Updates links to privacy software page

2022-07-10 14:03:14 +01:00 · 2022-07-10 14:03:14 +01:00 · 4521625fa3
parent 9152f649e9
commit 4521625fa3
5 changed files with 75 additions and 75 deletions
--- a/0_Why_It_Matters.md
+++ b/0_Why_It_Matters.md
@ -78,7 +78,7 @@ For online privacy to be effective, it needs to be adopted my the masses, and no

 ## Further Links
 - [Ultimate Personal Security Checklist](/README.md)
- [Privacy-Respecting Software](/5_Privacy_Respecting_Software.md)
+- [Privacy-Respecting Software](https://github.com/Lissy93/awesome-privacy)
 - [Privacy & Security Gadgets](/6_Privacy_and-Security_Gadgets.md)
 - [Further Links + More Awesome Stuff](/4_Privacy_And_Security_Links.md)

--- a/2_TLDR_Short_List.md
+++ b/2_TLDR_Short_List.md
@ -11,8 +11,8 @@

 ### Authentication
 - Use a long, strong and unique password for each of your accounts (see [HowSecureIsMyPassword.net](https://howsecureismypassword.net))
- Use a secure [password manager](/5_Privacy_Respecting_Software.md#password-managers), to encrypt, store and fill credentials, such as [BitWarden](https://bitwarden.com) or [KeePass](https://keepass.info) / [KeePassXC](https://keepassxc.org)
- Enable 2-Factor authentication where available, and use an [authenticator app](/5_Privacy_Respecting_Software.md#2-factor-authentication) or [hardware token](/6_Privacy_and-Security_Gadgets.md#fido-u2f-keys)
+- Use a secure [password manager](https://github.com/Lissy93/awesome-privacy#password-managers), to encrypt, store and fill credentials, such as [BitWarden](https://bitwarden.com) or [KeePass](https://keepass.info) / [KeePassXC](https://keepassxc.org)
+- Enable 2-Factor authentication where available, and use an [authenticator app](https://github.com/Lissy93/awesome-privacy#2-factor-authentication) or [hardware token](/6_Privacy_and-Security_Gadgets.md#fido-u2f-keys)
 - When you enable multi-factor authentication, you will usually be given several codes that you can use if your 2FA method is lost, broken or unavailable. You should store these on paper or in a safe place on disk (e.g. in offline storage or as in an encrypted file/drive).
 - Sign up for breach alerts (with [Firefox Monitor](https://monitor.firefox.com) or [HaveIBeenPwned](https://haveibeenpwned.com)), and update passwords of compromised accounts

@ -23,9 +23,9 @@
 - Block invasive 3rd-party trackers and ads using an extension like [Privacy Badger](https://privacybadger.org) or [uBlock](https://github.com/gorhill/uBlock)
 - Keep your browser up-to-date, explore the privacy settings and remove unnecessary add-ons/ extensions
 - Consider using compartmentalization to separate different areas of your browsing (such as work, social, shopping etc), in order to reduce tracking. This can be done with [Firefox Containers](https://support.mozilla.org/en-US/kb/containers), or by using separate browsers or browser profiles
- Don't allow your browser to save your passwords or auto-fill personal details (instead use a [password manager](/5_Privacy_Respecting_Software.md#password-managers), and [disable your browsers own auto-fill](https://www.computerhope.com/issues/ch001377.htm))
+- Don't allow your browser to save your passwords or auto-fill personal details (instead use a [password manager](https://github.com/Lissy93/awesome-privacy#password-managers), and [disable your browsers own auto-fill](https://www.computerhope.com/issues/ch001377.htm))
 - Clear your cookies, session data and cache regularly. An extension such as [Cookie-Auto-Delete](https://github.com/Cookie-AutoDelete/Cookie-AutoDelete) can be used to automate this
- Don't sign into your browser, as it can link further data to your identity. If you need to, you can use an open source [bookmark sync](/5_Privacy_Respecting_Software.md#browser-sync) app
+- Don't sign into your browser, as it can link further data to your identity. If you need to, you can use an open source [bookmark sync](https://github.com/Lissy93/awesome-privacy#browser-sync) app
 - Consider using [Decentraleyes](https://decentraleyes.org) to decrease the number of trackable CDN requests your device makes
 - Test your browser using a tool like [Panopticlick](https://panopticlick.eff.org) to ensure there are no major issues. [BrowserLeaks](https://browserleaks.com) and [Am I Unique](https://amiunique.org/fp) are also useful for exploring what device info you are exposing to websites
 - For anonymous browsing use [The Tor Browser](https://www.torproject.org/), and avoid logging into any of your personal accounts
@ -53,20 +53,20 @@ It's important to protect your email account, as if a hacker gains access to it


 ### Secure Messaging
- Use a [secure messaging app](/5_Privacy_Respecting_Software.md#encrypted-messaging) that is both fully open source and end-to-end encrypted with perfect forward secrecy (e.g. [Signal](https://www.signal.org/))
+- Use a [secure messaging app](https://github.com/Lissy93/awesome-privacy#encrypted-messaging) that is both fully open source and end-to-end encrypted with perfect forward secrecy (e.g. [Signal](https://www.signal.org/))
 - Ensure that both your device, and that of your recipient(s) is secure (free from malware, encrypted and has a strong password)
 - Disable cloud services, such as web app companion or cloud backup feature, both of which increases attack surface
 - Strip meta data from media before sharing, as this can lead to unintentionally revealing more data than you intended
 - Verify your recipient is who they claim to be, either physically or cryptographically by using an app that offers contact verification
 - Avoid SMS, but if you must use it then encrypt your messages, e.g. using the [Silence](https://silence.im/) app
 - Opt for a stable and actively maintained messaging platform, that is backed by reputable developers and have a transparent revenue model or are able to account for where funding has originated from. It should ideally be based in a friendly jurisdiction and have undergone an independent security audit. 
- In some situations, it may be appropriate to use an app that supports disappearing messages, and/ or allows for anonymous sign up (without any PII: phone number, email address etc). A [decentralized platform](/5_Privacy_Respecting_Software.md#p2p-messaging) can offer additional security and privacy benefits in some circumstances, as there is no single entity governing it, e.g. [Matrix](https://matrix.org/), [Session](https://getsession.org/), [Tox](https://tox.chat/) or [Briar](https://briarproject.org/)
+- In some situations, it may be appropriate to use an app that supports disappearing messages, and/ or allows for anonymous sign up (without any PII: phone number, email address etc). A [decentralized platform](https://github.com/Lissy93/awesome-privacy#p2p-messaging) can offer additional security and privacy benefits in some circumstances, as there is no single entity governing it, e.g. [Matrix](https://matrix.org/), [Session](https://getsession.org/), [Tox](https://tox.chat/) or [Briar](https://briarproject.org/)


 ### Networking
 - Use a reputable VPN to keep your IP protected and reduce the amount of browsing data your ISP can log, but understand their [limitations](5_Privacy_Respecting_Software.md#word-of-warning-4).  Good options include [ProtonVPN](https://protonvpn.com) and [Mullvad](https://mullvad.net), see [thatoneprivacysite.net](https://thatoneprivacysite.net/) for detailed comparisons
 - Change your routers default password. Anyone connected to your WiFi is able to listen to network traffic, so in order to prevent people you don't know from connecting, use WPA2 and set a strong password.
- Use a [secure DNS](/5_Privacy_Respecting_Software.md#dns) provider, (such as [Cloudflare's 1.1.1.1](https://1.1.1.1/dns/)) to reduce tracking. Ideally configure this on your router, but if that's not possible, then it can be done on each device. 
+- Use a [secure DNS](https://github.com/Lissy93/awesome-privacy#dns) provider, (such as [Cloudflare's 1.1.1.1](https://1.1.1.1/dns/)) to reduce tracking. Ideally configure this on your router, but if that's not possible, then it can be done on each device. 


 **📜 See More**: [The Complete Personal Security Checklist](https://github.com/Lissy93/personal-security-checklist/blob/master/README.md)
@ -123,7 +123,7 @@ Switch to alternative open-source, privacy-respecting apps and services, which w
 - Blogging: [Write Freely].
 - Calendar/ Contacts Sync: [ETE Sync]

-📜 **See More**: [Complete List of Privacy-Respecting Sofware](/5_Privacy_Respecting_Software.md)
+📜 **See More**: [Complete List of Privacy-Respecting Sofware](https://github.com/Lissy93/awesome-privacy)

 ----

--- a/4_Privacy_And_Security_Links.md
+++ b/4_Privacy_And_Security_Links.md
@ -18,7 +18,7 @@
  - [Videos](#videos)
 - **Security Tools & Services**
  - [Online Tools](#online-tools)
-  - Privacy-Respecting Software, moved to [here](/5_Privacy_Respecting_Software.md)
+  - Privacy-Respecting Software, moved to [here](https://github.com/Lissy93/awesome-privacy)
  - Security Hardware, moved to [here](/6_Privacy_and-Security_Gadgets.md)
 - **Research**
  - [Data and API's](#data-apis-and-visualisations)
@ -390,7 +390,7 @@ See also: [awesome-sec-talks](https://github.com/PaulSec/awesome-sec-talks) by @

 ## Privacy-Respecting Software

-This section has moved to [here](/5_Privacy_Respecting_Software.md). Complete list of privacy-respecting software and services
+This section has moved to [here](https://github.com/Lissy93/awesome-privacy). Complete list of privacy-respecting software and services

 ## Security Hardware

@ -620,7 +620,7 @@ This section has moved to [here](/6_Privacy_and-Security_Gadgets.md). Products,
  - [lists](https://github.com/jnv/lists) by @jnv
 - **More In This Repo**
  - [Personal Security Checklist](/README.md) by @lissy93
-  - [Privacy-Respecting Software](/5_Privacy_Respecting_Software.md)
+  - [Privacy-Respecting Software](https://github.com/Lissy93/awesome-privacy)
  - [Importance of Privacy & Security](/0_Why_It_Matters.md)
  - [Digital Security Gadgets / DIY hardware](/6_Privacy_and-Security_Gadgets.md)
  - [TLDR - Condensed Summary of this Repo](/2_TLDR_Short_List.md)
--- a/6_Privacy_and-Security_Gadgets.md
+++ b/6_Privacy_and-Security_Gadgets.md
@ -157,7 +157,7 @@ Gadgets that help protect and anonamise your internet, detect & prevent intrusio
 - **[IPFire](https://www.ipfire.org)** - A hardened, versatile, state-of-the-art open source firewall based on Linux. Its ease of use, high performance and extensibility make it usable for everyone
 - **[PiVPN](https://pivpn.io)** - A simple way to set up a home VPN on a any Debian server. Supports OpenVPN and WireGuard with elliptic curve encryption keys up to 512 bit. Supports multiple DNS providers and custom DNS provividers - works nicley along-side PiHole
 - **[E2guardian](http://e2guardian.org)** - Powerful open source web content filter
- **[OpenWRT](https://openwrt.org)** Powerful custom router firmware, with great security, performance and customization features. See more [custom router firmware](/5_Privacy_Respecting_Software.md#router-firmware)
+- **[OpenWRT](https://openwrt.org)** Powerful custom router firmware, with great security, performance and customization features. See more [custom router firmware](https://github.com/Lissy93/awesome-privacy#router-firmware)
 - **[SquidGuard](http://www.squidguard.org)** - A URL redirector software, which can be used for content control of websites users can access. It is written as a plug-in for Squid and uses blacklists to define sites for which access is redirected
 - **[PF Sense](https://www.pfsense.org)** - Widley used, open source firewall/router
 - **[Zeek](https://www.zeek.org)** -  Detect if you have a malware-infected computer on your network, and powerful network analysis framework and monitor
@ -256,7 +256,7 @@ Always ensure the packaging has not been tampered with, buy direct from the manu

 ## See Also

- [Awesome Privacy-Respecting Software](/5_Privacy_Respecting_Software.md)
+- [Awesome Privacy-Respecting Software](https://github.com/Lissy93/awesome-privacy)
 - [Ultimate Personal Security Checklist](/README.md)
 - [Why Privacy and Security Matters](/0_Why_It_Matters.md)
 - [Further Links + More Awesome Stuff](/4_Privacy_And_Security_Links.md)
--- a/README.md
+++ b/README.md
@ -26,7 +26,7 @@

 ### See Also
 - [Why Privacy & Security Matters](/0_Why_It_Matters.md)
- [Privacy-Respecting Software](/5_Privacy_Respecting_Software.md)
+- [Privacy-Respecting Software](https://github.com/Lissy93/awesome-privacy)
 - [Privacy & Security Gadgets](/6_Privacy_and-Security_Gadgets.md)
 - [Further Links + More Awesome Stuff](/4_Privacy_And_Security_Links.md)

@ -42,11 +42,11 @@ Use long, strong and unique passwords, manage them in a secure password manager,
 --- | --- | ---
 **Use a Strong Password** | Recommended | If your password is too short, or contains dictionary words, places or names- then it can be easily cracked through brute force, or guessed by someone. The easiest way to make a strong password, is by making it long (12+ characters)- consider using a 'passphrase', made up of many words. Alternatively, use a password generator to create a long, strong random password. Have a play with [HowSecureIsMyPassword.net](https://howsecureismypassword.net), to get an idea of how quickly common passwords can be cracked. Read more about creating strong passwords: [securityinabox.org](https://securityinabox.org/en/passwords/passwords-and-2fa/)
 **Don't reuse Passwords** | Recommended | If someone was to reuse a password, and one site they had an account with suffered a leak, then a criminal could easily gain unauthorized access to their other accounts. This is usually done through large-scale automated login requests, and it is called Credential Stuffing. Unfortunately this is all too common, but it's simple to protect against- use a different password for each of your online accounts
-**Use a Secure Password Manager** | Recommended | For most people it is going to be near-impossible to remember hundreds of strong and unique passwords. A password manager is an application that generates, stores and auto-fills your login credentials for you. All your passwords will be encrypted against 1 master passwords (which you must remember, and it should be very strong). Most password managers have browser extensions and mobile apps, so whatever device you are on, your passwords can be auto-filled. A good all-rounder is [BitWarden](https://bitwarden.com), or see [Recommended Password Managers](/5_Privacy_Respecting_Software.md#password-managers)
+**Use a Secure Password Manager** | Recommended | For most people it is going to be near-impossible to remember hundreds of strong and unique passwords. A password manager is an application that generates, stores and auto-fills your login credentials for you. All your passwords will be encrypted against 1 master passwords (which you must remember, and it should be very strong). Most password managers have browser extensions and mobile apps, so whatever device you are on, your passwords can be auto-filled. A good all-rounder is [BitWarden](https://bitwarden.com), or see [Recommended Password Managers](https://github.com/Lissy93/awesome-privacy#password-managers)
 **Avoid sharing passwords** | Recommended | While there may be times that you need to share access to an account with another person, you should generally avoid doing this because it makes it easier for the account to become compromised. If you absolutely do need to share a password for example when working on a team with a shared account this should be done via features built into a password manager.
-**Enable 2-Factor Authentication** | Recommended | 2FA is where you must provide both something you know (a password) and something you have (such as a code on your phone) to log in. This means that if anyone has got your password (e.g. through phishing, malware or a data breach), they will no be able to log into your account. It's easy to get started, download [an authenticator app](/5_Privacy_Respecting_Software.md#2-factor-authentication) onto your phone, and then go to your account security settings and follow the steps to enable 2FA. Next time you log in on a new device, you will be prompted for the code that displays in the app on your phone (it works without internet, and the code usually changes every 30-seconds)
+**Enable 2-Factor Authentication** | Recommended | 2FA is where you must provide both something you know (a password) and something you have (such as a code on your phone) to log in. This means that if anyone has got your password (e.g. through phishing, malware or a data breach), they will no be able to log into your account. It's easy to get started, download [an authenticator app](https://github.com/Lissy93/awesome-privacy#2-factor-authentication) onto your phone, and then go to your account security settings and follow the steps to enable 2FA. Next time you log in on a new device, you will be prompted for the code that displays in the app on your phone (it works without internet, and the code usually changes every 30-seconds)
 **Keep Backup Codes Safe** | Recommended | When you enable multi-factor authentication, you will usually be given several codes that you can use if your 2FA method is lost, broken or unavailable. Keep these codes somewhere safe to prevent loss or unauthorised access. You should store these on paper or in a safe place on disk (e.g. in offline storage or in an encrypted file/drive). Don't store these in your Password Manager as 2FA sources and passwords and should be kept separately.
-**Sign up for Breach Alerts** | Optional | After a website suffers a significant data breach, the leaked data often ends up on the internet. There are several websites that collect these leaked records, and allow you to search your email address to check if you are in any of their lists. [Firefox Monitor](https://monitor.firefox.com), [Have i been pwned](https://haveibeenpwned.com) and [DeHashed](https://dehashed.com) allow you to sign up for monitoring, where they will notify you if your email address appears in any new data sets. It is useful to know as soon as possible when this happens, so that you can change your passwords for the affected accounts. Have i been pwned also has domain-wide notification, where you can receive alerts if any email addresses under your entire domain appear (useful if you use aliases for [anonymous forwarding](/5_Privacy_Respecting_Software.md#anonymous-mail-forwarding))
+**Sign up for Breach Alerts** | Optional | After a website suffers a significant data breach, the leaked data often ends up on the internet. There are several websites that collect these leaked records, and allow you to search your email address to check if you are in any of their lists. [Firefox Monitor](https://monitor.firefox.com), [Have i been pwned](https://haveibeenpwned.com) and [DeHashed](https://dehashed.com) allow you to sign up for monitoring, where they will notify you if your email address appears in any new data sets. It is useful to know as soon as possible when this happens, so that you can change your passwords for the affected accounts. Have i been pwned also has domain-wide notification, where you can receive alerts if any email addresses under your entire domain appear (useful if you use aliases for [anonymous forwarding](https://github.com/Lissy93/awesome-privacy#anonymous-mail-forwarding))
 **Shield your Password/ PIN** | Optional | When typing your password in public places, ensure you are not in direct line of site of a CCTV camera and that no one is able to see over your shoulder. Cover your password or pin code while you type, and do not reveal any plain text passwords on screen
 **Update Critical Passwords Periodically** | Optional | Database leaks and breaches are common, and it is likely that several of your passwords are already somewhere online. Occasionally updating passwords of security-critical accounts can help mitigate this. But providing that all your passwords are long, strong and unique, there is no need to do this too often- annually should be sufficient. Enforcing mandatory password changes within organisations is [no longer recommended](https://duo.com/decipher/microsoft-will-no-longer-recommend-forcing-periodic-password-changes), as it encourages colleagues to select weaker passwords
 **Don’t save your password in browsers** | Optional | Most modern browsers offer to save your credentials when you log into a site. Don’t allow this, as they are not always encrypted, hence could allow someone to gain access into your accounts. Instead use a dedicated password manager to store (and auto-fill) your passwords
@ -55,15 +55,15 @@ Use long, strong and unique passwords, manage them in a secure password manager,
 **Never answer online security questions truthfully** | Optional | If a site asks  security questions (such as place of birth, mother's maiden name or first car etc), don't provide real answers. It is a trivial task for hackers to find out this information online or through social engineering. Instead, create a fictitious answer, and store it inside your password manager. Using real-words is better than random characters, [explained here](https://news.ycombinator.com/item?id=29244870)
 **Don’t use a 4-digit PIN** | Optional | Don’t use a short PIN to access your smartphone or computer. Instead, use a text password or much longer pin. Numeric passphrases are easy crack, (A 4-digit pin has 10,000 combinations, compared to 7.4 million for a 4-character alpha-numeric code)
 **Avoid using SMS for 2FA** | Optional | When enabling multi-factor authentication, opt for app-based codes or a hardware token, if supported. SMS is susceptible to a number of common threats, such as [SIM-swapping](https://www.maketecheasier.com/sim-card-hijacking) and [interception](https://secure-voice.com/ss7_attacks). There's also no guarantee of how securely your phone number will be stored, or what else it will be used for. From a practical point of view, SMS will only work when you have signal, and can be slow. If a website or service requires the usage of a SMS number for recovery consider purchasing a second pre-paid phone number only used for account recovery for these instances.
-**Avoid using your PM to Generate OTPs** | Advanced | Many password managers are also able to generate 2FA codes. It is best not to use your primary password manager as your 2FA authenticator as well, since it would become a single point of failure if compromised. Instead use a dedicated [authenticator app](/5_Privacy_Respecting_Software.md#2-factor-authentication) on your phone or laptop
+**Avoid using your PM to Generate OTPs** | Advanced | Many password managers are also able to generate 2FA codes. It is best not to use your primary password manager as your 2FA authenticator as well, since it would become a single point of failure if compromised. Instead use a dedicated [authenticator app](https://github.com/Lissy93/awesome-privacy#2-factor-authentication) on your phone or laptop
 **Avoid Face Unlock** | Advanced | Most phones and laptops offer a facial recognition authentication feature, using the camera to compare a snapshot of your face with a stored hash. It may be very convenient, but there are numerous ways to [fool it](https://www.forbes.com/sites/jvchamary/2017/09/18/security-apple-face-id-iphone-x/) and gain access to the device, through digital photos and reconstructions from CCTV footage. Unlike your password- there are likely photos of your face on the internet, and videos recorded by surveillance cameras
 **Watch out for Keyloggers** | Advanced | A hardware [keylogger](https://en.wikipedia.org/wiki/Hardware_keylogger) is a physical device planted between your keyboard and the USB port, which intercepts all key strokes, and sometimes relays data to a remote server. It gives a hacker access to everything typed, including passwords. The best way to stay protected, is just by checking your USB connection after your PC has been unattended. It is also possible for keyloggers to be planted inside the keyboard housing, so look for any signs that the case has been tampered with, and consider bringing your own keyboard to work. Data typed on a virtual keyboard, pasted from the clipboard or auto-filled by a password manager can not be intercepted by a hardware keylogger, so if you are on a public computer, consider typing passwords with the on-screen keyboard
 **Consider a Hardware Token** | Advanced | A U2F/ FIDO2 security key is a USB (or NFC) device that you insert while logging in to an online service, in to verify your identity, instead of entering a OTP from your authenticator. [SoloKey](https://solokeys.com) and [NitroKey](https://www.nitrokey.com) are examples of such keys. They bring with them several security benefits, since the browser communicates directly with the device and cannot be fooled as to which host is requesting authentication, because the TLS certificate is checked. [This post](https://security.stackexchange.com/a/71704) is a good explanation of the security of using FIDO U2F tokens. Of course it is important to store the physical key somewhere safe, or keep it on your person. Some online accounts allow for several methods of 2FA to be enabled
 **Consider Offline Password Manager** | Advanced | For increased security, an encrypted offline password manager will give you full control over your data. [KeePass](https://keepass.info) is a popular choice, with lots of [plugins](https://keepass.info/plugins.html) and community forks with additional compatibility and functionality. Popular clients include: [KeePassXC](https://keepassxc.org) (desktop), [KeePassDX](https://www.keepassdx.com) (Android) and [StrongBox](https://apps.apple.com/us/app/strongbox-password-safe/id897283731) (iOS). The drawback being that it may be slightly less convenient for some, and it will be up to you to back it up, and store it securely
-**Consider Unique Usernames** | Advanced | Having different passwords for each account is a good first step, but if you also use a unique username, email or phone number to log in, then it will be significantly harder for anyone trying to gain unauthorised access. The easiest method for multiple emails, is using auto-generated aliases for anonymous mail forwarding. This is where [anything]@yourdomain.com will arrive in your inbox, allowing you to use a different email for each account (see [Mail Alias Providers](/5_Privacy_Respecting_Software.md#anonymous-mail-forwarding)). Usernames are easier, since you can use your password manager to generate, store and auto-fill these. Virtual phone numbers can be generated through your VOIP provider
+**Consider Unique Usernames** | Advanced | Having different passwords for each account is a good first step, but if you also use a unique username, email or phone number to log in, then it will be significantly harder for anyone trying to gain unauthorised access. The easiest method for multiple emails, is using auto-generated aliases for anonymous mail forwarding. This is where [anything]@yourdomain.com will arrive in your inbox, allowing you to use a different email for each account (see [Mail Alias Providers](https://github.com/Lissy93/awesome-privacy#anonymous-mail-forwarding)). Usernames are easier, since you can use your password manager to generate, store and auto-fill these. Virtual phone numbers can be generated through your VOIP provider


-**Recommended Software**: [Password Managers](/5_Privacy_Respecting_Software.md#password-managers) | [2FA Authenticators](/5_Privacy_Respecting_Software.md#2-factor-authentication)
+**Recommended Software**: [Password Managers](https://github.com/Lissy93/awesome-privacy#password-managers) | [2FA Authenticators](https://github.com/Lissy93/awesome-privacy#2-factor-authentication)


 ## Web Browsing
@ -79,7 +79,7 @@ This section outlines the steps you can take, to be better protected from threat
 **Block Ads** | Recommended | Using an ad-blocker can help improve your privacy, by blocking the trackers that ads implement. [uBlock Origin](https://github.com/gorhill/uBlock) is a very efficient and open source browser addon, developed by Raymond Hill. <br>When 3rd-party ads are displayed on a webpage, they have the ability to track you, gathering personal information about you and your habits, which can then be sold, or used to show you more targeted ads, and some ads are plain malicious or fake. Blocking ads also makes pages load faster, uses less data and provides a less cluttered experience
 **Ensure Website is Legitimate** | Basic | It may sound obvious, but when you logging into any online accounts, double check the URL is correct. Storing commonly visited sites in your bookmarks is a good way to ensure the URL is easy to find. When visiting new websites, look for common signs that it could be unsafe: Browser warnings, redirects, on-site spam and pop-ups. You can also check a website using a tool, such as: [Virus Total URL Scanner](https://www.virustotal.com/gui/home/url), [IsLegitSite](https://www.islegitsite.com), [Google Safe Browsing Status](https://transparencyreport.google.com/safe-browsing/search) if you are unsure
 **Watch out for Browser Malware** | Basic | Your system or browser can be compromised by spyware, miners, browser hijackers, malicious redirects, adware etc. You can usually stay protected, just by: ignoring pop-ups, be wary of what your clicking, don't proceed to a website if your browser warns you it may be malicious. Common signs of browser malware include: default search engine or homepage has been modified, toolbars, unfamiliar extensions or icons,  significantly more ads, errors and pages loading much slower than usual. These articles from Heimdal explain [signs of browser malware](https://heimdalsecurity.com/blog/warning-signs-operating-system-infected-malware),  [how browsers get infected](https://heimdalsecurity.com/blog/practical-online-protection-where-malware-hides) and [how to remove browser malware](https://heimdalsecurity.com/blog/malware-removal)
-**Use a Privacy-Respecting Browser** | Recommended | [Firefox](https://www.mozilla.org/en-US/firefox/new) (with a few tweaks) and [Brave](https://brave.com) are secure, private-respecting browsers. Both are fast, open source, user-friendly and available on all major operating systems. Your browser has access to everything that you do online, so if possible, avoid Google Chrome, Edge and Safari as (without correct configuration) all three of them, collect usage data, call home and allow for invasive tracking. Firefox requires a few changes to achieve optimal security, for example - [arkenfox](https://github.com/arkenfox/user.js/wiki) or [12byte](https://12bytes.org/articles/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs/)'s user.js configs. See more: [Privacy Browsers](/5_Privacy_Respecting_Software.md#browsers)
+**Use a Privacy-Respecting Browser** | Recommended | [Firefox](https://www.mozilla.org/en-US/firefox/new) (with a few tweaks) and [Brave](https://brave.com) are secure, private-respecting browsers. Both are fast, open source, user-friendly and available on all major operating systems. Your browser has access to everything that you do online, so if possible, avoid Google Chrome, Edge and Safari as (without correct configuration) all three of them, collect usage data, call home and allow for invasive tracking. Firefox requires a few changes to achieve optimal security, for example - [arkenfox](https://github.com/arkenfox/user.js/wiki) or [12byte](https://12bytes.org/articles/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs/)'s user.js configs. See more: [Privacy Browsers](https://github.com/Lissy93/awesome-privacy#browsers)
 **Use a Private Search Engine** | Recommended | Using a privacy-preserving, non-tracking search engine, will reduce risk that your search terms are not logged, or used against you. Consider [DuckDuckGo](https://duckduckgo.com), [Qwant](https://www.qwant.com), or [SearX](https://searx.me) (self-hosted). Google implements some [incredibly invasive](https://hackernoon.com/data-privacy-concerns-with-google-b946f2b7afea) tracking policies, and have a history of displaying [biased search results](https://www.businessinsider.com/evidence-that-google-search-results-are-biased-2014-10). Therefore Google, along with Bing, Baidu, Yahoo and Yandex are incompatible with anyone looking to protect their privacy. It is recommended to update your [browsers default search](https://duckduckgo.com/install) to a privacy-respecting search engine
 **Remove Unnecessary Browser Addons** | Recommended | Extensions are able to see, log or modify anything you do in the browser, and some innocent looking browser apps, have malicious intentions. Websites can see which extensions you have installed, and may use this to enhance your fingerprint, to more accurately identify/ track you. Both Firefox and Chrome web stores allow you to check what permissions/access rights an extension requires before you install it. Check the reviews. Only install extensions you really need, and removed those which you haven't used in a while
 **Keep Browser Up-to-date** | Recommended | Browser vulnerabilities are constantly being [discovered](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=browser) and patched, so it’s important to keep it up to date, to avoid a zero-day exploit. You can [see which browser version your using here](https://www.whatismybrowser.com/), or follow [this guide](https://www.whatismybrowser.com/guides/how-to-update-your-browser/) for instructions on how to update. Some browsers will auto-update to the latest stable version
@ -92,7 +92,7 @@ This section outlines the steps you can take, to be better protected from threat
 **Block Third-Party Cookies** | Recommended | [Third-party cookies](https://en.wikipedia.org/wiki/HTTP_cookie#Privacy_and_third-party_cookies) placed on your device by a website other than the one you’re visiting. This poses a privacy risk, as a 3rd entity can collect data from your current session. [This guide](https://www.digitalcitizen.life/how-disable-third-party-cookies-all-major-browsers) explains how you can disable 3rd-party cookies, and you can [check here](https://www.whatismybrowser.com/detect/are-third-party-cookies-enabled) ensure this worked
 **Block Third-Party Trackers** | Recommended | Blocking trackers will help to stop websites, advertisers, analytics and more from tracking you in the background. [Privacy Badger](https://privacybadger.org), [DuckDuckGo Privacy Essentials](https://help.duckduckgo.com/duckduckgo-help-pages/desktop/adding-duckduckgo-to-your-browser/), [uBlock Origin](https://github.com/gorhill/uBlock) and [uMatrix](https://github.com/gorhill/uMatrix) (advanced) are all very effective, open source tracker-blockers available for all major browsers. Alternatively you can block trackers at the network level, with something like [Pi-Hole](https://pi-hole.net) (on your home server) or [Diversion](https://diversion.ch) (Asus routers running Merlin firmware. Some VPNs offer basic tracking blocking (such as [TrackStop on PerfectPrivacy](https://www.perfect-privacy.com/en/features/trackstop?a_aid=securitychecklist))
 **Beware of Redirects** | Optional | While some redirects are harmless, others, such as [Unvalidated redirects](https://www.credera.com/blog/technology-insights/java/top-10-web-security-risks-unvalidated-redirects-forwards-10/) are used in phishing attacks, it can make a malicious link seem legitimate.  If you are unsure about a redirect URL, you can check where it forwards to with a tool like [RedirectDetective](https://redirectdetective.com). It is also recommended to disable redirects in your [browser settings](https://appuals.com/how-to-stop-automatic-redirects-on-google-firefox-and-edge/).
-**Do Not Sign Into Your Browser** | Optional | Many browsers allow you to sign in, in order to sync history, bookmarks and other browsing data across devices. However this not only allows for further data collection, but also increases attack surface through providing another avenue for a malicious actor to get hold of personal information. For Chrome users, you can get around forced sign-in by navigating to [chrome://flags](chrome://flags/#account-consistency) and disabling the `account-consistency` flag. If you still need to sync bookmarks + browser data between devices, there are open source [alternatives](/5_Privacy_Respecting_Software.md#bonus-3---self-hosted-services), such as [xBrowserSync](https://www.xbrowsersync.org)
+**Do Not Sign Into Your Browser** | Optional | Many browsers allow you to sign in, in order to sync history, bookmarks and other browsing data across devices. However this not only allows for further data collection, but also increases attack surface through providing another avenue for a malicious actor to get hold of personal information. For Chrome users, you can get around forced sign-in by navigating to [chrome://flags](chrome://flags/#account-consistency) and disabling the `account-consistency` flag. If you still need to sync bookmarks + browser data between devices, there are open source [alternatives](https://github.com/Lissy93/awesome-privacy#bonus-3---self-hosted-services), such as [xBrowserSync](https://www.xbrowsersync.org)
 **Disallow Prediction Services** | Optional | Some browsers allow for prediction services, where you receive real-time search results or URL auto-fill. If this is enabled then data is sent to Google (or your default search engine) with every keypress, rather than when you hit enter. You may wish to disable this to reduce the amount of data collected
 **Avoid G Translate for Webpages** | Optional | When you visit a web page written in a foreign language, you may be prompted to install the Google Translate extension. Be aware that Google [collects all data](https://www.linkedin.com/pulse/google-translate-privacy-confidentiality-concerns-alex-gheorghe/) (including input fields), along with details of the current user. Instead use a translation service that is not linked to your browser
 **Disable Web Notifications** | Optional | Browser push notifications are a common method for criminals to encourage you to click their link, since it is easy to spoof the source. Be aware of this, and for instructions on disabling browser notifications, see [this article](https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused)
@ -118,10 +118,10 @@ This section outlines the steps you can take, to be better protected from threat


 **Recommended Software**
- [Privacy Browsers](/5_Privacy_Respecting_Software.md#browsers)
- [Non-Tracking Search Engines](/5_Privacy_Respecting_Software.md#search-engines)
- [Browser Extensions for Security](/5_Privacy_Respecting_Software.md#browser-extensions)
- [Secure Browser & Bookmark Sync](/5_Privacy_Respecting_Software.md#browser-sync)
+- [Privacy Browsers](https://github.com/Lissy93/awesome-privacy#browsers)
+- [Non-Tracking Search Engines](https://github.com/Lissy93/awesome-privacy#search-engines)
+- [Browser Extensions for Security](https://github.com/Lissy93/awesome-privacy#browser-extensions)
+- [Secure Browser & Bookmark Sync](https://github.com/Lissy93/awesome-privacy#browser-sync)


 ## Emails
@ -158,9 +158,9 @@ The big companies providing "free" email service, don't have a good reputation f
 **Maintain IP Blacklist** | Advanced | For self-hosted mail servers, you can improve spam filters and harden security, through maintaining an up-to-date local IP blacklist and a spam URI realtime block lists to filter out malicious hyperlinks. You may also want to activate a [reverse DNS lookup](https://en.wikipedia.org/wiki/Reverse_DNS_lookup) system

 **Recommended Software:**
- [Encrypted Email Providers](/5_Privacy_Respecting_Software.md#encrypted-email)
- [Anonymous Mail Forwarding](/5_Privacy_Respecting_Software.md#anonymous-mail-forwarding)
- [Pre-Configured Mail Servers](/5_Privacy_Respecting_Software.md#pre-configured-mail-servers)
+- [Encrypted Email Providers](https://github.com/Lissy93/awesome-privacy#encrypted-email)
+- [Anonymous Mail Forwarding](https://github.com/Lissy93/awesome-privacy#anonymous-mail-forwarding)
+- [Pre-Configured Mail Servers](https://github.com/Lissy93/awesome-privacy#pre-configured-mail-servers)

 ## Secure Messaging

@ -187,8 +187,8 @@ The big companies providing "free" email service, don't have a good reputation f
 **Consider a Decentralized Platform** | Advanced | If all data flows through a central provider, you have to trust them with your data and meta-data. You cannot verify that the system running is authentic without back doors, and they may be subject to local laws, court orders or censorship, and if that provider ceases to operate, the entire network will be unavailable for that duration. Whereas with a decentralized system, there are no central servers to compromise, and no single point of failure. It cannot be raided, shut down, or forced to turn over data. Some decentralized platforms also route traffic through the Tor network, which provides an additional layer of anonymity and security.

 **Recommended Software**
- [Secure Messaging Apps](/5_Privacy_Respecting_Software.md#encrypted-messaging)
- [P2P Messaging Platforms](/5_Privacy_Respecting_Software.md#p2p-messaging)
+- [Secure Messaging Apps](https://github.com/Lissy93/awesome-privacy#encrypted-messaging)
+- [P2P Messaging Platforms](https://github.com/Lissy93/awesome-privacy#p2p-messaging)


 ## Social Media
@ -216,10 +216,10 @@ Secure your account, lock down your privacy settings, but know that even after d
 **Don’t have any social media accounts** | Advanced | Social media is fundamentally un-private, so for maximum online security and privacy, avoid using any mainstream social networks

 **Recommended Software**
- [Alternative Social Media](/5_Privacy_Respecting_Software.md#social-networks)
- [Alternative Video Platforms](/5_Privacy_Respecting_Software.md#video-platforms)
- [Alternative Blogging Platforms](/5_Privacy_Respecting_Software.md#blogging-platforms)
- [News Readers and Aggregation](/5_Privacy_Respecting_Software.md#news-readers-and-aggregation)
+- [Alternative Social Media](https://github.com/Lissy93/awesome-privacy#social-networks)
+- [Alternative Video Platforms](https://github.com/Lissy93/awesome-privacy#video-platforms)
+- [Alternative Blogging Platforms](https://github.com/Lissy93/awesome-privacy#blogging-platforms)
+- [News Readers and Aggregation](https://github.com/Lissy93/awesome-privacy#news-readers-and-aggregation)

 ## Networking

@ -227,7 +227,7 @@ This section covers how you connect your devices to the internet securely, inclu

 **Security** | **Priority** | **Details and Hints**
 --- | --- | ---
-**Use a VPN** | Recommended | Use a reputable, paid-for VPN. This can help protect sites you visit logging your real IP, reduce the amount of data your ISP can collect and increase protection on public WiFi. However VPNs alone do not make you anonymous or stop tracking, it's important to understand their [limitations](/5_Privacy_Respecting_Software.md#word-of-warning-2). <br>[ProtonVPN](https://protonvpn.com) and [Mullvad](https://mullvad.net) may be good options for many, but for an unbiased comparison, see: [That One Privacy Site](https://thatoneprivacysite.net). Select a service with a good reputation, that does not keep logs, and is not in the [5-eyes](https://en.wikipedia.org/wiki/Five_Eyes) jurisdiction
+**Use a VPN** | Recommended | Use a reputable, paid-for VPN. This can help protect sites you visit logging your real IP, reduce the amount of data your ISP can collect and increase protection on public WiFi. However VPNs alone do not make you anonymous or stop tracking, it's important to understand their [limitations](https://github.com/Lissy93/awesome-privacy#word-of-warning-2). <br>[ProtonVPN](https://protonvpn.com) and [Mullvad](https://mullvad.net) may be good options for many, but for an unbiased comparison, see: [That One Privacy Site](https://thatoneprivacysite.net). Select a service with a good reputation, that does not keep logs, and is not in the [5-eyes](https://en.wikipedia.org/wiki/Five_Eyes) jurisdiction
 **Change your Router Password** | Recommended | After getting a new router, change the password. Default router passwords are publicly available (see [default-password.info](https://default-password.info)), meaning anyone within proximity would be able to connect. See [here](https://www.lifewire.com/how-to-change-your-wireless-routers-admin-password-2487652), for a guide on changing router password
 **Use WPA2, and a strong password** | Recommended | There are different authentication protocols for connecting to WiFi. Currently the most secure is options are [WPA2](https://en.wikipedia.org/wiki/IEEE_802.11i-2004) and [WPA3](https://www.pcmag.com/news/what-is-wpa3-more-secure-wi-fi) (on newer routers). WEP and WPA are moderately [easy to crack](https://null-byte.wonderhowto.com/how-to/hack-wi-fi-cracking-wep-passwords-with-aircrack-ng-0147340/). Ensure it is strong: 12+ alpha-numeric characters, avoiding dictionary words. You can set this within your routers admin panel
 **Keep router firmware up-to-date** | Recommended | Manufacturers release firmware updates that fix security vulnerabilities, implement new standards and sometimes add features/ improve the performance your router. It's important to have the latest firmware installed, to avoid a malicious actor exploiting an un-patched vulnerability. <br>You can usually do this by navigating to [192.168.0.1](192.168.0.1) or [192.168.1.1](192.168.1.1), entering the admin credentials (on the back of you of your router, not your WiFi password!), and follow the instructions, see: [Asus](https://www.asus.com/support/FAQ/1005484/), [D-Link](https://eu.dlink.com/uk/en/support/faq/routers/mydlink-routers/dir-810l/how-do-i-upgrade-the-firmware-on-my-router), [Linksys (older models)](https://www.linksys.com/us/support-article?articleNum=140365), [NetGear](https://kb.netgear.com/23442/How-do-I-update-my-NETGEAR-router-s-firmware-using-the-Check-button-in-the-router-web-interface) and [TP-Link](https://www.tp-link.com/us/support/faq/688/). Some newer routers update automatically
@ -235,7 +235,7 @@ This section covers how you connect your devices to the internet securely, inclu
 **Protect against DNS leaks** | Optional | When using a VPN, it is extremely important to exclusively use the DNS server of your VPN provider or secure service. For OpenVPN, you can add: `block-outside-dns` to your config file (which will have the extension `.ovn` or `.conf`). If you are unable to do this, then see [this article](https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html) for further instructions. You can check for leaks, using a [DNS Leak Test](https://www.dnsleaktest.com/)
 **Use a secure VPN Protocol** | Optional | [OpenVPN](https://en.wikipedia.org/wiki/OpenVPN) and [WireGuard](https://www.wireguard.com/) are open source, lightweight and secure [tunneling protocols](https://en.wikipedia.org/wiki/Tunneling_protocol). Avoid using [PPTP](https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol) or [SSTP](https://en.wikipedia.org/wiki/Secure_Socket_Tunneling_Protocol). [L2TP](https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol) can be good, but only when configured correctly
 **Secure DNS** | Optional | Use [DNS-over-HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) which performs DNS resolution via the HTTPS protocol, encrypting data between you and your DNS resolver. Although DoH is [not perfect](https://www.netsparker.com/blog/web-security/pros-cons-dns-over-https/), it does remove the need for trust - see [Cloudflare's 1.1.1.1 Docs](https://1.1.1.1/help) for more details
-**Avoid the free router from your ISP** | Optional | Typically they’re manufactured cheaply in bulk in China, with insecure propriety firmware that doesn't recieve regular security updates. Consider an open source router (such as [Turris MOX](https://www.turris.cz/en/mox/overview/)) or a comercial router with [secure firmware](/5_Privacy_Respecting_Software.md#router-firmware)
+**Avoid the free router from your ISP** | Optional | Typically they’re manufactured cheaply in bulk in China, with insecure propriety firmware that doesn't recieve regular security updates. Consider an open source router (such as [Turris MOX](https://www.turris.cz/en/mox/overview/)) or a comercial router with [secure firmware](https://github.com/Lissy93/awesome-privacy#router-firmware)
 **Whitelist MAC Addresses** | Optional | You can whitelist MAC addresses in your router settings, disallowing any unknown devices to immediately connect to your network, even if they know your credentials. Note that a malicious actor may be able to bypass this, by cloning their address to appear the same as one of your trusted devices, but it will add an extra step
 **Change the Router’s Local IP Address** | Optional | It is possible for a malicious script in your web browser, to exploit a cross site scripting vulnerability, accessing known-vulnerable routers at their local IP address and tampering with them (known as [CSRF Attack](https://decoded.avast.io/threatintel/router-exploit-kits-an-overview-of-routercsrf-attacks-and-dns-hijacking-in-brazil/)). Updating your routers local IP address, so that it is not the default (usually 192.168.0.1 or [similar](https://www.softwaretestinghelp.com/default-router-ip-address-list/)), can help protect you from some of these automated attacks
 **Don't Reveal Personal Info in SSID** | Optional | You should update your network name, choosing an SSID that does not identify you, include your flat number / address, and does not specify the device brand/ model. It may be beneficial to avoid something very unique, as services like [Wigle](https://www.wigle.net/)'s WiFi map can link an SSID directly back to your home address. This may also slightly aid in deterring an opportunistic attacker, as it indicates the router is being conscientiously administered. See, [how to update SSID](https://www.lifewire.com/change-the-wifi-name-ssid-on-a-router-818337)
@ -254,13 +254,13 @@ This section covers how you connect your devices to the internet securely, inclu
 **Disable WiFi on all Devices** | Advanced | Connecting to even a secure WiFi network increases your attack surface. Disabling your home WiFi and connect each device via Ethernet, and turning off WiFi on your phone and using a USB-C/ Lightening to Ethernet cable will protect against WiFi exploits, as Edward Snowden [says here](https://twitter.com/snowden/status/1175431946958233600?lang=en).

 **Recommended Software**
- [Virtual Private Networks](/5_Privacy_Respecting_Software.md#virtual-private-networks)
- [Mix Networks](/5_Privacy_Respecting_Software.md#mix-networks)
- [Router Firmware](/5_Privacy_Respecting_Software.md#router-firmware)
- [Open Source Proxies](/5_Privacy_Respecting_Software.md#proxies)
- [DNS Providers](/5_Privacy_Respecting_Software.md#dns)
- [Firewalls](/5_Privacy_Respecting_Software.md#firewalls)
- [Network Analysis Tools](/5_Privacy_Respecting_Software.md#network-analysis)
+- [Virtual Private Networks](https://github.com/Lissy93/awesome-privacy#virtual-private-networks)
+- [Mix Networks](https://github.com/Lissy93/awesome-privacy#mix-networks)
+- [Router Firmware](https://github.com/Lissy93/awesome-privacy#router-firmware)
+- [Open Source Proxies](https://github.com/Lissy93/awesome-privacy#proxies)
+- [DNS Providers](https://github.com/Lissy93/awesome-privacy#dns)
+- [Firewalls](https://github.com/Lissy93/awesome-privacy#firewalls)
+- [Network Analysis Tools](https://github.com/Lissy93/awesome-privacy#network-analysis)
 - [Self-Hosted Network Security Tools](#self-hosted-network-security)


@ -291,22 +291,22 @@ More of us are concerned about how [governments use collect and use our smart ph
 **Opt-out of personalized ads** | Optional | In order for ads to be personalized, Google collects data about you, you can slightly reduce the amount they collect by opting-out of seeing personalized ads. See [this guide](https://www.androidguys.com/tips-tools/how-to-disable-personalized-ads-on-android/), for Android instructions.
 **Erase after too many login attempts** | Optional | To protect against an attacker brute forcing your pin, if you lose your phone, set your device to erase after too many failed login attempts. See [this iPhone guide](https://www.howtogeek.com/264369/how-to-erase-your-ios-device-after-too-many-failed-passcode-attempts/). You can also do this via Find my Phone, but this increased security comes at a cost of decreased privacy.
 **Monitor Trackers** | Optional | A tracker is a piece of software meant to collect data about you or your usages. [εxodus](https://reports.exodus-privacy.eu.org/en/) is a great service which lets you search for any app, by its name, and see which trackers are embedded in it. They also have [an app](https://play.google.com/store/apps/details?id=org.eu.exodus_privacy.exodusprivacy) which shows trackers and permissions for all your installed apps.
-**Use a Mobile Firewall** | Optional | To prevent applications from leaking privacy-sensitive data, you can install a firewall app. This will allow you to block specific apps from making data requests, either in the background, or when on WiFi or mobile data. Consider [NetGuard](https://www.netguard.me/) (Android) or [LockDown](https://apps.apple.com/us/app/lockdown-apps/id1469783711) (iOS), or see more [Firewalls](/5_Privacy_Respecting_Software.md#firewalls)
+**Use a Mobile Firewall** | Optional | To prevent applications from leaking privacy-sensitive data, you can install a firewall app. This will allow you to block specific apps from making data requests, either in the background, or when on WiFi or mobile data. Consider [NetGuard](https://www.netguard.me/) (Android) or [LockDown](https://apps.apple.com/us/app/lockdown-apps/id1469783711) (iOS), or see more [Firewalls](https://github.com/Lissy93/awesome-privacy#firewalls)
 **Reduce Background Activity** | Optional | For Android, [SuperFreeze](https://f-droid.org/en/packages/superfreeze.tool.android) makes it possible to entirely freeze all background activities on a per-app basis. Intended purpose is to speed up your phone, and prolong battery life, but this app is also a great utility to stop certain apps from collecting data and tracking your actions while running in the background
 **Sandbox Mobile Apps** | Optional | Prevent permission-hungry apps from accessing your private data with [Island](https://play.google.com/store/apps/details?id=com.oasisfeng.island). It is a sandbox environment to clone selected apps and isolate them from accessing your personal data outside the sandbox (including call logs, contacts, photos and etc.) even if related permissions are granted
 **Tor Traffic** | Advanced | [Orbot](https://guardianproject.info/apps/orbot/) provides a system-wide [Tor](https://www.torproject.org/) connection, which will help protect you from surveillance and public WiFi threats
-**Avoid Custom Virtual Keyboards** | Optional | Android and iOS allow you to download and use third-party keyboard apps. These apps will be able to access everything that you type on your phone/ tablet: passwords, messages, search terms etc. It is recommended to stick with your devices stock keyboard. If you choose to use one of these apps, ensure it is reputable, block internet access (can be done with a [firewall app](/5_Privacy_Respecting_Software.md#firewalls)), don't grant it permissions it does not need, and turn off analytics or other invasive features in it's settings. [This article](https://zeltser.com/third-party-keyboards-security) by Lenny Zelster explains things further
+**Avoid Custom Virtual Keyboards** | Optional | Android and iOS allow you to download and use third-party keyboard apps. These apps will be able to access everything that you type on your phone/ tablet: passwords, messages, search terms etc. It is recommended to stick with your devices stock keyboard. If you choose to use one of these apps, ensure it is reputable, block internet access (can be done with a [firewall app](https://github.com/Lissy93/awesome-privacy#firewalls)), don't grant it permissions it does not need, and turn off analytics or other invasive features in it's settings. [This article](https://zeltser.com/third-party-keyboards-security) by Lenny Zelster explains things further
 **Restart Device Regularly** | Optional | Over the years there have vulnerabilities relating to memory exploits (such as [CVE-2015-6639](https://www.cvedetails.com/cve/CVE-2015-6639) + [CVE-2016-2431](https://www.cvedetails.com/cve/CVE-2016-2431)). Restarting your phone at least once a week will clear the app state cached in memory. A side benefit is that your device may run more smoothly after a restart.
-**Avoid SMS** | Optional | SMS may be convenient, but it's [not particularly secure](https://www.fortherecordmag.com/archives/0315p25.shtml). It is susceptible to threats, such as interception, sim swapping (see [this article](https://www.forbes.com/sites/kateoflahertyuk/2020/01/21/the-surprising-truth-about-sms-security)), manipulation and malware (see [this article](https://www.securitynewspaper.com/2019/09/13/hack-any-mobile-phone-with-just-a-sms)). <br>SMS should not be used to receive 2FA codes, (as demonstrated in the video in [this article](https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin)), instead use an [authenticator app](/5_Privacy_Respecting_Software.md#2-factor-authentication). SMS should not be used for communication, instead use an [encrypted messaging app](/5_Privacy_Respecting_Software.md#encrypted-messaging), such as [Signal](https://signal.org)
+**Avoid SMS** | Optional | SMS may be convenient, but it's [not particularly secure](https://www.fortherecordmag.com/archives/0315p25.shtml). It is susceptible to threats, such as interception, sim swapping (see [this article](https://www.forbes.com/sites/kateoflahertyuk/2020/01/21/the-surprising-truth-about-sms-security)), manipulation and malware (see [this article](https://www.securitynewspaper.com/2019/09/13/hack-any-mobile-phone-with-just-a-sms)). <br>SMS should not be used to receive 2FA codes, (as demonstrated in the video in [this article](https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin)), instead use an [authenticator app](https://github.com/Lissy93/awesome-privacy#2-factor-authentication). SMS should not be used for communication, instead use an [encrypted messaging app](https://github.com/Lissy93/awesome-privacy#encrypted-messaging), such as [Signal](https://signal.org)
 **Keep your Number Private** | Optional | [MySudo](https://mysudo.com/) allows you to create and use virtual phone numbers for different people or groups. This is great for compartmentalisation. Alternativley, use a VOIP provider like [Google Voice](https://voice.google.com) or [Skype](https://www.skype.com/en/features/online-number/), or for temporary usage you can use a service like [iNumbr](https://www.inumbr.com). Where possible, avoid giving out your real phone number while creating accounts online.
 **Watch out for Stalkerware** | Optional | This is a malware that is installed directly onto your device by someone you know (partner, parent, boss etc.). It allows them to see your location, messages and other app data remotely. The app likely won't show up in your app draw, (but may visible in `Settings --> Applications --> View All`). Sometimes they can be disguised as a non-conspicuous app (such as a game, flashlight or calculator) which initially don't appear suspicious at all. Look out for unusual battery usage, network requests or high device temperature. If you suspect that stalkerware is on your device, the best way to get rid of it is through a factory reset. See [this guide](https://blog.malwarebytes.com/stalkerware/2019/10/how-to-protect-against-stalkerware-a-murky-but-dangerous-mobile-threat/) for more details
 **Favor the Browser, over Dedicated App** | Optional | Where possible, consider using a secure browser to access sites, rather than installing dedicatd applications. Both Android and iOS applications often have invasive permissions, allowing them intimate access to sensitive data and your devices sensors and radios. But [the extent to what these apps can access](https://www.wired.com/story/app-permissions/) is often not clear, and even [zero-permission apps](https://www.leviathansecurity.com/blog/zero-permission-android-applications) can see more data than you think: accessing phone sensors, vendor ID's and determine which other apps you have installed. All this is enough to identity you. In some situations you can still use a service, without having to install an application, through accessing it via the browser, and this can help mitigate a lot of the issues cause by untrustworthy apps
-**Consider running a custom ROM (Android)** | Advanced | For Android users, if your concerned about your device manufacturer collecting too much personal information, consider a privacy-focused custom ROM, such as [Lineage](https://lineageos.org) or [GrapheneOS](https://grapheneos.org) - [see more](/5_Privacy_Respecting_Software.md#mobile-operating-systems)
+**Consider running a custom ROM (Android)** | Advanced | For Android users, if your concerned about your device manufacturer collecting too much personal information, consider a privacy-focused custom ROM, such as [Lineage](https://lineageos.org) or [GrapheneOS](https://grapheneos.org) - [see more](https://github.com/Lissy93/awesome-privacy#mobile-operating-systems)

 **Recommended Software**
- [Mobile Apps, for Security + Privacy](/5_Privacy_Respecting_Software.md#mobile-apps)
- [Encrypted Messaging](/5_Privacy_Respecting_Software.md#encrypted-messaging)
- [Mobile Operation Systems](/5_Privacy_Respecting_Software.md#mobile-operating-systems)
+- [Mobile Apps, for Security + Privacy](https://github.com/Lissy93/awesome-privacy#mobile-apps)
+- [Encrypted Messaging](https://github.com/Lissy93/awesome-privacy#encrypted-messaging)
+- [Mobile Operation Systems](https://github.com/Lissy93/awesome-privacy#mobile-operating-systems)

 ## Personal Computers

@ -333,14 +333,14 @@ Although Windows and OS X are easy to use and convenient, they both are far from
 **Physically Secure Device** | Optional | When working from a laptop think about using a [Kensington Lock](https://www.kensington.com/solutions/product-category/security/) to secure your device to a permanent fixture. To help protect against an opportunistic local attack, consider utilizing [port locks](https://lindy.com/en/technology/port-blockers/), to prevent or slow down an intruder from dropping a malicious payload onto your device. Ideally never leave your laptop or other devices unattended
 **Don't Charge Devices from your PC** | Optional | Connecting your smart phone to a computer can be a security risk, it's possible for [a self-signed malicious app](https://www.pcworld.com/article/2465320/the-biggest-iphone-security-risk-could-be-connecting-one-to-a-computer.html) to be installed, without your knowledge. Also both iPhone or Android device have sync capabilities, which can lead to data being unintentionally shared. If you need to charge your device, consider using a [USB data-blocker](/6_Privacy_and-Security_Gadgets.md#usb-data-blockers).
 **Randomize your hardware address on Wi-Fi** | Optional | A [MAC Address](https://en.wikipedia.org/wiki/MAC_address) is an identifier given to a device (specifically the Network Interface Controller), and is is one method used to identify, and track you across different WiFi networks. Some devices allow you to modify or randomize how this address appears. See how, on [Windows](https://support.microsoft.com/en-us/help/4027925/windows-how-and-why-to-use-random-hardware-addresses), [MacOS](https://poweruser.blog/how-to-spoof-the-wifi-mac-address-on-a-macbook-25e11594a932) and [Linux](https://itsfoss.com/change-mac-address-linux/). <br>You should also disallow you device from automatically connect to open Wi-Fi networks
-**Use a Firewall** | Optional | A firewall is a program which monitors incoming and outgoing traffic, and allows you to blocks internet access for certain applications. This is useful to stop apps from collecting data, calling home, or downloading unnecessary content- correctly configured, firewalls can help protect against remote access attacks, as well as protect your privacy. <br>Your system will have a built-in firewall (Check it's enabled: [Windows](https://support.microsoft.com/en-us/help/4028544/windows-10-turn-windows-defender-firewall-on-or-off), [Mac OS](https://support.apple.com/en-us/HT201642), [Ubuntu](https://wiki.ubuntu.com/UncomplicatedFirewall) and other [Linux ditros](https://www.tecmint.com/start-stop-disable-enable-firewalld-iptables-firewall)). Alternatively, for greater control, consider: [LuLu](https://objective-see.com/products/lulu.html) (MacOS), [gufw](http://gufw.org/) (Linux), [LittleSnitch](https://github.com/evilsocket/opensnitch), [SimpleWall](https://github.com/henrypp/simplewall) (Windows), there's plenty more [firewall apps](/5_Privacy_Respecting_Software.md#firewalls) available
+**Use a Firewall** | Optional | A firewall is a program which monitors incoming and outgoing traffic, and allows you to blocks internet access for certain applications. This is useful to stop apps from collecting data, calling home, or downloading unnecessary content- correctly configured, firewalls can help protect against remote access attacks, as well as protect your privacy. <br>Your system will have a built-in firewall (Check it's enabled: [Windows](https://support.microsoft.com/en-us/help/4028544/windows-10-turn-windows-defender-firewall-on-or-off), [Mac OS](https://support.apple.com/en-us/HT201642), [Ubuntu](https://wiki.ubuntu.com/UncomplicatedFirewall) and other [Linux ditros](https://www.tecmint.com/start-stop-disable-enable-firewalld-iptables-firewall)). Alternatively, for greater control, consider: [LuLu](https://objective-see.com/products/lulu.html) (MacOS), [gufw](http://gufw.org/) (Linux), [LittleSnitch](https://github.com/evilsocket/opensnitch), [SimpleWall](https://github.com/henrypp/simplewall) (Windows), there's plenty more [firewall apps](https://github.com/Lissy93/awesome-privacy#firewalls) available
 **Protect Against Software Keyloggers** | Optional | A software keylogger is a malicious application running in the background that logs (and usually relays to a server) every key you press, aka all data that you type (passwords, emails, search terms, financial details etc). The best way to stay protected, is to keep your systems security settings enabled, and periodically check for rootkits- which will detect most loggers. Another option, is to use a key stroke encryption tool. For Windows there is [GhostPress](https://schiffer.tech/ghostpress.html), [Spy Shelter](https://www.spyshelter.com/) or [KeyScrambler](https://www.qfxsoftware.com) (developed by Qian Wang)  which encrypt your keystrokes at the keyboard driver level, and then decrypting them at the application level, meaning any software keylogger would just receive encrypted data.
 **Check Keyboard Connection** | Optional | Check your keyboards USB cable before using, bring your own keyboard to work and watch out for signs that it may have been tampered with. A hardware keylogger is a physical device that either sits between your keyboard and the USB connection into your PC, or is implanted into a keyboard. It intercepts and stores keystrokes, and in some cases can remotely upload them. Unlike a software logger, they can not be detected from your PC, but also they can not intercept data from virtual keyboards (like [OSK](https://support.microsoft.com/en-us/help/10762/windows-use-on-screen-keyboard)), clipboard or auto-fill password managers.
 **Prevent Keystroke Injection Attacks** | Optional | Always lock your PC when you step away from it (however this is not fool-proof, and [can be circumvented](https://www.youtube.com/watch?v=a4OyqaqFDW0)). For Linux, there is [USBGuard](https://github.com/USBGuard/usbguard), and for Windows there's [DuckHunt](https://github.com/pmsosa/duckhunt), which will detect super fast (badUSB-level super-fast) it will block input until the attack stops. Alternatively, Windows Group Policy can also be [configured to not trust new devices by default](https://www.itechtics.com/enable-gpedit-windows-10-home/). [Port Blockers](https://lindy.com/en/technology/port-blockers/) provide some level of physical protection, which may prevent an opportunistic attack, but can be circumvented fairly easily
 **Don't use commercial "Free" Anti-Virus** | Optional | The included security tools, which come with bundled your operating system (such as Windows Defender), should be adequate at protecting against threats. Free anti-virus applications are often more of a hinder than a help- as they require admin permissions, full access to all data and settings, and internet access. They usually collect a lot of data, which is uploaded to the cloud and sometimes [sold to third-parties](https://www.forbes.com/sites/thomasbrewster/2019/12/09/are-you-one-of-avasts-400-million-users-this-is-why-it-collects-and-sells-your-web-habits/). Therefore, you should avoid non-libre closed source programs such as Avast, AVG, Norton, Kasperky, Avira etc- even the paid plans come with privacy concerns. If you need a dedicated anti-virus application, consider [ClamAV](https://www.clamav.net/), which is open source and libre meaning completely open. And for scanning 1-off files, [VirusTotal](https://www.virustotal.com/) is a useful tool
 **Periodically check for Rootkits** | Advanced | You should regularly check for rootkits (which may allow an attacker full control over your system), you can do this with a tool like [chkrootkit](http://www.chkrootkit.org/), once installed just run `sudo chkrootkit`. For Windows users, see [rootkit-revealer](https://docs.microsoft.com/en-us/sysinternals/downloads/rootkit-revealer) or [gmer](http://www.gmer.net/)
 **BIOS Boot Password** | Advanced | A BIOS or UEFI password once enabled, will need to be entered before the system can be booted, which may help to prevent an inexperienced hacker from getting into your OS, booting from a USB, tampering with BIOS as well as other actions. However, it can be easy to bypass, don't put too much trust in this - it should only be used as an additional step, to exhaust your adversaries resources a little faster. [Here is a guide on how to enable password](https://www.howtogeek.com/186235/how-to-secure-your-computer-with-a-bios-or-uefi-password/).
-**Use a Security-Focused Operating System** | Advanced | Microsoft, Apple and Google all have practices that violate users privacy, switching to Linux will mitigate most of these issues. For more advanced users, consider a security-focused distro- such as [QubeOS](https://www.qubes-os.org/), which allows for compartmentalization of applications and data, and has strong encryption and Tor networking build in. For some actions, [Tails](https://tails.boum.org/) a live operating system with no memory persistence is as close as you can get to not leaving a data trail on your system. BSD is also great for security, see [FreeBSD](https://www.freebsd.org/) and [OpenBSD](https://www.openbsd.org/). Even a general purpose distro, will be much better for privacy compared to a propriety counterpart: [Fedora](https://getfedora.org/), [Debian](https://www.debian.org/), [Arch](https://www.archlinux.org/) / [Manjaro](https://manjaro.org/), [see more](/5_Privacy_Respecting_Software.md#pc-operating-systems)
+**Use a Security-Focused Operating System** | Advanced | Microsoft, Apple and Google all have practices that violate users privacy, switching to Linux will mitigate most of these issues. For more advanced users, consider a security-focused distro- such as [QubeOS](https://www.qubes-os.org/), which allows for compartmentalization of applications and data, and has strong encryption and Tor networking build in. For some actions, [Tails](https://tails.boum.org/) a live operating system with no memory persistence is as close as you can get to not leaving a data trail on your system. BSD is also great for security, see [FreeBSD](https://www.freebsd.org/) and [OpenBSD](https://www.openbsd.org/). Even a general purpose distro, will be much better for privacy compared to a propriety counterpart: [Fedora](https://getfedora.org/), [Debian](https://www.debian.org/), [Arch](https://www.archlinux.org/) / [Manjaro](https://manjaro.org/), [see more](https://github.com/Lissy93/awesome-privacy#pc-operating-systems)
 **Make Use of VMs** | Advanced | If your job, or any of your activity could endanger your system, or put you at risk, then virtual machines are a great tool to isolate this from your primary system. They allow you to test suspicious software, and analyse potentially dangerous files, while keeping your host system safe. They also provide a host of other features, from quick recovery using snapshots, to the ability to replicate configurations easily, and have multiple VMs running simultaneously. Taking this a step further, VMs can be use for compartmentalization, with a host system performing the single task of spawning VMs (systems like [ProxMox](https://www.proxmox.com/en/), is designed for exactly this). Be aware that virtual machines do not guarantee security, and vulnerabilities, named [VM-Escapes](https://en.wikipedia.org/wiki/Virtual_machine_escape), may allow for data in memory to leak into the host system
 **Compartmentalize** | Advanced | Security by [Compartmentalization](https://en.wikipedia.org/wiki/Compartmentalization_(information_security)) is a strategy, where you isolate different programs and data sources from one another as much as possible. That way, attackers who gain access to one part of the system are not able to compromise all of the user’s privacy, and corporate tracking or government surveillance shouldn't be able to link together different compartments. At the simplest level, you could use separate browsers or [multi-account containers](https://support.mozilla.org/en-US/kb/containers) for different activities, but taking it further you could have a virtual machine for each category (such as work, shopping, social etc). Alternativley, consider [Qubes OS](https://www.qubes-os.org), which is designed for exactly this, and sandboxes each app in it's own Xen Hypervisor VM, while still providing great user experience
 **Disable Undesired Features (Windows)** | Advanced | Microsoft Windows 10 is far from lean, and comes with many bundles "features" that run in the background, collecting data and using resources. Consider disabling: Windows Script Host, AutoRun + AutoPlay, powershell.exe and cmd.exe execution via Windows Explorer, and the execution of commonly abused file extensions. In MS Office, consider disabling Office Macros, OLE object execution, ActiveX, DDE and Excel Links. There are tools that may make these fixes, and more easier, such as [HardenTools](https://github.com/securitywithoutborders/hardentools), or [ShutUp10](https://www.oo-software.com/en/shutup10). Note: This should only be done if you are competent Windows user, as modifying the registry can cause issues
@ -351,13 +351,13 @@ Although Windows and OS X are easy to use and convenient, they both are far from
 **Use Canary Tokens** | Advanced | Breaches happen, but the longer it takes for you to find out about it, the more damage is done. A [canary trap](https://en.wikipedia.org/wiki/Canary_trap) can help you know that someone's gained access to your files or emails much faster, and gain a bit of inform about the incident. A canary token is a file, email, note or webpage that's like a little hacker honeypot, something that looks appealing to them once they've gained access to your system. When they open the file, unknowingly to them, a script is run which will not only alert you of the breach, but also grab some of the intruders system details. These have been used to catch Dropbox employees opening users files, and Yahoo Mail employees reading emails. <br>[CanaryTokens.org](https://canarytokens.org/generate) and [BlueCloudDrive](https://blueclouddrive.com/generate) are excellent sites, that you can use to generate your tokens. Then just leave them somewhere prominent on your system. [Learn more](https://blog.thinkst.com/p/canarytokensorg-quick-free-detection.html) about canary tokens, or see [this guide](https://resources.infosecinstitute.com/how-to-protect-files-with-canary-tokens/) for details on how to create them yourself.

 **Recommended Software**
- [Secure Operating Systems](/5_Privacy_Respecting_Software.md#desktop-operating-systems)
- [Linux Defenses](/5_Privacy_Respecting_Software.md#linux-defences)
- [Windows Defenses](/5_Privacy_Respecting_Software.md#windows-defences)
- [Mac OS Defenses](/5_Privacy_Respecting_Software.md#mac-os-defences)
- [Anti-Malware](/5_Privacy_Respecting_Software.md#anti-malware)
- [Firewalls](/5_Privacy_Respecting_Software.md#firewalls)
- [File Encryption](/5_Privacy_Respecting_Software.md#file-encryption)
+- [Secure Operating Systems](https://github.com/Lissy93/awesome-privacy#desktop-operating-systems)
+- [Linux Defenses](https://github.com/Lissy93/awesome-privacy#linux-defences)
+- [Windows Defenses](https://github.com/Lissy93/awesome-privacy#windows-defences)
+- [Mac OS Defenses](https://github.com/Lissy93/awesome-privacy#mac-os-defences)
+- [Anti-Malware](https://github.com/Lissy93/awesome-privacy#anti-malware)
+- [Firewalls](https://github.com/Lissy93/awesome-privacy#firewalls)
+- [File Encryption](https://github.com/Lissy93/awesome-privacy#file-encryption)


 ## Smart Home
@ -385,8 +385,8 @@ The most privacy-respecting option, would be to not use "smart" internet-connect
 **Assess risks** | Advanced | Assess risks with your audience and data in mind: Be mindful of whose data is being collected, e.g. kids. Manage which devices can operate when (such as turning cameras off when you are at home, or disabling the internet for certain devices at specific times of day)

 **Recommended Software**
- [Home Automation](/5_Privacy_Respecting_Software.md#home-automation)
- [AI Voice Assistants](/5_Privacy_Respecting_Software.md#ai-voice-assistants)
+- [Home Automation](https://github.com/Lissy93/awesome-privacy#home-automation)
+- [AI Voice Assistants](https://github.com/Lissy93/awesome-privacy#ai-voice-assistants)

 ## Personal Finance

@ -398,22 +398,22 @@ Note about credit cards: Credit cards have technological methods in place to det
 --- | --- | ---
 **Sign up for Fraud Alerts and Credit Monitoring** | Recommended | A Fraud Alert is a note on your credit report, that asks any business seeking your credit report to contact you to confirm your identity before granting credit in your name. Credit Monitoring tracks your credit history, and will alert you to any suspicious activity. You can enable fraud alerts and credit monitoring through credit the bureau's websites: [Experian](https://www.experian.com/fraud/center.html), [TransUnion](https://www.transunion.com/fraud-alerts) or [Equifax](https://www.freeze.equifax.com/)
 **Apply a Credit Freeze** | Recommended | A credit freeze will prevent anyone from requesting your credit report, hence stop someone applying for a financial product in your name, or a corporation requesting your details without your consent. You will need to temporarily disable your credit freeze before getting a loan, or any other financial product. You can freeze your credit through credit the bureau's website: [Experian](https://www.experian.com/freeze/center.html), [TransUnion](https://www.transunion.com/credit-freeze) and [Equifax](https://www.freeze.equifax.com/)
-**Use Virtual Cards** | Optional | Virtual card numbers let you pay for items without revealing your real card or banking details. They also offer additional features, such as single-use cards and spending limits for each card. This means you will not be charged more than you specified, or ongoing subscriptions or in the case of a data breach. [Privacy.com](https://privacy.com/join/VW7WC), [MySudo](https://mysudo.com/) and [others](/5_Privacy_Respecting_Software.md#virtual-credit-cards) offer this service
+**Use Virtual Cards** | Optional | Virtual card numbers let you pay for items without revealing your real card or banking details. They also offer additional features, such as single-use cards and spending limits for each card. This means you will not be charged more than you specified, or ongoing subscriptions or in the case of a data breach. [Privacy.com](https://privacy.com/join/VW7WC), [MySudo](https://mysudo.com/) and [others](https://github.com/Lissy93/awesome-privacy#virtual-credit-cards) offer this service
 **Use Cash for Local Transactions** | Optional | Unlike any digital payment method, cash is virtually untraceable. Using cash for local and everyday purchases will prevent any financial institution building up a comprehensive data profile based on your spending habits 
-**Use Cryptocurrency for Online Transactions**  | Optional | Unlike card payments, most cryptocurrencies are not linked to your real identity. Many blockchains have a public record, of all transaction metadata, on a public, immutable ledger. So where possible, opt for a privacy-focused currency, such as [Monero](https://www.getmonero.org). If you are using a widley- supported currency (such as [Tether](https://tether.to/), [Bitcoin](https://bitcoin.org/), [LiteCoin](https://litecoin.com/), [Ripple](https://ripple.com/xrp/), [Etherium](https://ethereum.org/en/) etc), take steps to [distance yourself from the transaction details](https://coinsutra.com/anonymous-bitcoin-transactions/). See more [privacy-respecting crypto currencies](/5_Privacy_Respecting_Software.md#cryptocurrencies). Note that using crypto anonymously requires some background knowlegde, and the learning curve can be steep, so take care to ensure you're not putting your privacy at risk (see [#70](https://github.com/Lissy93/personal-security-checklist/issues/70))
+**Use Cryptocurrency for Online Transactions**  | Optional | Unlike card payments, most cryptocurrencies are not linked to your real identity. Many blockchains have a public record, of all transaction metadata, on a public, immutable ledger. So where possible, opt for a privacy-focused currency, such as [Monero](https://www.getmonero.org). If you are using a widley- supported currency (such as [Tether](https://tether.to/), [Bitcoin](https://bitcoin.org/), [LiteCoin](https://litecoin.com/), [Ripple](https://ripple.com/xrp/), [Etherium](https://ethereum.org/en/) etc), take steps to [distance yourself from the transaction details](https://coinsutra.com/anonymous-bitcoin-transactions/). See more [privacy-respecting crypto currencies](https://github.com/Lissy93/awesome-privacy#cryptocurrencies). Note that using crypto anonymously requires some background knowlegde, and the learning curve can be steep, so take care to ensure you're not putting your privacy at risk (see [#70](https://github.com/Lissy93/personal-security-checklist/issues/70))
 **Store Crypto Securely** | Advanced | Generate wallet address offline, never let your private key touch the internet and preferably avoid storing it on an internet-connected device. Use a secure wallet, such as [Wasabi](https://www.wasabiwallet.io/), or a hardware wallet, like [Trezor](https://trezor.io/) or [ColdCard](https://coldcardwallet.com/). For long-term storage consider a paper wallet, or a more robust alternative, such as [CryptoSteel](https://cryptosteel.com/how-it-works)
 **Buy Crypto Anonymously** | Advanced | If you are buying a common cryptocurrency (such as Bitcoin), purchasing it from an exchange with your debit/ credit card, will link directly back to your real identity. Instead use a service like [LocalBitcoins](https://localbitcoins.com), an anonymous exchange, such as [Bisq](https://bisq.network), or buy from a local Bitcoin ATM ([find one here](https://coinatmradar.com)). Avoid any exchange that implements [KYC](https://en.wikipedia.org/wiki/Know_your_customer)
 **Tumble/ Mix Coins** | Advanced | Before converting Bitcoin back to currency, consider using a [bitcoin mixer](https://en.bitcoin.it/wiki/Mixing_service), or [CoinJoin](https://en.bitcoin.it/wiki/CoinJoin) to make your transaction harder to trace. (Some wallets, such as [Wasabi](https://www.wasabiwallet.io/) support this nativley)
-**Use an Alias Details for Online Shopping** | Advanced | When you pay for goods or services online, you do not know for sure who will have access to your data,  or weather it will be stored securley. Consider using an alias name, [forwarding email address](/5_Privacy_Respecting_Software.md#anonymous-mail-forwarding)/ VOIP number, and don't reveal any of your true information. (For Amazon purchases, you can an Amazon gift card with cash, and use an Amazon Locker or local pickup location)
+**Use an Alias Details for Online Shopping** | Advanced | When you pay for goods or services online, you do not know for sure who will have access to your data,  or weather it will be stored securley. Consider using an alias name, [forwarding email address](https://github.com/Lissy93/awesome-privacy#anonymous-mail-forwarding)/ VOIP number, and don't reveal any of your true information. (For Amazon purchases, you can an Amazon gift card with cash, and use an Amazon Locker or local pickup location)
 **Use alternate delivery address** | Advanced | When online shopping, if possible get goods delivered to an address that is not associated to you. For example, using a PO Box, forwarding address, corner-shop collection or pickup box

 **Recommended Software**
- [Virtual Credit Cards](/5_Privacy_Respecting_Software.md#virtual-credit-cards)
- [Cryptocurrencies](/5_Privacy_Respecting_Software.md#cryptocurrencies)
- [Crypto Wallets](/5_Privacy_Respecting_Software.md#crypto-wallets)
- [Crypto Exchanges](/5_Privacy_Respecting_Software.md#crypto-exchanges)
- [Other Payment Methods](/5_Privacy_Respecting_Software.md#other-payment-methods)
- [Budgeting Tools](/5_Privacy_Respecting_Software.md#budgeting-tools)
+- [Virtual Credit Cards](https://github.com/Lissy93/awesome-privacy#virtual-credit-cards)
+- [Cryptocurrencies](https://github.com/Lissy93/awesome-privacy#cryptocurrencies)
+- [Crypto Wallets](https://github.com/Lissy93/awesome-privacy#crypto-wallets)
+- [Crypto Exchanges](https://github.com/Lissy93/awesome-privacy#crypto-exchanges)
+- [Other Payment Methods](https://github.com/Lissy93/awesome-privacy#other-payment-methods)
+- [Budgeting Tools](https://github.com/Lissy93/awesome-privacy#budgeting-tools)

 ## Sensible Computing

@ -442,9 +442,9 @@ Many data breaches, hacks and attacks are caused by human error. The following l
 **Compartmentalize** | Advanced | [Compartmentalization](https://en.wikipedia.org/wiki/Compartmentalization_(information_security)) is where to keep several categories of digital activity and files totally separate from each other. It means that if one area is breached, then an attacker will only have a proportion of your data, and the rest will still be safe. For example, store your work and personal files on separate devices, or use different web browsers for different types of activity, or even run certain tasks in a contained VM or on a separate device (such as having a work phone, and personal phone, or using a separate browser for social media/ chat rooms, or even running a VM for using specialist software)
 **WhoIs Privacy Guard** | Advanced | Owning your own domain can prevent you loosing access to your email addresses, or being locked-in with a certain provider. However if you do not use a privacy guard, or enter false web admin details, your data will be publicly accessible through a [WhoIs](https://who.is) search. Most reputable domain registrars will have a WhoIs Privacy option
 **Use a forwarding address** | Advanced | Have all mail addressed to a PO Box or forwarding address, to prevent any commerce, utility, finance, media or other companies knowing your read address. This would give you an extra layer of protecting if they suffered a breach, sold on personal details or were presented with a court order
-**Use anonymous payment methods** | Advanced | Paying online with credit or debit card involves entering personal details, including name and residential address. Paying with cryptocurrency will not require you to enter any identifiable information. Both [Monero](https://www.getmonero.org) and [Zcash](https://z.cash/) are totally anonymous, and so best for privacy. See also: [Anonymous Payment Methods](/5_Privacy_Respecting_Software.md#payment-methods)
+**Use anonymous payment methods** | Advanced | Paying online with credit or debit card involves entering personal details, including name and residential address. Paying with cryptocurrency will not require you to enter any identifiable information. Both [Monero](https://www.getmonero.org) and [Zcash](https://z.cash/) are totally anonymous, and so best for privacy. See also: [Anonymous Payment Methods](https://github.com/Lissy93/awesome-privacy#payment-methods)

-**See also**: [Online Tools](/5_Privacy_Respecting_Software.md#online-tools)
+**See also**: [Online Tools](https://github.com/Lissy93/awesome-privacy#online-tools)

 ## Physical Security

@ -480,7 +480,7 @@ Strong authentication, encrypted devices, patched software and anonymous web bro

 #### There's more to check out!
 - [Why Privacy & Security Matters](/0_Why_It_Matters.md)
- [Privacy-Respecting Software](/5_Privacy_Respecting_Software.md)
+- [Privacy-Respecting Software](https://github.com/Lissy93/awesome-privacy)
 - [Privacy & Security Gadgets](/6_Privacy_and-Security_Gadgets.md)
 - [Further Links + More Awesome Stuff](/4_Privacy_And_Security_Links.md)