s83/privacy-guides
1
0
Fork 0
mirror of https://github.com/sunknudsen/privacy-guides.git synced 2025-02-23 01:03:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Standardized heads-ups

Browse Source
This commit is contained in:
Sun Knudsen 2022-02-16 16:07:46 -05:00
parent 2138d9d5a8
commit 48a50320a8
No known key found for this signature in database
GPG Key ID: 02C43AD072D57783
20 changed files with 63 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/README.md
View File

@ -24,7 +24,7 @@ Go to https://github.com/settings/keys, click “New GPG key”, paste your PGP
### Step 2: enable Git [signing](https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work)
Replace `0x8C9CA674C47CA060` with your PGP public key ID.
> Heads-up: replace `0x8C9CA674C47CA060` with your PGP public key ID.
```shell
git config --global commit.gpgsign true

2
how-to-back-up-and-encrypt-data-using-rsync-and-veracrypt-on-macos/README.md
View File

@ -64,7 +64,7 @@ Go to https://www.veracrypt.fr/en/Downloads.html and download latest release and
### Step 6: verify VeraCrypt release signature (learn how [here](../how-to-verify-pgp-digital-signatures-using-gnupg-on-macos))
Replace `VeraCrypt_1.24-Update7` with current release.
> Heads-up: replace `VeraCrypt_1.24-Update7` with current release.
```console
$ gpg --verify ~/Downloads/VeraCrypt_1.24-Update7.dmg.sig

4
how-to-configure-borg-client-on-macos-using-command-line/README.md
View File

@ -179,7 +179,7 @@ security add-generic-password -D secret -U -a $USER -s borg-passphrase -w $(open
#### Initialize Borg repo
Replace `borg@185.112.147.115:backup` with self-hosted or cloud-based repo.
> Heads-up: replace `borg@185.112.147.115:backup` with self-hosted or cloud-based repo.
```console
$ export BORG_PASSCOMMAND="security find-generic-password -a $USER -s borg-passphrase -w"
@ -209,7 +209,7 @@ Write down the passphrase. Store both at safe place(s).
### Step 9: set environment variables
Replace `borg@185.112.147.115:backup` with self-hosted or cloud-based repo and set backup name.
> Heads-up: replace `borg@185.112.147.115:backup` with self-hosted or cloud-based repo and set backup name.
```shell
BORG_REPO="borg@185.112.147.115:backup"

12
how-to-configure-hardened-debian-server/README.md
View File

@ -65,9 +65,9 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE2b7hlrD66EJ+6xxzl9Ae++qmiAz9bBEg7bTwq/9941
### Step 2: log in to server as root
Replace `185.112.147.115` with IP of server.
> Heads-up: replace `185.112.147.115` with IP of server.
When asked for passphrase, enter passphrase from [step 1](#step-1-create-ssh-key-pair-on-computer).
> Heads-up: when asked for passphrase, enter passphrase from [step 1](#step-1-create-ssh-key-pair-on-computer).
```shell
ssh -i ~/.ssh/server root@185.112.147.115
@ -134,9 +134,9 @@ exit
### Step 8: log in as server-admin
Replace `185.112.147.115` with IP of server.
> Heads-up: replace `185.112.147.115` with IP of server.
When asked for passphrase, enter passphrase from [step 1](#step-1-create-ssh-key-pair-on-computer).
> Heads-up: when asked for passphrase, enter passphrase from [step 1](#step-1-create-ssh-key-pair-on-computer).
```shell
ssh -i ~/.ssh/server server-admin@185.112.147.115
@ -259,9 +259,9 @@ $ exit
#### Log in
Replace `185.112.147.115` with IP of server.
> Heads-up: replace `185.112.147.115` with IP of server.
When asked for passphrase, enter passphrase from [step 1](#step-1-create-ssh-key-pair-on-computer).
> Heads-up: when asked for passphrase, enter passphrase from [step 1](#step-1-create-ssh-key-pair-on-computer).
```shell
ssh -i ~/.ssh/server server-admin@185.112.147.115

10
how-to-configure-hardened-raspberry-pi/README.md
View File

@ -161,9 +161,9 @@ ip a
### Step 9: log in to Raspberry Pi over SSH
Replace `10.0.1.181` with IP of Raspberry Pi.
> Heads-up: replace `10.0.1.181` with IP of Raspberry Pi.
When asked for passphrase, enter passphrase from [step 5](#step-5-log-in-as-pi-using-keyboard-and-change-password-using-passwd).
> Heads-up: when asked for passphrase, enter passphrase from [step 5](#step-5-log-in-as-pi-using-keyboard-and-change-password-using-passwd).
```shell
ssh pi@10.0.1.181
@ -203,9 +203,9 @@ exit
### Step 13: log in
Replace `10.0.1.181` with IP of Raspberry Pi.
> Heads-up: replace `10.0.1.181` with IP of Raspberry Pi.
When asked for passphrase, enter passphrase from [step 1](#step-1-create-ssh-key-pair-on-macos).
> Heads-up: when asked for passphrase, enter passphrase from [step 1](#step-1-create-ssh-key-pair-on-macos).
```shell
ssh -i ~/.ssh/pi pi@10.0.1.181
@ -349,7 +349,7 @@ $ exit
#### Log in
Replace `10.0.1.181` with IP of Raspberry Pi.
> Heads-up: replace `10.0.1.181` with IP of Raspberry Pi.
```shell
ssh -i ~/.ssh/pi pi@10.0.1.181

10
how-to-configure-strongswan-client-on-headless-debian-based-linux-computer/README.md
View File

@ -95,7 +95,7 @@ Getting CA Private Key
### Step 2: log in to client computer
Replace `~/.ssh/pi` with path to private key and `pi@10.0.1.248` with SSH destination of client computer.
> Heads-up: replace `~/.ssh/pi` with path to private key and `pi@10.0.1.248` with SSH destination of client computer.
```shell
ssh -i ~/.ssh/pi pi@10.0.1.248
@ -152,7 +152,7 @@ apt install -y strongswan libcharon-extra-plugins
#### Set strongSwan client name and server IP environment variables
Replace `185.193.126.203` with IP of strongSwan server.
> Heads-up: replace `185.193.126.203` with IP of strongSwan server.
```shell
STRONGSWAN_CLIENT_NAME=bob
@ -404,7 +404,7 @@ curl https://checkip.amazonaws.com
### Step 12: log in to server
Replace `185.193.126.203` with IP of strongSwan server.
> Heads-up: replace `185.193.126.203` with IP of strongSwan server.
```shell
ssh -i ~/.ssh/vpn-server vpn-server-admin@185.193.126.203
@ -418,7 +418,7 @@ su -
### Step 14: assign static IP to strongSwan client
Replace `10.0.2.171` with IP assigned to strongSwan client by strongSwan server (see [step 10](#step-10-confirm-strongswan-client-is-connected)).
> Heads-up: replace `10.0.2.171` with IP assigned to strongSwan client by strongSwan server (see [step 10](#step-10-confirm-strongswan-client-is-connected)).
```console
$ client_ip=10.0.2.171
@ -446,7 +446,7 @@ systemctl restart dnsmasq
### Step 16: log in to client computer
Replace `~/.ssh/pi` with path to private key and `pi@10.0.1.248` with SSH destination of client computer.
> Heads-up: replace `~/.ssh/pi` with path to private key and `pi@10.0.1.248` with SSH destination of client computer.
```shell
ssh -i ~/.ssh/pi pi@10.0.1.248

6
how-to-create-encrypted-paper-backup/README.md
View File

@ -29,7 +29,7 @@ Listed: true
### Step 1: log in to Raspberry Pi
Replace `10.0.1.181` with IP of Raspberry Pi.
> Heads-up: replace `10.0.1.181` with IP of Raspberry Pi.
```shell
ssh -i ~/.ssh/pi pi@10.0.1.181
@ -610,9 +610,9 @@ echo "UUID=$volume_uuid none msdos ro,noauto" | sudo tee -a /etc/fstab
### Step 29 (optional): compute SHA512 hash of microSD card and store in password manager (on macOS)
Run `diskutil list` to find disk ID of microSD card with “Raspberry Pi OS Lite” installed (`disk4` in the following example).
> Heads-up: run `diskutil list` to find disk ID of microSD card with “Raspberry Pi OS Lite” installed (`disk4` in the following example).
Replace `diskn` and `rdiskn` with disk ID of microSD card (`disk4` and `rdisk4` in the following example).
> Heads-up: replace `diskn` and `rdiskn` with disk ID of microSD card (`disk4` and `rdisk4` in the following example).
```console
$ diskutil list

22
how-to-generate-and-air-gap-pgp-private-keys-using-gnupg-tails-and-yubikey/README.md
View File

@ -201,7 +201,7 @@ uid John Doe <john@example.net>
### Step 9: set master key ID environment variable
Replace `0xC2709D13BAB4763C` with master key ID.
> Heads-up: replace `0xC2709D13BAB4763C` with master key ID.
```shell
KEY_ID=0xC2709D13BAB4763C
@ -211,7 +211,7 @@ KEY_ID=0xC2709D13BAB4763C
#### Import signing public key
Replace `/path/to/signing/pub.asc` with signing public key path.
> Heads-up: replace `/path/to/signing/pub.asc` with signing public key path.
```console
$ gpg --import '/path/to/signing/pub.asc'
@ -222,7 +222,7 @@ gpg: imported: 1
#### Import signing private key
Replace `/path/to/signing/master.asc` with signing master key path.
> Heads-up: replace `/path/to/signing/master.asc` with signing master key path.
```console
$ gpg --import /path/to/signing/master.asc
@ -236,7 +236,7 @@ gpg: secret keys imported: 1
#### Sign master key
Replace `0xDFCECB410CE8A745` with signing master key ID.
> Heads-up: replace `0xDFCECB410CE8A745` with signing master key ID.
```console
$ gpg --ask-cert-level --default-key 0xDFCECB410CE8A745 --sign-key $KEY_ID
@ -540,7 +540,7 @@ Click “Applications”, then “Utilities”, then “Unlock VeraCrypt Volumes
### Step 16: rename VeraCrypt encrypted volume
Replace `tcrypt-1793` with directory found using `ls /dev/mapper` and ignore dirty bit is set error.
> Heads-up: replace `tcrypt-1793` with directory found using `ls /dev/mapper` and ignore dirty bit is set error.
```console
$ ls /dev/mapper
@ -552,7 +552,7 @@ $ sudo e2label /dev/mapper/tcrypt-1793 Tails
### Step 17: set VeraCrypt encrypted volume name environment variable
Replace `8ff4dedf-6aa1-4b97-909d-63075b3eb70a` with directory found using `ls /media/amnesia`.
> Heads-up: replace `8ff4dedf-6aa1-4b97-909d-63075b3eb70a` with directory found using `ls /media/amnesia`.
```console
$ ls /media/amnesia
@ -579,7 +579,7 @@ $ gpg --armor --export $KEY_ID > /media/amnesia/$ENCRYPTED_VOLUME_NAME/pub.asc
### Step 20: copy public key to backup volume
Replace `johndoe` with name associated to master key.
> Heads-up: replace `johndoe` with name associated to master key.
```shell
cp /media/amnesia/$ENCRYPTED_VOLUME_NAME/pub.asc "/media/amnesia/$VOLUME_NAME/johndoe.asc"
@ -1021,7 +1021,7 @@ $ gpg --armor --export $KEY_ID > /media/amnesia/Tails/pub.asc
### Step 8: copy public key to backup volume
Replace `Samsung BAR` with backup volume name and `johndoe` with name associated to master key.
> Heads-up: replace `Samsung BAR` with backup volume name and `johndoe` with name associated to master key.
```shell
cp /media/amnesia/Tails/pub.asc "/media/amnesia/Samsung BAR/johndoe.asc"
@ -1059,7 +1059,7 @@ brew install gnupg pinentry-mac
### Step 4: import public key
Replace `Samsung BAR` with backup volume name and `johndoe` with name associated to master key.
> Heads-up: replace `Samsung BAR` with backup volume name and `johndoe` with name associated to master key.
```console
$ gpg --keyid-format 0xlong --import "/Volumes/Samsung BAR/johndoe.asc"
@ -1115,7 +1115,7 @@ ssb> ed25519/0x1E7B69B238FFA21B created: 2021-07-21 expires: 2022-07-21
### Step 6: set master key ID environment variable
Replace `0xC2709D13BAB4763C` with master key ID.
> Heads-up: replace `0xC2709D13BAB4763C` with master key ID.
```shell
KEY_ID=0xC2709D13BAB4763C
@ -1193,7 +1193,7 @@ source ~/.zshrc
### Step 9: generate SSH public key
Replace `john@example.net` with email and `johndoe` with name associated to master key.
> Heads-up: replace `john@example.net` with email and `johndoe` with name associated to master key.
```console
$ mkdir -p ~/.ssh

4
how-to-install-and-use-electrum-over-tor-on-macos/README.md
View File

@ -67,7 +67,7 @@ Go to https://electrum.org/#download and download latest release and associated
#### Verify Electrum release (learn how [here](../how-to-verify-pgp-digital-signatures-using-gnupg-on-macos))
Replace `4.1.4` with [latest release](https://electrum.org/#download) semver.
> Heads-up: replace `4.1.4` with [latest release](https://electrum.org/#download) semver.
```console
$ gpg --verify ~/Downloads/electrum-4.1.4.dmg.ThomasV.asc ~/Downloads/electrum-4.1.4.dmg
@ -110,7 +110,7 @@ Go to https://www.torproject.org/download/ and download latest release and assoc
#### Verify “Tor Browser” release (learn how [here](../how-to-verify-pgp-digital-signatures-using-gnupg-on-macos))
Replace `10.0.17` with [latest release](https://www.torproject.org/download/) semver.
> Heads-up: replace `10.0.17` with [latest release](https://www.torproject.org/download/) semver.
```console
$ gpg --verify ~/Downloads/TorBrowser-10.0.17-osx64_en-US.dmg.asc

2
how-to-install-and-use-trezor-suite-on-tails/README.md
View File

@ -70,7 +70,7 @@ imported: 1
### Step 7: set [Trezor Suite](https://suite.trezor.io/) release semver environment variable
Replace `21.12.2` with [latest release](https://suite.trezor.io/) semver.
> Heads-up: replace `21.12.2` with [latest release](https://suite.trezor.io/) semver.
```shell
TREZOR_SUITE_RELEASE_SEMVER=21.12.2

2
how-to-install-and-use-veracrypt-on-tails/README.md
View File

@ -70,7 +70,7 @@ imported: 1
### Step 7: set [VeraCrypt](https://veracrypt.fr/en/Home.html) release semver environment variable
Replace `1.25.4` with [latest release](https://www.veracrypt.fr/en/Downloads.html) semver.
> Heads-up: replace `1.25.4` with [latest release](https://www.veracrypt.fr/en/Downloads.html) semver.
```shell
VERACRYPT_RELEASE_SEMVER=1.25.4

6
how-to-install-tails-on-usb-flash-drive-or-sd-card-on-macos/README.md
View File

@ -69,7 +69,7 @@ Go to https://tails.boum.org/install/download/index.en.html and download latest
### Step 6: verify Tails release (learn how [here](../how-to-verify-pgp-digital-signatures-using-gnupg-on-macos))
Replace `4.25` with [latest release](https://tails.boum.org/install/download/index.en.html) semver.
> Heads-up: replace `4.25` with [latest release](https://tails.boum.org/install/download/index.en.html) semver.
```console
$ gpg --verify ~/Downloads/tails-amd64-4.25.img.sig
@ -92,9 +92,9 @@ Good signature
> WARNING: DO NOT RUN THE FOLLOWING COMMANDS AS-IS.
Run `diskutil list` to find disk ID of USB flash drive or SD card to overwrite with Tails (`disk4` in the following example).
> Heads-up: run `diskutil list` to find disk ID of USB flash drive or SD card to overwrite with Tails (`disk4` in the following example).
Replace `diskn` and `rdiskn` with disk ID of USB flash drive or SD card (`disk4` and `rdisk4` in the following example) and `tails-amd64-4.25.img` with current image.
> Heads-up: replace `diskn` and `rdiskn` with disk ID of USB flash drive or SD card (`disk4` and `rdisk4` in the following example) and `tails-amd64-4.25.img` with current image.
```console
$ diskutil list

4
how-to-manage-trezor-devices-using-trezorctl-on-macos-or-tails/README.md
View File

@ -53,7 +53,7 @@ pip3 install --user attrs trezor
### Step 5: source Python 3 `bin` directory
Replace `3.8` with semver of latest version of Python 3 found using `ls $HOME/Library/Python`.
> Heads-up: replace `3.8` with semver of latest version of Python 3 found using `ls $HOME/Library/Python`.
```shell
echo 'export PATH=$PATH:$HOME/Library/Python/3.8/bin' >> ~/.zshrc
@ -88,7 +88,7 @@ Extracting embedded firmware image.
### Setup device
Replace `--strength 256` with `--strength 128` for 12-word mnemonic.
> Heads-up: replace `--strength 256` with `--strength 128` for 12-word mnemonic.
```console
$ trezorctl device setup --strength 256 --passphrase-protection --pin-protection --label "My Trezor One" --backup-type single

2
how-to-self-host-hardened-borg-server/README.md
View File

@ -115,7 +115,7 @@ EOF
### Step 4: log in to server or Raspberry Pi
Replace `~/.ssh/server` with path to private key and `server-admin@185.112.147.115` with server or Raspberry Pi SSH destination.
> Heads-up: replace `~/.ssh/server` with path to private key and `server-admin@185.112.147.115` with server or Raspberry Pi SSH destination.
```shell
ssh -i ~/.ssh/server server-admin@185.112.147.115

6
how-to-self-host-hardened-jitsi-server/README.md
View File

@ -28,7 +28,7 @@ Create “A” record (example: meet.sunknudsen.com) that points to IP of server
### Step 2: log in to server
Replace `~/.ssh/server` with path to private key and `server-admin@185.193.126.203` with server SSH destination.
> Heads-up: replace `~/.ssh/server` with path to private key and `server-admin@185.193.126.203` with server SSH destination.
```shell
ssh -i ~/.ssh/server server-admin@185.193.126.203
@ -44,7 +44,7 @@ su -
### Step 4: set hostname environment variable
Replace `meet.sunknudsen.com` with hostname from [step 1](#step-1-create-dns-record).
> Heads-up: replace `meet.sunknudsen.com` with hostname from [step 1](#step-1-create-dns-record).
```shell
JITSI_HOSTNAME=meet.sunknudsen.com
@ -144,7 +144,7 @@ $ sed -i -E "s/\/\/ anonymousdomain: 'guest.example.com'/anonymousdomain: 'guest
#### Create host credentials
Replace `sun` with desired username.
> Heads-up: replace `sun` with desired username.
```shell
prosodyctl register sun $JITSI_HOSTNAME

16
how-to-self-host-hardened-strongswan-ikev2-ipsec-vpn-server-for-ios-and-macos/README.md
View File

@ -70,9 +70,9 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDACoPiTWsEeNyp/aGvCgeAU2qryRDPWr6MniXMLmZC
### Step 2: log in to server as root
Replace `185.193.126.203` with IP of server.
> Heads-up: replace `185.193.126.203` with IP of server.
When asked for passphrase, enter passphrase from [step 1](#step-1-create-ssh-key-pair-on-mac).
> Heads-up: when asked for passphrase, enter passphrase from [step 1](#step-1-create-ssh-key-pair-on-mac).
```shell
ssh -i ~/.ssh/vpn-server root@185.193.126.203
@ -135,9 +135,9 @@ exit
### Step 8: log in as vpn-server-admin
Replace `185.193.126.203` with IP of server.
> Heads-up: replace `185.193.126.203` with IP of server.
When asked for passphrase, enter passphrase from [step 1](#step-1-create-ssh-key-pair-on-mac).
> Heads-up: when asked for passphrase, enter passphrase from [step 1](#step-1-create-ssh-key-pair-on-mac).
```shell
ssh -i ~/.ssh/vpn-server vpn-server-admin@185.193.126.203
@ -348,9 +348,9 @@ $ exit
#### Log in
Replace `185.193.126.203` with IP of server.
> Heads-up: replace `185.193.126.203` with IP of server.
When asked for passphrase, enter passphrase from [step 1](#step-1-create-ssh-key-pair-on-mac).
> Heads-up: when asked for passphrase, enter passphrase from [step 1](#step-1-create-ssh-key-pair-on-mac).
```shell
ssh -i ~/.ssh/vpn-server vpn-server-admin@185.193.126.203
@ -468,9 +468,9 @@ $ systemd-resolve --status | grep "DNS Servers" | awk '{print $3}'
#### Set DNS nameservers environment variable
Replace `95.215.19.53` with server DNS nameserver(s).
> Heads-up: replace `95.215.19.53` with server DNS nameserver(s).
Separate nameservers using commas with no leading spaces (example: `93.95.224.28,93.95.224.29`).
> Heads-up: separate nameservers using commas with no leading spaces (example: `93.95.224.28,93.95.224.29`).
```shell
STRONGSWAN_DNS_NAMESERVERS=95.215.19.53

2
how-to-spoof-mac-address-and-hostname-automatically-at-boot-on-macos/README.md
View File

@ -204,7 +204,7 @@ sudo defaults delete com.apple.loginwindow LogoutHook
### Step 3: set computer name, local hostname and hostname
Replace `John` with your name.
> Heads-up: replace `John` with your name.
```shell
sudo scutil --set ComputerName "Johns MacBook Pro"

4
how-to-use-multiple-compartmentalized-firefox-instances-simultaneously-using-profiles/README.md
View File

@ -22,7 +22,7 @@ Listed: true
### Step 2: open “Script Editor” and paste following snippet
Replace `work` with profile name from [step 1](#step-1-create-firefox-profile).
> Heads-up: replace `work` with profile name from [step 1](#step-1-create-firefox-profile).
```
do shell script "nohup /Applications/Firefox.app/Contents/MacOS/firefox-bin -p \"work\" --no-remote > /dev/null 2>&1 &"
@ -38,7 +38,7 @@ Click “File”, then “Export…”, set “Export As” filename to “Firef
### Step 4: set Firefox app environment variable
Replace `Firefox work` with filename from [step 3](#step-3-export-script-as-application).
> Heads-up: replace `Firefox work` with filename from [step 3](#step-3-export-script-as-application).
```shell
FIREFOX_APP="Firefox work.app"

4
how-to-use-time-machine-and-apfs-snapshots-on-macos/README.md
View File

@ -83,9 +83,9 @@ com.apple.TimeMachine.2021-04-05-162425.local
### Mount local read-only APFS snapshot
Heads-up: use `umount /tmp/snapshot` to unmount snapshot.
> Heads-up: use `umount /tmp/snapshot` to unmount snapshot.
Replace `com.apple.TimeMachine.2021-04-05-162416.local` with snapshot from [List local APFS snapshots](#list-local-apfs-snapshots).
> Heads-up: replace `com.apple.TimeMachine.2021-04-05-162416.local` with snapshot from [List local APFS snapshots](#list-local-apfs-snapshots).
```shell
mkdir -p /tmp/snapshot

6
how-to-verify-pgp-digital-signatures-using-gnupg-on-macos/README.md
View File

@ -50,7 +50,7 @@ brew install gnupg
### Import signers PGP public key using key server…
Replace `0x8C9CA674C47CA060` with signers public key ID.
> Heads-up: replace `0x8C9CA674C47CA060` with signers public key ID.
```console
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 0x8C9CA674C47CA060
@ -65,7 +65,7 @@ imported: 1
### …or using PGP public key URL
Replace `https://sunknudsen.com/sunknudsen.asc` with signers public key URL.
> Heads-up: replace `https://sunknudsen.com/sunknudsen.asc` with signers public key URL.
```console
$ curl https://sunknudsen.com/sunknudsen.asc | gpg --import
@ -86,7 +86,7 @@ imported: 1
### Verify signers PGP public key using fingerprint
Replace `hello@sunknudsen.com` with signers email and use published fingerprints to verify signers cryptographic identity (learn how [here](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint)).
> Heads-up: replace `hello@sunknudsen.com` with signers email and use published fingerprints to verify signers cryptographic identity (learn how [here](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint)).
```console
$ gpg --fingerprint hello@sunknudsen.com