com
                        certs = server.crt
                }

                # Remote authentication rounds ( 'right=' )
                remote {
                        id = %any
                        auth = eap-tls
                        eap_id = %any
                }

                children {

                        # A CHILD_SA subsection, named 'ikev2-child'
                        ikev2-child {
                                start_action = none
                                ipcomp = no
                                mode = tunnel
                                esp_proposals = aes256gcm16-ecp384

                                dpd_action = clear # dpdaction=clear (note: dpd_delay must not equal 0s)
                                life_time = 0
                                life_bytes = 0
                                life_packets = 0

                                local_ts = 0.0.0.0/0 # leftsubnet=
                        }
                }
        }
}

# Secrets (analogous to 'ipsec.secrets')
secrets {
        # As RSA private keys, are automatically loaded from defined directories
        # we do not need to place a ': RSA server.key' definition here.
}

# IP Address Pools, can also define attributes such as DNS here
pools {
        # IP Information issued by DHCP plugin
}

The server certificate would be placed in the swanctl 'x509' directory where it will be automatically loaded
The server certificate private key would be placed in the swanctl 'private' directory, where it will be automatically loaded

Replace the 'stroke' plugin with 'vici'

The older charon debug section seems to be approximately equal to the charon-logging.conf but the documentation wasn't very clear to me on that.

How about making the Privacy Guides available in PDF format?

Why?
For PDFs of individual guides: Being able to easily download and print a guide without all the issues of printing a web page (or having togit clone and convert from Markdown to PDF).
For PDFs of all guides: Being able to download and print all guides at once without having to use git clone or manually having to download or print every README.

How?
Maybe using pandoc and a LaTeX class (to define some settings)? That should make this fairly automatable.

Branch

draft or master?

Guide

How to spoof MAC address and hostname automatically at boot on macOS

Operating system and version

macOS 11.3 Big Sur

Description

I use 1Password WLAN sync (as you showed in one of your videos) between my MacBook Air and my Android smartphone. The problem is that I also use MAC spoofing on my laptop as you explained in your privacy guide and this brokes WLAN syncing everytime a new MAC address is set on my computer.

Branch

master

Guide

• How to backup and encrypt data using rsync and VeraCrypt on macOS
• How to configure Borg client on macOS using command-line
• How to configure self-hosted VPN kill switch using PF firewall on macOS
• How to self-host hardened strongSwan IKEv2/IPsec VPN server for iOS and macOS

Operating system and version

N/A

Description

Hi! 👋

I think that requirements in some guides are a little ambiguous as they specifically mention Computer running macOS Mojave or Catalina.
I'd suggest changing that to Computer running macOS Mojave (10.14) or later.
Also, here I'd change Phone running iOS 12 or 13 to Phone running iOS 12 or later.

What do you think?

Guide

How to backup and encrypt data using rsync and VeraCrypt on macOS

Operating system and version

macOS Mojave 10.14.6

Description

Hey, Sun!

in Step 9 (temporary environment variable) it says :
BACKUP_VOLUME_PATH="/Volumes/Samsung BAR/backupackup"

Is that correct, or is it supposed to be "backup" at the end?
My apology if I'm mistaken.

Hi
I have a problem accessing Zoom chat on my MacBook Air. I use it mostly for work meetings but a few of my coworkers I know including myself, get an error code 1132 preventing access. A quick google and it appears to be a pretty widespread problem, rumoured to be a hardware ban, with solutions ranging from factory reset to spoofing MAC address. Nothing has worked for me so wondering if you know another way around this? If it's not something you can help with don't worry, my Zoom account works on my iPhone, it's just not that practical for long meetings.
thanks!
J

  Thanks for your amazing videos helps alot @sunknudsen 

All commands work properly all the files has been created successful but when i run last command ' /usr/local/sbin/spoof.sh ' error ...line 11 : jot: command not found and line 12 :system_profiler: command not found ...
line 11 is " first_name=$(sed "$ (jot -r 1 1 2048)q;d" $basedir/first-names.txt | sed -e 's/[^a-zA-Z]//g')
and
line 12 is " model name =$(system_profiler SPHardwareDataType | awk '/Model Name/ {$1=$2=" " ; print $0} | sed -e 's/^[ ]*//')"

Only wlo1 mac is changing..

What should i do ..?

Originally posted by @VSB09 in #242

Hello!

First off, thanks a lot for the work you've put in making privacy an accessible and doable concept for more people; while not entirely catered to users with no technical expertise, it still does help!

I've encountered an issue with the uninstaller script (from your video on AppCleaner), but I'm not entirely certain on where to go for help. I presume this would be the right place for it?

Guide

How to clean uninstall apps on macOS using AppCleaner open source alternative

Operating system and version

macOS Catalina 10.15.7

Description

Something went wrong in the later part of the script's execution; while not well-versed, I suspect that this may have been caused by the AppleScript (at least that's what I think it is?) portion after taking a look at the source code; here's the notable error:

29:69: execution error: Finder got an error: Handler can’t handle objects of this class. (-10010)

This was one case where this happens - it happened to almost every uninstall I did; note that the uninstall command was an alias for the shell script:

username@My-Mac /Applications % uninstall Google\ Earth\ Pro.app 
Checking for running processes...
Saving bill of material logs to desktop...
Finding app data...
/Users/username/Library/Saved Application State/com.Google.GoogleEarthPro.savedState
/private/var/db/receipts/com.Google.GoogleEarthPro.bom
/private/var/db/receipts/com.Google.GoogleEarthPro.plist
/var/folders/8z/339pszg11x756j8f0cwvd31h0000gp/C/com.Google.GoogleEarthPro
Google Earth Pro.app
Move app data to trash (y or n)? y
Moving app data to trash...
29:69: execution error: Finder got an error: Handler can’t handle objects of this class. (-10010)
Done

I'm not familiar with these sorts of errors, but I noticed that the actual apps (in /Applications or ~/Applications usually) weren't moved to the Bin.

I hope this helps, though!

I am trying to figure out why this has to be specifically placed in /usr/local/bin? Why not in /Applications or even my desktop so when occasionally it is used it would be so much easier to remember and find it? I'm just curious why the location cannot be flexible. Thanks

Hi @sunknudsen

It's been a while since you posted something on the privacy guides channel! Is everything ok?

Branch

draft or master?

Guide

How to clean uninstall macos apps using appcleaner open source alternative

Operating system and version

MacOS BigSur

Description

It would be nice to have a -y or --yes flag at app-cleaner.sh so that you don't need to extra submit Y. This could also be helpful for automatation, because you don't have to handle extra input.

Nowadays tracking is also on Server side which can’t be blocked.

Originally posted by @beerisgood in #146 (reply in thread)

Guide

How to backup and encrypt data using rsync and VeraCrypt on macOS

Operating system and version

macOS Catalina 10.15.7

Description

After step #4, gpg did not automatically work for me. In order to get step #5 to work, I had to link gpg.
command: "brew link gnupg"
then: "brew link --overwrite gnupg"

That allowed me to import VeraCrypt’s public key