mirror of
https://github.com/Lissy93/personal-security-checklist.git
synced 2024-10-01 01:35:37 -04:00
Merge branch 'master' into master
This commit is contained in:
commit
064c0ddb9a
34
.github/PULL_REQUEST_TEMPLATE.md
vendored
34
.github/PULL_REQUEST_TEMPLATE.md
vendored
@ -1,13 +1,25 @@
|
||||
````
|
||||
🙌 Thanks for contributing 🙌
|
||||
|
||||
Jut briefly describe what you've added/ modified, and why, then delete these guidelines 🙂
|
||||
> Thank you for contributing the The Personal Security Checklist 🙌
|
||||
> So that your request can be dealt with quickly, please complete the applicable fields below and the checklist. Thank you :)
|
||||
|
||||
If you are adding to the software list, ensure that:
|
||||
- It is open source or results of an independent audited have been published
|
||||
- You have used the application or service personally, and would recommend
|
||||
- You've done a quick search to ensure there are no major or current vulnerabilities
|
||||
- You've include a link to project page for download or use, and if applicable the repository
|
||||
- If you are adding your own project or your companies product, mention this in the PR description
|
||||
````
|
||||
^^ Delete the Above 😉
|
||||
### Category
|
||||
Software or Service Addition / Updating Security Guidelines / Formatting / Spelling or Grammar
|
||||
|
||||
### Overview
|
||||
> Briefly outline your new changes...
|
||||
|
||||
### Issue Number _(if applicable)_
|
||||
> If this PR is related to an issue, please include ticket number.
|
||||
|
||||
### Supporting Material _(if applicable)_
|
||||
> If you are adding a software or service, please include here a link to the GitHub repo, any published security audits or other supporting material.
|
||||
|
||||
### Association _(if applicable)_
|
||||
> If you are adding a new application or service, please indicate if you are associated with the project in anyway.
|
||||
|
||||
### Checklist
|
||||
> Please complete the following checklist
|
||||
|
||||
- [ ] I have performed a self-review (valid markdown formatting, spelling and grammar)
|
||||
- [ ] I have indicated whether I have any affiliation with any software/ services added
|
||||
- [ ] I agree to follow the repositories [code of conduct](/.github/CODE_OF_CONDUCT.md)
|
||||
|
@ -89,16 +89,39 @@ Switch to alternative open-source, privacy-respecting apps and services, which w
|
||||
- App Firewall: [NetGuard] (Android) | [Lockdown] (iOS) | [OpenSnitch] (Linux) | [LuLu] (MacOS)
|
||||
|
||||
#### Browser Extensions
|
||||
[Privacy Badger] - Blocks trackers. [HTTPS Everywhere] - Upgrades requests to HTTPS. [uBlock Origin] - Blocks ads, trackers and malwares. [ScriptSafe] - Block execution of certain scripts. [WebRTC Leak Prevent] - Prevents IP leaks. [Vanilla Cookie Manager] - Auto-removes unwanted cookies. [Privacy Essentials] - Shows which sites are insecure
|
||||
- [Privacy Badger] - Blocks trackers.
|
||||
- [HTTPS Everywhere] - Upgrades requests to HTTPS.
|
||||
- [uBlock Origin] - Blocks ads, trackers and malwares.
|
||||
- [ScriptSafe] - Block execution of certain scripts.
|
||||
- [WebRTC Leak Prevent] - Prevents IP leaks.
|
||||
- [Vanilla Cookie Manager] - Auto-removes unwanted cookies.
|
||||
- [Privacy Essentials] - Shows which sites are insecure
|
||||
|
||||
#### Mobile Apps
|
||||
[Exodus] - Shows which trackers are on your device. [Orbot]- System-wide Tor Proxy. [Island] - Sand-box environment for apps. [NetGuard] - Controll which apps have network access. [Bouncer] - Grant temporary permissions. [Greenify] - Control which apps can run in the background. [1.1.1.1] - Use CloudFlare's DNS over HTTPS. [Fing App] - Monitor your home WiFi network for intruders
|
||||
- [Exodus] - Shows which trackers are on your device.
|
||||
- [Orbot]- System-wide Tor Proxy.
|
||||
- [Island] - Sand-box environment for apps.
|
||||
- [NetGuard] - Controll which apps have network access.
|
||||
- [Bouncer] - Grant temporary permissions.
|
||||
- [Greenify] - Control which apps can run in the background.
|
||||
- [1.1.1.1] - Use CloudFlare's DNS over HTTPS.
|
||||
- [Fing App] - Monitor your home WiFi network for intruders
|
||||
|
||||
#### Online Tools
|
||||
[εxodus] - Shows which trackers an app has. [';--have i been pwned?] - Check if your details have been exposed in a breach. [EXIF Remover] - Removes meta data from image or file. [Redirect Detective] - Shows where link redirects to. [Virus Total] - Scans file or URL for malware. [Panopticlick], [Browser Leak Test] and [IP Leak Test] - Check for system and browser leaks
|
||||
- [εxodus] - Shows which trackers an app has.
|
||||
- [';--have i been pwned?] - Check if your details have been exposed in a breach.
|
||||
- [EXIF Remover] - Removes meta data from image or file.
|
||||
- [Redirect Detective] - Shows where link redirects to.
|
||||
- [Virus Total] - Scans file or URL for malware.
|
||||
- [Panopticlick], [Browser Leak Test] and [IP Leak Test] - Check for system and browser leaks
|
||||
|
||||
#### Productivity Tools
|
||||
File Storage: [NextCloud]. File Sync: [Syncthing]. File Drop: [Firefox Send]. Notes: [Standard Notes], [Cryptee], [Joplin]. Blogging: [Write Freely]. Calendar/ Contacts Sync: [ETE Sync]
|
||||
- File Storage: [NextCloud].
|
||||
- File Sync: [Syncthing].
|
||||
- File Drop: [Firefox Send].
|
||||
- Notes: [Standard Notes], [Cryptee], [Joplin].
|
||||
- Blogging: [Write Freely].
|
||||
- Calendar/ Contacts Sync: [ETE Sync]
|
||||
|
||||
📜 **See More**: [Complete List of Privacy-Respecting Sofware](/5_Privacy_Respecting_Software.md)
|
||||
|
||||
|
@ -191,9 +191,9 @@ Although well-established encryption methods are usually very secure, if the pas
|
||||
**[Tor Browser](https://www.torproject.org/)** | Tor provides an extra layer of anonymity, by encrypting each of your requests, then routing it through several nodes, making it near-impossible for you to be tracked by your ISP/ provider. It does make every-day browsing a little slower, and some sites may not work correctly. As with everything there are [trade-offs](https://github.com/Lissy93/personal-security-checklist/issues/19)
|
||||
|
||||
#### Notable Mentions
|
||||
Mobile Browsers: [Bromite](https://www.bromite.org/) (Android), [Firefox Focus](https://support.mozilla.org/en-US/kb/focus) (Android/ iOS), [DuckDuckGo Browser](https://help.duckduckgo.com/duckduckgo-help-pages/mobile/ios/) (Android/ iOS), [Orbot](https://guardianproject.info/apps/orbot/) + [Tor](https://www.torproject.org/download/#android) (Android), [Onion Browser](https://onionbrowser.com/) (iOS),
|
||||
Mobile Browsers: [Bromite](https://www.bromite.org/) (Android), [Mull](https://f-droid.org/en/packages/us.spotco.fennec_dos/) Hardened fork of FF-Fenix (Android), [Firefox Focus](https://support.mozilla.org/en-US/kb/focus) (Android/ iOS), [DuckDuckGo Browser](https://help.duckduckgo.com/duckduckgo-help-pages/mobile/ios/) (Android/ iOS), [Orbot](https://guardianproject.info/apps/orbot/) + [Tor](https://www.torproject.org/download/#android) (Android), [Onion Browser](https://onionbrowser.com/) (iOS),
|
||||
|
||||
Additional Desktop: [WaterFox](https://www.waterfox.net), [Epic Privacy Browser](https://www.epicbrowser.com), [PaleMoon](https://www.palemoon.org), [Iridium](https://iridiumbrowser.de/), [Sea Monkey](https://www.seamonkey-project.org/), [Ungoogled-Chromium](https://github.com/Eloston/ungoogled-chromium), [Basilisk Browser](https://www.basilisk-browser.org/) and [IceCat](https://www.gnu.org/software/gnuzilla/)
|
||||
Additional Desktop: [Nyxt](https://nyxt.atlas.engineer/), [WaterFox](https://www.waterfox.net), [Epic Privacy Browser](https://www.epicbrowser.com), [PaleMoon](https://www.palemoon.org), [Iridium](https://iridiumbrowser.de/), [Sea Monkey](https://www.seamonkey-project.org/), [Ungoogled-Chromium](https://github.com/Eloston/ungoogled-chromium), [Basilisk Browser](https://www.basilisk-browser.org/) and [IceCat](https://www.gnu.org/software/gnuzilla/)
|
||||
|
||||
#### Word of Warning
|
||||
New vulnerabilities are being discovered and patched all the time - use a browser that is being actively maintained, in order to receive these security-critical updates.
|
||||
@ -492,12 +492,13 @@ VPNs are good for getting round censorship, increasing protection on public WiFi
|
||||
| Provider | Description |
|
||||
| --- | --- |
|
||||
**[Mullvad](http://mullvad.net/en/)** | Mullvad is one of the best for privacy, they have a totally anonymous sign up process, you don't need to provide any details at all, you can choose to pay anonymously too (with Monero, BTC or cash)
|
||||
**[IVPN](https://www.ivpn.net/)** | Independently Security Audited VPN with anonymous signup, no logs, no cloud or customer data stored, open-source apps and website. Strong ethics: no trackers, no false promises, no surveillance ads. Accepts various payment methods including crypotcurrencies.
|
||||
**[ProtonVPN](https://protonvpn.com/)** | From the creators of ProtonMail, ProtonVPN has a solid reputation. They have a full suit of user-friendly native mobile and desktop apps. ProtonVPN is one of the few "trustworthy" providers that also offer a free plan
|
||||
|
||||
#### Other VPN Options
|
||||
|
||||
[AirVPN](https://airvpn.org) has advanced features and is highly customizable, [WindScribe](https://windscribe.com/?affid=6nh59z1r) also has a ton of features as well as anonymous sign up, yet is very easy to use for all audiences with excellent cross-platform apps. See also:
|
||||
[Perfect Privacy](https://www.perfect-privacy.com/en/features?a_aid=securitychecklist) -- [TorGuard](https://torguard.net/aff.php?aff=6024) -- [IVPN](https://www.ivpn.net/) -- [PureVPN](https://www.anrdoezrs.net/click-9242873-13842740) -- [NordVPN](https://www.kqzyfj.com/l5115shqnhp4E797DC8467D69A6D) -- [SwitchVPN](https://secure.switchkonnect.com/aff.php?aff=1374) -- [Safer VPN](https://safervpn.com/?a_aid=1413) -- [VirtualShield](https://virtualshield.com/?rfsn=3739717.4cba76) -- [Private Internet Access](https://www.privateinternetaccess.com/pages/cafe/digidef) -- [VPN.ac](https://vpn.ac/aff.php?aff=2178) -- [VyperVPN](https://www.dpbolvw.net/click-9242873-13805759)
|
||||
[Perfect Privacy](https://www.perfect-privacy.com/en/features?a_aid=securitychecklist) -- [TorGuard](https://torguard.net/aff.php?aff=6024) -- [PureVPN](https://www.anrdoezrs.net/click-9242873-13842740) -- [NordVPN](https://www.kqzyfj.com/l5115shqnhp4E797DC8467D69A6D) -- [SwitchVPN](https://secure.switchkonnect.com/aff.php?aff=1374) -- [Safer VPN](https://safervpn.com/?a_aid=1413) -- [VirtualShield](https://virtualshield.com/?rfsn=3739717.4cba76) -- [Private Internet Access](https://www.privateinternetaccess.com/pages/cafe/digidef) -- [VPN.ac](https://vpn.ac/aff.php?aff=2178) -- [VyperVPN](https://www.dpbolvw.net/click-9242873-13805759) -- [Deeper Network DPN](https://www.deeper.network) Decentralized-Private-Network Devices --
|
||||
|
||||
**Full VPN Comparison**: [thatoneprivacysite.net](https://thatoneprivacysite.net/).
|
||||
|
||||
@ -591,6 +592,7 @@ See also this [Full List of Public DoH Servers](https://github.com/curl/curl/wik
|
||||
- [OpenNIC](https://www.opennic.org/), [NixNet DNS](https://nixnet.services/dns) and [UncensoredDNS](https://blog.uncensoreddns.org) are open source and democratic, privacy-focused DNS
|
||||
- [Unbound](https://nlnetlabs.nl/projects/unbound/about/) is a validating, recursive, caching DNS resolver, designed to be fast and lean. Incorporates modern features and based on open standards
|
||||
- [Clean Browsing](https://cleanbrowsing.org/), is a good option for protecting kids, they offer comprehensive DNS-based Content Filtering
|
||||
- [Mullvad](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls/) Mullvads public DNS with QNAME minimization and basic ad blocking. It has been audited by the security experts at Assured. You can use this privacy-enhancing service even if you don’t use Mullvad.
|
||||
|
||||
#### Word of Warning
|
||||
Using an encrypted DNS resolver will not make you anonymous, it just makes it harder for third-partied to discover your domain history. If you are using a VPN, take a [DNS leak test](https://www.dnsleaktest.com/), to ensure that some requests are not being exposed.
|
||||
@ -810,10 +812,12 @@ It is recommended to encrypt files on your client machine, before syncing to the
|
||||
| Provider | Description |
|
||||
| --- | --- |
|
||||
**[Tresorit](https://tresorit.com)** | End-to-end encrypted zero knowledge file storage, syncing and sharing provider, based in Switzerland. The app is cross-platform, user-friendly client and with all expected features. £6.49/month for 500 GB
|
||||
**[IceD rive](https://icedrive.net)** | Very affordable encrypted storage provider, with cross-platform apps. Starts as £1.50/month for 150 GB or £3.33/month for 1 TB
|
||||
**[IceDrive](https://icedrive.net)** | Very affordable encrypted storage provider, with cross-platform apps. Starts as £1.50/month for 150 GB or £3.33/month for 1 TB
|
||||
**[Sync.com](https://www.sync.com)** | Secure file sync, sharing, collaboration and backup for individuals, small businesses and sole practitioners. Starts at $8/month for 2 TB
|
||||
**[cloud](https://www.pcloud.com)** | Secure and simple to use cloud storage, with cross-platform client apps. £3.99/month for 500 GB
|
||||
**[pCloud](https://www.pcloud.com)** | Secure and simple to use cloud storage, with cross-platform client apps. £3.99/month for 500 GB
|
||||
**[Peergos](https://peergos.org/)** | A peer-to-peer end-to-end encrypted global filesystem with fine grained access control. Provides a secure and private space online where you can store, share and view your photos, videos, music and documents. Also includes a calendar, news feed, task lists, chat and email client. Fully open source and self-hostable (or use hosted solution, £5/month for 50 GB)
|
||||
**[Internxt](https://internxt.com/)** | Store your files in total privacy. Internxt Drive is a zero-knowledge cloud storage service based on best-in-class privacy and security. Made in Spain. Open-source mobile and desktop apps. 10GB FREE and Paid plans starting from €0.99/month for 20GB.
|
||||
**[FileN](https://filen.io/)** | Zero knowledge end-to-end encrypted affordable cloud storage made in Germany. Open-source mobile and desktop apps. 10GB FREE with paid plans starting at €0.92/month for 100GB.
|
||||
|
||||
#### Notable Mentions
|
||||
An alternative option, is to use a cloud computing provider, and implement the syncing functionality yourself, and encrypt data locally before uploading it- this may work out cheaper in some situations. You could also run a local server that you physically own at a secondary location, that would mitigate the need to trust a third party cloud provider. Note that some knowledge in securing networks is required.
|
||||
@ -1146,8 +1150,11 @@ collecting a wealth of information, and logging your every move. A [custom ROM](
|
||||
|
||||
| Provider | Description |
|
||||
| --- | --- |
|
||||
**[LineageOS](https://www.lineageos.org/)** | A free and open-source operating system for various devices, based on the Android mobile platform- Lineage is light-weight, well maintained, supports a wide range of devices, and comes bundled with [Privacy Guard](https://en.wikipedia.org/wiki/Android_Privacy_Guard)
|
||||
**[GrapheneOS](https://grapheneos.org/)** | GrapheneOS is an open source privacy and security focused mobile OS with Android app compatibility. Developed by [Daniel Micay](https://twitter.com/DanielMicay). GrapheneOS is a young project, and currently only supports Pixel devices, partially due to their [strong hardware security](https://grapheneos.org/faq#device-support).
|
||||
**[CalyxOS](https://calyxos.org/)** | CalyxOS is an free and open source Android mobile operating system that puts privacy and security into the hands of everyday users. Plus, proactive security recommendations and automatic updates take the guesswork out of keeping your personal data personal. Also currently only supports Pixel devices and Xiaomi Mi A2 with Fairphone 4, OnePlus 8T, OnePlus 9 test builds available. Developed by the Calyx Foundation.
|
||||
**[DivestOS](https://divestos.org)** | DivestOS is a vastly diverged unofficial more secure and private soft fork of LineageOS. DivestOS primary goal is prolonging the life-span of discontinued devices, enhancing user privacy, and providing a modest increase of security where/when possible. Project is developed and maintained solely by Tad (SkewedZeppelin) since 2014.
|
||||
**[LineageOS](https://www.lineageos.org/)** | A free and open-source operating system for various devices, based on the Android mobile platform- Lineage is light-weight, well maintained, supports a wide range of devices, and comes bundled with [Privacy Guard](https://en.wikipedia.org/wiki/Android_Privacy_Guard)
|
||||
|
||||
|
||||
#### Other Notable Mentions
|
||||
[Replicant OS](https://www.replicant.us/) is a fully-featured distro, with an emphasis on freedom, privacy and security. [MmniRom](https://www.omnirom.org/), [Recursion Remix](https://forum.xda-developers.com/remix), and [Paranoid Android](http://paranoidandroid.co/) are also popular options. Alternativley, [Ubuntu Touch](https://ubports.com/) is a Linux (Ubuntu)- based OS. It is secure by design and runs on almost any device, - but it does fall short when it comes to the app store.
|
||||
@ -1198,7 +1205,9 @@ Some good distros to consider would be: **[Fedora](https://getfedora.org/)**, **
|
||||
BSD systems arguably have far superior network stacks. **[OpenBSD](https://www.openbsd.org)** is designed for maximum security — not just with its features, but with its implementation practices. It’s a commonly used OS by banks and critical systems. **[FreeBSD](https://www.freebsd.org)** is more popular, and aims for high performance and ease of use.
|
||||
|
||||
#### Windows
|
||||
One option for Windows users is the LTSC stream, that provides several security benefits over a standard Win 10 Installation. [Windows 10 LTSC](https://docs.microsoft.com/en-us/windows/whats-new/ltsc/) (or Long Term Servicing Channel) is a lightweight, low-cost Windows 10 version, that is intended for specialized systems, and receives less regular feature updates. What makes it appealing, is that it doesn't come with any bloatware or non-essential applications, and needs to be configured from the ground up by the user. This gives you much better control over what is running on your system, ultimately improving security and privacy. It also includes several enterprise-grade [security features](https://docs.microsoft.com/en-us/windows/whats-new/ltsc/whats-new-windows-10-2019#security), which are not available in a standard Windows 10 instance. It does require some technical knowledge to get started with, but once setup should perform just as any other Windows 10 system. Note that you should only download the LTSC ISO from the Microsoft's [official page](https://www.microsoft.com/en-in/evalcenter/evaluate-windows-10-enterprise)
|
||||
Two alternative options for Windows users are Windows 10 AME (ameliorated) project and the LTSC stream.
|
||||
**[Windows 10 AME](https://ameliorated.info/)** AME project aims at delivering a stable, non-intrusive yet fully functional build of Windows 10 to anyone, who requires the Windows operating system natively. Core applications, such as the included Edge web-browser, Windows Media Player, Cortana, as well as any appx applications (appx apps will no longer work), have also been successfully eliminated. The total size of removed files is about 2 GB. Comes as a pre-built ISO or option to build from scratch with de-bloat scripts. Strong, supportive community on Telegram.
|
||||
**[Windows 10 LTSC](https://docs.microsoft.com/en-us/windows/whats-new/ltsc/)** LTSC provides several security benefits over a standard Win 10 Installation. LTSC or Long Term Servicing Channel is a lightweight, low-cost Windows 10 version, that is intended for specialized systems, and receives less regular feature updates. What makes it appealing, is that it doesn't come with any bloatware or non-essential applications, and needs to be configured from the ground up by the user. This gives you much better control over what is running on your system, ultimately improving security and privacy. It also includes several enterprise-grade [security features](https://docs.microsoft.com/en-us/windows/whats-new/ltsc/whats-new-windows-10-2019#security), which are not available in a standard Windows 10 instance. It does require some technical knowledge to get started with, but once setup should perform just as any other Windows 10 system. Note that you should only download the LTSC ISO from the Microsoft's [official page](https://www.microsoft.com/en-in/evalcenter/evaluate-windows-10-enterprise)
|
||||
|
||||
|
||||
#### Improve the Security and Privacy of your current OS
|
||||
|
Loading…
Reference in New Issue
Block a user