Merge pull request #2 from Lissy93/master

merge from Lissy93

4_Privacy_And_Security_Links.md

@@ -88,7 +88,14 @@ See also: [Personal Security Checklist](https://github.com/Lissy93/personal-secu
 
 
 ## Podcasts
-- Darknet Diaries (by Jack Rhysider): https://darknetdiaries.com
+- Darknet Diaries (by Jack Rhysider): [https://darknetdiaries.com]. Or listen on [Stitcher][da-stitch]
+- CYBER (by Motherboard, Vice): [Motherboard CYBER]. Or listen on [Stitcher][cy-stitch]
+
+[https://darknetdiaries.com]: https://darknetdiaries.com
+[da-stitch]: https://www.stitcher.com/podcast/darknet-diaries
+
+[Motherboard CYBER]: https://www.vice.com/en_us/article/59vpnx/introducing-cyber-a-hacking-podcast-by-motherboard
+[cy-stitch]: https://www.stitcher.com/podcast/vice-2/cyber
 
 
 ## Videos
@@ -161,7 +168,12 @@ See also: [Personal Security Checklist](https://github.com/Lissy93/personal-secu
 - privacy-respecting by @nikitavoloboev: https://github.com/nikitavoloboev/privacy-respecting
 - awesome-privacy by @KevinColemanInc: https://github.com/KevinColemanInc/awesome-privacy
 - Security_list by @zbetcheckin: https://github.com/zbetcheckin/Security_list
+- awesome-security by @sbilly: https://github.com/sbilly/awesome-security
+- awesome-sec-talks by @PaulSec: https://github.com/PaulSec/awesome-sec-talks
 
+## Unrelated Awesome Lists
+ - awesome by @sindresorhus: https://github.com/sindresorhus/awesome
+ - lists by @jnv: https://github.com/jnv/lists
 
 ---
 
@@ -170,3 +182,13 @@ See also: [Personal Security Checklist](https://github.com/Lissy93/personal-secu
 *Licensed under [Creative Commons, CC BY 4.0](https://creativecommons.org/licenses/by/4.0/), © [Alicia Sykes](https://aliciasykes.com) 2020*
 
 [![Attribution 4.0 International](https://licensebuttons.net/l/by/3.0/88x31.png)](https://github.com/Lissy93/personal-security-checklist/blob/master/LICENSE.md)
+
+----
+
+Found this helpful? Consider sharing it with others, to help them also improve their digital security 😇
+
+[![Share on Twitter](https://i.ibb.co/2hqF59H/share-twitter.png)](http://twitter.com/share?text=Check%20out%20the%20Personal%20Cyber%20Security%20Checklist-%20an%20ultimate%20list%20of%20tips%20for%20protecting%20your%20digital%20security%20and%20privacy%20in%202020%2C%20with%20%40Lissy_Sykes%20%F0%9F%94%90%20%20%F0%9F%9A%80&url=https://github.com/Lissy93/personal-security-checklist)
+[![Share on LinkedIn](https://i.ibb.co/9Ngh9jg/share-linkedin.png)](
+http://www.linkedin.com/shareArticle?mini=true&url=https://github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=https://github.com/Lissy93)
+[![Share on Facebook](https://i.ibb.co/cc6tFVj/share-facebook.png)](https://www.linkedin.com/shareArticle?mini=true&url=https%3A//github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=)
+[![Share on Pinterest](https://i.ibb.co/x8L70b0/share-pinterest.png)](https://pinterest.com/pin/create/button/?url=https%3A//repository-images.githubusercontent.com/123631418/79c58980-3a13-11ea-97e8-e45591ef2d97&media=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&description=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020)

5_Privacy_Respecting_Software.md

@@ -7,6 +7,8 @@
 
 **Too long? 🦒** See the [TLDR version](/2_TLDR_Short_List.md#open-source-privacy-focused-software) instead.
 
+[⏬ Skip to Content ⏬](#password-managers)
+
 #### See Also
 - [Personal Security Checklist](/README.md)
 - [Gadgets for Privacy & Security](/6_Privacy_and-Security_Gadgets.md)
@@ -15,8 +17,6 @@
 
 ---
 
-[⏬ Skip to Content ⏬](#password-managers)
-
 ## Intro
 
 Migrating to encrypted, privacy-respecting open source software and services can greatly 
@@ -76,9 +76,11 @@ corporations, governments, and hackers from logging, storing or selling your per
 - [Payment Methods](#payment-methods)
 
 **Bonus**
-- [Alternatives to Google](#bonus-alternatives-to-google)
+- [Alternatives to Google](#bonus-1---alternatives-to-google)
 - [Self-Hosted Services](#bonus-2---self-hosted-services)
 - [Self-Hosted Sys-Admin](#bonus-3---self-hosted-sysadmin)
+- [Self-Hosted Dev Tools](#bonus-4---self-hosted-development-tools)
+
 
 ## Password Managers
 
@@ -166,7 +168,7 @@ If you do not want to trust an email provider with your messages, you can host y
 #### Mail Clients
 Email clients are the programs used to interact with the mail server. For hosted email, then the web and mobile clients provided by your email service are usually adequate, and may be the most secure option. For self-hosted email, you will need to install and configure mail clients for web, desktop or mobile.
 
-- **Dektop** - [Mozilla Thunderbird](https://www.thunderbird.net) is an open source, highly customizable, secure and private desktop email client, for Windows, macOS, and Linux. If you are using ProtonMail, then you can use the [ProtonMail Bridge](https://protonmail.com/bridge/thunderbird), to sync your emails to either Thunderbird or Microsoft Outlook. In terms of security, the disadvantage, is that most desktop clients do not support 2FA, so it is important to keep your computer secured, however they are not vulnrable to the common browser attacks, that a web client would be. 
+- **Desktop** - [Mozilla Thunderbird](https://www.thunderbird.net) is an open source, highly customizable, secure and private desktop email client, for Windows, macOS, and Linux. If you are using ProtonMail, then you can use the [ProtonMail Bridge](https://protonmail.com/bridge/thunderbird), to sync your emails to either Thunderbird or Microsoft Outlook. In terms of security, the disadvantage, is that most desktop clients do not support 2FA, so it is important to keep your computer secured, however they are not vulnrable to the common browser attacks, that a web client would be. 
 - **Web** - If you are self-hosting your mail server, you will probably want a web-based email client. [RainLoop](http://www.rainloop.net) and [RoundCube](https://roundcube.net) are both good open source options.
 - **Mobile** - the most secure option is usually to use the app provided by your mail provider. If your mail server is self-hosted, then consider [FairMail](https://email.faircode.eu/) which is a fully featured, open source, privacy oriented email app for Android. There is also [pretty Easy privacy p≡p](https://play.google.com/store/apps/details?id=security.pEp), which has OpenPGP built in. [K-9 Mail](https://play.google.com/store/apps/details?id=com.fsck.k9), which has been around almost as long as Android, has a solid reputation for privacy and security features.
 
@@ -228,8 +230,8 @@ The following browser add-ons give you better control over what content is able
 **[Bouncer]** | Gives you the ability to grant permissions temporarily, so that you could for example use the camera to take a profile picture, but when you close the given app, those permissions will be revoked
 **[Haven]** | Allows you to protect yourself, your personal space and your posessions- without compromising on security. Leveraging device sensors to monitor nearby space, Haven was developed by [The Guardian Project](https://guardianproject.info/), in partnership with [Edward Snowden](https://techcrunch.com/2017/12/24/edward-snowden-haven-app/)
 **[XUMI Security]** |  Checks for, and resolves known security vulnerabilities. Useful to ensure that certain apps, or device settings are not putting your security or privacy at risk
+**[SuperFreezZ]** | Makes it possible to entirely freeze all background activities on a per-app basis. Intended purpose is to to speed up your phone, and prolong battery life, but this app is also a great utility to stop certain apps from collecting data and tracking your actions while running in the background
 **[Daedalus]** | No root required Android DNS modifier and hosts/DNSMasq resolver, works by creating a VPN tunnel to modify the DNS settings. Useful if you want to change your resolver to a more secure/ private provider, or use DNS over HTTPS
-**[Greenify]** | Stops certain apps from running in the background. Was intended to be used to speed up your phone, and prolong battery life, but it also stops certain apps from collecting data and tracking your actions while running in the background
 **[Secure Task]** | Triggers actions, when certain security conditions are met, such as multiple failed login attempts or monitor settings changed. It does require [Tasker], and needs to be set up with ADB, device does not need to be rooted
 **[Cryptomator]** | Encryptes files and folders client-side, before uploading them to cloud storage (such as Google Drive, One Drive or Dropbox), meaning none of your personal documents leave your device in plain text
 **[1.1.1.1]** | Lets you use CloudFlares fast and secure 1.1.1.1 DNS, with DNS over HTTPS, and also has the option to enable CloudFlares WARP+ VPN
@@ -503,7 +505,7 @@ Over the past decade, social networks have revolutionized the way we communicate
 #### Other Notable Mentions
 - [diaspora*](https://diasporafoundation.org), [Pleroma](https://pleroma.social) and [Friendica](https://friendi.ca) - distributed, decentralized social networks, built on open protocols
 - [Tildes](https://tildes.net), [Lemmy](https://dev.lemmy.ml) and [notabug.io](https://notabug.io) - bulletin boards and news aggregators (similar to Reddit)
-- [Pixel Feed](https://pixelfed.org) - photo sharing (similar to Instagram)
+- [Pixelfed](https://pixelfed.org) - photo sharing (similar to Instagram)
 
 #### Main-stream networks
 The content on many of these smaller sites tends to be more *niche*. To continue using Twitter, there are a couple of [tweaks](https://www.offensiveprivacy.com/blog/twitter-privacy), that will improve security. For Reddit, use a privacy-respecting client- such as [Reditr](http://reditr.com/). Other main-stream social networking sites do not respect your privacy, so should be avoided, but if you choose to keep using them see [this guide](https://proprivacy.com/guides/social-media-privacy-guide) for tips on protecting your privacy
@@ -792,6 +794,28 @@ Moving away from Google, and using multiple alternative apps will mean there is
 - VPN: [OpenVPN](https://community.openvpn.net), [Pritunl](https://pritunl.com)
 - Web Servers: [NGINX](https://nginx.org), [Caddy](https://caddyserver.com), [Light TPD](https://www.lighttpd.net)
 
+## Bonus #4 - Self-Hosted Development Tools
+
+- API Management: [Kong](https://github.com/Kong/kong), [Krakend](https://github.com/devopsfaith/krakend), [tyk](https://github.com/TykTechnologies/tyk), [Hasura](https://hasura.io)
+- Browser-based IDE: [Code Server](https://github.com/cdr/code-server) (VS Code), [Che](https://github.com/eclipse/che) (Eclipse), [ICEcoder](https://github.com/icecoder/ICEcoder), [ml-workspace](https://github.com/ml-tooling/ml-workspace) (for Data science and ML), [r-studio](https://github.com/rstudio/rstudio) (for R programming)
+- Code Reviews: [Phabricator](https://github.com/phacility/phabricator). See also: Git Servers, most of which have CR features
+- Containers: [Docker](https://github.com/docker), [LXC](https://github.com/lxc/lxc), [OpenVZ](https://github.com/OpenVZ)
+- Continuous Integration: [Drone](https://github.com/drone/drone), [Concourse](https://github.com/concourse/concourse), [BuildBot](https://github.com/buildbot/buildbot), [Strider](https://github.com/Strider-CD/strider), [Jenkins](https://github.com/jenkinsci/jenkins)
+- Deployment Automation: [Capustrano](https://github.com/capistrano/capistrano), [Fabric](https://github.com/fabric/fabric), [Mina](https://github.com/mina-deploy/mina), [Munki](https://github.com/munki/munki), [Rocketeer](https://github.com/rocketeers/rocketeer), [Sup](https://github.com/pressly/sup)
+- Doc Generators: [FlatDoc](https://github.com/rstacruz/flatdoc), [Docsify](https://github.com/docsifyjs/docsify), [Sphinx](https://github.com/sphinx-doc/sphinx), [ReadTheDocs](https://github.com/readthedocs/readthedocs.org), [Docusarus](https://github.com/facebook/docusaurus), [mkdocs](https://github.com/mkdocs/mkdocs)
+- Git Server: [GitBucket](https://gitbucket.github.io), [GitTea](https://gitea.io), [GitLab](https://gitlab.com/gitlab-org/gitlab-foss), [Gogs](https://gogs.io)
+- Localization: [Weblate](https://github.com/WeblateOrg/weblate), [Translate/ Pootle](https://github.com/translate/pootle), [Accent](https://github.com/mirego/accent)
+- Serverless: [OpenFaas](https://www.openfaas.com), [IronFunctions](https://github.com/iron-io/functions), [LocalStack](https://github.com/localstack/localstack), [fx](https://github.com/metrue/fx)
+- Static Site Gen: See [StaticGen.com](https://www.staticgen.com)
+- UI Testing: [Selenoid](https://github.com/aerokube/selenoid), [Zalenium](https://github.com/zalando/zalenium), [Selenium](https://github.com/SeleniumHQ/selenium)
+- More Tools:
+	- [Request Bin](https://github.com/Runscope/requestbin) - Inspect HTTP requests and Debug webhooks
+	- [Regexr](https://github.com/gskinner/regexr) - Web tool for for creating, testing, and learning about Regular Expressions
+	- [JS Bin](https://github.com/jsbin/jsbin) - Collaborative JavaScript Debugging App, create, test, run and send web code snippets
+	- [Koding](https://github.com/koding/koding) - A development platform to orchestrates your project-specific dev environment
+	- [Judge0](https://github.com/judge0) - A web compiler accessed through either an API of web-IDE, for executing trusted or untrusted code
+	- [SourceGraph](https://github.com/sourcegraph/sourcegraph) - Self-hosted universal code search and navigation engine
+
 
 ---
 
@@ -853,7 +877,7 @@ http://www.linkedin.com/shareArticle?mini=true&url=https://github.com/Lissy93/pe
 [Cryptomator]: https://play.google.com/store/apps/details?id=org.cryptomator
 [Daedalus]: https://play.google.com/store/apps/details?id=org.itxtech.daedalus
 [Brevent]: https://play.google.com/store/apps/details?id=me.piebridge.brevent
-[Greenify]: https://play.google.com/store/apps/details?id=com.oasisfeng.greenify
+[SuperFreezZ]: https://f-droid.org/en/packages/superfreeze.tool.android
 [Secure Task]: https://play.google.com/store/apps/details?id=com.balda.securetask
 [Tor Browser]: https://play.google.com/store/apps/details?id=org.torproject.torbrowser 
 [PortDroid]: https://play.google.com/store/apps/details?id=com.stealthcopter.portdroid

6_Privacy_and-Security_Gadgets.md

@@ -3,15 +3,18 @@
 [![License](https://img.shields.io/badge/LICENSE-CC_BY_4.0-00a2ff?&style=flat-square)](https://creativecommons.org/licenses/by/4.0/)
 
 # Hardware for Protecting Privacy and Security
-> A curated list of gadgets, that can help preserve your privacy, and improve your personal cyber security 🔐
+> ### A curated list of (DIY and pre-build) devices, to help preserve privacy and improve physical cyber security 🔐
 
-**Too long? 🦒** See the [TLDR version](https://github.com/Lissy93/personal-security-checklist/blob/master/2_TLDR_Short_List.md) instead.
+**Too long? 🦒** See the [TLDR version](/2_TLDR_Short_List.md#security-hardware) instead.
+
+[⏬ Skip to Content ⏬](#basics)
 
 #### See Also
-- [Ultimate Personal Security Checklist](https://github.com/Lissy93/personal-security-checklist)
-- [Privacy-Respecting Software and Services](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md)
-- [Further Links: Security & Privacy](https://github.com/Lissy93/personal-security-checklist/blob/master/4_Privacy_And_Security_Links.md)
-- [The Importance of Digital Security & Privacy](https://github.com/Lissy93/personal-security-checklist/blob/master/0_Why_It_Matters.md)
+- [Ultimate Personal Security Checklist](/README.md)
+- [The Importance of Digital Security & Privacy](/0_Why_It_Matters.md)
+- [Why Privacy & Security Matters](/0_Why_It_Matters.md)
+- [Privacy-Respecting Software](/5_Privacy_Respecting_Software.md)
+- [Further Links + More Awesome Stuff](/4_Privacy_And_Security_Links.md)
 
 ---
 
@@ -57,6 +60,8 @@
 
 Don't want to spend money? Most of the products above, plus some that wearn't included can be built at home with some pretty simple hardware and open source software. The following list will point you in the right direction to start making!
 
+See Also [DIY Networking Hardware](#diy-networking-hardware)
+
 - **Network-wide add-block** - [Pi Hole](https://pi-hole.net) is a simple yet powerful app, that can be installed on a [Raspberry Pi](https://amzn.to/36GNpsm), and once you've updated your routers DNS servers to point to it, all resources on the blacklist will be blocked, at the point of origin. This makes it much more powerful than a browser add-on, and will also speed your internet up
 - **Encrypted USB** - You can use [VeraCrypt](https://www.veracrypt.fr/en/Home.html) to create an encrypted USB drive, using any off-the shelf [USB drive](https://amzn.to/2RykcLD)
 - **USB Sanitiser** - [CIRCLean](https://www.circl.lu/projects/CIRCLean) is a hardware solution to clean documents from untrusted (obtained) USB drives. It automatically converts untrusted documents into a readable but disarmed format and stores these clean files on a trusted (user owned) USB key/stick.
@@ -81,6 +86,7 @@ If you are confident with electronics, then you could also make:
 
 We can go even further, these products are far from essential and are maybe a little over-the-top. But fun to play around with, if you really want to avoid being tracked!
 
+- **Self-Destroying PC** - The ORWL PC will wipe all data if it is compromised, and has many other safeguards to ensure no one other than you can access anything from your drive. Comes with QubeOS, Windows or Linux, and requires both a password and fob to log in. See more: [orwl.org](https://orwl.org)
 - **Card Skimmer Detector** - Ensure an ATM or card reader does not have an integrated skimming device. See more at [Lab401](https://lab401.com/products/hunter-cat-card-skimmer-detector)
 - **Voice Changer** - Useful to disguise voice, while chatting online. See more: [UK](https://amzn.to/3bXqpsn) | [US](https://amzn.to/2PqUEyz)
 - **Ultra-Sonic Microphone Jammer** - Blocks phones, dictaphones, voice assistants and other recording devices. Uses built-in transducers to generate ultrasonic signals that can not be heard by humans, but cause indistinct noise, on redording devices, making it impossible to distinguish any details of the conversations. See more [UK](https://amzn.to/2Hnk63s) | [US](https://amzn.to/2v2fwVG)

README.md

@@ -10,10 +10,10 @@
 **Too long? 🦒** See the [TLDR version](https://github.com/Lissy93/personal-security-checklist/blob/master/2_TLDR_Short_List.md) instead.
 
 #### See Also
-- [Why Privacy & Security Matters](https://github.com/Lissy93/personal-security-checklist/blob/master/0_Why_It_Matters.md)
-- [Privacy-Respecting Software](https://github.com/Lissy93/personal-security-checklist/blob/master/5_Privacy_Respecting_Software.md)
-- [Privacy & Security Gadgets](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_and-Security_Gadgets.md)
-- [Further Links + More Awesome Stuff](https://github.com/Lissy93/personal-security-checklist/blob/master/4_Privacy_And_Security_Links.md)
+- [Why Privacy & Security Matters](/0_Why_It_Matters.md)
+- [Privacy-Respecting Software](/5_Privacy_Respecting_Software.md)
+- [Privacy & Security Gadgets](/6_Privacy_and-Security_Gadgets.md)
+- [Further Links + More Awesome Stuff](/4_Privacy_And_Security_Links.md)
 
 ## Contents
 
@@ -37,7 +37,7 @@ Use strong passwords, which can't be easily guessed or cracked. Length is more i
 --- | --- | ---
 **Use a strong password** | Recommended | Try to get a good mixture of upper and lower-case letters, numbers and symbols. Avoid names, places and dictionary words where possible, and aim to get a decent length (a minimum of 12+ characters is ideal). Have a look at [HowSecureIsMyPassword.net](https://howsecureismypassword.net) and [How Long will it take to Crack my Password](https://www.betterbuys.com/estimating-password-cracking-times/) to get an idea of what a strong password is. See [this guide](https://securityinabox.org/en/guide/passwords/) for more information.
 **Don’t save your password in browsers** | Recommended | Most modern browsers offer to save your credentials when you log into a site. Don’t allow this! As they are not always encrypted, hence can allow someone to gain easy access into your accounts. Also do not store passwords in a .txt file or any other unencrypted means. Ideally use a reputable password manager.
-**Use different passwords for each account you have** | Recommended | If your credentials for one site get compromised, it can give hackers access to your other online accounts. So it is highly recommended not to reuse the same passwords. Again, the simplest way to manage having many different passwords, is to use a [password manager](https://en.wikipedia.org/wiki/Password_manager). Have a look at [LastPass](https://www.lastpass.com), [DashLane](https://www.dashlane.com), [KeePass](https://keepass.info) or [Robo Forms 8](https://www.roboform.com).
+**Use different passwords for each account you have** | Recommended | If your credentials for one site get compromised, it can give hackers access to your other online accounts. So it is highly recommended not to reuse the same passwords. Again, the simplest way to manage having many different passwords, is to use a [password manager](https://en.wikipedia.org/wiki/Password_manager). Good options include [BitWarden](https://bitwarden.com), [1Password](https://1password.com), or for an offline app without sync [KeePass](https://keepass.info) / [KeePassXC](https://keepassxc.org).
 **Be cautious when logging in on someone else’s device** | Recommended | When using someone else's machine, ensure that you're in a private session (like Incognito mode, Ctrl+Shift+N) so that nothing gets saved. Ideally you should avoid logging into your accounts on other people's computer, since you can't be sure their system is clean. Be especially cautious of public machines, or when accessing any of your secure accounts (email, banking etc.).
 **Avoid password hints** | Optional | Some sites allow you to set password hints. Using this feature makes it easier for hackers.
 **Never answer online security questions truthfully** | Optional | If a site asks  security questions (such as place of birth, mother's maiden name or first car etc), don't provide real answers. It is a trivial task for hackers to find out this information. Instead, create a password inside your password manager to store your fictitious answer.