Download Docs News Forums

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

Your support makes all the difference!

We believe security software like Kicksecure needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 10 year success story and maybe DONATE!

This wiki page provides guidance on how to install additional software on the Kicksecure ™ operating system using security best practices,

Easy[edit]

Introduction[edit]

The Kicksecure ™ software page lists:

• pre-installed Kicksecure ™ applications which are available for different tasks
• recommended software for different user activities
• installation instructions
• security advice

Platform Specific Notices[edit]

Install from Debian stable[edit]

To install a package from Debian stable, follow the steps below. Replace package-name with the name of the software to be installed.

There are numerous examples of this procedure in the Software chapter and throughout the wiki.

Best Practices[edit]

Table: Best Software Installation Practices

--no-install-recommends[edit]

Debian's installation default is --install-recommends. Debian packages have various metadata fields such as:

• Depends: dependencies or dependency packages
• Recommends: "recommended" packages
• Suggests: "suggested" packages

When installing a package using apt, dependencies (Depends:) are always installed. The Debian default is for "recommended" packages (Recommends:) to also be installed alongside the primary package (unless installed previously). To avoid that outcome, it is possible to use the apt command line parameter --no-install-recommends; this is in most cases optional.

Debian's default for suggested packages (Suggests:) is --no-install-suggests i.e. not to install suggested packages. Users can optionally use --install-suggests, but there are no known cases where this would be useful at the time of writing. A host of other command line options are also available.

If a package is installed using apt --no-install-recommends install package-name, then re-running apt without any parameters or even with --install-recommends will not result in installation of the "recommended" packages. To accomplish a "late" installation of "recommended" packages (Recommends:), the simplest method is first uninstalling the package. Alternatively, the list of Recommends: can be viewed using apt-cache package-name or by checking the package on https://www.debian.org/distrib/packages.

A brief Q&A regarding the potential impacts of the "recommended" field is outlined below.

Table: --no-install-recommends Impacts

Question	Answer
Why does Kicksecure ™ documentation often suggest --no-install-recommends?	Kicksecure ™ documentation uses --no-install-recommends whenever appropriate. It has been specifically crafted by developers with the goal of installing all required packages.
Can using --no-install-recommends lead to security issues?	No. [7]
Can using --no-install-recommends lead to missing or broken functionalities?	Yes. For example, mmdebstrap uses Recommends: and Suggests: for various optional dependencies providing various functionality.
Can omitting --no-install-recommends lead to security issues?	In corner cases, yes. For example consider a host operating system without a Host Firewall. [8] By omitting --no-install-recommends -- which results in using Debian's default --install-recommends -- packages might be installed that open ports, which can significantly increase attack surface.
Should --no-install-recommends be used?	The answer depends on the specific package. Advanced users who know exactly which packages are needed can use --no-install-recommends and afterwards manually add any wanted/additional packages [9] to the apt installation command. Otherwise, there might be corner cases of missing optional dependencies or limited functionality. In general, whether users should use --no-install-recommends for package installation is unspecific to Kicksecure ™ and should be resolved as per Free Support Principle.
Should Kicksecure ™ set the default to --no-install-recommends? [10]	This is a good question. It is a big change and could lead to a lot of broken functionality for user-installed packages. At the moment, Kicksecure ™ user support is manageable because redirection to the Free Support Principle is possible. If --no-install-recommends was the Kicksecure ™ default, then a lot of functionality might work out of the box in Debian but not in Kicksecure ™, therefore invalidating the Free Support Principle. For these reasons, such suggestions should first be raised at Debian's issue tracker after first searching for existing discussions on Debian mailing lists. Search Debian APT issue tracker for recommend first to avoid duplicate issues. For this change to be implemented, it would probably require a lot of research, good examples and a very well written feature request. [11]

More Security[edit]

General Advice[edit]

Kicksecure ™ users are free to install their favorite software packages, but should be aware that additional software increases the attack surface of the platform.

APT Meta-data[edit]

When updating with apt, information will leak about which software packages and versions have been installed, unless Tor onion repositories have been configured. ^[12]

For repositories that come enabled by default with Kicksecure ™, this meta-data cannot be directly linked to any other activity like web browsing, because the apt-transport-tor forces it to pass through its own Tor circuit. ^{[13] [14]}

For user custom added repositories, the user should consider adding the onion version of that repository if available or use apt-transport-tor with the tor+ syntax in the apt sources file. Undocumented. The user could refer to upstream apt-transport-tor documentation.

Recommendations[edit]

For greater security when updating:

• Follow the guidelines below.
• Be especially careful when adding custom repositories, particularly Personal Package Archives (PPAs). ^[15] Compared to main distribution repositories, solo developers are more susceptible to influence and theoretically might have malicious intent.

How-to: Install or Update with Utmost Caution[edit]

1. Stop all activities and shutdown any open applications like Tor Browser.
2. Change the Tor circuit -- this step may not apply if the user is running an onion service.
3. Update using apt after a random delay. By default, a new Tor circuit is generated after 10 seconds.
4. Change the Tor circuit again.
5. Continue user activities after another random period has elapsed.

Advanced[edit]

Install Newer Software Versions[edit]

It is sometimes possible to install newer versions of applications. Newer versions than the versions which are available through Operating System Software and Updates. But this is in most cases:

• not required for security reasons. (Why?)
• only a user customization activity done by a user who wishes to use newer features of applications.

It is sometimes possible to install newer versions of applications, via any of the following installation methods (non-exhaustive list):

• A) alternative official Debian APT repositories such as
  • backports,
  • fasttrack,
  • testing,
  • unstable,
• B) third party provided Debian APT repositories
• C) alternative installation methods such as
  • flatpak,
  • snap,
• D) or by manual installation from:
  • extraction from a compressed archive file,
  • installation of a .deb package,
  • source code.

Availability depends on the installation methods which either Debian, a derivative (such as Kicksecure ™) or the upstream (original) applications developers made available.

To install other custom software, it is suggested to follow recommendations throughout this website for better security. Specific instructions for custom software installations will vary for each application. This process is mostly unspecific to Kicksecure ™ and therefore the Free Support Principle applies to installation steps. The user would have to Utilize Search Engines and Documentation and research how this process would be achieved Debian version bullseye, which Kicksecure ™ is currently based on. The same is true for Kicksecure ™ for Qubes users -- first consider how this process would be achieved in a Debian-based Qubes template.

When intending to use newer versions of certain applications like Electrum or Monero it is best to approach the process as an application installation, rather than an application update.

In oversimplified terms, a Debian package is just a vehicle to place files into a location. For example, the binaries-freedom Debian package in Kicksecure ™ used to ship Electrum. It came with the appimage file (/usr/share/binaries-freedom/electrum-appimage/electrum-4.0.7-x86_64.AppImage) and a start menu entry (/usr/share/applications/electrum-appimage.desktop). The presence of such files such as in this example does not impose limitations; it is still possible to customize the system and install newer software versions.

These files could also be ignored; for example it was not necessary to use the binaries-freedom start menu entry. The binaries-freedom package was intended to improve usability and it was never designed to limit customization, nor does it have that side effect. As per Kicksecure ™ policy there are No Intentional User Freedom Restrictions. ^[16]

As an illustration, installation of a newer version of Monero would require:

1. uninstalling monero-gui (Optional and best avoided. Prerequisite knowledge: Debian Packages)
2. find out the real website of Monero GUI (avoid downloading malicious money stealing software forks from scammers)
3. download Monero GUI compressed archive from upstream (original developers)
4. optional but highly recommended digital software verification of the downloaded Monero
5. extraction of the Monero compressed archive
6. change directory into the extracted Monero folder
7. start Monero from command line
8. optional beatifications such as adding start menu entries or autostart

Enable Debian Backports Repository[edit]

Operating System Specific Notes:

• Kicksecure ™ VM users: Should skip this step! Debian APT backports repository is already default in Kicksecure ™ version 16 and above.
• Debian: The following instructions are for Debian host operating system or Debian VM users.

1. Boot the virtual machine. (Qubes: debian-11 Template).

2. Add the current Debian stable backports codename bullseye-backports to Debian apt sources.

Notes:

• This applies to Debian 16. Later Debian versions will use a codename different to bullseye.
• Advanced users note: Instructions for torification of the fasttrack clearnet repository or fasttrack onion repository can be found in the following footnote.

Run. ^[17]

sudo su -c "echo -e 'deb https://deb.debian.org/debian bullseye-backports main contrib non-free' > /etc/apt/sources.list.d/backports.list"

3. Done.

The procedure of enabling Debian backports repository has been completed.

4. Undo.

On occasion it is necessary to undo this configuration, for example when upgrading from Debian bullseye to bookworm. ^[18] To proceed, run.

sudo rm /etc/apt/sources.list.d/backports.list

Enable Debian Fasttrack Repository[edit]

Operating System Specific Notes:

• Kicksecure ™ VM users: Should skip this step! Debian APT fasttrack repository is already default in Kicksecure ™ version 16 and above.
• Debian: The following instructions are for Debian host operating system or Debian VM users.

1. Boot the Debian VM. (Qubes: debian-11) Template.

2. Install the fasttrack-archive-keyring package.

3. Add the current Debian fasttrack APT repository.

Notes:

• This applies to Debian 16. Later Debian versions will use a codename different to bullseye.
• Advanced users note: Instructions for torification of the fasttrack clearnet repository or fasttrack onion repository can be found in the following footnote.

Run. ^[19]

sudo su -c "echo -e 'deb https://fasttrack.debian.net/debian/ bullseye-fasttrack main contrib non-free' > /etc/apt/sources.list.d/fasttrack.list"

4. Done.

The procedure of enabling Debian fasttrack repository has been completed.

5. Undo.

On occasion it is necessary to undo this configuration, for example when upgrading from Debian bullseye to bookworm. ^[20] To proceed, run.

sudo rm /etc/apt/sources.list.d/fasttrack.list

Backports[edit]

Debian Backports:

Backports are packages taken from the next Debian release (called "testing"), adjusted and recompiled for usage on Debian stable.

This is a far safer alternative than the Debian testing or unstable repositories. However, Debian backports should be used conservatively.

Backports cannot be tested as extensively as Debian stable, and backports are provided on an as-is basis, with risk of incompatibilities with other components in Debian stable. Use with care!

Fasttrack[edit]

Debian Fasttrack:

Debian Fast Track is a repository that allows making “backports” of packages available to users of the stable distribution, if those packages cannot be maintained in testing and backported in the usual way.

This is a far safer alternative than the Debian testing or unstable repositories. However, Debian fasttrack should be used conservatively similarly to Backports.

Backports cannot be tested as extensively as Debian stable, and backports are provided on an as-is basis, with risk of incompatibilities with other components in Debian stable. Use with care!

Install from Debian Testing[edit]

Warnings[edit]

Before completing steps in this section, first read Prefer Packages from Debian Stable Repository. Carefully check how packages will change before proceeding -- a host of upgrades is usually safe, but no Kicksecure ™ packages should be removed as part of the process; see Kicksecure ™ Debian Packages. Be aware that problems are still possible; see here for an example.

It is recommended to complete this process in a separate Kicksecure ™ (kicksecure-16-debian-testing-mix) due to the risks. Ask for advice in the forums on a case-by-case basis.

Procedure[edit]

Install from Debian Unstable[edit]

Warnings[edit]

Before completing steps in this section, first read Prefer Packages from Debian Stable Repository.

Mixing packages from Debian stable with those from a later release like unstable can destabilize the system due to associated software dependencies required for full functionality. First carefully check how packages will change before proceeding. ^[26]

A host of upgrades is usually safe, but no Kicksecure ™ packages should be removed as part of the process; see Kicksecure ™ Debian Packages. It is recommended to complete this process in a separate Kicksecure ™ (kicksecure-16-debian-unstable-mix) due to the risk. Ask for advice in the forums on a case-by-case basis.

Procedure[edit]

Install from Custom APT Repository[edit]

Adding custom APT repositories is mostly unspecific to Kicksecure ™. Should be the same or at least very similar to the process on Debian because Kicksecure ™ is based on Debian. Therefore the user should utilize the Free Support Principle.

To add custom APT repositories, there are few different cases (non-exhaustive list):

• A) Only the provider of the custom APT repository provides instructions how to add the custom APT repository to the system.
• B) Sparse or no instructions on how to add the custom APT repository to the system.
• C) Documentation exists but is for a different Linux distribution such as Ubuntu and cannot be trivially translated to Debian based Linux distributions such as Kicksecure ™.
• D) For some custom APT repositories, there are detailed instructions on how to add the custom repository in the Kicksecure ™ documentation. Examples for documented third-party repositories include: Signal messenger, Session messenger, The Tor Project. ^[29]

No generic documentation can be provided to cover any custom APT repository since it is dependent on the specific custom repository. In other words, it varies depending on the custom repository. The steps required per custom repository are similar but not the very same.

The generic basic skills required to add a custom repository where documentation is insufficient are:

1. Acquire an APT signing key signing key.
2. Open file with root rights.
3. Copy a file with root rights.
4. Adding an APT signing key to APT keyring.
5. Adding an APT repository file to the /etc/apt/sources.list.d folder.

The generic advanced skills required for better security that are required are:

1. Securely download an APT signing key.
2. View and verify an OpenPGP key fingerprint for better security.
3. Open file with root rights.
4. Copy a file with root rights.
5. Adding a signing key to the /usr/share/keyrings folder
6. Adding an APT repository file to the /etc/apt/sources.list.d folder.
7. Configuring an APT repository to use a single specific APT signing key file only using signed-by. (forum discussion: APT repository signing keys per APT sources.list - signed-by)

Package Reinstallation[edit]

As per the free support principle, package re-installation utilizes normal Debian processes.

The example below shows how the keepassxc package would be reinstalled. It is possible to substitute keepassxc with many other packages, so long as they do not have too many dependencies. These instructions are not suitable for any packages needed for connectivity such as tor, because the re-installation would be very difficult and is currently unsupported.

Even in the keepassxc package example, dependency complications emerge. In the example below the kicksecure-qubes-gui package also depends on keepassxc.

sudo apt purge keepassxc
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libqrencode4 libqt5concurrent5 libykpers-1-1 libyubikey-udev libyubikey0 libzxcvbn0
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
  keepassxc* kicksecure-desktop-applications-recommended* kicksecure-qubes-gui*
0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded.
After this operation, 19.1 MB disk space will be freed.
Do you want to continue? [Y/n]

Install Software in an App Qube[edit]

There is no reason to avoid installing software in App Qubes, although installed software will not persist across reboots. A custom script can be used to automate this process, which minimizes the time spent re-installing packages.

Advantages[edit]

This software installation method means a single VM assumes many of the positive characteristics found in both App Qubes and Standalones.

• Centralized Updates: App Qubes are based on a Template. This means the App Qube's root filesystem is based on the corresponding template's root filesystem. Any updates to the Template will be reflected in the App Qube's root filesystem upon restart. ^[31]
• Minimal Disk Usage: App Qubes require much less disk space than Standalones, since the App Qube's root filesystem is based on the corresponding template. The App Qube only needs enough disk space to hold user files in the /home directory.
• Semi-persistent Storage: User data stored in /home , /rw and /usr/local survives reboot. Many applications like Signal and Wire store user data in the /home folder. Since the custom script installs the software seamlessly with little or no user interaction, the App Qube has "quasi-full persistence", not unlike a Standalone's full persistence.

App Qube Preparation[edit]

App Qube Use[edit]

Once user preparation is complete and the App Qube has started, it will automatically start the script to begin installing software. When the process finishes, the App Qube can be used like any other. However when the App Qube is shutdown, all data outside of the persistent /home folder will be lost, including the newly installed software packages. Following reboot, the VM will again install the software packages automatically.

Using bind-dirs Selective Persistence[edit]

Using selective bind-dirs persistence is currently a difficult problem and undocumented. Further research is required to ascertain which files require persistence across VM reboots.

Add Application Launcher to Start Menu[edit]

snap[edit]

General forum discussion about snap: Snap Store / snaps / snapd / snapcraft.io - a new software source?

Kicksecure ™ for Qubes issues:

• Efforts to persistently install snap apps in Kicksecure ™ for Qubes via bind-dirs or with snap proxy settings have been unsuccessful. This means it must be installed in an App Qube on every occasion it is required. Efforts to improve this situation are most welcome, see: Wickr Me vs Qubes-Kicksecure Persistence and snap totally unusable on Qubes-Kicksecure.
• Qubes Templates are non-networked by default, ^[33] which means snap does not run inside kicksecure-16 Template. It is likely snap is similarly affected in other Qubes' Templates like the Debian Template. As per Free Support Principle it is recommended to test snap functionality in a non-Kicksecure based Template before attempting the same procedure inside Kicksecure ™.

Flatpak[edit]

Introduction[edit]

Flatpak is: ^[34]

...a utility for software deployment and package management for Linux. It is advertised as offering a sandbox environment in which users can run application software in isolation from the rest of the system. ...

Applications using Flatpak need permissions to have access to resources such as Bluetooth, sound (with PulseAudio), network, and files. These permissions are defined by the maintainer of the Flatpak and can be added or removed by users on their system.

Another key feature of Flatpak is that it allows application developers to directly provide updates to users without going through distributions, and without having to package and test the application separately for each distribution.

There are several advantages of utilizing Flatpak: ^{[35] [36] [37]}

• Packages are easily added via Flathub, which is a repository located at flathub.org; for a Kicksecure ™ example, see here.
• Numerous Linux distributions are either supported out-of-the-box or after the flatpak package is installed; Debian is a supported platform (which Kicksecure ™ is based upon).
• Desktop applications are sandboxed and have limited access to the host environment. ^[38]
• Flatpak bundles are a single-file format which contains the application or runtime. ^[39]
• Any Flatpak breakage will not lead to destabilization of the host OS.
• Elevated privileges (root) are not required to install Flatpak packages.
• Only changed files are downloaded for updates.
• Libraries and files used by multiple applications are de-duplicated to save space.

For further information, refer to the Flatpak FAQ and Flatpak documentation.

Flatpak Package Manager Security[edit]

This entry compares Flatpak security features (such as signed metadata) against Debian's APT package manager. ^[40] With one caveat, Flatpak package manager security is comparable to Debian's APT package manager: Flatpak currently does not defend against indefinite freeze attacks.

A definition of indefinite freeze attacks is provided by TUF (The Update Framework) Threat Model:

An attacker continues to present files to a software update system files that the client has already seen. As a result, the client is kept unaware of new files.

For many adversaries this attack is difficult because it requires breaking TLS. While Flatpak package version information is not protected by a valid-until field, it is fetched over TLS. Adversaries capable of breaking TLS face an obstacle when dealing with torified connections (like those in torsocks flatpak -- an indefinite freeze attack cannot target a specific user, but will affect all Tor users. This increases the chances of being caught unless they also have the ability to break Tor. Even then the attack chain would be very complex:

• Break Tor → Target specific user(s) → Break TLS → Mount an indefinite freeze attack → Exploit a vulnerability caused by an outdated software version.

To safeguard against this possibility, it is recommended to perform manual checks of version numbers for Flatpak-installed applications -- they should match those available from the flathub repository. Every flathub application has a corresponding website page with an Additional information section that lists Updated and Version information. For example, at the time of writing for Chromium:

• This is the associated org.chromium.Chromium flathub website page.
• The additional information section lists:
  • Updated: October 5, 2021
  • Version: 94.0.4606.71

Researching version information on the flathub website with a browser is equally vulnerable to indefinite freeze attacks because it also relies upon TLS. It is therefore recommended to use Kicksecure or Tor Browser for this purpose. ^[41]

Sometimes APT software versions are quite old, which can lead to less functionality or even exposure to known vulnerabilities that are being exploited in the wild (see footnote). ^[42] Conversely, Flatpak usually offers more recent software versions and/or deploys security fixes in a more timely manner.

In summary, Flatpak advantages are considered to outweigh the potential risks of an indefinite freeze attack because the attack chain is complex. Also, Flatpak is sometimes the only trustworthy, easy-to-use software source that provides newer versions than available in Debian stable (with Frozen Packages) (or newer).

Forum discussion:

• flathub as a source of software.

Flatpak Sandbox Security[edit]

Flatpak's sandbox is imperfect. Despite Flatpak sandbox issues, it is safe to use in the software installation context. By comparison, Debian's default package manager APT does not attempt to sandbox applications it is running at all.

Flatpak is a victim of imperfect marketing. Since the Flatpak sandbox is a built-in feature, any reported security issues reflect negatively on Flatpak's reputation. Frequently, non-technical users are unable to properly contextualize or assert its impact through threat modeling. Building a "perfect" sandbox is a much harder task -- containing arbitrary, ever-changing applications running on an ever-changing operating system -- than creating a package manager. The latter is essentially a file delivery mechanism and is therefore comparatively simpler to develop.

Flatpak sandboxing abilities are irrelevant so long as the sandboxing is not worse than software that is manually installed. Whatever Flatpak's sandbox is doing, it should not break an application’s own sandboxing. ^[43]

Flatpak's own sandboxing capabilities interfere with other sandboxing initiatives like Sandboxed Application Launcher and Firejail: ^[44]

Is Flatpak compatible with other desktop isolation frameworks? In general unprivileged container systems can’t stack, because anything running inside the sandbox does not have the necessary privileges to set up a sandbox, nor does it have the ability to raise its privileges in any way. For instance, Firejail can never work inside Flatpak, because it is setuid. That being said, using multiple sandboxing frameworks at once does not really make anything more secure, so there is little point in trying to nest things like that.

In the case of Sandboxed Application Launcher it is not used much at the time of writing anyhow, but that is not a reason against using it. Flatpak's own sandboxing and Sandboxed Application Launcher can be co-installed without issues, but the latter will be unable to sandbox applications installed through Flatpak. ^[45]

Qubes OS Specific[edit]

At the time of writing, applications installed using Flatpak do not present in the Qubes start menu. ^[46]
Workaround: navigate to Qube settings → applications tab → press "Refresh Applications".

Foreign Sources[edit]

For most use cases the extensive software range available from the official Debian repositories should be sufficient. A selection of nearly 60,000 programs ^[47] can be installed within a couple of steps. These packages are constantly maintained for bug/security fixes and are tightly integrated to provide a stable distribution.

To guarantee stability, no new versions are uploaded to Debian stable archives to avoid breaking the system. This makes Debian stable a dependable distribution and an excellent base for downstream distributions. However, the Linux software scene is very dynamic and sometimes users will want software that is not yet packaged in Debian. In this case it may be necessary to install software from separate sources; either from third party repositories, as a stand-alone precompiled .deb binary, or directly compiled source packages. ^[48]

Risks[edit]

Foreign sources should be used infrequently because it can cause problems. Note this is simply a warning about the worst case scenario and not a predetermined outcome of installing third party software.

Security Issues[edit]

Foreign sources pose important security implications for the affected system. Installing software is tantamount to granting root privileges to the developers. Software originating from dubious sources could replace important system components with malicious versions that allow backdoors or Trojan horses to be installed on the system.

In general, the installation of software is a matter of trust. The fact is every installed software source must be trusted. This trust is two-fold: firstly that the developers have integrity, and secondly that the community will notice any suspicious code, which might indicate compromise of the developers' machines. ^[49]

Dependency Hell[edit]

Manually installed packages can contain library versions that are unavailable in the standard repositories. This causes problems with dependency resolution when installing additional software from the official repository. Individual applications are less critical in this context, but when important system libraries in the third-party software are considered, complications are inevitable.

Depending on the severity of the complications, upgrades to the next version of the operating system might fail, or the system may become unbootable or generally unstable.

Mitigation[edit]

To reduce security risks and eliminate the risk of making the workstation unusable, utilize Multiple Kicksecure ™.

Kicksecure ™ for Qubes users: For installation inside Qubes templates, the risk can only be minimized by using Multiple Kicksecure ™ for Qubes Templates.

GUI Applications with Root Rights[edit]

Moved to Safely Use Root Commands: Graphical Applications with Root Rights.

Footnotes[edit]

Kicksecure ™ A secure by default operating system with the latest security research in place.

Donate

Follow us on social media

FREE  ·  PLUS  ·  PREMIUM Support

Dark mode

At Kicksecure we believe in freedom and trust. That's why we fully support Open Source and Freedom Software.

Kicksecure ™ is supported by Evolution Host DDoS Protected VPS.

The personal opinions of moderators or contributors to the Kicksecure ™ project do not represent the project as a whole. By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service , Privacy Policy , Cookie Policy , E-Sign Consent , DMCA , Imprint Kicksecure ENCRYPTED SUPPORT LP, 2023

Donate

Kicksecure is free from corporate interest by being user funded. Thank you so much!

Scan the QR code or use the wallet address below.