mirror of
https://github.com/Lissy93/personal-security-checklist.git
synced 2024-12-18 04:04:36 -05:00
Merge pull request #21 from 0x192/master
Fix a lot of typos, improve some wording & correct some descriptions
This commit is contained in:
commit
8448d47c31
@ -26,33 +26,32 @@ It lays out the 20 most essential security + privacy tips, that you should compl
|
|||||||
|
|
||||||
|
|
||||||
### Phone
|
### Phone
|
||||||
- Have a strong pin/ password on your mobile device.
|
- Have a strong pin/password on your mobile device.
|
||||||
- Turn of WiFi when your not using it, and delete saved networks that you no longer need (Settings --> WiFi --> Saved Networks).
|
- Turn off WiFi when your not using it, and delete saved networks that you no longer need (Settings --> WiFi --> Saved Networks).
|
||||||
- Don't grant apps permissions that they don't need. For Android, you can use [Exodus](https://exodus-privacy.eu.org/en/) to quickly see the permissions and trackers for each of your installed apps.
|
- Don't grant apps permissions that they don't need. For Android, you can use [Exodus](https://exodus-privacy.eu.org/en/) to quickly see the permissions and trackers for each of your installed apps.
|
||||||
|
|
||||||
|
|
||||||
### Email
|
### Email
|
||||||
- It's important to protect your email account, as if a hacker gains access to it they will be able to reset the passwords for all your other accounts. Ensure you have a strong and unique password, and enablle 2FA.
|
- It's important to protect your email account, as if a hacker gains access to it he/she will be able to reset the passwords for all your other accounts. Ensure you have a strong and unique password, and enable 2FA.
|
||||||
- Emails are not encrypted by default, meaning they are able to be read by anyone who intercepts them as well as your email provider (Google, Microsoft, Apple, Yahoo etc all monitor emails). Consider switching to a secure mail provider, such as [ProtonMail](https://protonmail.com/).
|
- Emails are not encrypted by default, meaning they are able to be read by anyone who intercepts them as well as your email provider (Google, Microsoft, Apple, Yahoo etc all monitor emails). Consider switching to a secure mail provider using end-to-end encryption, such as [ProtonMail](https://protonmail.com/) or [Tutanota](https://tutanota.com/).
|
||||||
|
|
||||||
|
|
||||||
### Networking
|
### Networking
|
||||||
- Use a reputable VPN, to keep your IP protected, and reduce the amount of browsing data your ISP can log. (Note, VPN's do not provide ultimate protection as advertisers commonly state). See [thatoneprivacysite.net](https://thatoneprivacysite.net/) for a detailed comparison chart. [ProtonVPN](https://protonvpn.com/) has a free starter plan, [Mullvad](https://mullvad.net/) is great for anonimity. Other good all-rounders include [IVPN](https://www.ivpn.net/), NordVPN, TorGuard and AirVPN.
|
- Use a reputable VPN to keep your IP protected and reduce the amount of browsing data your ISP can log. (Note: VPN's do not provide ultimate protection as advertisers commonly state). See [thatoneprivacysite.net](https://thatoneprivacysite.net/) for a detailed comparison chart. [ProtonVPN](https://protonvpn.com/) has a free starter plan, [Mullvad](https://mullvad.net/) is great for anonymity. Other good all-rounders include [IVPN](https://www.ivpn.net/), NordVPN, TorGuard and AirVPN.
|
||||||
- Change your routers default password. Anyone connected to your WiFi is able to listen to network traffic, so in order to prevent people you don't know from connecting, use WPA2 and set a strong password.
|
- Change your routers default password. Anyone connected to your WiFi is able to listen to network traffic, so in order to prevent people you don't know from connecting, use WPA2 and set a strong password.
|
||||||
- Update your router settings to use a secure DNS, such as [Cloudflare's 1.1.1.1](https://1.1.1.1/dns/), this should also speed up your internet. If you cannot modify your roters settings, you can set the DNS on your phone (with the [1.1.1.1. app](https://1.1.1.1/)), or [Windows](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/windows/), [Mac](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/mac/) or [Linux](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/linux/). DNS is the system used to resolve URL's to their server addresses, many DNS providers collect data on your browsing habbits and use it to target you with ads or sell it on.
|
- Update your router settings to use a secure DNS, such as [Cloudflare's 1.1.1.1](https://1.1.1.1/dns/), this should also speed up your internet. If you cannot modify your roters settings, you can set the DNS on your phone (with the [1.1.1.1. app](https://1.1.1.1/)), or [Windows](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/windows/), [Mac](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/mac/) or [Linux](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/linux/). DNS is the system used to resolve URL's to their server addresses, many DNS providers collect data on your browsing habbits and use it to target you with ads or sell it on.
|
||||||
|
|
||||||
|
|
||||||
### Devices
|
### Devices
|
||||||
- Keep software up-to-date. Security fixes and patches are released as updates, so it is important to install updates when prompted, for your phone, PC, router, IoT devices and all software/ apps.
|
- Keep software up-to-date. Security fixes and patches are released as updates, so it is important to install updates when prompted, for your phone, PC, router, IoT devices and all software/apps.
|
||||||
|
|
||||||
📜 **See More**: [The Complete Personal Security Checklist](https://github.com/Lissy93/personal-security-checklist/blob/master/README.md)
|
**📜 See More**: [The Complete Personal Security Checklist](https://github.com/Lissy93/personal-security-checklist/blob/master/README.md)
|
||||||
|
|
||||||
----
|
----
|
||||||
|
|
||||||
|
|
||||||
## OPEN-SOURCE, PRIVACY-FOCUSED SOFTWARE
|
## OPEN-SOURCE, PRIVACY-FOCUSED SOFTWARE
|
||||||
|
Switch to alternative open-source, privacy-respecting apps and services, which won't collect your data, track you or show targetted ads.
|
||||||
Switch to alternative open-source, privacy-respecting apps and services, which won't collect your data, track you or show targetted ads
|
|
||||||
|
|
||||||
#### Security
|
#### Security
|
||||||
- Password Managers: [BitWarden] | [1Password] *(proprietary)* | [KeePassXC] *(offline)* | [LessPass] *(stateless)*
|
- Password Managers: [BitWarden] | [1Password] *(proprietary)* | [KeePassXC] *(offline)* | [LessPass] *(stateless)*
|
||||||
@ -66,7 +65,7 @@ Switch to alternative open-source, privacy-respecting apps and services, which w
|
|||||||
- App Firewall: [NetGuard] (Android) | [Lockdown] (iOS) | [OpenSnitch] (Linux) | [LuLu] (MacOS)
|
- App Firewall: [NetGuard] (Android) | [Lockdown] (iOS) | [OpenSnitch] (Linux) | [LuLu] (MacOS)
|
||||||
|
|
||||||
#### Browser Extensions
|
#### Browser Extensions
|
||||||
[Privacy Badger] - Blocks trackers. [HTTPS Everywhere] - Upgrates requests to HTTPS. [uBlock] - Blocks ads. [ScriptSafe] - Block execution of certain scripts. [WebRTC Leak Prevent] - Prevents IP leaks. [Vanilla Cookie Manager] - Auto-removes unwanted cookies. [Privacy Essentials] - Shows which sites are insecure
|
[Privacy Badger] - Blocks trackers. [HTTPS Everywhere] - Upgrates requests to HTTPS. [uBlock Origin] - Blocks ads, trackers and malwares. [ScriptSafe] - Block execution of certain scripts. [WebRTC Leak Prevent] - Prevents IP leaks. [Vanilla Cookie Manager] - Auto-removes unwanted cookies. [Privacy Essentials] - Shows which sites are insecure
|
||||||
|
|
||||||
#### Mobile Apps
|
#### Mobile Apps
|
||||||
[Exodus] - Shows which trackers are on your device. [Orbot]- System-wide Tor Proxy. [Island] - Sand-box environment for apps. [NetGuard] - Controll which apps have network access. [Bouncer] - Grant temporary permissions. [Greenify] - Controll which apps can run in the background. [1.1.1.1] - Use CloudFlares DNS over HTTPS. [Fing App] - Monitor your home WiFi network for intruders
|
[Exodus] - Shows which trackers are on your device. [Orbot]- System-wide Tor Proxy. [Island] - Sand-box environment for apps. [NetGuard] - Controll which apps have network access. [Bouncer] - Grant temporary permissions. [Greenify] - Controll which apps can run in the background. [1.1.1.1] - Use CloudFlares DNS over HTTPS. [Fing App] - Monitor your home WiFi network for intruders
|
||||||
@ -83,7 +82,7 @@ File Storage: [NextCloud]. File Sync: [Syncthing]. File Drop: [Firefox Send]. No
|
|||||||
|
|
||||||
## SECURITY HARDWARE
|
## SECURITY HARDWARE
|
||||||
|
|
||||||
There are also some gadgets can help improve your physical and digital security. Although often, it is not actually necissary to spend money, as most of these products can be [built at home](https://github.com/Lissy93/personal-security-checklist/blob/master/5_Privacy_and-Security_Gadgets.md#diy-security-products)
|
There are also some gadgets that can help improve your physical and digital security. Although often, it is not actually necissary to spend money, as most of these products can be [built at home](https://github.com/Lissy93/personal-security-checklist/blob/master/5_Privacy_and-Security_Gadgets.md#diy-security-products)
|
||||||
|
|
||||||
- **Blockers and Protectors**: [USB Data Blocker], [Mic-Lock], [Faraday Pouch], [RFID Card Protector], [ArmourCard], [Web Cam Covers], [Port Blockers], [Privacy Screen]
|
- **Blockers and Protectors**: [USB Data Blocker], [Mic-Lock], [Faraday Pouch], [RFID Card Protector], [ArmourCard], [Web Cam Covers], [Port Blockers], [Privacy Screen]
|
||||||
- **Encrypted Storage**: [Hardware-Encrypted USB Drive], [Hardware-Encrypted HDD], [Encrypted Kingston]
|
- **Encrypted Storage**: [Hardware-Encrypted USB Drive], [Hardware-Encrypted HDD], [Encrypted Kingston]
|
||||||
@ -140,10 +139,10 @@ http://www.linkedin.com/shareArticle?mini=true&url=https://github.com/Lissy93/pe
|
|||||||
[Signal]: https://signal.org
|
[Signal]: https://signal.org
|
||||||
[KeyBase]: https://keybase.io
|
[KeyBase]: https://keybase.io
|
||||||
[ProtonMail]: https://protonmail.com
|
[ProtonMail]: https://protonmail.com
|
||||||
[MailFence]: https://mailfence.com?src=digitald
|
[MailFence]: https://mailfence.com
|
||||||
[Tutanota]: https://tutanota.com
|
[Tutanota]: https://tutanota.com
|
||||||
[Brave Browser]: https://brave.com/?ref=ali721
|
[Brave Browser]: https://brave.com/?ref=ali721
|
||||||
[Firefox]: https://www.mozilla.org/en-GB/firefox/browsers
|
[Firefox]: https://www.mozilla.org/
|
||||||
[DuckDuckGo]: https://duckduckgo.com
|
[DuckDuckGo]: https://duckduckgo.com
|
||||||
[StartPage]: https://www.startpage.com
|
[StartPage]: https://www.startpage.com
|
||||||
[Quant]: https://www.qwant.com
|
[Quant]: https://www.qwant.com
|
||||||
|
@ -28,7 +28,7 @@ See also: [Personal Security Checklist](https://github.com/Lissy93/personal-secu
|
|||||||
## Getting Started Guides
|
## Getting Started Guides
|
||||||
|
|
||||||
- [EFF SSD](https://ssd.eff.org) - Tips for safer online communications
|
- [EFF SSD](https://ssd.eff.org) - Tips for safer online communications
|
||||||
- [PrivacyTools.io]( https://www.privacytools.io) - Tools to protect agains mass surveillance
|
- [PrivacyTools.io]( https://www.privacytools.io) - Tools to protect against mass surveillance
|
||||||
- [PrismBreak](https://prism-break.org/en/all) - Secure app alternatives
|
- [PrismBreak](https://prism-break.org/en/all) - Secure app alternatives
|
||||||
- [The VERGE guide to privacy](https://bit.ly/2ptl4Wm) - Guides for securing mobile, web and home tech
|
- [The VERGE guide to privacy](https://bit.ly/2ptl4Wm) - Guides for securing mobile, web and home tech
|
||||||
- [Email Self-Defense](https://emailselfdefense.fsf.org) - Complete guide to secure email
|
- [Email Self-Defense](https://emailselfdefense.fsf.org) - Complete guide to secure email
|
||||||
@ -87,7 +87,7 @@ See also: [Personal Security Checklist](https://github.com/Lissy93/personal-secu
|
|||||||
|
|
||||||
## Books
|
## Books
|
||||||
- [Permanent Record](https://amzn.to/30wxxXi) (by Edward Snowden)
|
- [Permanent Record](https://amzn.to/30wxxXi) (by Edward Snowden)
|
||||||
- [Sandworm](https://amzn.to/2FVByeJ) (by Andy Greenberg)
|
- [Sandworm](https://amzn.to/2FVByeJ) (by Andy Greenberg)
|
||||||
|
|
||||||
|
|
||||||
## Podcasts
|
## Podcasts
|
||||||
@ -115,7 +115,7 @@ See also: [Personal Security Checklist](https://github.com/Lissy93/personal-secu
|
|||||||
- [URLScan](https://urlscan.io) - Service scanning for malisious domains
|
- [URLScan](https://urlscan.io) - Service scanning for malisious domains
|
||||||
- [Dehashed](https://www.dehashed.com/breach) - Data Breaches and Credentials
|
- [Dehashed](https://www.dehashed.com/breach) - Data Breaches and Credentials
|
||||||
- [VirusTotal](https://developers.virustotal.com/v3.0/reference) - Detailed virus scans of software
|
- [VirusTotal](https://developers.virustotal.com/v3.0/reference) - Detailed virus scans of software
|
||||||
- Hosts to block: https://someonewhocares.org/hosts/ and https://github.com/StevenBlack/hosts
|
- Hosts to block: https://someonewhocares.org/hosts/ and https://github.com/StevenBlack/hosts
|
||||||
|
|
||||||
|
|
||||||
## Academic Journals
|
## Academic Journals
|
||||||
|
@ -17,7 +17,7 @@ Large data-hungry corporations dominate the digital world but with little, or no
|
|||||||
Migrating to open-source applications with a strong emphasis on security will help stop
|
Migrating to open-source applications with a strong emphasis on security will help stop
|
||||||
corporations, governments, and hackers from logging, storing or selling your personal data.
|
corporations, governments, and hackers from logging, storing or selling your personal data.
|
||||||
|
|
||||||
Be aware that no software is perfect- there will always be bugs and vulnerabilities. Also, applications can only as secure as the system they are running on. You keep your system up-to-date and [follow good security practices](https://github.com/Lissy93/personal-security-checklist).
|
Be aware that no software is perfect- there will always be bugs and vulnerabilities. Also, applications can only as secure as the system they are running on. You have to keep your system up-to-date and [follow good security practices](https://github.com/Lissy93/personal-security-checklist).
|
||||||
|
|
||||||
### Categories
|
### Categories
|
||||||
|
|
||||||
@ -124,7 +124,7 @@ If you need to create a compressed archive, prior to encrypting your files, then
|
|||||||
|
|
||||||
## Encrypted Messaging
|
## Encrypted Messaging
|
||||||
|
|
||||||
Without using a secure app for instant messaging, all your conversations, meta data and more is unprotected. Signal one of the best options- it's easy, yet also highly secure and privacy-centric.
|
Without using a secure app for instant messaging, all your conversations, meta data and more are unprotected. Signal is one of the best options- it's easy, yet also highly secure and privacy-centric.
|
||||||
|
|
||||||
| Provider | Description |
|
| Provider | Description |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
@ -141,15 +141,15 @@ Many messaging apps claim to be secure, but if they are not open source, then th
|
|||||||
|
|
||||||
## P2P Messaging
|
## P2P Messaging
|
||||||
|
|
||||||
With [Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer) networks, there are no central server, so there is nothing that can be raided, shut-down or forced to turn over data. There are P2P networks available that are open source, E2E encrypted, routed through Tor services, totally anonymous and operate without the collection of meta data.
|
With [Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer) networks, there are no central server, so there is nothing that can be raided, shut-down or forced to turn over data. There are P2P networks available that are open source, E2E encrypted, routed through Tor services, totally anonymous and operate without the collection of metadata.
|
||||||
|
|
||||||
| Provider | Description |
|
| Provider | Description |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
**[Session](https://getsession.org)** + **[LokiNet](https://loki.network)** client | Loki is an open source set of tools that allow users to transact and communicate anonymously and privately, though a decentralised, encrypted, onion-based network. Session is a desktop and mobile app that uses these private routing protocols to secure messages, media and metadata.
|
**[Session](https://getsession.org)** + **[LokiNet](https://loki.network)** client | Loki is an open source set of tools that allow users to transact and communicate anonymously and privately, through a decentralised, encrypted, onion-based network. Session is a desktop and mobile app that uses these private routing protocols to secure messages, media and metadata.
|
||||||
**[Briar](https://briarproject.org)** | Tor-based Android app for P2P encrypted messaging and forums. Where content is stored securely on your device (not in the cloud). It also allows you to connect directly with nearby contacts, without internet access (using Bluetooth or WiFi).
|
**[Briar](https://briarproject.org)** | Tor-based Android app for P2P encrypted messaging and forums. Where content is stored securely on your device (not in the cloud). It also allows you to connect directly with nearby contacts, without internet access (using Bluetooth or WiFi).
|
||||||
**[Matrix](https://matrix.org)** + **[Riot](https://about.riot.im)** client | Matrix is a decentralized open network for secure communications, with E2E encryption with Olm and Megolm. Along with the Riot client, it supports VOIP + video calling and IM + group chats. Since Matrix has an open specification and Simple pragmatic RESTful HTTP/JSON API it makes it easy to integrates with existing 3rd party IDs to authenticate and discover users, as well as to build apps on top of it.
|
**[Matrix](https://matrix.org)** + **[Riot](https://about.riot.im)** client | Matrix is a decentralized open network for secure communications, with E2E encryption with Olm and Megolm. Along with the Riot client, it supports VOIP + video calling and IM + group chats. Since Matrix has an open specification and Simple pragmatic RESTful HTTP/JSON API it makes it easy to integrates with existing 3rd party IDs to authenticate and discover users, as well as to build apps on top of it.
|
||||||
**[Riochet](https://ricochet.im)** | Desktop instant messenger, that uses the Tor network to rendezvous with your contacts without revealing your identity, location/ IP or meta data. There are no servers to monitor, censor, or hack so Ricochet is secure, automatic and easy to use.
|
**[Riochet](https://ricochet.im)** | Desktop instant messenger, that uses the Tor network to rendezvous with your contacts without revealing your identity, location/ IP or meta data. There are no servers to monitor, censor, or hack so Ricochet is secure, automatic and easy to use.
|
||||||
**[Jami](https://jami.net)** | P2P encrypted chat network with cross-platform GNU client apps. Jami supports audio and vidio calls, screen sharing, conference hosting and instant messaging.
|
**[Jami](https://jami.net)** | P2P encrypted chat network with cross-platform GNU client apps. Jami supports audio and video calls, screen sharing, conference hosting and instant messaging.
|
||||||
**[Tox](https://tox.chat)** + **[qTox](https://qtox.github.io)** client | Open source, encrypted, distributed chat network, with clients for desktop and mobile- see [supported clients](https://tox.chat/clients.html). Clearly documented code and multiple language bindings make it easy for developers to integrate with Tox.
|
**[Tox](https://tox.chat)** + **[qTox](https://qtox.github.io)** client | Open source, encrypted, distributed chat network, with clients for desktop and mobile- see [supported clients](https://tox.chat/clients.html). Clearly documented code and multiple language bindings make it easy for developers to integrate with Tox.
|
||||||
|
|
||||||
#### Other Notable Mentions
|
#### Other Notable Mentions
|
||||||
@ -158,9 +158,9 @@ With [Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer) networks, there
|
|||||||
|
|
||||||
## Encrypted Email
|
## Encrypted Email
|
||||||
|
|
||||||
Email, is not secure- your messages can be easily intercepted and read. Coporations scan the content of your mail, to build up a profile of you, either to show you targeted ads or to sell onto third-parties. Through the [Prism Program](https://en.wikipedia.org/wiki/PRISM_(surveillance_program)), the government also has full access to the plain text and meta data of all sent and received emails. This applies to Gmail, Outlook Mail, Yahoo Mail, GMX, ZoHo, iCloud, AOL and more.
|
Email, is not secure- your messages can be easily intercepted and read. Corporations scan the content of your mail, to build up a profile of you, either to show you targeted ads or to sell onto third-parties. Through the [Prism Program](https://en.wikipedia.org/wiki/PRISM_(surveillance_program)), the government also has full access to your emails not end-to-end encrypted. This applies to Gmail, Outlook Mail, Yahoo Mail, GMX, ZoHo, iCloud, AOL and more.
|
||||||
|
|
||||||
The below email providers are private, encrypted and safe
|
The below email providers are private, end-to-end encrypted (E2EE) and safe.
|
||||||
|
|
||||||
| Provider | Description |
|
| Provider | Description |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
@ -185,7 +185,7 @@ Alternativley you could host your own service
|
|||||||
|
|
||||||
|
|
||||||
#### Self-Hosted Email
|
#### Self-Hosted Email
|
||||||
If you do not want to trust an email provider with your messages, you can host your own mail server. Without experience, this can be notoriously hard to correctly configure, especially when it comes to security. You may also find that cost, performance and features make it a less attractive optrion. If you do decide to go down this route, [Mail-in-a-box](https://mailinabox.email/), is an easy to deploy, open source mail server. It aims to promote decentralization, innovation, and privacy on the web, as well as have automated, auditable, and idempotent system configuration. Other ready-to-go self-hosted mail options include [Mailu](https://mailu.io/1.7/) and [Mail Cow](https://mailcow.email/), both of which are docker containers.
|
If you do not want to trust an email provider with your messages, you can host your own mail server. Without experience, this can be notoriously hard to correctly configure, especially when it comes to security. You may also find that cost, performance and features make it a less attractive option. If you do decide to go down this route, [Mail-in-a-box](https://mailinabox.email/), is an easy to deploy, open source mail server. It aims to promote decentralization, innovation, and privacy on the web, as well as have automated, auditable, and idempotent system configuration. Other ready-to-go self-hosted mail options include [Mailu](https://mailu.io/1.7/) and [Mail Cow](https://mailcow.email/), both of which are docker containers.
|
||||||
|
|
||||||
#### Mail Clients
|
#### Mail Clients
|
||||||
Email clients are the programs used to interact with the mail server. For hosted email, then the web and mobile clients provided by your email service are usually adequate, and may be the most secure option. For self-hosted email, you will need to install and configure mail clients for web, desktop or mobile.
|
Email clients are the programs used to interact with the mail server. For hosted email, then the web and mobile clients provided by your email service are usually adequate, and may be the most secure option. For self-hosted email, you will need to install and configure mail clients for web, desktop or mobile.
|
||||||
@ -217,10 +217,10 @@ Google frequently modifies and manipulates search, and is in persuit of eliminat
|
|||||||
|
|
||||||
| Provider | Description |
|
| Provider | Description |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
**[DuckDuckGo](https://duckduckgo.com/)** | DuckDuckGo is a very user-friendly, fast and secure search engine. It's totally private, with no trackers, cookies or ads. It's also highly customisable, with dark-mode, many languages and features. They even have a [.onion](https://3g2upl4pq6kufc4m.onion ) URL, for use with Tor.
|
**[DuckDuckGo](https://duckduckgo.com/)** | DuckDuckGo is a very user-friendly, fast and secure search engine. It's totally private, with no trackers, cookies or ads. It's also highly customisable, with dark-mode, many languages and features. They even have a [.onion](https://3g2upl4pq6kufc4m.onion) URL, for use with Tor and a [no Javascript version](https://duckduckgo.com/html/)
|
||||||
**[Qwant](https://www.qwant.com/)** | French service that aggregates Bings results, with it's own results. Quant doesn't plant any cookies, nor have any trackers or third-party advertising. It returns non-biased search results, with no promotions. Quant has a uinique, but nice UI
|
**[Qwant](https://www.qwant.com/)** | French service that aggregates Bings results, with it's own results. Quant doesn't plant any cookies, nor have any trackers or third-party advertising. It returns non-biased search results, with no promotions. Quant has a unique, but nice UI.
|
||||||
|
|
||||||
Another option would be to host your own- [Searx](https://asciimoo.github.io/searx/) is a good option for self-hosting, since it is easy to set-up, secure, private and is backed by a strong community
|
Another option would be to host your own- [Searx](https://asciimoo.github.io/searx/) is a good option for self-hosting, since it is easy to set-up, secure, private and is backed by a strong community.
|
||||||
|
|
||||||
**See also** [Browser & Search Security Checklist](/README.md#browser-and-search)
|
**See also** [Browser & Search Security Checklist](/README.md#browser-and-search)
|
||||||
|
|
||||||
@ -234,7 +234,7 @@ The following browser add-ons give you better control over what content is able
|
|||||||
| --- | --- |
|
| --- | --- |
|
||||||
**[Privacy Badger](https://www.eff.org/privacybadger)** | Blocks invisible trackers, in order to stop advertisers and other third-parties from secretly tracking where you go and what pages you look at. **Download**: [Chrome][privacy-badger-chrome] \ [Firefox][privacy-badger-firefox]
|
**[Privacy Badger](https://www.eff.org/privacybadger)** | Blocks invisible trackers, in order to stop advertisers and other third-parties from secretly tracking where you go and what pages you look at. **Download**: [Chrome][privacy-badger-chrome] \ [Firefox][privacy-badger-firefox]
|
||||||
**[HTTPS Everywhere](https://eff.org/https-everywhere)** | Forces sites to load in HTTPS, in order to encrypt your communications with websites, making your browsing more secure. **Download**: [Chrome][https-everywhere-chrome] \ [Firefox][https-everywhere-firefox]
|
**[HTTPS Everywhere](https://eff.org/https-everywhere)** | Forces sites to load in HTTPS, in order to encrypt your communications with websites, making your browsing more secure. **Download**: [Chrome][https-everywhere-chrome] \ [Firefox][https-everywhere-firefox]
|
||||||
**[uBlock Origin](https://github.com/gorhill/uBlock)** | Blocks ads, because ads track you. **Download**: [Chrome][ublock-chrome] \ [Firefox][ublock-firefox]
|
**[uBlock Origin](https://github.com/gorhill/uBlock)** | Block ads, trackers and malware sites. **Download**: [Chrome][ublock-chrome] \ [Firefox][ublock-firefox]
|
||||||
**[ScriptSafe](https://github.com/andryou/scriptsafe)** | Allows you yo block the execution of certain scripts. **Download**: [Chrome][script-safe-chrome] \ [Firefox][script-safe-firefox]
|
**[ScriptSafe](https://github.com/andryou/scriptsafe)** | Allows you yo block the execution of certain scripts. **Download**: [Chrome][script-safe-chrome] \ [Firefox][script-safe-firefox]
|
||||||
**[WebRTC-Leak-Prevent](https://github.com/aghorler/WebRTC-Leak-Prevent)** | Provides user control over WebRTC privacy settings in Chromium, in order to prevent WebRTC leaks. **Download**: [Chrome][web-rtc-chrome]. For Firefox users, you can do this through [browser settings](https://www.privacytools.io/browsers/#webrtc). Test for WebRTC leaks, with [browserleaks.com/webrtc](https://browserleaks.com/webrtc)
|
**[WebRTC-Leak-Prevent](https://github.com/aghorler/WebRTC-Leak-Prevent)** | Provides user control over WebRTC privacy settings in Chromium, in order to prevent WebRTC leaks. **Download**: [Chrome][web-rtc-chrome]. For Firefox users, you can do this through [browser settings](https://www.privacytools.io/browsers/#webrtc). Test for WebRTC leaks, with [browserleaks.com/webrtc](https://browserleaks.com/webrtc)
|
||||||
**[Vanilla Cookie Manager](https://github.com/laktak/vanilla-chrome)** | A Whitelist Manager that helps protect your privacy, through automatically removing unwanted cookies. **Download**: [Chrome][vanilla-cookie-chrome]
|
**[Vanilla Cookie Manager](https://github.com/laktak/vanilla-chrome)** | A Whitelist Manager that helps protect your privacy, through automatically removing unwanted cookies. **Download**: [Chrome][vanilla-cookie-chrome]
|
||||||
@ -252,10 +252,10 @@ The following browser add-ons give you better control over what content is able
|
|||||||
|
|
||||||
| Provider | Description |
|
| Provider | Description |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
**[Orbot]** | System-wide Tor proxy, which encrypts your connection through multiple nodes. You can also use it alongside [Tor Browser] to access .onion sites
|
**[Orbot]** | System-wide Tor proxy, which encrypts your connection through multiple nodes. You can also use it alongside [Tor Browser] to access .onion sites.
|
||||||
**[NetGaurd]** | A firewall app for Android, which does not require root. NetGuard provides simple and advanced ways to block access to the internet, where applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection
|
**[NetGaurd]** | A firewall app for Android, which does not require root. NetGuard provides simple and advanced ways to block access to the internet, where applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.
|
||||||
**[Island]** | A sandbox environment, allowing you to clone selected apps and run them in an isolated box, preventing it from accessing your personal data, or devicce information
|
**[Island]** | A sandbox environment, allowing you to clone selected apps and run them in an isolated box, preventing it from accessing your personal data, or devicce information
|
||||||
**[Exodus]** | Shows which trackers, each of your installed apps is using, so that you can better understand how your data is being collected. Uses data from the Exodus database of scanned APKs.
|
**[Exodus]** | Shows which trackers, each of your installed apps is using, so that you can better understand how your data is being collected. Uses data from the Exodus database of scanned APKs.
|
||||||
**[Bouncer]** | Gives you the ability to grant permissions temporarily, so that you could for example use the camera to take a profile picture, but when you close the given app, those permissions will be revoked
|
**[Bouncer]** | Gives you the ability to grant permissions temporarily, so that you could for example use the camera to take a profile picture, but when you close the given app, those permissions will be revoked
|
||||||
**[Haven]** | Allows you to protect yourself, your personal space and your posessions- without compromising on security. Leveraging device sensors to monitor nearby space, Haven was developed by [The Guardian Project](https://guardianproject.info/), in partnership with [Edward Snowden](https://techcrunch.com/2017/12/24/edward-snowden-haven-app/)
|
**[Haven]** | Allows you to protect yourself, your personal space and your posessions- without compromising on security. Leveraging device sensors to monitor nearby space, Haven was developed by [The Guardian Project](https://guardianproject.info/), in partnership with [Edward Snowden](https://techcrunch.com/2017/12/24/edward-snowden-haven-app/)
|
||||||
**[XUMI Security]** | Checks for, and resolves known security vulnerabilities. Useful to ensure that certain apps, or device settings are not putting your security or privacy at risk
|
**[XUMI Security]** | Checks for, and resolves known security vulnerabilities. Useful to ensure that certain apps, or device settings are not putting your security or privacy at risk
|
||||||
@ -284,47 +284,48 @@ A selection of free online tools and utilities, to check, test and protect
|
|||||||
|
|
||||||
| Provider | Description |
|
| Provider | Description |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
**[';--have i been pwned?](https://haveibeenpwned.com)** | Check if your credentials (Email address or Password) have been compromised in a data breach
|
**[';--have i been pwned?](https://haveibeenpwned.com)** | Checks if your credentials (Email address or Password) have been compromised in a data breach
|
||||||
**[εxodus](https://reports.exodus-privacy.eu.org)** | Check how many, and which trackers any Android app has. Useful to understand how data is being collected before you install a certain APK, it also shows which permssions the app asks for
|
**[εxodus](https://reports.exodus-privacy.eu.org)** | Checks how many, and which trackers any Android app has. Useful to understand how data is being collected before you install a certain APK, it also shows which permssions the app asks for
|
||||||
**[Panopticlick](https://panopticlick.eff.org/)** | Check if your browser safe against tracking. Analyzes how well your browser and add-ons protect you against online tracking techniques, and if your system is uniquely configured—and thus identifiable
|
**[Panopticlick](https://panopticlick.eff.org/)** | Check if your browser safe against tracking. Analyzes how well your browser and add-ons protect you against online tracking techniques, and if your system is uniquely configured—and thus identifiable
|
||||||
**[Browser Leak Test](https://browserleaks.com)** | Shows which of personal identity data is being leaked through your browser, so you can better protect yourself against fingerprinting
|
**[Browser Leak Test](https://browserleaks.com)** | Shows which of personal identity data is being leaked through your browser, so you can better protect yourself against fingerprinting
|
||||||
**[IP Leak Test](https://ipleak.net)** | Shows your IP address, and other associated details (location, ISP, WebRTC check, DNS, and lots more)
|
**[IP Leak Test](https://ipleak.net)** | Shows your IP address, and other associated details (location, ISP, WebRTC check, DNS, and lots more)
|
||||||
**[EXIF Remove](https://www.exifremove.com)** | Displays, and removes Meta and EXIF data from an uploaded photo or document
|
**[EXIF Remove](https://www.exifremove.com)** | Displays, and removes Meta and EXIF data from an uploaded photo or document
|
||||||
**[Redirect Detective](https://redirectdetective.com)** | Check where a suspicious URL redirects to (without having to click it). Lets you avoid being tracked by not being redirected via adware/tracking sites, or see if a shortened link actually resolves a legitimate site, or see if link is an affiliate ad
|
**[Redirect Detective](https://redirectdetective.com)** | Check where a suspicious URL redirects to (without having to click it). Lets you avoid being tracked by not being redirected via adware/tracking sites, or see if a shortened link actually resolves a legitimate site, or see if link is an affiliate ad
|
||||||
**[Blocked.org](https://www.blocked.org.uk)** | Checks if a given website is blocked by filters applied by your mobile and broadband Internet Service Providers (ISP)
|
**[Blocked.org](https://www.blocked.org.uk)** | Checks if a given website is blocked by filters applied by your mobile and broadband Internet Service Providers (ISP)
|
||||||
**[Virus Total](https://www.virustotal.com)** | Analyse a potentially-suspicious web resources (by URL, IP, domain or file hash) to detect types of malware (*note: files are scanned publicly*)
|
**[Virus Total](https://www.virustotal.com)** | Analyses a potentially-suspicious web resources (by URL, IP, domain or file hash) to detect types of malware (*note: files are scanned publicly*)
|
||||||
**[Is Legit?](https://www.islegitsite.com/)** | Check if a website or business is a scam, before buying something from it
|
**[Is Legit?](https://www.islegitsite.com/)** | Checks if a website or business is a scam, before buying something from it
|
||||||
**[Deseat Me](https://www.deseat.me)** | Tool to help you clean up your online presence- Instantly get a list of all your accounts, delete the ones you are not using
|
**[Deseat Me](https://www.deseat.me)** | Tool to help you clean up your online presence- Instantly get a list of all your accounts, delete the ones you are not using
|
||||||
**[10 Minute Mail](https://10minemail.com/)** | Generate temporary disposable email address, to avoid giving your real details
|
**[10 Minute Mail](https://10minemail.com/)** | Generates temporary disposable email address, to avoid giving your real details
|
||||||
**[33Mail](http://33mail.com/Dg0gkEA)** | Automatically generates new email alliases, the first time you use them, to avoid revealing your real email address. Unlike 10 Minute Mail, these email addresses are permant, and get forwarded to your real email inbox
|
**[33Mail](http://33mail.com/Dg0gkEA)** | Automatically generates new email alliases, the first time you use them, to avoid revealing your real email address. Unlike 10 Minute Mail, these email addresses are permanent, and get forwarded to your real email inbox
|
||||||
|
|
||||||
#### Word of Warning
|
#### Word of Warning
|
||||||
*Browsers are inherintly insecure, be careful when uploading, or entering personal details*
|
*Browsers are inherintly insecure, be careful when uploading, or entering personal details.*
|
||||||
|
|
||||||
|
|
||||||
## Virtual Private Networks
|
## Virtual Private Networks
|
||||||
|
|
||||||
VPNs are good for getting round censorship, increasing protection on public WiFi, obscuring your IP address, and reducing what data your ISP can log. But for the most anonymity, you should use [Tor](https://www.torproject.org/). VPNs do not mean you are automatically protected, or anonymous (see below).
|
VPNs are good for getting round censorship, increasing protection on public WiFi, obscuring your IP address, and reducing what data your ISP can log. But for the best anonymity, you should use [Tor](https://www.torproject.org/). VPNs do not mean you are magically protected, or anonymous (see below).
|
||||||
|
|
||||||
| Provider | Description |
|
| Provider | Description |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
**[Mullvad](http://mullvad.net/en/)** | Mullvad is one of the best for privacy, they own all their own servers and have a totally anonymous sign up process, you don't need to provide any details at all, you can choose to pay annonymously too (with Monero, BTC or cash)
|
**[Mullvad](http://mullvad.net/en/)** | Mullvad is one of the best for privacy, they have a totally anonymous sign up process, you don't need to provide any details at all, you can choose to pay anonymously too (with Monero, BTC or cash)
|
||||||
**[ProtonVPN](https://protonvpn.com/)** | From the creators of ProtonMail, ProtonVPN has a solid reputation. They have a full suit of user-friendly native mobile and desktop apps. ProtonVPN is one of the few "trustworthy" providers that also offer a free plan
|
**[ProtonVPN](https://protonvpn.com/)** | From the creators of ProtonMail, ProtonVPN has a solid reputation. They have a full suit of user-friendly native mobile and desktop apps. ProtonVPN is one of the few "trustworthy" providers that also offer a free plan
|
||||||
|
|
||||||
|
|
||||||
#### Other VPN Options
|
#### Other VPN Options
|
||||||
|
|
||||||
[AirVPN](https://airvpn.org) has advanced fatures and is highly customizable, [WindScribe](https://windscribe.com/?affid=6nh59z1r) also has a ton of features as well as anonymous sign up, yet is very easy to use for all audiences with excellant cross-platform apps. See also:
|
[AirVPN](https://airvpn.org) has advanced features and is highly customizable, [WindScribe](https://windscribe.com/?affid=6nh59z1r) also has a ton of features as well as anonymous sign up, yet is very easy to use for all audiences with excellant cross-platform apps. See also:
|
||||||
[Perfect Privacy](https://www.perfect-privacy.com/en/features?a_aid=securitychecklist) -- [TorGuard](https://torguard.net/aff.php?aff=6024) -- [IVPN](https://www.ivpn.net/) -- [PureVPN](https://www.anrdoezrs.net/click-9242873-13842740) -- [NordVPN](https://www.kqzyfj.com/l5115shqnhp4E797DC8467D69A6D) -- [SwitchVPN](https://secure.switchkonnect.com/aff.php?aff=1374) -- [Safer VPN](https://safervpn.com/?a_aid=1413) -- [VirtualShield](https://virtualshield.com/?rfsn=3739717.4cba76) -- [Private Internet Access](https://www.privateinternetaccess.com/pages/cafe/digidef) -- [VPN.ac](https://vpn.ac/aff.php?aff=2178) -- [VyperVPN](https://www.dpbolvw.net/click-9242873-13805759)
|
[Perfect Privacy](https://www.perfect-privacy.com/en/features?a_aid=securitychecklist) -- [TorGuard](https://torguard.net/aff.php?aff=6024) -- [IVPN](https://www.ivpn.net/) -- [PureVPN](https://www.anrdoezrs.net/click-9242873-13842740) -- [NordVPN](https://www.kqzyfj.com/l5115shqnhp4E797DC8467D69A6D) -- [SwitchVPN](https://secure.switchkonnect.com/aff.php?aff=1374) -- [Safer VPN](https://safervpn.com/?a_aid=1413) -- [VirtualShield](https://virtualshield.com/?rfsn=3739717.4cba76) -- [Private Internet Access](https://www.privateinternetaccess.com/pages/cafe/digidef) -- [VPN.ac](https://vpn.ac/aff.php?aff=2178) -- [VyperVPN](https://www.dpbolvw.net/click-9242873-13805759)
|
||||||
|
|
||||||
**Full VPN Comparison**: [thatoneprivacysite.net](https://thatoneprivacysite.net/).
|
**Full VPN Comparison**: [thatoneprivacysite.net](https://thatoneprivacysite.net/).
|
||||||
|
|
||||||
#### Word of Warning
|
#### Word of Warning
|
||||||
- *A VPN does not make you anonymous- it merely chnages your IP accress to that of your VPN provider, instead of ISP. Your browsing session can still be linked back to your real identity either through your system details (such as user agent, screen resolution even typing patterns), cookies/ session storage, or by the identifiable data that you enter. [Read more about fingerprinting](https://pixelprivacy.com/resources/browser-fingerprinting/)*
|
- *A VPN does not make you anonymous- it merely changes your public IP address to that of your VPN provider, instead of your ISP. Your browsing session can still be linked back to your real identity either through your system details (such as user agent, screen resolution even typing patterns), cookies/ session storage, or by the identifiable data that you enter. [Read more about fingerprinting](https://pixelprivacy.com/resources/browser-fingerprinting/)*
|
||||||
- *Logging- If you choose to use a VPN because you do not agree with your ISP logging your full browsing history, then it is important to keep in mind that your VPN provider can see (and mess with) all your traffic. Many VPNs claim not to keep logs, but you cannot be certain of this. See [this article](https://gist.github.com/joepie91/5a9909939e6ce7d09e29) for more*
|
- *Logging- If you choose to use a VPN because you do not agree with your ISP logging your full browsing history, then it is important to keep in mind that your VPN provider can see (and mess with) all your traffic. Many VPNs claim not to keep logs, but you cannot be certain of this ([VPN leaks](https://vpnleaks.com/)). See [this article](https://gist.github.com/joepie91/5a9909939e6ce7d09e29) for more*
|
||||||
- *Many reviews are sponsored, and hense biased. Do your own research, or go with one of the above options*
|
- *Many reviews are sponsored, and hense biased. Do your own research, or go with one of the above options*
|
||||||
- [Tor](https://www.torproject.org/) is the best option for private browsing
|
- [Tor](https://www.torproject.org/) is the best option for private browsing
|
||||||
|
|
||||||
|
|
||||||
#### Considerations
|
#### Considerations
|
||||||
*While choosing a VPN, consider the following: Logging policy (logs are bad), Jurisdiction (avoid 5-eyes), Number of servers, availability and average load. Payment method (anonymous methods such as BTC, Monero or cash are better), Leak protection (1st-party DNS servers = good, and check if IPv6 is supported), protocols (OpenVPN and WireGuard = good). Finally, usability of their apps, user reviews and download speeds.*
|
*While choosing a VPN, consider the following: Logging policy (logs are bad), Jurisdiction (avoid 5-eyes), Number of servers, availability and average load. Payment method (anonymous methods such as BTC, Monero or cash are better), Leak protection (1st-party DNS servers = good, and check if IPv6 is supported), protocols (OpenVPN and WireGuard = good). Finally, usability of their apps, user reviews and download speeds.*
|
||||||
|
|
||||||
@ -364,15 +365,15 @@ Tor, I2P and Freenet are all anonimity networks- but they work very differently
|
|||||||
|
|
||||||
#### Notable Mentions
|
#### Notable Mentions
|
||||||
[Panoramix](https://panoramix-project.eu) is a European project, aiming to use mix-networks to provide anonymity.
|
[Panoramix](https://panoramix-project.eu) is a European project, aiming to use mix-networks to provide anonymity.
|
||||||
[Nym](https://nymtech.neteu) uses Blockchain, to reward node operators in order to keep the network sustainable.
|
[Nym](https://nymtech.neteu) uses Blockchain to reward node operators in order to keep the network sustainable.
|
||||||
|
|
||||||
#### Word of Warning
|
#### Word of Warning
|
||||||
To provide low-latency browsing, Tor does not not mix packets or generate cover traffic. If an adversary is powerful enough, theoretically they could either observe the entire network, or just the victims entry and exit nodes. It's worth mentioning, that even though your ISP can not see what you are doing, they will be able determine that you are using a mix net, to hide this- a VPN could be used. If you are doing anything which could put you at risk, then good OpSec is essential, as the authoroties have traced criminals through the Tor network before, and [made arrests](https://techcrunch.com/2019/05/03/how-german-and-us-authorities-took-down-the-owners-of-darknet-drug-emporium-wall-street-market). Don't let Tor provide a possible false sense of security- be aware of information leaks through DNS or other programs, and Tor-supported browsers may might lag behind their upstream forks, allowing for unpatched issues. See [#19](https://github.com/Lissy93/personal-security-checklist/issues/19)
|
To provide low-latency browsing, Tor does not not mix packets or generate cover traffic. If an adversary is powerful enough, theoretically he could either observe the entire network, or just the victims entry and exit nodes. It's worth mentioning, that even though your ISP can not see what you are doing, they will be able determine that you are using a mix net, to hide this- a VPN could be used. If you are doing anything which could put you at risk, then good OpSec is essential, as the authoroties have traced criminals through the Tor network before, and [made arrests](https://techcrunch.com/2019/05/03/how-german-and-us-authorities-took-down-the-owners-of-darknet-drug-emporium-wall-street-market). Don't let Tor provide a possible false sense of security- be aware of information leaks through DNS or other programs, and Tor-supported browsers may might lag behind their upstream forks, allowing for unpatched issues. See [#19](https://github.com/Lissy93/personal-security-checklist/issues/19)
|
||||||
|
|
||||||
Note: The Tor netowrk is run by the community. If you benifit from using it, and would like to help sustain uncensored internet access for all- consider [running a Tor relay](https://trac.torproject.org/projects/tor/wiki/TorRelayGuide).
|
Note: The Tor network is run by the community. If you benefit from using it and would like to help sustain uncensored internet access for all, consider [running a Tor relay](https://trac.torproject.org/projects/tor/wiki/TorRelayGuide).
|
||||||
|
|
||||||
## Proxies
|
## Proxies
|
||||||
A proxy acts as a gateway between you and the internet, they can be used to act as a firewall or web filter, improves privacy and can also be used to provide shared network connections and cache data to speed up common requests. Never use a [free](https://whatismyipaddress.com/free-proxies) proxy.
|
A proxy acts as a gateway between you and the internet, it can be used to act as a firewall or web filter, improves privacy and can also be used to provide shared network connections and cache data to speed up common requests. Never use a [free](https://whatismyipaddress.com/free-proxies) proxy.
|
||||||
|
|
||||||
| Provider | Description |
|
| Provider | Description |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
@ -411,7 +412,7 @@ Using an encrypted DNS resolver will not make you anonymous, it just makes it ha
|
|||||||
|
|
||||||
|
|
||||||
## Firewalls
|
## Firewalls
|
||||||
A firewall is a program which monitors the incoming and outgoing traffic on your network, and blocks requests based on rules set during its configuration. Properly configured, a firewall can help protect against attempts to remotely access your computer, as well as controll which applictions can access which IPs
|
A firewall is a program which monitors the incoming and outgoing traffic on your network, and blocks requests based on rules set during its configuration. Properly configured, a firewall can help protect against attempts to remotely access your computer, as well as control which applictions can access which IPs.
|
||||||
|
|
||||||
|
|
||||||
| Provider | Description |
|
| Provider | Description |
|
||||||
@ -430,7 +431,7 @@ A firewall is a program which monitors the incoming and outgoing traffic on your
|
|||||||
|
|
||||||
#### Word of Warning
|
#### Word of Warning
|
||||||
There are different [types](https://www.networkstraining.com/different-types-of-firewalls) of firewalls, that are used in different circumstances. This does not ommit the need to configure your operating systems defenses. Follow these instructions to enable your firewall in [Windows](https://support.microsoft.com/en-us/help/4028544/windows-10-turn-windows-defender-firewall-on-or-off), [Mac OS](https://support.apple.com/en-us/HT201642), [Ubuntu](https://wiki.ubuntu.com/UncomplicatedFirewall) and other [Linux ditros](https://www.tecmint.com/start-stop-disable-enable-firewalld-iptables-firewall).
|
There are different [types](https://www.networkstraining.com/different-types-of-firewalls) of firewalls, that are used in different circumstances. This does not ommit the need to configure your operating systems defenses. Follow these instructions to enable your firewall in [Windows](https://support.microsoft.com/en-us/help/4028544/windows-10-turn-windows-defender-firewall-on-or-off), [Mac OS](https://support.apple.com/en-us/HT201642), [Ubuntu](https://wiki.ubuntu.com/UncomplicatedFirewall) and other [Linux ditros](https://www.tecmint.com/start-stop-disable-enable-firewalld-iptables-firewall).
|
||||||
Even when properly configured, having a firewall enabled does not gaurantee bad network traffic can not get through
|
Even when properly configured, having a firewall enabled does not guarantee bad network traffic can not get through and especially during boot if you don't have root privileges.
|
||||||
|
|
||||||
## Network Analysis
|
## Network Analysis
|
||||||
|
|
||||||
@ -448,11 +449,11 @@ Weather you live in a country behind a firewall, or accessing the internet throu
|
|||||||
|
|
||||||
## Cloud Hosting
|
## Cloud Hosting
|
||||||
|
|
||||||
Weather you are hosting a website/ app and want to keep your users data safe, or if you are hosting your own file backup, cloud productivity suit or VPN- then choosing a provider that respects your privacy and allows you to sign up anonymously, and will keep your files and data safe will be important.
|
Weather you are hosting a website and want to keep your users data safe, or if you are hosting your own file backup, cloud productivity suit or VPN- then choosing a provider that respects your privacy and allows you to sign up anonymously, and will keep your files and data safe is be important.
|
||||||
|
|
||||||
| Provider | Description |
|
| Provider | Description |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
**[Njalla](https://njal.la)** | Njalla is privacy and security-focused a domain registrar and VPN hosting provider. They own and manage all their own servers, which are based in Sweden. They accept crypto, for anonymous payments, and allow you to sign up with OTR XMPP if you do not want to provide an email address. Both VPS and domain name pricing is reasonable, with packages starting at $15/ month
|
**[Njalla](https://njal.la)** | Njalla is a privacy and security-focused domain registrar and VPN hosting provider. They own and manage all their own servers, which are based in Sweden. They accept crypto, for anonymous payments, and allow you to sign up with OTR XMPP if you do not want to provide an email address. Both VPS and domain name pricing is reasonable, with packages starting at $15/ month
|
||||||
**[Vindo](https://www.vindohosting.com)** | Provides anonymous shared hosting, semi-managed virtual private servers and domain registration
|
**[Vindo](https://www.vindohosting.com)** | Provides anonymous shared hosting, semi-managed virtual private servers and domain registration
|
||||||
**[Private Layer](https://www.privatelayer.com)** | Offers enterprise-grade, high-speed offshore dedicated servers, they own their own data centers, have a solid privacy policy and accept anonymous payment
|
**[Private Layer](https://www.privatelayer.com)** | Offers enterprise-grade, high-speed offshore dedicated servers, they own their own data centers, have a solid privacy policy and accept anonymous payment
|
||||||
|
|
||||||
@ -461,7 +462,7 @@ See also: [1984](https://www.1984.is) based in Iceland. [Shinjiru](http://shinji
|
|||||||
|
|
||||||
|
|
||||||
#### Word of Warning
|
#### Word of Warning
|
||||||
The country that your data is hosted in, will be subject to local laws and regulations. It is therefore important to avoid a jurasdiction that is part of the [5 eyes](https://en.wikipedia.org/wiki/Five_Eyes) (Australia, Canada, New Zealand, US and UK) and [other international cooperatives](https://en.wikipedia.org/wiki/Five_Eyes#Other_international_cooperatives) who have legal right to view your data
|
The country that your data is hosted in, will be subject to local laws and regulations. It is therefore important to avoid a jurisdiction that is part of the [5 eyes](https://en.wikipedia.org/wiki/Five_Eyes) (Australia, Canada, New Zealand, US and UK) and [other international cooperatives](https://en.wikipedia.org/wiki/Five_Eyes#Other_international_cooperatives) who have legal right to view your data.
|
||||||
|
|
||||||
## Domain Registrars
|
## Domain Registrars
|
||||||
|
|
||||||
@ -482,7 +483,7 @@ The country that your data is hosted in, will be subject to local laws and regul
|
|||||||
**[Notable](https://notable.md)** | Markdown-based note editior for desktop, with a simple, yet feature-rich UI. All notes are saved individually as .md files, making them easy to manage. No mobile app, or built-in cloud-sync or encryption
|
**[Notable](https://notable.md)** | Markdown-based note editior for desktop, with a simple, yet feature-rich UI. All notes are saved individually as .md files, making them easy to manage. No mobile app, or built-in cloud-sync or encryption
|
||||||
|
|
||||||
#### Notable Mentions
|
#### Notable Mentions
|
||||||
If you are already tied into Evernote, One Note etc, then [SafeRoom](https://www.getsaferoom.com) is a utility that encrypts your entire notebook, before it is uploaded to the cloud. [Org Mode](https://orgmode.org) is a very comprehnsive CLI tool for keeping notes, maintaining todo lists, planning projects, and authoring documents -based on a fast and effective plain-text system, from the command line. For a simple plain text note taking app, with strong encryption, see [Protected Text](https://www.protectedtext.com), which works well with the [Safe Notes](https://play.google.com/store/apps/details?id=com.protectedtext.android) Android app
|
If you are already tied into Evernote, One Note etc, then [SafeRoom](https://www.getsaferoom.com) is a utility that encrypts your entire notebook, before it is uploaded to the cloud. [Org Mode](https://orgmode.org) is a very comprehensive CLI tool for keeping notes, maintaining todo lists, planning projects, and authoring documents -based on a fast and effective plain-text system, from the command line. For a simple plain text note taking app, with strong encryption, see [Protected Text](https://www.protectedtext.com), which works well with the [Safe Notes](https://play.google.com/store/apps/details?id=com.protectedtext.android) Android app
|
||||||
|
|
||||||
|
|
||||||
## Cloud Productivity Suits
|
## Cloud Productivity Suits
|
||||||
@ -502,7 +503,7 @@ If you are already tied into Evernote, One Note etc, then [SafeRoom](https://www
|
|||||||
| --- | --- |
|
| --- | --- |
|
||||||
**[SeaFile](https://www.seafile.com)** | An open source cloud storage and sync solution. Files are grouped into Libraries, which can be individually encrypted, shared of synced. Docker image available for easy deployment, and native clients for Windows, Mac, Linux, Android and iOS
|
**[SeaFile](https://www.seafile.com)** | An open source cloud storage and sync solution. Files are grouped into Libraries, which can be individually encrypted, shared of synced. Docker image available for easy deployment, and native clients for Windows, Mac, Linux, Android and iOS
|
||||||
**[Syncthing](https://syncthing.net)** | Continuous file synchronization between 2 or more clients. It is simple, yet powerful, and fully-encrypted and private. Syncthing can be deployed with Docker, and there are native clients for Windows, Mac, Linux, BSD and Android
|
**[Syncthing](https://syncthing.net)** | Continuous file synchronization between 2 or more clients. It is simple, yet powerful, and fully-encrypted and private. Syncthing can be deployed with Docker, and there are native clients for Windows, Mac, Linux, BSD and Android
|
||||||
**[NextCloud](https://nextcloud.com)** | Feature-rich productivity platform, that can be used to backup and selectively sync encrypted files and folders between 1 or more clients. See [setting up sync](https://docs.nextcloud.com/desktop/2.3/installing.html). A key benifit the wide range of plug-ins in the [NextCloud App Store](https://apps.nextcloud.com), maintained by the community. NextCloud was a hard fork off [OwnCloud](https://owncloud.org).
|
**[NextCloud](https://nextcloud.com)** | Feature-rich productivity platform, that can be used to backup and selectively sync encrypted files and folders between 1 or more clients. See [setting up sync](https://docs.nextcloud.com/desktop/2.3/installing.html). A key benifit the wide range of plug-ins in the [NextCloud App Store](https://apps.nextcloud.com), maintained by the community. NextCloud was a hard fork off [OwnCloud](https://owncloud.org).
|
||||||
|
|
||||||
|
|
||||||
#### Notable Mentions
|
#### Notable Mentions
|
||||||
@ -513,7 +514,7 @@ Alternatively, consider a headless utility such as [Duplicacy](https://duplicacy
|
|||||||
[FileRun](https://filerun.com) and [Pydio](https://pydio.com) are self-hosted file explorers, with cross-platform sync capabilities.
|
[FileRun](https://filerun.com) and [Pydio](https://pydio.com) are self-hosted file explorers, with cross-platform sync capabilities.
|
||||||
|
|
||||||
#### Word of Warning
|
#### Word of Warning
|
||||||
You should always ensure that any data stored in the cloud is encrypted. If you are hosting your own server, then take the necissary precautions to [secure the server](https://med.stanford.edu/irt/security/servers.html). For hosted solutions- use a strong password, keep your credentials safe and enable 2FA.
|
You should always ensure that any data stored in the cloud is encrypted. If you are hosting your own server, then take the necessary precautions to [secure the server](https://med.stanford.edu/irt/security/servers.html). For hosted solutions- use a strong password, keep your credentials safe and enable 2FA.
|
||||||
|
|
||||||
|
|
||||||
## File Drop
|
## File Drop
|
||||||
@ -531,7 +532,7 @@ You should always ensure that any data stored in the cloud is encrypted. If you
|
|||||||
|
|
||||||
## Social Networks
|
## Social Networks
|
||||||
|
|
||||||
Over the past decade, social networks have revolutionized the way we communicate and bought the world closer together- but it came at the [cost of our privacy](https://en.wikipedia.org/wiki/Privacy_concerns_with_social_networking_services). Social networks are built on the principle of sharing- but you, the user should be able to choose with whom you share what, and that is what the following sites aim to do
|
Over the past decade, social networks have revolutionized the way we communicate and bought the world closer together- but it came at the [cost of our privacy](https://en.wikipedia.org/wiki/Privacy_concerns_with_social_networking_services). Social networks are built on the principle of sharing- but you, the user should be able to choose with whom you share what, and that is what the following sites aim to do.
|
||||||
|
|
||||||
| Provider | Description |
|
| Provider | Description |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
@ -544,7 +545,7 @@ Over the past decade, social networks have revolutionized the way we communicate
|
|||||||
#### Other Notable Mentions
|
#### Other Notable Mentions
|
||||||
- [diaspora\*](https://diasporafoundation.org), [Pleroma](https://pleroma.social) and [Friendica](https://friendi.ca) - distributed, decentralized social networks, built on open protocols
|
- [diaspora\*](https://diasporafoundation.org), [Pleroma](https://pleroma.social) and [Friendica](https://friendi.ca) - distributed, decentralized social networks, built on open protocols
|
||||||
- [Tildes](https://tildes.net), [Lemmy](https://dev.lemmy.ml) and [notabug.io](https://notabug.io) - bulletin boards and news aggregators (similar to Reddit)
|
- [Tildes](https://tildes.net), [Lemmy](https://dev.lemmy.ml) and [notabug.io](https://notabug.io) - bulletin boards and news aggregators (similar to Reddit)
|
||||||
- [Pixelfed](https://pixelfed.org) - photo sharing (similar to Instagram)
|
- [Pixelfed](https://pixelfed.org) - A free, ethical, federated photo sharing platform (FOSS alternative to Instagram)
|
||||||
|
|
||||||
#### Main-stream networks
|
#### Main-stream networks
|
||||||
The content on many of these smaller sites tends to be more *niche*. To continue using Twitter, there are a couple of [tweaks](https://www.offensiveprivacy.com/blog/twitter-privacy), that will improve security. For Reddit, use a privacy-respecting client- such as [Reditr](http://reditr.com/). Other main-stream social networking sites do not respect your privacy, so should be avoided, but if you choose to keep using them see [this guide](https://proprivacy.com/guides/social-media-privacy-guide) for tips on protecting your privacy
|
The content on many of these smaller sites tends to be more *niche*. To continue using Twitter, there are a couple of [tweaks](https://www.offensiveprivacy.com/blog/twitter-privacy), that will improve security. For Reddit, use a privacy-respecting client- such as [Reditr](http://reditr.com/). Other main-stream social networking sites do not respect your privacy, so should be avoided, but if you choose to keep using them see [this guide](https://proprivacy.com/guides/social-media-privacy-guide) for tips on protecting your privacy
|
||||||
@ -554,8 +555,8 @@ The content on many of these smaller sites tends to be more *niche*. To continue
|
|||||||
|
|
||||||
| Provider | Description |
|
| Provider | Description |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
**[PeerTube](https://joinpeertube.org)** | And open source, federated network of inter-connected small videos hosters. You can [self-host](https://docs.joinpeertube.org/#/install-any-os), or [find an instance](https://joinpeertube.org/instances#instances-list), and then watch videos from any PeerTube server
|
**[PeerTube](https://joinpeertube.org)** | Free and open-source federated video platform that uses peer-to-peer technology to reduce load on individual servers when viewing videos. You can [self-host](https://docs.joinpeertube.org/#/install-any-os), or [find an instance](https://joinpeertube.org/instances#instances-list), and then watch videos from any PeerTube server
|
||||||
**[DTube](https://d.tube)** | A decentralized video platform with little to no moderation that uses cryptocurrency and blockchain technology to pay its users, and it ad-free
|
**[DTube](https://d.tube)** | A decentralized and ad-free video platform with little to no moderation that uses cryptocurrency and blockchain technology to pay its users.
|
||||||
**[BitTube](https://bittube.tv)** | A peer-to-peer, decentralized, censorship-free, ad-free video sharing and live streaming platform based on IPFS and blockchain technology
|
**[BitTube](https://bittube.tv)** | A peer-to-peer, decentralized, censorship-free, ad-free video sharing and live streaming platform based on IPFS and blockchain technology
|
||||||
**[BitChute](https://www.bitchute.com/)** | A video hosting platform, that was founded in 2017 to allow uploaders to avoid content rules enforced on other platforms, such as YouTube
|
**[BitChute](https://www.bitchute.com/)** | A video hosting platform, that was founded in 2017 to allow uploaders to avoid content rules enforced on other platforms, such as YouTube
|
||||||
|
|
||||||
@ -572,16 +573,16 @@ The content on many of the smaller video sites, often just doesn't compare to Yo
|
|||||||
|
|
||||||
| Provider | Description |
|
| Provider | Description |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
**[Write Freely](https://writefreely.org)** | Free and open source software with a clian UI, for creating a minimalist, federated blog. For premium or enterprise hosted plans, see [Write.as](https://write.as), or to host your own, check out the [repo on GitHub](https://github.com/writeas/writefreely)
|
**[Write Freely](https://writefreely.org)** | Free and open source software with a clean UI, for creating a minimalist, federated blog. For premium or enterprise hosted plans, see [Write.as](https://write.as), or to host your own, check out the [repo on GitHub](https://github.com/writeas/writefreely)
|
||||||
**[Telegraph](https://telegra.ph)** | Created by [Telegram](https://www.theverge.com/2016/11/23/13728726/telegram-anonymous-blogging-platform-telegraph), Telegraph is fast, anonymous and simple
|
**[Telegraph](https://telegra.ph)** | Created by [Telegram](https://www.theverge.com/2016/11/23/13728726/telegram-anonymous-blogging-platform-telegraph), Telegraph is fast, anonymous and simple
|
||||||
|
|
||||||
#### Notable Mentions
|
#### Notable Mentions
|
||||||
|
|
||||||
If you use [Standard Notes](https://standardnotes.org/?s=chelvq36), then [Listed.to](https://listed.to) is a public blogging platform with strong privacy features, it lets you publish posts directly through the Standard Notes app or web interface. Other minimilistic platforms include [Notepin.co](https://notepin.co) and [Pen.io](http://pen.io)
|
If you use [Standard Notes](https://standardnotes.org/?s=chelvq36), then [Listed.to](https://listed.to) is a public blogging platform with strong privacy features. It lets you publish posts directly through the Standard Notes app or web interface. Other minimalistic platforms include [Notepin.co](https://notepin.co) and [Pen.io](http://pen.io).
|
||||||
|
|
||||||
Want to write a simple text post and promote it yourself? Check out [telegra.ph](https://telegra.ph), [txt.fyi](https://txt.fyi) and [NotePin](https://notepin.co). For seriously anonymous platforms, aimed at activists, see [noblogs](https://noblogs.org/) and [autistici](https://www.autistici.org). It is also possible to host a normal [WordPress](https://wordpress.com) site, without it being linked to your real identity, although WP does not have the best reputation when it comes to privacy.
|
Want to write a simple text post and promote it yourself? Check out [telegra.ph](https://telegra.ph), [txt.fyi](https://txt.fyi) and [NotePin](https://notepin.co). For seriously anonymous platforms, aimed at activists, see [noblogs](https://noblogs.org/) and [autistici](https://www.autistici.org). It is also possible to host a normal [WordPress](https://wordpress.com) site, without it being linked to your real identity, although WP does not have the best reputation when it comes to privacy.
|
||||||
|
|
||||||
Of course you could also host your blog on your own server, using a standard open source blog platform, such as [Ghost](https://ghost.org) and configure it to disable all trackers, ads and analytics
|
Of course you could also host your blog on your own server, using a standard open source blog platform, such as [Ghost](https://ghost.org) and configure it to disable all trackers, ads and analytics.
|
||||||
|
|
||||||
|
|
||||||
## News Readers and Aggregation
|
## News Readers and Aggregation
|
||||||
@ -590,7 +591,7 @@ Of course you could also host your blog on your own server, using a standard ope
|
|||||||
| --- | --- |
|
| --- | --- |
|
||||||
**[Tiny RSS](https://tt-rss.org)** | A free and open source web-based news feed (RSS/Atom) reader and aggregator
|
**[Tiny RSS](https://tt-rss.org)** | A free and open source web-based news feed (RSS/Atom) reader and aggregator
|
||||||
**[RSSOwl](http://www.rssowl.org)** | A desktop-based RSS reader, with powerful organisation features
|
**[RSSOwl](http://www.rssowl.org)** | A desktop-based RSS reader, with powerful organisation features
|
||||||
**[Feedly](https://feedly.com)** | A more premium option, Feedly displays news from your selected sources in an easy-to-digest clean and modern interface. It works with more than just RSS feeds, since it is well integrated with many major news outlets. It does not manipulate the stories you see, and is mostly open source
|
**[Feedly](https://feedly.com)** | A more premium option. Feedly displays news from your selected sources in an easy-to-digest clean and modern interface. It works with more than just RSS feeds, since it is well integrated with many major news outlets. It does not manipulate the stories you see, and is mostly open source
|
||||||
|
|
||||||
#### Notable Mentions
|
#### Notable Mentions
|
||||||
For iPhone users in the US, [Tonic](https://canopy.cr/tonic) is a great little app that provides you with a selection of personalized new stories and articles daily. It is possible to us [Reddit](https://www.reddit.com) anonymously too- you can use throwaway accounts for posting.
|
For iPhone users in the US, [Tonic](https://canopy.cr/tonic) is a great little app that provides you with a selection of personalized new stories and articles daily. It is possible to us [Reddit](https://www.reddit.com) anonymously too- you can use throwaway accounts for posting.
|
||||||
@ -601,16 +602,16 @@ News reader apps don't have a good [reputation](https://vpnoverview.com/privacy/
|
|||||||
|
|
||||||
## Payment Methods
|
## Payment Methods
|
||||||
|
|
||||||
Paying for goods and services is a good example of where privacy and security conflict; the most secure option would be to pay with credit card, since most providers include fraud protection, whereas the most private option would be to pay using crypto currency or cash, since neither can be easily tied back to your identity
|
Paying for goods and services is a good example of where privacy and security conflict; the most secure option would be to pay with credit card, since most providers include fraud protection, whereas the most private option would be to pay using crypto currency or cash, since neither can be easily tied back to your identity.
|
||||||
|
|
||||||
| Provider | Description |
|
| Provider | Description |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
**[Monero](https://www.getmonero.org)** | One of the most private cryptocurrencies, since no meta data is available (not even the transaction amount). It uses complex on-chain cryptographic methods such as Ring signatures, RingCT, Kovri, and Stealth addresses all of which help protect the privacy of users
|
**[Monero](https://www.getmonero.org)** | One of the most private cryptocurrencies, since no meta data is available (not even the transaction amount). It uses complex on-chain cryptographic methods such as Ring signatures, RingCT, Kovri, and Stealth addresses all of which help protect the privacy of users
|
||||||
**[ZCash](https://z.cash)** | Uses zero-knowledge proofs to protect privacy cryptographic technique, that allow two users to transact without ever revealing their true identity or address. The Zcash blockchain doesn't record any send or receive addresses
|
**[ZCash](https://z.cash)** | Uses zero-knowledge proofs to protect privacy cryptographic technique, that allows two users to transact without ever revealing their true identity or address. The Zcash blockchain doesn't record any send or receive addresses
|
||||||
|
|
||||||
|
|
||||||
#### Notable Mentions
|
#### Notable Mentions
|
||||||
Cash is still the most private option, with no chance of leaving any transactional records. See also PIVX, Bitcoin Private and Verge. Also Pirate, Komodo and ZenCash which are hard-forks off of ZCash, with some additional privacy features built-in.
|
Cash is still the most private option, with no chance of leaving any transactional records. See also PIVX, Bitcoin Private and Verge. Also Pirate, Komodo and ZenCash which are hard-forks off of ZCash, with some additional privacy features built-in.
|
||||||
|
|
||||||
|
|
||||||
#### Word of Warning
|
#### Word of Warning
|
||||||
@ -629,11 +630,11 @@ Not all cryptocurrencies are anonymous, and without using a privacy-focused coin
|
|||||||
#### Notable Mentions
|
#### Notable Mentions
|
||||||
Your operating system's built-in protection is probably adequate for detecting 99% of threats. Installing additional software can introduce more vulnerabilities, so downloading AV may actually increase your attack surface.
|
Your operating system's built-in protection is probably adequate for detecting 99% of threats. Installing additional software can introduce more vulnerabilities, so downloading AV may actually increase your attack surface.
|
||||||
|
|
||||||
Windows, by default is not very private. There are several packages that can be used to quickly tweak privacy settings. Such as [Simple Wall](https://github.com/henrypp/simplewall), [priv10](https://github.com/DavidXanatos/priv10), [Fix-Windows-Privacy](https://modzero.github.io/fix-windows-privacy/) and [W10 Privacy](https://www.w10privacy.de/english-home) (see [Video Tutorial](https://www.youtube.com/watch?v=qttbd2Ouxmc)). Use at your own risk, disabling sore OS features can cause unintended consequences. See also, this [Windows 10 Privacy Guide](https://github.com/adolfintel/Windows10-Privacy) for manual steps
|
Windows, by default is not very private. There are several packages that can be used to quickly tweak privacy settings. Such as [Simple Wall](https://github.com/henrypp/simplewall), [priv10](https://github.com/DavidXanatos/priv10), [Fix-Windows-Privacy](https://modzero.github.io/fix-windows-privacy/) and [W10 Privacy](https://www.w10privacy.de/english-home) (see [Video Tutorial](https://www.youtube.com/watch?v=qttbd2Ouxmc)). Use at your own risk, disabling some OS features can cause unintended consequences. See also, this [Windows 10 Privacy Guide](https://github.com/adolfintel/Windows10-Privacy) for manual steps.
|
||||||
|
|
||||||
|
|
||||||
#### Word of Warning
|
#### Word of Warning
|
||||||
Many anti virus products have a history of introducing bad vulnerabilities themselves, and several of them seriously degrade the performance of your computer, as well as decrease your privacy. Never use a free anti-virus, and never trust the companies that offer free solutions, even if you pay for the premium package. This includes (but not limited to) Avast, AVG, McAfee and Kasperky. For AV to be effective, it needs intermate access to all areas of your PC, so it is important to go with a trusted vendor, and monitor it's activity closley. Read more about why you shouldn't use [Anti-Spy Tools, on Windows](https://as93.link/gjlj4).
|
Many anti virus products have a history of introducing vulnerabilities themselves, and several of them seriously degrade the performance of your computer, as well as decrease your privacy. Never use a free anti-virus, and never trust the companies that offer free solutions, even if you pay for the premium package. This includes (but not limited to) Avast, AVG, McAfee and Kasperky. For AV to be effective, it needs intermate access to all areas of your PC, so it is important to go with a trusted vendor, and monitor it's activity closley. Read more about why you shouldn't use [Anti-Spy Tools, on Windows](https://as93.link/gjlj4).
|
||||||
|
|
||||||
|
|
||||||
## Mobile Operating Systems
|
## Mobile Operating Systems
|
||||||
@ -650,7 +651,7 @@ collecting a wealth of information, and logging your every move. A [custom ROM](
|
|||||||
#### Other Notable Mentions
|
#### Other Notable Mentions
|
||||||
[Replicant OS](https://www.replicant.us/) is a fully-featured distro, with an emphasis on freedom, privacy and security. [MmniRom](https://www.omnirom.org/), [Recursion Remix](https://forum.xda-developers.com/remix), and [Paranoid Android](http://paranoidandroid.co/) are also popular options. Alternativley, [Ubuntu Touch](https://ubports.com/) is a Linux (Ubuntu)- based OS. It is secure by design and runs on almost any device, - but it does fall short when it comes to the app store.
|
[Replicant OS](https://www.replicant.us/) is a fully-featured distro, with an emphasis on freedom, privacy and security. [MmniRom](https://www.omnirom.org/), [Recursion Remix](https://forum.xda-developers.com/remix), and [Paranoid Android](http://paranoidandroid.co/) are also popular options. Alternativley, [Ubuntu Touch](https://ubports.com/) is a Linux (Ubuntu)- based OS. It is secure by design and runs on almost any device, - but it does fall short when it comes to the app store.
|
||||||
|
|
||||||
To install apps, without Play Store- see [F-Droid](https://f-droid.org/en/). For Google Play Service see [MicroG](https://microg.org/)
|
To install apps on the Play Store without using the Play Store app see [Aurora Store](https://gitlab.com/AuroraOSS/AuroraStore). For Google Play Service see [MicroG](https://microg.org/)
|
||||||
|
|
||||||
|
|
||||||
#### Word of Warning
|
#### Word of Warning
|
||||||
@ -663,7 +664,7 @@ It is not recommended to root, or flash your device with a custom ROM if you are
|
|||||||
|
|
||||||
## PC Operating Systems
|
## PC Operating Systems
|
||||||
|
|
||||||
Windows 10 has many features, that violate your privacy. Microsoft and Apple are able to collect all your data (including, but not limited to: keystrokes, searches and mic input, calendar data, music, photos, credit card information and purchases. Identity, passwords, contacts, conversations and location data). Microsoft Windows is also more suseptible to malware and viruses, than alternative systems.
|
Windows 10 has many features that violate your privacy. Microsoft and Apple are able to collect all your data (including, but not limited to: keystrokes, searches and mic input, calendar data, music, photos, credit card information and purchases, identity, passwords, contacts, conversations and location data). Microsoft Windows is also more susceptible to malware and viruses, than alternative systems.
|
||||||
|
|
||||||
| Provider | Description |
|
| Provider | Description |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
@ -675,11 +676,11 @@ Windows 10 has many features, that violate your privacy. Microsoft and Apple are
|
|||||||
|
|
||||||
|
|
||||||
#### General Purpose Linux Distros
|
#### General Purpose Linux Distros
|
||||||
If you do not want to use a specalist security-based distro, or you are new to Unix- then just switching to any well-maintained Linux distro, is going to be significantly more secure and private than Windows or Mac OS. Since it is open source, majour distros are constantly being audited by members of the community. Also Linux does not give users admin rights by default- this makes is much less likley that your system could become infected with malware. And of course, there is no proprietary Microsoft or Apple software constantly monitoring everything you do, and building up a data profile on you.
|
If you do not want to use a specalist security-based distro, or you are new to Unix- then just switching to any well-maintained Linux distro, is going to be significantly more secure and private than Windows or Mac OS. Since it is open source, major distros are constantly being audited by members of the community. Also Linux does not give users admin rights by default- this makes is much less likley that your system could become infected with malware. And of course, there is no proprietary Microsoft or Apple software constantly monitoring everything you do, and building up a data profile on you.
|
||||||
|
|
||||||
Some good distros to consider would be: **[Fedora](https://getfedora.org/)**, **[Debian](https://www.debian.org/)**, or **[Arch](https://www.archlinux.org/)**- all of which have a large community behind them. **[Manjaro](https://manjaro.org/)** (based of Arch), is also a good option, with a simple install process. Used by new comers, and expers alike. See [comparison](https://en.wikipedia.org/wiki/Comparison_of_Linux_distributions).
|
Some good distros to consider would be: **[Fedora](https://getfedora.org/)**, **[Debian](https://www.debian.org/)**, or **[Arch](https://www.archlinux.org/)**- all of which have a large community behind them. **[Manjaro](https://manjaro.org/)** (based of Arch), is also a good option, with a simple install process. Used by new comers, and expers alike. See [comparison](https://en.wikipedia.org/wiki/Comparison_of_Linux_distributions).
|
||||||
|
|
||||||
Alternativley BSD systems arguably have far superior network stacks. **[OpenBSD](https://www.openbsd.org)** is designed for maximum security — not just with its features, but with its implementation practices. It’s a commonly used OS by banks and critical systems. **[FreeBSD ](https://www.freebsd.org)** is more popular, and aims for high performance and ease of use.
|
Alternativley BSD systems arguably have far superior network stacks. **[OpenBSD](https://www.openbsd.org)** is designed for maximum security — not just with its features, but with its implementation practices. It’s a commonly used OS by banks and critical systems. **[FreeBSD](https://www.freebsd.org)** is more popular, and aims for high performance and ease of use.
|
||||||
|
|
||||||
|
|
||||||
#### Improve the Security and Privacy of your current OS
|
#### Improve the Security and Privacy of your current OS
|
||||||
@ -731,7 +732,7 @@ If you have chosen to stick with your current OS, there are a couple of things y
|
|||||||
|
|
||||||
## Home Automation
|
## Home Automation
|
||||||
|
|
||||||
If you have smart devices within your home, you should consider running the automation locally, rather than using a cloud service. This will reduce the amount of exploits you could potentially be vulnerable to. It is also important to have network monitoring and firewalls enabled, to ensure suspicious activity is flagged or blocked. The following projects will make controlling and monitoring IoT devices within your home easier, safer and more private
|
If you have smart devices within your home, you should consider running the automation locally, rather than using a cloud service. This will reduce the amount of exploits you could potentially be vulnerable to. It is also important to have network monitoring and firewalls enabled, to ensure suspicious activity is flagged or blocked. The following projects will make controlling and monitoring IoT devices within your home easier, safer and more private.
|
||||||
|
|
||||||
| Provider | Description |
|
| Provider | Description |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
@ -741,15 +742,15 @@ If you have smart devices within your home, you should consider running the auto
|
|||||||
**[Node-RED](https://nodered.org)** | Node-RED is a programming tool for wiring together hardware devices, APIs and online services, it provides a browser-based editor that makes it easy to build flows with a wide range of supported nodes, and it is easy to deploy locally in your network
|
**[Node-RED](https://nodered.org)** | Node-RED is a programming tool for wiring together hardware devices, APIs and online services, it provides a browser-based editor that makes it easy to build flows with a wide range of supported nodes, and it is easy to deploy locally in your network
|
||||||
|
|
||||||
#### Notable Mentions
|
#### Notable Mentions
|
||||||
For creating dashboard from IoT devices, see [ThingsBoard](https://thingsboard.io). Another home automation tool is [FHEM](https://fhem.de/fhem.html), which has been around for a while and needs a bit more work to get up and running, but is still a popular option
|
For creating dashboard from IoT devices, see [ThingsBoard](https://thingsboard.io). Another home automation tool is [FHEM](https://fhem.de/fhem.html), which has been around for a while and needs a bit more work to get up and running, but is still a popular option.
|
||||||
|
|
||||||
#### Word of Warning
|
#### Word of Warning
|
||||||
IoT smart home devices can open you up to many security risks and exploits. It is really important that you configure them correctly, setting strong unique passwords, turn off data sharing, and if possible restrict internet access so devices can only communicate within your local network. See [Smart Home Security Checklist](https://github.com/Lissy93/personal-security-checklist#smart-home) for more tips
|
IoT smart home devices can open you up to many security risks and exploits. It is really important that you configure them correctly, setting strong unique passwords, turn off data sharing, and if possible restrict internet access so devices can only communicate within your local network. See [Smart Home Security Checklist](https://github.com/Lissy93/personal-security-checklist#smart-home) for more tips.
|
||||||
|
|
||||||
|
|
||||||
## AI Voice Assistants
|
## AI Voice Assistants
|
||||||
|
|
||||||
Google Assistant, Alexa and Siri don't have the best [reputation](https://srlabs.de/bites/smart-spies) when it comses to protecting consumers privacy, there have been [many recent breached](https://www.theverge.com/2019/10/21/20924886/alexa-google-home-security-vulnerability-srlabs-phishing-eavesdropping). For that reason it is recommended not to have these devices in your house. The following are open source AI voice assistants, that aim to provide a human voice interface while also protecting your privacy and security
|
Google Assistant, Alexa and Siri don't have the best [reputation](https://srlabs.de/bites/smart-spies) when it comes to protecting consumers privacy, there have been [many recent breaches](https://www.theverge.com/2019/10/21/20924886/alexa-google-home-security-vulnerability-srlabs-phishing-eavesdropping). For that reason it is recommended not to have these devices in your house. The following are open source AI voice assistants, that aim to provide a human voice interface while also protecting your privacy and security
|
||||||
|
|
||||||
| Provider | Description |
|
| Provider | Description |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
@ -757,14 +758,13 @@ Google Assistant, Alexa and Siri don't have the best [reputation](https://srlabs
|
|||||||
**[Kalliope](https://kalliope-project.github.io)** | An open source, modular always-on voice controlled personal assistant designed for home automation. It runs well on Raspberry Pi, Debian or Ubuntu and is easy to program with simple YAML-based skills, but does not have a wide library of pre-built add-ons
|
**[Kalliope](https://kalliope-project.github.io)** | An open source, modular always-on voice controlled personal assistant designed for home automation. It runs well on Raspberry Pi, Debian or Ubuntu and is easy to program with simple YAML-based skills, but does not have a wide library of pre-built add-ons
|
||||||
|
|
||||||
#### Notable Mentions
|
#### Notable Mentions
|
||||||
For a desktop-based assistant, see [Dragonfire](https://github.com/DragonComputer/Dragonfire) for Ubunto, and [Jarvis](https://github.com/sukeesh/Jarvis) for MacOS. [LinTO](https://linto.ai), [Jovo](https://www.jovo.tech) and [Snips](https://snips.ai) are private-by-design voice assistant frameworks that can be built on by developers, or used by enterprises. [Jasper](https://jasperproject.github.io), [Stephanie](https://github.com/SlapBot/stephanie-va) and [Hey Athena](https://github.com/rcbyron/hey-athena-client) are Python-based voice assistant, but neither is under active development anymore. See also [OpenAssistant](https://openassistant.org).
|
For a desktop-based assistant, see [Dragonfire](https://github.com/DragonComputer/Dragonfire) for Ubuntu, and [Jarvis](https://github.com/sukeesh/Jarvis) for MacOS. [LinTO](https://linto.ai), [Jovo](https://www.jovo.tech) and [Snips](https://snips.ai) are private-by-design voice assistant frameworks that can be built on by developers, or used by enterprises. [Jasper](https://jasperproject.github.io), [Stephanie](https://github.com/SlapBot/stephanie-va) and [Hey Athena](https://github.com/rcbyron/hey-athena-client) are Python-based voice assistant, but neither is under active development anymore. See also [OpenAssistant](https://openassistant.org).
|
||||||
|
|
||||||
#### Word of Warning
|
#### Word of Warning
|
||||||
If you are building your own assistant, you may want to consider a hardware-switch for disabling the microphone. Keep tabs on issues and check the code, to ensure you are happy with how it works, from a privacy perspective
|
If you are building your own assistant, you may want to consider a hardware-switch for disabling the microphone. Keep tabs on issues and check the code, to ensure you are happy with how it works, from a privacy perspective.
|
||||||
|
|
||||||
|
|
||||||
## Bonus #1 - Alternatives to Google
|
## Bonus #1 - Alternatives to Google
|
||||||
|
|
||||||
Moving away from Google, and using multiple alternative apps will mean there is no single source of tracking. Open source and privacy-focused software is best
|
Moving away from Google, and using multiple alternative apps will mean there is no single source of tracking. Open source and privacy-focused software is best
|
||||||
|
|
||||||
- Academic: [RefSeek](https://www.refseek.com), [Microsoft Academic](https://academic.microsoft.com), [More Academic Search Engines](https://en.wikipedia.org/wiki/List_of_academic_databases_and_search_engines)
|
- Academic: [RefSeek](https://www.refseek.com), [Microsoft Academic](https://academic.microsoft.com), [More Academic Search Engines](https://en.wikipedia.org/wiki/List_of_academic_databases_and_search_engines)
|
||||||
@ -790,7 +790,7 @@ Moving away from Google, and using multiple alternative apps will mean there is
|
|||||||
- Search: [DuckDuckGo](https://duckduckgo.com), [Start Page](https://www.startpage.com), [Qwant](https://www.qwant.com)
|
- Search: [DuckDuckGo](https://duckduckgo.com), [Start Page](https://www.startpage.com), [Qwant](https://www.qwant.com)
|
||||||
- Sync: [SeaFile](https://www.seafile.com), [Syncthing](https://syncthing.net), [NextCloud](https://nextcloud.com), [Duplicacy](https://duplicacy.com)
|
- Sync: [SeaFile](https://www.seafile.com), [Syncthing](https://syncthing.net), [NextCloud](https://nextcloud.com), [Duplicacy](https://duplicacy.com)
|
||||||
- Translate: [Apertium](https://www.apertium.org)
|
- Translate: [Apertium](https://www.apertium.org)
|
||||||
- Videos: [PeerTube](https://joinpeertube.org), [BitChute](https://www.bitchute.com) (Caution: Not moderated)
|
- Youtube: [PeerTube](https://joinpeertube.org), [BitChute](https://www.bitchute.com) (Caution: Not moderated)
|
||||||
- Weather: [Open Weather Map](https://openweathermap.org)
|
- Weather: [Open Weather Map](https://openweathermap.org)
|
||||||
|
|
||||||
|
|
||||||
@ -954,11 +954,11 @@ This list is intended to aid you in auditing the security of your own systems, a
|
|||||||
|
|
||||||
### Conclusion
|
### Conclusion
|
||||||
|
|
||||||
Many coporations that put profit before people, collecting data and exploiting privacy, many claim to to secure but without being open source it can't be verified, and it is always too late once there has been a breach. Switching to privacy-respecting, open souece software will drastically help inmprove your security, privacy and anonimity online.
|
Many coporations put profit before people, collecting data and exploiting privacy. Many claim to be secure but without being open source it can't be verified and it is always too late once there has been a breach. Switching to privacy-respecting open source software will drastically help improving your security, privacy and anonymity online.
|
||||||
|
|
||||||
However, that's not all you need to do- it is important to also: Use strong and unique passwords, 2-factor authentication,
|
However, that's not all you need to do. It is also important to : use strong and unique passwords, 2-factor authentication,
|
||||||
adopt good networking practices and be mindful of data that is collected when browsing the web. You can see the full
|
adopt good networking practices and be mindful of data that are collected when browsing the web. You can see the full
|
||||||
**[personal security checklist](https://github.com/Lissy93/personal-security-checklist/blob/master/README.md)** for more tips to staying safe 🔐
|
**[personal security checklist](https://github.com/Lissy93/personal-security-checklist/blob/master/README.md)** for more tips to stay safe.
|
||||||
|
|
||||||
### See Also
|
### See Also
|
||||||
|
|
||||||
@ -974,7 +974,7 @@ So while your here, why not also check out the files linked to above 😉
|
|||||||
|
|
||||||
No piece of software is truly secure or private.
|
No piece of software is truly secure or private.
|
||||||
|
|
||||||
Software is only as secure as the system it is running on. You keep your devices up-to-date and follow good security practices.
|
Software is only as secure as the system it is running on. You need to keep your devices up-to-date and follow good security practices.
|
||||||
|
|
||||||
It is a good idea to keep your trusted software base small, to reduce potential attack surface. At the same time trusting a single application for too many tasks could be a weakness in your system. So you will need to judge the situation according to your threat model, and carefully plan which software and applications you trust with each segment of your data.
|
It is a good idea to keep your trusted software base small, to reduce potential attack surface. At the same time trusting a single application for too many tasks could be a weakness in your system. So you will need to judge the situation according to your threat model, and carefully plan which software and applications you trust with each segment of your data.
|
||||||
|
|
||||||
@ -986,7 +986,7 @@ When using a hosted or property solution- always check the privacy policy, resea
|
|||||||
|
|
||||||
This list contains packages that range from entry-level to advanced, a lot of the software here will not be appropriate for all audiences.
|
This list contains packages that range from entry-level to advanced, a lot of the software here will not be appropriate for all audiences.
|
||||||
|
|
||||||
It is in no way a definitive list of secure applications, and aims only to be a guide, a collection of software and services that myself and others have used, and would recommend. There will always be new vulnerabilities discovered or introduced, bugs and poorly configured systems. It is up to you to do your research, and decide where and how your data is managed.
|
It is in no way a definitive list of secure applications, and aims only to be a guide, a collection of software and services that myself and others have used, and would recommend. There will always be new vulnerabilities discovered or introduced, bugs and poorly configured systems. It is up to you to do your research, and decide where and how your data are managed.
|
||||||
|
|
||||||
|
|
||||||
### Contributing
|
### Contributing
|
||||||
|
87
README.md
87
README.md
@ -58,9 +58,9 @@ Check which websites support multi-factor authentication: [twofactorauth.org](ht
|
|||||||
|
|
||||||
**Security** | **Priority** | **Details and Hints**
|
**Security** | **Priority** | **Details and Hints**
|
||||||
--- | --- | ---
|
--- | --- | ---
|
||||||
**Enable 2FA on Security Critical Sites** | Recommended | In account settings, enable 2-factor authentication. Ideally do this for all your accounts, but at a minimum for all security-critical logins, (including your password manager, emails, finance and social sites). [List of sites that support 2FA](https://twofactorauth.org/).
|
**Enable 2FA on Security Critical Sites** | Recommended | In account settings, enable 2-factor authentication. Ideally do this for all your accounts, but at a minimum for all security-critical logins, (including your password manager, emails, finance and social sites).
|
||||||
**Keep backup codes safe** | Recommended | When you enable 2FA, you'll be given a few one-time codes to download, in case you ever lose access to your authenticator app or key. It's important to keep these safe, either encrypt them and store on a USB, or print them on paper and store them somewhere secure like a locked safe. Delete them from your computer once you've made a backup, in case your PC is compromised.
|
**Keep backup codes safe** | Recommended | When you enable 2FA, you'll be given a few one-time codes to download, in case you ever lose access to your authenticator app or key. It's important to keep these safe, either encrypt and store them on a USB, or print them on paper and store them somewhere secure like a locked safe. Delete them from your computer once you've made a backup, in case your PC is compromised.
|
||||||
**Don't use SMS to receive OTPs** | Optional | Although SMS 2FA is certainly better than nothing, but there are many weaknesses in this system, (such as SIM-swapping) ([read more](https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin)), therefore avoid enabling SMS OTPs, even as backups.
|
**Don't use SMS to receive OTPs** | Optional | Although SMS 2FA is certainly better than nothing, there are many weaknesses in this system, (such as SIM-swapping) ([read more](https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin)). Therefore avoid enabling SMS OTPs, even as backups.
|
||||||
**Don't use your Password Manager to store 2FA tokens** | Optional | One of the quickest approaches is to use the same system that stores your passwords, to also generate and fill OTP tokens, both LastPass and 1Password have this functionality. However if a malicious actor is able to gain access to this, they will have both your passwords, and your 2FA tokens, for all your online accounts. Instead use a separate authenticator from your password manager.
|
**Don't use your Password Manager to store 2FA tokens** | Optional | One of the quickest approaches is to use the same system that stores your passwords, to also generate and fill OTP tokens, both LastPass and 1Password have this functionality. However if a malicious actor is able to gain access to this, they will have both your passwords, and your 2FA tokens, for all your online accounts. Instead use a separate authenticator from your password manager.
|
||||||
**Consider a hardware 2FA Key** | Optional | A physical 2FA key generates an OTP when inserted. Have a look at [NitroKey](https://www.nitrokey.com/) (open source), [YubiKey](https://www.yubico.com/) or [Solo Key](https://amzn.to/2Fe5Icw). You can also use it as a secondary method (in case your phone is lost or damaged). If this is your backup 2FA method, it should be kept somewhere secure, such as a locked safe, or if you use as physical key as your primary 2FA method, then keep it on you at all times.
|
**Consider a hardware 2FA Key** | Optional | A physical 2FA key generates an OTP when inserted. Have a look at [NitroKey](https://www.nitrokey.com/) (open source), [YubiKey](https://www.yubico.com/) or [Solo Key](https://amzn.to/2Fe5Icw). You can also use it as a secondary method (in case your phone is lost or damaged). If this is your backup 2FA method, it should be kept somewhere secure, such as a locked safe, or if you use as physical key as your primary 2FA method, then keep it on you at all times.
|
||||||
|
|
||||||
@ -69,7 +69,7 @@ Check which websites support multi-factor authentication: [twofactorauth.org](ht
|
|||||||
|
|
||||||
## Browser and Search
|
## Browser and Search
|
||||||
|
|
||||||
Most modern web browsers support add-ons and extensions, these can access anything that you do online, avoid installing anything that may not be legitimate and check permissions first. Be aware that ever website that you interact with, including search engines will likely be keeping records of all your activity. Last year Kaspersky reported [over a million data exploits caused by malicious sites](https://securelist.com/it-threat-evolution-q1-2017-statistics/78475/).
|
Most modern web browsers support add-ons and extensions. These can access anything that you do online so avoid installing anything that may not be legitimate and check permissions first. Be aware that every website that you interact with, including search engines, will likely be keeping records of all your activity. Last year Kaspersky reported [over a million data exploits caused by malicious sites](https://securelist.com/it-threat-evolution-q1-2017-statistics/78475/).
|
||||||
|
|
||||||
For more browser security pointers, check out: [Here’s How To Get Solid Browser Security](https://heimdalsecurity.com/blog/ultimate-guide-secure-online-browsing/).
|
For more browser security pointers, check out: [Here’s How To Get Solid Browser Security](https://heimdalsecurity.com/blog/ultimate-guide-secure-online-browsing/).
|
||||||
|
|
||||||
@ -83,14 +83,15 @@ For more browser security pointers, check out: [Here’s How To Get Solid Browse
|
|||||||
**Only use trusted browser add-ons and extensions** | Recommended | Both Firefox and Chrome web stores allow you to check what permissions/access rights an extension requires before you install it. Check the reviews. Only install extensions you really need, and removed those which you haven't used in a while. Extensions are able to see, log or modify anything you do in the browser, and some innocent looking browser apps, have malicious intentions.
|
**Only use trusted browser add-ons and extensions** | Recommended | Both Firefox and Chrome web stores allow you to check what permissions/access rights an extension requires before you install it. Check the reviews. Only install extensions you really need, and removed those which you haven't used in a while. Extensions are able to see, log or modify anything you do in the browser, and some innocent looking browser apps, have malicious intentions.
|
||||||
**Always keep your browser up-to-date** | Recommended | Browser vulnerabilities are constantly being discovered and patched, so it’s important to keep it up to date, to avoid a zero-day exploit. You can [see which browser version your using here](https://www.whatismybrowser.com/), or follow [this guide](https://www.whatismybrowser.com/guides/how-to-update-your-browser/) for instructions on how to update.
|
**Always keep your browser up-to-date** | Recommended | Browser vulnerabilities are constantly being discovered and patched, so it’s important to keep it up to date, to avoid a zero-day exploit. You can [see which browser version your using here](https://www.whatismybrowser.com/), or follow [this guide](https://www.whatismybrowser.com/guides/how-to-update-your-browser/) for instructions on how to update.
|
||||||
**Use a private search engine** | Optional | Google tracks, logs and stores everything you do, but also displays biased results. Take a look at [DuckDuckGo](https://duckduckgo.com) or [StartPage](https://www.startpage.com). Neither store cookies nor cache anything. [Read more](https://hackernoon.com/data-privacy-concerns-with-google-b946f2b7afea) about Google Search Privacy.
|
**Use a private search engine** | Optional | Google tracks, logs and stores everything you do, but also displays biased results. Take a look at [DuckDuckGo](https://duckduckgo.com) or [StartPage](https://www.startpage.com). Neither store cookies nor cache anything. [Read more](https://hackernoon.com/data-privacy-concerns-with-google-b946f2b7afea) about Google Search Privacy.
|
||||||
**Consider a privacy browser** | Optional | Google openly collects usage data on Chrome usage, as does Apple and Microsoft. Switching to a privacy browser will minimize data background data collection, cross-origin cookies and third-party scrips. A popular option is [Brave Browser](https://brave.com/?ref=ali721), or [Firefox](https://www.mozilla.org/en-GB/firefox/new/) with a [few tweeks](https://restoreprivacy.com/firefox-privacy). Others include [Bromite](https://www.bromite.org/), [Epic Browser](https://www.epicbrowser.com/index.html) or [Comodo](https://www.comodo.com/home/browsers-toolbars/browser.php), [see more](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#browsers). The most secure option is [Tor Browser](https://www.torproject.org/).
|
**Consider a privacy browser** | Optional | Google openly collects usage data on Chrome usage, as does Apple and Microsoft. Switching to a privacy-focused browser will minimize background data collection, cross-origin cookies and third-party scrips. A popular option is [Brave Browser](https://brave.com/?ref=ali721), or [Firefox](https://www.mozilla.org/en-GB/firefox/new/) with a [few tweeks](https://restoreprivacy.com/firefox-privacy). Others include [Bromite](https://www.bromite.org/), [Epic Browser](https://www.epicbrowser.com/index.html) or [Comodo](https://www.comodo.com/home/browsers-toolbars/browser.php), [see more](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#browsers). The most secure option is [Tor Browser](https://www.torproject.org/).
|
||||||
**Use DNS-over-HTTPS** | Optional | Traditional DNS makes requests in plain text for everyone to see, it allows for eavesdropping and manipulation of DNS data by man-in-the-middle attacks. Whereas [DNS-over-HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) performs DNS resolution via the HTTPS protocol, meaning data between the you and your DNS resolver is encrypted. You can follow [this guide to enable in Firefox](https://support.mozilla.org/en-US/kb/firefox-dns-over-https), for see [CoudFlares 1.1.1.1 Docs](https://1.1.1.1/help).
|
**Use DNS-over-HTTPS** | Optional | Traditional DNS makes requests in plain text for everyone to see. It allows for eavesdropping and manipulation of DNS data through man-in-the-middle attacks. Whereas [DNS-over-HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) performs DNS resolution via the HTTPS protocol, meaning data between you and your DNS resolver is encrypted. You can follow [this guide to enable in Firefox](https://support.mozilla.org/en-US/kb/firefox-dns-over-https), for see [CoudFlares 1.1.1.1 Docs](https://1.1.1.1/help).
|
||||||
**Disable WebRTC** | Optional | [WebRTC](https://webrtc.org/) allows high-quality audio/ video communication and peer-to-peer file-sharing straight from the browser. However it can pose as a privacy leak, especially if you are using a proxy or VPN. In FireFox WebRTC can be disabled, by searching for, and disabling `media.peerconnection.enabled` in the settings. For other browsers, the [WebRTC-Leak-Prevent](ttps://github.com/aghorler/WebRTC-Leak-Prevent) extension can be installed. [uBlockOrigin](https://github.com/gorhill/uBlock) also allows WebRTC to be disabled. To learn more, [check out this guide](https://buffered.com/privacy-security/how-to-disable-webrtc-in-various-browsers/).
|
**Disable WebRTC** | Optional | [WebRTC](https://webrtc.org/) allows high-quality audio/video communication and peer-to-peer file-sharing straight from the browser. However it can pose as a privacy leak, especially if you are not using a proxy or VPN. In FireFox WebRTC can be disabled, by searching for, and disabling `media.peerconnection.enabled` in about:config. For other browsers, the [WebRTC-Leak-Prevent](ttps://github.com/aghorler/WebRTC-Leak-Prevent) extension can be installed. [uBlockOrigin](https://github.com/gorhill/uBlock) also allows WebRTC to be disabled. To learn more, [check out this guide](https://buffered.com/privacy-security/how-to-disable-webrtc-in-various-browsers/).
|
||||||
**Don't Connect to Open WiFi networks** | Optional | Browsing the internet while using public or open WiFi may leave you vulnerable to man-in-the-middle attacks, malware distribution or snooping and sniffing. Some hotspots may also be unencrypted, or even malicious. If you do need to briefly use a public WiFi network, ensure you disable file sharing, only visit HTTPS websites and use a VPN. Also remove the network from your saved WiFi list after. See the [networking](#networking) section for more details.
|
**Don't Connect to Open WiFi networks** | Optional | Browsing the internet while using public or open WiFi may leave you vulnerable to man-in-the-middle attacks, malware distribution and snooping. Some hotspots may also be unencrypted, or even malicious. If you do need to briefly use a public WiFi network, ensure you disable file sharing, only visit HTTPS websites and use a VPN. Also remove the network from your saved WiFi list after. See the [networking](#networking) section for more details.
|
||||||
**Use Tor** | Advanced | [The Tor Project](https://www.torproject.org/) privides a browser that encrypts and routes your traffic through multiple nodes, keeping users safe from intercaption and tracking. The main draw backs are speed and user experience, as well as the possibility of DNS leaks from other programs (see [potential drawbacks](https://github.com/Lissy93/personal-security-checklist/issues/19)) but generally Tor is one of most secure proxy/ browser options for anonimity and protection from ISP snooping.
|
**Use Tor** | Advanced | [The Tor Project](https://www.torproject.org/) provides a browser that encrypts and routes your traffic through multiple nodes, keeping users safe from interception and tracking. The main drawbacks are speed and user experience, as well as the possibility of DNS leaks from other programs (see [potential drawbacks](https://github.com/Lissy93/personal-security-checklist/issues/19)) but generally Tor is one of the most secure browser options for anonymity on the web.
|
||||||
**Use different browsers, for different tasks** | Advanced | Compartmentalizing your activity can make it significantly harder for a malicious actor, company or government to get a clear picture of you through your browsing activity. This may include doing online shopping on 1 browser, using another browser, such as Tor for general browsing, and then a 3rd for, say social media
|
|
||||||
**Disable JavaScript** | Advanced | Many modern web apps are JavaScript based, so disabling it will greatly decrease your browsing experience. But if you really want to go all out, then it will reduce your attack surface. Read more about the growing [risk of JavaScript malware](https://heimdalsecurity.com/blog/javascript-malware-explained/).
|
**Use different browsers, for different tasks** | Advanced | Compartmentalizing your activity can make it significantly harder for a malicious actor, company or government to get a clear picture of you through your browsing activity. This may include doing online shopping on 1 browser, using another browser, such as Tor for general browsing, and then a 3rd for, say social media.
|
||||||
**Route all desktop traffic via Tor** | Advanced | [Whonix](https://www.whonix.org/) allows for fail-safe, automatic, and desktop-wide use of the Tor network. It's based on Debian, and runs in in a virtual machine. Straight-forward to install on Windows, OSX or Linux.
|
**Disable JavaScript** | Advanced | Many modern web apps are JavaScript based, so disabling it will greatly decrease your browsing experience. But if you really want to go all out, then it will really reduce your attack surface. Read more about the growing [risk of JavaScript malware](https://heimdalsecurity.com/blog/javascript-malware-explained/).
|
||||||
|
**Route all desktop traffic via Tor** | Advanced | [Whonix](https://www.whonix.org/) allows for fail-safe, automatic, and desktop-wide use of the Tor network. It's based on Debian, and runs in a virtual machine. Straight-forward to install on Windows, OSX or Linux.
|
||||||
|
|
||||||
**Recommended Software**
|
**Recommended Software**
|
||||||
- [Privacy Browsers](/5_Privacy_Respecting_Software.md#browsers)
|
- [Privacy Browsers](/5_Privacy_Respecting_Software.md#browsers)
|
||||||
@ -104,18 +105,18 @@ Nearly 50 years since the first email was sent, they’re still very much a big
|
|||||||
|
|
||||||
If a hacker gets access to your emails, it provides a gateway for your other accounts to be compromised, therefore email security is paramount for your digital safety.
|
If a hacker gets access to your emails, it provides a gateway for your other accounts to be compromised, therefore email security is paramount for your digital safety.
|
||||||
|
|
||||||
It's strongly advised not to use non-encrypted email, but if you follow these guides for simple steps to improve security: [Yahoo](https://heimdalsecurity.com/blog/complete-guide-e-mail-security/#yahoo), [Gmail](https://heimdalsecurity.com/blog/complete-guide-e-mail-security/#gmail), [Outlook](https://heimdalsecurity.com/blog/complete-guide-e-mail-security/#outlook) and [AOL](https://heimdalsecurity.com/blog/complete-guide-e-mail-security/#aol). The easiest way to stay protected, it to use a secure mail provider, such as [ProtonMail](https://protonmail.com/).
|
It's strongly advised not to use non end-to-end encrypted email, if you can't you should at least follow these guides for simple steps to improve security: [Yahoo](https://heimdalsecurity.com/blog/complete-guide-e-mail-security/#yahoo), [Gmail](https://heimdalsecurity.com/blog/complete-guide-e-mail-security/#gmail), [Outlook](https://heimdalsecurity.com/blog/complete-guide-e-mail-security/#outlook) and [AOL](https://heimdalsecurity.com/blog/complete-guide-e-mail-security/#aol). The easiest way to stay protected is to use a secure mail provider, such as [ProtonMail](https://protonmail.com/) or [Tutanota](https://tutanota.com/).
|
||||||
|
|
||||||
**Security** | **Priority** | **Details and Hints**
|
**Security** | **Priority** | **Details and Hints**
|
||||||
--- | --- | ---
|
--- | --- | ---
|
||||||
**Have more than one email address** | Recommended | Keeping your important and safety-critical messages separate from trivial subscriptions such as newsletters is a very good idea. Be sure to use different passwords. This will also make recovering a compromised account after an email breach easier.
|
**Have more than one email address** | Recommended | Keeping your important and safety-critical messages separate from trivial subscriptions such as newsletters is a very good idea. Be sure to use different passwords. This will also make recovering a compromised account after an email breach easier.
|
||||||
**Keep security in mind when logging into emails** | Recommended | Your email account is one of the most important to protect with a secure password. Only sync your emails with your phone, if it is secured (encrypted with password). Don’t allow your browser to save your email password. Prevent man-in-the-middle attacks by only logging in on a secured browser.
|
**Keep security in mind when logging into emails** | Recommended | Your email account is one of the most important to protect with a secure password. Only sync your emails with your phone, if it is secured (encrypted with password). Don’t allow your browser to save your email password. Prevent man-in-the-middle attacks by only logging in on a secured browser.
|
||||||
**Always be wary of phishing and scams** | Recommended | If you get an email from someone you don’t recognize, don’t reply, don’t click on any links, and absolutely don’t download an attachment. Keep an eye out for senders pretending to be someone else, such as your bank, email provider or utility company. Check the domain, read it, ensure it’s addressed directly to you, and still don’t give them any personal details. Check out [this guide, on how to spot phishing emails](https://heimdalsecurity.com/blog/abcs-detecting-preventing-phishing/).
|
**Always be wary of phishing and scams** | Recommended | If you get an email from someone you don’t recognize, don’t reply, don’t click on any links, and absolutely don’t download an attachment. Keep an eye out for senders pretending to be someone else, such as your bank, email provider or utility company. Check the domain, read it, ensure it’s addressed directly to you, and still don’t give them any personal details. Check out [this guide, on how to spot phishing emails](https://heimdalsecurity.com/blog/abcs-detecting-preventing-phishing/).
|
||||||
**Disable automatic loading of remote content in emails** | Recommended | Sometimes advertisers send emails which make reference to remote images, fonts, etc. If these remote resources are loaded automatically, they indicate to the sender that this specific email was received by you
|
**Disable automatic loading of remote content in emails** | Recommended | Sometimes advertisers send emails which make reference to remote images, fonts, etc. If these remote resources are loaded automatically, they indicate to the sender that this specific email was received by you.
|
||||||
**Don’t share sensitive information over email** | Optional | Emails are very very easily intercepted. Also you can’t know how secure your recipient's environment is. Don’t share anything personal, such as bank details, passwords, and confidential information over email. Ideally, don’t use email as a primary method of communication.
|
**Don’t share sensitive information over email** | Optional | Emails are very very easily intercepted. Also you can’t know how secure your recipient's environment is. Don’t share anything personal, such as bank details, passwords, and confidential information over email. Ideally, don’t use email as a primary method of communication.
|
||||||
**Don’t connect third-party apps to your email account** | Optional | If you give a third-party app (like Unroll.me) full access to your inbox, this makes you vulnerable to cyber attacks. The app can be compromised and, as a consequence, cyber criminals would gain unhindered access to all your emails and their contents.
|
**Don’t connect third-party apps to your email account** | Optional | If you give a third-party app (like Unroll.me) full access to your inbox, this makes you vulnerable to cyber attacks. The app can be compromised and, as a consequence, cyber criminals would gain unhindered access to all your emails and their contents.
|
||||||
**Consider switching to a more secure email provider** | Optional | Email providers such as [ProtonMail](https://protonmail.com), [CounterMail](https://countermail.com), [HushMail](https://www.hushmail.com/tapfiliate/?tap_a=44784-d2adc0&tap_s=724845-260ce4&program=hushmail-for-small-business) (for business users) or [MailFence](https://mailfence.com?src=digitald) allow for end-to-end encryption, full privacy as well as more security-focused features. See [this guide](https://github.com/OpenTechFund/secure-email) for details of the inner workings of these services.
|
**Consider switching to a more secure email provider** | Optional | Email providers such as [ProtonMail](https://protonmail.com), [CounterMail](https://countermail.com), [HushMail](https://www.hushmail.com/tapfiliate/?tap_a=44784-d2adc0&tap_s=724845-260ce4&program=hushmail-for-small-business) (for business users) or [MailFence](https://mailfence.com?src=digitald) allow for end-to-end encryption, full privacy as well as more security-focused features. See [this guide](https://github.com/OpenTechFund/secure-email) for details of the inner workings of these services.
|
||||||
**Use Aliasing / Anonymous Forwarding** | Advanced | Email aliasing allows messages to be sent to [anything]@my-domain.com and still land in your primary inbox. Effectively allowing you to use a different, unique email address for each service you sign up for. This means if start receiving spam, you can block that alias, and determine which company leaked your email address. <br>[Anonaddy](https://anonaddy.com) is an open source anonymous email forwarding service allowing you to create unlimited email aliases, with a free plan. As is [33Mail](http://33mail.com/Dg0gkEA), and this feature is also included with [ProtonMail](https://protonmail.com/pricing)'s Visionary package.
|
**Use Aliasing / Anonymous Forwarding** | Advanced | Email aliasing allows messages to be sent to [anything]@my-domain.com and still land in your primary inbox. Effectively allowing you to use a different, unique email address for each service you sign up for. This means if you start receiving spam, you can block that alias and determine which company leaked your email address. <br>[Anonaddy](https://anonaddy.com) is an open source anonymous email forwarding service allowing you to create unlimited email aliases, with a free plan. As is [33Mail](http://33mail.com/Dg0gkEA), and this feature is also included with [ProtonMail](https://protonmail.com/pricing)'s Visionary package.
|
||||||
|
|
||||||
**See also** [Recommended Encrypted Email Providers](/5_Privacy_Respecting_Software.md#encrypted-email)
|
**See also** [Recommended Encrypted Email Providers](/5_Privacy_Respecting_Software.md#encrypted-email)
|
||||||
|
|
||||||
@ -123,13 +124,13 @@ It's strongly advised not to use non-encrypted email, but if you follow these gu
|
|||||||
|
|
||||||
**Security** | **Priority** | **Details and Hints**
|
**Security** | **Priority** | **Details and Hints**
|
||||||
--- | --- | ---
|
--- | --- | ---
|
||||||
**Check your privacy settings** | Recommended | Most social networks allow you to control your privacy settings. Ensure that your profile can only be viewed by people who you are in your friends list, and you know personally.
|
**Check your privacy settings** | Recommended | Most social networks allow you to control your privacy settings. Ensure that your profile can only be viewed by people who are in your friends list, and you know personally.
|
||||||
**Only put info on social media that you wouldn’t mind being public** | Recommended | Even with tightened security settings, don’t put anything online that you wouldn’t want to be seen by anyone other than your friends. Don’t rely solely on social networks security.
|
**Only put info on social media that you wouldn’t mind being public** | Recommended | Even with tightened security settings, don’t put anything online that you wouldn’t want to be seen by anyone other than your friends. Don’t rely solely on social networks security.
|
||||||
**Don’t give social networking apps permissions they don’t need** | Recommended | By default many of the popular social networking apps, will ask for permission to access your contacts, your call log, your location, your messaging history etc.. If they don’t need this access, don’t grant it.
|
**Don’t give social networking apps permissions they don’t need** | Recommended | By default many of the popular social networking apps will ask for permission to access your contacts, your call log, your location, your messaging history etc.. If they don’t need this access, don’t grant it.
|
||||||
**Revoke access for apps your no longer using** | Recommended | Instructions: [Facebook](https://www.facebook.com/settings?tab=applications), [Twitter](https://twitter.com/settings/applications), [LinkedIn](https://www.linkedin.com/psettings/third-party-applications), [Instagram](https://www.instagram.com/accounts/manage_access/).
|
**Revoke access for apps your no longer using** | Recommended | Instructions: [Facebook](https://www.facebook.com/settings?tab=applications), [Twitter](https://twitter.com/settings/applications), [LinkedIn](https://www.linkedin.com/psettings/third-party-applications), [Instagram](https://www.instagram.com/accounts/manage_access/).
|
||||||
**Use a secure email provider** | Optional | Most email providers completely invade your privacy intercepting both messages sent and received. [ProtonMail](https://protonmail.com) is a secure email provider, that is open source and offers end-to-end encryption. There are alternative secure mail providers (such as [CounterMail](https://countermail.com), [HushMail](https://www.hushmail.com) and [MailFence](https://mailfence.com))- but [ProtonMail](https://protonmail.com) has both a clear interface and strong security record.
|
**Use a secure email provider** | Optional | Most email providers completely invade your privacy intercepting both messages sent and received. [ProtonMail](https://protonmail.com) is a secure email provider, that is open source and offers end-to-end encryption. There are alternative secure mail providers (such as [CounterMail](https://countermail.com), [HushMail](https://www.hushmail.com) and [MailFence](https://mailfence.com))- but [ProtonMail](https://protonmail.com) has both a clear interface and strong security record.
|
||||||
**Remove metadata before uploading media** | Optional | Most smartphones and some cameras automatically attach a comprehensive set of additional data to each photograph. This usually includes things like time, date, location, camera model, user etc. Remove this data before uploading. See [this guide](https://www.makeuseof.com/tag/3-ways-to-remove-exif-metadata-from-photos-and-why-you-might-want-to/) for more info.
|
**Remove metadata before uploading media** | Optional | Most smartphones and some cameras automatically attach a comprehensive set of additional data to each photograph. This usually includes things like time, date, location, camera model, user etc. Remove this data before uploading. See [this guide](https://www.makeuseof.com/tag/3-ways-to-remove-exif-metadata-from-photos-and-why-you-might-want-to/) for more info.
|
||||||
**Don’t have any social media accounts** | Advanced | It may seem a bit extreme, but if your serious about data privacy and security, stay away from entering information on any social media platform.
|
**Don’t have any social media accounts** | Advanced | It may seem a bit extreme, but if you're serious about data privacy and security, stay away from entering information on any social media platform.
|
||||||
|
|
||||||
**Recommended Software**
|
**Recommended Software**
|
||||||
- [Alternative Social Media](/5_Privacy_Respecting_Software.md#social-networks)
|
- [Alternative Social Media](/5_Privacy_Respecting_Software.md#social-networks)
|
||||||
@ -141,17 +142,17 @@ It's strongly advised not to use non-encrypted email, but if you follow these gu
|
|||||||
|
|
||||||
This section covers how you connect your devices to the internet, including configuring your router and setting up a VPN.
|
This section covers how you connect your devices to the internet, including configuring your router and setting up a VPN.
|
||||||
|
|
||||||
A Virtual Private Network (VPN) protects your IP, and allows you to more securely connect to the internet. Use it when connecting to public WiFi or to restrict your ISP from seeing all sites you've visited. Note, VPNs are not a perfect solution, and it is important to select a reputable provider, to entrust your data with. Tor provides greater anonymity.
|
A Virtual Private Network (VPN) protects your IP, and allows you to more securely connect to the internet. Use it when connecting to public WiFi or to restrict your ISP from seeing all sites you've visited. Note: VPNs are not a perfect solution and it is important to select a reputable provider, to entrust your data with. Tor provides greater anonymity.
|
||||||
|
|
||||||
**Security** | **Priority** | **Details and Hints**
|
**Security** | **Priority** | **Details and Hints**
|
||||||
--- | --- | ---
|
--- | --- | ---
|
||||||
**Use a VPN** | Recommended | Use a reputable, paid-for VPN. Choose one which does not keep and logs and preferably is not based under a [5-eyes](https://en.wikipedia.org/wiki/Five_Eyes) jurisdiction. See [That One Privacy Site](https://thatoneprivacysite.net/) for a detailed comparison. As of 2020, [NordVPN](https://nordvpn.com/) and [SurfShark](https://surfshark.com/) are both good all-rounders (for speed, simplicity and security), and [Mullvad](https://mullvad.net/), [OVPN](https://www.ovpn.com/en) and [DoubleHop](https://www.doublehop.me/) are excellent for security.
|
**Use a VPN** | Recommended | Use a reputable, paid-for VPN. Choose one which does not keep logs and preferably is not based under a [5-eyes](https://en.wikipedia.org/wiki/Five_Eyes) jurisdiction. See [That One Privacy Site](https://thatoneprivacysite.net/) for a detailed comparison. As of 2020, [NordVPN](https://nordvpn.com/) and [SurfShark](https://surfshark.com/) are both good all-rounders (for speed, simplicity and security), and [Mullvad](https://mullvad.net/), [OVPN](https://www.ovpn.com/en) and [DoubleHop](https://www.doublehop.me/) are excellent for security.
|
||||||
**Don’t use a default router password** | Recommended | Change your router password- [here is a guide as to how](https://www.lifewire.com/how-to-change-your-wireless-routers-admin-password-2487652).
|
**Don’t use a default router password** | Recommended | Change your router password- [here is a guide as to how](https://www.lifewire.com/how-to-change-your-wireless-routers-admin-password-2487652).
|
||||||
**Use WPA2** | Recommended | WPA and WEP make it very easy for a hacker to gain access to your router. Use a [WPA2](https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access) password instead. Ensure it is strong: 12+ alpha-numeric characters, avoiding dictionary words.
|
**Use WPA2** | Recommended | WPA and WEP make it very easy for a hacker to gain access to your router. Use a [WPA2](https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access) password instead. Ensure it is strong: 12+ alpha-numeric characters, avoiding dictionary words.
|
||||||
**Keep router firmware up-to-date** | Recommended | Manufacturers release firmware updates that fix security vulnerabilities, implement new standards and sometimes add features/ improve the performance your router. It's important to have the latest firmware installed, to avoid a malicious actor exploiting an un-patched vulnerability. You can usually update your router by navigating to [192.168.0.1](192.168.0.1) or [192.168.1.1](192.168.1.1) in your browser, entering the credentials on the sticker on the back of you of your router (not your WiFi password!), and following the on-screen instructions. Or follow a guide from your routers manufacturer: [Asus](https://www.asus.com/support/FAQ/1005484/), [D-Link](https://eu.dlink.com/uk/en/support/faq/routers/mydlink-routers/dir-810l/how-do-i-upgrade-the-firmware-on-my-router), [Linksys (older models)](https://www.linksys.com/us/support-article?articleNum=140365), [NetGear](https://kb.netgear.com/23442/How-do-I-update-my-NETGEAR-router-s-firmware-using-the-Check-button-in-the-router-web-interface) and [TP-Link](https://www.tp-link.com/us/support/faq/688/). Newer Linksys and Netgear routers update automatically, as does Google's router.
|
**Keep router firmware up-to-date** | Recommended | Manufacturers release firmware updates that fix security vulnerabilities, implement new standards and sometimes add features/ improve the performance your router. It's important to have the latest firmware installed, to avoid a malicious actor exploiting an un-patched vulnerability. You can usually update your router by navigating to [192.168.0.1](192.168.0.1) or [192.168.1.1](192.168.1.1) in your browser, entering the credentials on the sticker on the back of you of your router (not your WiFi password!), and following the on-screen instructions. Or follow a guide from your routers manufacturer: [Asus](https://www.asus.com/support/FAQ/1005484/), [D-Link](https://eu.dlink.com/uk/en/support/faq/routers/mydlink-routers/dir-810l/how-do-i-upgrade-the-firmware-on-my-router), [Linksys (older models)](https://www.linksys.com/us/support-article?articleNum=140365), [NetGear](https://kb.netgear.com/23442/How-do-I-update-my-NETGEAR-router-s-firmware-using-the-Check-button-in-the-router-web-interface) and [TP-Link](https://www.tp-link.com/us/support/faq/688/). Newer Linksys and Netgear routers update automatically, as does Google's router.
|
||||||
**Configure your router to use VPN** | Optional | If you set your VPN up on your router, then data from all devices on your home network is encrypted as it leaves the LAN. Again, it's important to select a secure VPN provider, as they will see what your ISP previously had been logging. Follow a guide from your router manufacturer or VPN provider, or see [this article](https://www.howtogeek.com/221889/connect-your-home-router-to-a-vpn-to-bypass-censorship-filtering-and-more/) to get started. Note that depending on your internet connection, and VPN provider, this could slow down your internet.
|
**Configure your router to use VPN** | Optional | If you set your VPN up on your router, then data from all devices on your home network is encrypted as it leaves the LAN. Again, it's important to select a secure VPN provider, as they will see what your ISP previously had been logging. Follow a guide from your router manufacturer or VPN provider, or see [this article](https://www.howtogeek.com/221889/connect-your-home-router-to-a-vpn-to-bypass-censorship-filtering-and-more/) to get started. Note that depending on your internet connection, and VPN provider, this could slow down your internet.
|
||||||
**Protect against DNS leaks** | Optional | When using a VPN, it is extremely important that all traffic originating from your computer is routed through the anonymity network. If any traffic leaks outside of the secure connection to the network, any adversary monitoring your traffic will be able to log your activity. For OpenVPN, you can add: `block-outside-dns` to your config file (which will have the extension `.ovn` or `.conf`). If you are unable to do this, then see [this article](https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html) for further instructions. You can check for leaks, using a [DNS Leak Test](https://www.dnsleaktest.com/)
|
**Protect against DNS leaks** | Optional | When using a VPN, it is extremely important to exclusively use the DNS server of your VPN provider. For OpenVPN, you can add: `block-outside-dns` to your config file (which will have the extension `.ovn` or `.conf`). If you are unable to do this, then see [this article](https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html) for further instructions. You can check for leaks, using a [DNS Leak Test](https://www.dnsleaktest.com/)
|
||||||
**Use a secure VPN Protocol** | Optional | [OpenVPN](https://en.wikipedia.org/wiki/OpenVPN) is widely used, and currently considered a secure [tunneling protocol](https://en.wikipedia.org/wiki/Tunneling_protocol), it's also open source, lightweight and efficient. [L2TP](https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol) can be good, but only when configured correctly, whereas it's much harder to go wrong with OpenVPN. Don't use [PPTP](https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol), which is now legacy, and not considered secure, and avoid [SSTP](https://en.wikipedia.org/wiki/Secure_Socket_Tunneling_Protocol) (proprietary, owned by Microsoft and due to lack of transparency, could be vulnerable to exploits). [IKEv2](https://en.wikipedia.org/wiki/Internet_Key_Exchange) and [WireGuard](https://www.wireguard.com/) *(experimental)* are also good options.
|
**Use a secure VPN Protocol** | Optional | [OpenVPN](https://en.wikipedia.org/wiki/OpenVPN) is widely used, and currently considered as a secure [tunneling protocol](https://en.wikipedia.org/wiki/Tunneling_protocol), it's also open source, lightweight and efficient. [L2TP](https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol) can be good, but only when configured correctly, whereas it's much harder to go wrong with OpenVPN. Don't use [PPTP](https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol), which is now legacy, and not considered secure, and avoid [SSTP](https://en.wikipedia.org/wiki/Secure_Socket_Tunneling_Protocol) (proprietary, owned by Microsoft and due to lack of transparency, could be vulnerable to exploits). [IKEv2](https://en.wikipedia.org/wiki/Internet_Key_Exchange) and the new [WireGuard](https://www.wireguard.com/) protocol *(experimental)* are also good options.
|
||||||
**Avoid the free router from your ISP** | Optional | Typically they’re manufactured cheaply in bulk in China, and firmware updates which fix crucial security flaws aren’t released regularly. Consider an open source based router, such as [Turris MOX](https://www.turris.cz/en/mox/overview/)
|
**Avoid the free router from your ISP** | Optional | Typically they’re manufactured cheaply in bulk in China, and firmware updates which fix crucial security flaws aren’t released regularly. Consider an open source based router, such as [Turris MOX](https://www.turris.cz/en/mox/overview/)
|
||||||
**Ideally hide your SSID** | Optional | An SSID (or Service Set Identifier) is simply your network name. If it is not visible, it is much less likely to be targeted. You can usually hide it after logging into your router admin panel, [see here for more details](https://www.lifewire.com/hide-your-wireless-network-from-your-internet-leeching-neighbors-2487655).
|
**Ideally hide your SSID** | Optional | An SSID (or Service Set Identifier) is simply your network name. If it is not visible, it is much less likely to be targeted. You can usually hide it after logging into your router admin panel, [see here for more details](https://www.lifewire.com/hide-your-wireless-network-from-your-internet-leeching-neighbors-2487655).
|
||||||
**Whitelist MAC Addresses** | Optional | As well as a strong password, and hidden SSID, you can whitelist MAC addresses in your router settings, disallowing any unknown devices to immediately connect to your network, even if they know your credentials. A malicious actor can bypass this, by cloning their address to appear the same as one of your trusted devices, but it will add an extra step for them.
|
**Whitelist MAC Addresses** | Optional | As well as a strong password, and hidden SSID, you can whitelist MAC addresses in your router settings, disallowing any unknown devices to immediately connect to your network, even if they know your credentials. A malicious actor can bypass this, by cloning their address to appear the same as one of your trusted devices, but it will add an extra step for them.
|
||||||
@ -172,7 +173,7 @@ A Virtual Private Network (VPN) protects your IP, and allows you to more securel
|
|||||||
|
|
||||||
## Mobile Devices
|
## Mobile Devices
|
||||||
|
|
||||||
Most smart phone apps will run in the background, collecting and logging data, making network requests and ultimately creating a clear picture of who you are, just from your data. This is a big problem from both a security and privacy perspective.
|
Most smartphone apps run in the background, collecting and logging data, making network requests and ultimately creating a clear picture of who you are, just from your data. This is a big problem from both a security and privacy perspective.
|
||||||
|
|
||||||
Even non-smart phones, (and even when the screen is off) are constantly connecting to the nearest cell phone towers, (it does this by broadcasting its IMEI and MEID number). The towers then relay this information, along with any communications, to your mobile carrier, who will store these records indefinitely. The movements of your phone are the movements of you as a person, so all phone proximity and data records can always be linked directly back to you. So whenever your phone is on, there is a record of your presence at that place, being created and maintained by companies.
|
Even non-smart phones, (and even when the screen is off) are constantly connecting to the nearest cell phone towers, (it does this by broadcasting its IMEI and MEID number). The towers then relay this information, along with any communications, to your mobile carrier, who will store these records indefinitely. The movements of your phone are the movements of you as a person, so all phone proximity and data records can always be linked directly back to you. So whenever your phone is on, there is a record of your presence at that place, being created and maintained by companies.
|
||||||
|
|
||||||
@ -188,15 +189,15 @@ SMS texting and traditional phone calls are not secure, so it's important to avo
|
|||||||
**Set up a mobile carrier PIN** | Recommended | [SIM hijacking](https://securelist.com/large-scale-sim-swap-fraud/90353/) is when a hacker is able to get your mobile number transferred to their sim (often through social engineering your mobile carrier). This then allows them to receive 2FA SMS codes (enabling them to access your secure accounts, such as banking), or to pose as you. The easiest way to protect against this is to set up a PIN through your mobile provider, thus disallowing anyone without this PIN to make any changes to your account. The PIN should not be easily guessable, and it is important that you remember it, or store is somewhere secure. Using a non-SMS based 2FA method will reduce the damage that can be done if someone is able to take control of your SIM. [Read more](https://us.norton.com/internetsecurity-mobile-sim-swap-fraud.html) about the sim swap scam.
|
**Set up a mobile carrier PIN** | Recommended | [SIM hijacking](https://securelist.com/large-scale-sim-swap-fraud/90353/) is when a hacker is able to get your mobile number transferred to their sim (often through social engineering your mobile carrier). This then allows them to receive 2FA SMS codes (enabling them to access your secure accounts, such as banking), or to pose as you. The easiest way to protect against this is to set up a PIN through your mobile provider, thus disallowing anyone without this PIN to make any changes to your account. The PIN should not be easily guessable, and it is important that you remember it, or store is somewhere secure. Using a non-SMS based 2FA method will reduce the damage that can be done if someone is able to take control of your SIM. [Read more](https://us.norton.com/internetsecurity-mobile-sim-swap-fraud.html) about the sim swap scam.
|
||||||
**Opt-out of personal ads** | Optional | In order for ads to be personalized, Google collects data about you, you can slightly reduce the amount they collect by opting-out of seeing personalized ads. See [this guide](https://www.androidguys.com/tips-tools/how-to-disable-personalized-ads-on-android/), for Android instructions.
|
**Opt-out of personal ads** | Optional | In order for ads to be personalized, Google collects data about you, you can slightly reduce the amount they collect by opting-out of seeing personalized ads. See [this guide](https://www.androidguys.com/tips-tools/how-to-disable-personalized-ads-on-android/), for Android instructions.
|
||||||
**Erase after too many login attempts** | Optional | To protect against an attacker brute forcing your pin, if you lose your phone, set your device to erase after too many failed login attempts. See [this iPhone guide](https://www.howtogeek.com/264369/how-to-erase-your-ios-device-after-too-many-failed-passcode-attempts/). You can also do this via Find my Phone, but this increased security comes at a cost of decreased privacy.
|
**Erase after too many login attempts** | Optional | To protect against an attacker brute forcing your pin, if you lose your phone, set your device to erase after too many failed login attempts. See [this iPhone guide](https://www.howtogeek.com/264369/how-to-erase-your-ios-device-after-too-many-failed-passcode-attempts/). You can also do this via Find my Phone, but this increased security comes at a cost of decreased privacy.
|
||||||
**Monitor Trackers** | Optional | A tracker is a piece of software meant to collect data about you or your usages. [εxodus](https://reports.exodus-privacy.eu.org/en/), is a great service, which lets you search for any app, by its name, and see which trackers are embedded in it. They also have [an app](https://play.google.com/store/apps/details?id=org.eu.exodus_privacy.exodusprivacy), which shows trackers and permissions for all your installed apps.
|
**Monitor Trackers** | Optional | A tracker is a piece of software meant to collect data about you or your usages. [εxodus](https://reports.exodus-privacy.eu.org/en/) is a great service which lets you search for any app, by its name, and see which trackers are embedded in it. They also have [an app](https://play.google.com/store/apps/details?id=org.eu.exodus_privacy.exodusprivacy) which shows trackers and permissions for all your installed apps.
|
||||||
**Install a Firewall** | Optional | To prevent applications from leaking privacy-sensitive data, you can install a firewall app. This will make it easier to see and control which apps are making network requests in the background, and allow you to block specific apps from roaming when the screen is turned off. For Android, check out [NetGuard](https://www.netguard.me/), and for iOS there is [LockDown](https://apps.apple.com/us/app/lockdown-apps/id1469783711), both of which are open source. Alternatively there is [NoRootFirewall](https://play.google.com/store/apps/details?id=app.greyshirts.firewall) *Android*, [XPrivacy](https://github.com/M66B/XPrivacy) *Android (root required)*, [Fyde](https://apps.apple.com/us/app/fyde-mobile-security-access/) *iOS* and [Guardian Firewall](https://guardianapp.com/) *iOS*.
|
**Install a Firewall** | Optional | To prevent applications from leaking privacy-sensitive data, you can install a firewall app. This will make it easier to see and control which apps are making network requests in the background, and allow you to block specific apps from roaming when the screen is turned off. For Android, check out [NetGuard](https://www.netguard.me/), and for iOS there is [LockDown](https://apps.apple.com/us/app/lockdown-apps/id1469783711), both of which are open source. Alternatively there is [NoRootFirewall](https://play.google.com/store/apps/details?id=app.greyshirts.firewall) *Android*, [XPrivacy](https://github.com/M66B/XPrivacy) *Android (root required)*, [Fyde](https://apps.apple.com/us/app/fyde-mobile-security-access/) *iOS* and [Guardian Firewall](https://guardianapp.com/) *iOS*.
|
||||||
**Use secure, privacy-respecting apps** | Optional | Mainstream apps have a reputation for not respecting the privacy of their users, and they're usually closed-source meaning vulnerabilities can be hidden. [Prism-Break](https://prism-break.org) maintains a list of better alternatives, see [Android](https://prism-break.org/en/categories/android/) and [iOS](https://prism-break.org/en/categories/ios/).
|
**Use secure, privacy-respecting apps** | Optional | Mainstream apps have a reputation for not respecting the privacy of their users, and they're usually closed-source meaning vulnerabilities can be hidden. [Prism-Break](https://prism-break.org) maintains a list of better alternatives, see [Android](https://prism-break.org/en/categories/android/) and [iOS](https://prism-break.org/en/categories/ios/).
|
||||||
**Use Signal, instead of SMS** | Optional | SMS may be convenient, but it's [not secure](https://www.fortherecordmag.com/archives/0315p25.shtml). [Signal](https://signal.org) is both the most secure and private option. [Silence](https://silence.im/) (encrypted SMS), [Threema](https://threema.ch), [Wire](https://wire.com/en/)(enterprise) and [Riot](https://about.riot.im/) are also encrypted.[iMessage](https://techcrunch.com/2014/02/27/apple-explains-exactly-how-secure-imessage-really-is/) and [WhatsApp](https://www.whatsapp.com) do claim to be [end-to-end-encrypted](https://signal.org/blog/whatsapp-complete/), but since they are not open source, verifying this is harder, and the private companies which own them (Apple and Facebook), have a questionable reputation when it comes to protecting users privacy. Keep in mind that although the transmission may be secured, messages can still be read if your or your recipients' devices have been compromised.
|
**Use Signal, instead of SMS** | Optional | SMS may be convenient, but it's [not secure](https://www.fortherecordmag.com/archives/0315p25.shtml). [Signal](https://signal.org) is both the most secure and private option. [Silence](https://silence.im/) (encrypted SMS), [Threema](https://threema.ch), [Wire](https://wire.com/en/)(enterprise) and [Riot](https://about.riot.im/) are also encrypted.[iMessage](https://techcrunch.com/2014/02/27/apple-explains-exactly-how-secure-imessage-really-is/) and [WhatsApp](https://www.whatsapp.com) do claim to be [end-to-end-encrypted](https://signal.org/blog/whatsapp-complete/), but since they are not open source, verifying this is harder, and the private companies which own them (Apple and Facebook), have a questionable reputation when it comes to protecting users privacy. Keep in mind that although the transmission may be secured, messages can still be read if your or your recipients' devices have been compromised.
|
||||||
**Avoid using your real phone number when signing up for an account or service** | Optional | Where possible, avoid giving out your real phone number while creating accounts online. You can create phone numbers using services such as [Google Voice](https://voice.google.com) or [Skype](https://www.skype.com/en/features/online-number/). For temporary usage you can use a service like [iNumbr](https://www.inumbr.com) that generates a phone number that forwards messages and calls to your main number.
|
**Avoid using your real phone number when signing up for an account or service** | Optional | Where possible, avoid giving out your real phone number while creating accounts online. You can create phone numbers using services such as [Google Voice](https://voice.google.com) or [Skype](https://www.skype.com/en/features/online-number/). For temporary usage you can use a service like [iNumbr](https://www.inumbr.com) that generates a phone number that forwards messages and calls to your main number.
|
||||||
**Watch out for Stalkerware** | Optional | This is malware that is installed directly onto your device by someone you know (partner, parent, boss etc.). It allows them to see your location, messages and other app data remotely. The app likely won't show up in your app draw, (but may visible in Settings --> Applications --> View All). Sometimes they can be disguised as a non-conspicuous app (such as a game, flashlight or calculator) which initially don't appear suspicious at all. Look out for unusual battery usage, network requests or high device temperature. If you suspect that stalkerware is on your device, the best way to get rid of it is through a factory reset. See [this guide](https://blog.malwarebytes.com/stalkerware/2019/10/how-to-protect-against-stalkerware-a-murky-but-dangerous-mobile-threat/) for more details.
|
**Watch out for Stalkerware** | Optional | This is a malware that is installed directly onto your device by someone you know (partner, parent, boss etc.). It allows them to see your location, messages and other app data remotely. The app likely won't show up in your app draw, (but may visible in Settings --> Applications --> View All). Sometimes they can be disguised as a non-conspicuous app (such as a game, flashlight or calculator) which initially don't appear suspicious at all. Look out for unusual battery usage, network requests or high device temperature. If you suspect that stalkerware is on your device, the best way to get rid of it is through a factory reset. See [this guide](https://blog.malwarebytes.com/stalkerware/2019/10/how-to-protect-against-stalkerware-a-murky-but-dangerous-mobile-threat/) for more details.
|
||||||
**Sandbox Mobile Apps** | Advanced | Prevent permission-hungry apps from accessing your private data with [Island](https://play.google.com/store/apps/details?id=com.oasisfeng.island&hl=en_GB). It is a sandbox environment to clone selected apps and isolate them from accessing your personal data outside the sandbox (including call logs, contacts, photos and etc.) even if related permissions are granted.
|
**Sandbox Mobile Apps** | Advanced | Prevent permission-hungry apps from accessing your private data with [Island](https://play.google.com/store/apps/details?id=com.oasisfeng.island). It is a sandbox environment to clone selected apps and isolate them from accessing your personal data outside the sandbox (including call logs, contacts, photos and etc.) even if related permissions are granted.
|
||||||
**Consider Orbot** | Advanced | [Orbot](https://guardianproject.info/apps/orbot/) provides a system-wide [Tor](https://www.torproject.org/) connection. Although more secure than a VPN, it may be slower- see [Networking](#networking) section for more details.
|
**Consider Orbot** | Advanced | [Orbot](https://guardianproject.info/apps/orbot/) provides a system-wide [Tor](https://www.torproject.org/) connection. Although more secure than a VPN, it will be slower- see [Networking](#networking) section for more details.
|
||||||
**Consider running a custom ROM if you have an Android device** | Advanced | Your default OS tracks information about your usage, and app data, constantly. Consider a security-focused custom ROM, such as [Lineage](https://lineageos.org) or [CopperheadOS](https://copperhead.co/android/).
|
**Consider running a custom ROM if you have an Android device** | Advanced | Your default OS tracks information about your usage, and app data, constantly. Consider a privacy-focused custom ROM, such as [Lineage](https://lineageos.org) or [CopperheadOS](https://copperhead.co/android/).
|
||||||
|
|
||||||
**Recommended Software**
|
**Recommended Software**
|
||||||
- [Mobile Apps, for Security + Privacy](/5_Privacy_Respecting_Software.md#mobile-apps)
|
- [Mobile Apps, for Security + Privacy](/5_Privacy_Respecting_Software.md#mobile-apps)
|
||||||
@ -209,16 +210,16 @@ Although Windows and OS X are easy to use and convenient, they both are far from
|
|||||||
|
|
||||||
**Security** | **Priority** | **Details and Hints**
|
**Security** | **Priority** | **Details and Hints**
|
||||||
--- | --- | ---
|
--- | --- | ---
|
||||||
**Keep your OS up-to-date** | Recommended | Microsoft, Apple and Google release regular OS updates, which fix security risks. Always keep your device updated.
|
**Keep your OS up-to-date** | Recommended | Microsoft, Apple and Google release regular OS updates, which fix security flaws. Always keep your device updated.
|
||||||
**Enable Firewall** | Recommended | A firewall is a program which monitors the incoming and outgoing traffic on your network, and blocks requests based on rules set during its configuration. Properly configured, a firewall can protect against some (but not all) attempts to remotely access your computer. <br>Follow these instructions to enable your firewall in [Windows](https://support.microsoft.com/en-us/help/4028544/windows-10-turn-windows-defender-firewall-on-or-off), [Mac OS](https://support.apple.com/en-us/HT201642), [Ubuntu](https://wiki.ubuntu.com/UncomplicatedFirewall) and other [Linux ditros](https://www.tecmint.com/start-stop-disable-enable-firewalld-iptables-firewall)
|
**Enable Firewall** | Recommended | A firewall is a program which monitors the incoming and outgoing traffic on your network, and blocks requests based on rules set during its configuration. Properly configured, a firewall can protect against some (but not all) attempts to remotely access your computer. <br>Follow these instructions to enable your firewall in [Windows](https://support.microsoft.com/en-us/help/4028544/windows-10-turn-windows-defender-firewall-on-or-off), [Mac OS](https://support.apple.com/en-us/HT201642), [Ubuntu](https://wiki.ubuntu.com/UncomplicatedFirewall) and other [Linux ditros](https://www.tecmint.com/start-stop-disable-enable-firewalld-iptables-firewall)
|
||||||
**Attach only known and trusted external hardware** | Recommended | Over the years there have been a variety of vulnerabilities in each major operating system relating to connecting untrusted hardware. In some cases the hardware talks to the host computer in a way the host computer does not expect, exploiting a vulnerability and directly infecting the host
|
**Attach only known and trusted external hardware** | Recommended | Over the years there have been a variety of vulnerabilities in each major operating system relating to connecting untrusted hardware. In some cases the hardware talks to the host computer in a way the host computer does not expect, exploiting a vulnerability and directly infecting the host
|
||||||
**Don't charge unknown mobile devices from your PC** | Optional | If friends or colleagues want to charge their devices via USB, do not do this through your computers ports (unless you have a data blocker). By default the phone will want to sync to the host computer, but there is also specially crafted malware which takes advantage of the face that computers naturally trust connected USB devices. The owner of the phone may not even realize their device is infected
|
**Don't charge unknown mobile devices from your PC** | Optional | If friends or colleagues want to charge their devices via USB, do not do this through your computers ports (unless you have a data blocker). By default the phone will want to sync to the host computer, but there is also specially crafted malware which takes advantage of the face that computers naturally trust connected USB devices. The owner of the phone may not even realize their device is infected
|
||||||
**Encrypt and Backup Important Files** | Optional | Backing up your phone can help keep your important data safe, if your device is lost, stolen or broken. But without encrypting it, cloud services will have access to it (if you don't pay for the service, then you are the product!). <br>[Cryptomator](https://cryptomator.org/) is an open source tool that makes this easy. It also works alongside [MountainDuck](https://mountainduck.io/) for mounting your remote drives on Windows and Mac. Other non-open-source options are [BoxCrypter](https://www.boxcryptor.com/), [Encrypto](https://macpaw.com/encrypto) and [odrive](https://www.odrive.com/).
|
**Encrypt and Backup Important Files** | Optional | Backing up your phone can help keep your important data safe, if your device is lost, stolen or broken. But if you put your backup encrypted in the cloud, cloud providers will have access to it (if you don't pay for the service, then you are the product!). <br>[Cryptomator](https://cryptomator.org/) is an open source tool that makes this easy. It also works alongside [MountainDuck](https://mountainduck.io/) for mounting your remote drives on Windows and Mac. Other non-open-source options are [BoxCrypter](https://www.boxcryptor.com/), [Encrypto](https://macpaw.com/encrypto) and [odrive](https://www.odrive.com/).
|
||||||
**Uninstall Adobe Acrobat** | Optional | Adobe Acrobat was designed in a different age, before the Internet. Acrobat has had vulnerabilities that allowed specially crafted PDFs to load malware onto your system for the last two decades. Undoubtedly more vulnerabilities remain. You can use your browser to view PDFs, and browser-based software for editing
|
**Uninstall Adobe Acrobat** | Optional | Adobe Acrobat was designed in a different age, before the Internet. Acrobat has had vulnerabilities that allowed specially crafted PDFs to load malware onto your system for the last two decades. Undoubtedly more vulnerabilities remain. You can use your browser to view PDFs, and browser-based software for editing
|
||||||
**Consider Switching to Linux** | Optional | Linux is considerably [more secure](https://www.pcworld.com/article/202452/why_linux_is_more_secure_than_windows.html) than both OSX and Windows. Some distros are still more secure than others, so it’s worth choosing the right one to get a balance between security and convenience.
|
**Consider Switching to Linux** | Optional | Linux is considerably [more secure](https://www.pcworld.com/article/202452/why_linux_is_more_secure_than_windows.html) than both OSX and Windows. Some distros are still more secure than others, so it’s worth choosing the right one to get a balance between security and convenience.
|
||||||
**Avoid PC Apps that are not secure** | Optional | Mainstream apps have a reputation for not respecting the privacy of their users, and they're usually closed-source meaning vulnerabilities can be hidden. See here for compiled list of secure PC apps for [Windows](https://prism-break.org/en/categories/windows/), [OSX](https://prism-break.org/en/categories/macos/) and [Linux](https://prism-break.org/en/categories/gnu-linux/).
|
**Avoid PC Apps that are not secure** | Optional | Mainstream apps have a reputation for not respecting the privacy of their users, and they're usually closed-source meaning vulnerabilities can be hidden. See here for compiled list of secure PC apps for [Windows](https://prism-break.org/en/categories/windows/), [OSX](https://prism-break.org/en/categories/macos/) and [Linux](https://prism-break.org/en/categories/gnu-linux/).
|
||||||
**Use a Security-Focused Distro** | Advanced | [QubeOS](https://www.qubes-os.org/) is based on “security by compartmentalization”, where each app is sandboxed. [Whonix](https://www.whonix.org/) is based on Tor, so 100% of your traffic will go through the onion router. [Tails](https://tails.boum.org/) is a has no persistent memory, and is ideal if you don’t want to leave a trace on the device your booting from. [Subgraph](https://subgraph.com/) is an “adversary resistant computing platform”, but also surprisingly easy to use
|
**Use a Security-Focused Distro** | Advanced | [QubeOS](https://www.qubes-os.org/) is based on “security by compartmentalization”, where each app is sandboxed. [Whonix](https://www.whonix.org/) is based on Tor, so 100% of your traffic will go through the onion router. [Tails](https://tails.boum.org/) is specifically designed to be run on a USB key and is ideal if you don’t want to leave a trace on the device your booting from. [Subgraph](https://subgraph.com/) is an “adversary resistant computing platform”, but also surprisingly easy to use
|
||||||
**Password protect your BIOS and drives** | Advanced | A BIOS or UEFI password helps to make an inexperienced hacker's life a bit harder if they get a hold of your PC or hard drive, [here is a guide on how to do it](https://www.howtogeek.com/186235/how-to-secure-your-computer-with-a-bios-or-uefi-password/).
|
**Password protect your BIOS and drives** | Advanced | A BIOS or UEFI password helps to make an inexperienced hacker's life a little bit harder if they get a hold of your PC or hard drive, [here is a guide on how to do it](https://www.howtogeek.com/186235/how-to-secure-your-computer-with-a-bios-or-uefi-password/).
|
||||||
**Canary Tokens** | Advanced | Network breaches happen, but the longer it takes for you to find out about it, the more damage is done. A canary token is like a hacker honeypot, something that looks appealing to them once they've gained access to your system. When they open the file, unknowingly to them, a script is run which will not only alert you of the breach, but also grab some of the hackers system details. <br>[CanaryTokens.org](https://canarytokens.org/generate) and [BlueCloudDrive](https://blueclouddrive.com/generate) are excellent sites, that you can use to generate your tokens. Then just leave them somewhere prominent on your system. [Learn more](https://blog.thinkst.com/p/canarytokensorg-quick-free-detection.html) about canary tokens, or see [this guide](https://resources.infosecinstitute.com/how-to-protect-files-with-canary-tokens/) for details on how to create them yourself.
|
**Canary Tokens** | Advanced | Network breaches happen, but the longer it takes for you to find out about it, the more damage is done. A canary token is like a hacker honeypot, something that looks appealing to them once they've gained access to your system. When they open the file, unknowingly to them, a script is run which will not only alert you of the breach, but also grab some of the hackers system details. <br>[CanaryTokens.org](https://canarytokens.org/generate) and [BlueCloudDrive](https://blueclouddrive.com/generate) are excellent sites, that you can use to generate your tokens. Then just leave them somewhere prominent on your system. [Learn more](https://blog.thinkst.com/p/canarytokensorg-quick-free-detection.html) about canary tokens, or see [this guide](https://resources.infosecinstitute.com/how-to-protect-files-with-canary-tokens/) for details on how to create them yourself.
|
||||||
|
|
||||||
**Recommended Software**
|
**Recommended Software**
|
||||||
@ -228,9 +229,9 @@ Although Windows and OS X are easy to use and convenient, they both are far from
|
|||||||
|
|
||||||
## Smart Home
|
## Smart Home
|
||||||
|
|
||||||
Home assistants (such as Google Home, Alexa and Siri) and other internet connected devices collect large amounts of personal data (including voice samples, location data, home details and logs of all interactions). Since you have limited control on what it being collected, how it's stored, and what it will be used for, this makes it hard to recommend any consumer smart-home products to anyone who cares about privacy and security.
|
Home assistants (such as Google Home, Alexa and Siri) and other internet connected devices collect large amounts of personal data (including voice samples, location data, home details and logs of all interactions). Since you have limited control on what is being collected, how it's stored, and what it will be used for, this makes it hard to recommend any consumer smart-home products to anyone who cares about privacy and security.
|
||||||
|
|
||||||
Security vs Privacy: There are many smart devices on the market, that claim to increase the security of your home, while being easy and convenient to use (Such as [Cave Burglar Alarm](https://amzn.to/2Rx83Fb), [Blink Cam](https://amzn.to/30ylzg9), [Yale Lock](https://amzn.to/2tnQzDv) and [Ring Doorbell](https://amzn.to/2ufQ1zi) to name a few). These devices may appear to make security easier, but there is a trade-off in terms of privacy: as they collect large amounts of personal data, and leave you without control over how this is stored or used. The security of these devices is also questionable, since many of them can be (and are being) hacked, allowing an intruder to bypass detection with minimum effort.
|
Security vs Privacy: There are many smart devices on the market that claim to increase the security of your home while being easy and convenient to use (Such as [Cave Burglar Alarm](https://amzn.to/2Rx83Fb), [Blink Cam](https://amzn.to/30ylzg9), [Yale Lock](https://amzn.to/2tnQzDv) and [Ring Doorbell](https://amzn.to/2ufQ1zi) to name a few). These devices may appear to make security easier, but there is a trade-off in terms of privacy: as they collect large amounts of personal data, and leave you without control over how this is stored or used. The security of these devices is also questionable, since many of them can be (and are being) hacked, allowing an intruder to bypass detection with minimum effort.
|
||||||
|
|
||||||
The most privacy-respecting option, would be to not use "smart" internet-connected devices in your home, and not to rely on a security device that requires an internet connection. But if you do, it is important to fully understand the risks of any given product, before buying it. Then adjust settings to increase privacy and security. The following checklist will help mitigate the risks associated with internet-connected home devices.
|
The most privacy-respecting option, would be to not use "smart" internet-connected devices in your home, and not to rely on a security device that requires an internet connection. But if you do, it is important to fully understand the risks of any given product, before buying it. Then adjust settings to increase privacy and security. The following checklist will help mitigate the risks associated with internet-connected home devices.
|
||||||
|
|
||||||
@ -240,9 +241,9 @@ The most privacy-respecting option, would be to not use "smart" internet-connect
|
|||||||
**Disable microphone and camera when not in use** | Recommended | Smart speakers and other voice controlled devices store sound clips on a server (and sometimes monitored by employees to improve the speech detection), any accidental recordings could disclose sensitive or personal data. A targeted attack could also allow someone to gain control of a microphone/ camera, so using the hardware switch to turn it off will help protect from that.
|
**Disable microphone and camera when not in use** | Recommended | Smart speakers and other voice controlled devices store sound clips on a server (and sometimes monitored by employees to improve the speech detection), any accidental recordings could disclose sensitive or personal data. A targeted attack could also allow someone to gain control of a microphone/ camera, so using the hardware switch to turn it off will help protect from that.
|
||||||
**Understand what data is collected, stored and transmitted** | Recommended | Before purchasing any smart home device, do some research - and ensure that you understand, and are comfortable with what is being collected and how it is stored and used. Don't buy devices that share anything with third parties, and check the data [breach]([https://www.dehashed.com/breach](https://www.dehashed.com/breach)) database.
|
**Understand what data is collected, stored and transmitted** | Recommended | Before purchasing any smart home device, do some research - and ensure that you understand, and are comfortable with what is being collected and how it is stored and used. Don't buy devices that share anything with third parties, and check the data [breach]([https://www.dehashed.com/breach](https://www.dehashed.com/breach)) database.
|
||||||
**Set privacy settings, and opt out of sharing data with third parties** | Recommended | Once installed, go to settings in the app, and under privacy ensure the strictest options are selected. Usually by default, the most possible data is being collected.
|
**Set privacy settings, and opt out of sharing data with third parties** | Recommended | Once installed, go to settings in the app, and under privacy ensure the strictest options are selected. Usually by default, the most possible data is being collected.
|
||||||
**Don't link your smart home devices to your real identity** | Recommended | Use a unique user name and password which does not identify you, your family, your location or any other personal details. When creating an account for a new smart home device, do not sign up/ log in with Facebook, Google or any other third-party service.
|
**Don't link your smart home devices to your real identity** | Recommended | Use a unique user name and password which does not identify you, your family, your location or any other personal details. When creating an account for a new smart home device, do not sign up/log in with Facebook, Google or any other third-party service.
|
||||||
**Keep firmware up-to-date** | Recommended | Ensure firmware versions on smart devices are up-to-date and software patches have been applied. Most smart home apps will notify you when a new firmware version is available, so all you have to do it accept and install.
|
**Keep firmware up-to-date** | Recommended | Ensure firmware versions on smart devices are up-to-date and software patches have been applied. Most smart home apps will notify you when a new firmware version is available, so all you have to do it accept and install.
|
||||||
**Protect your Network** | Recommended | On many smart home devices, anybody connected to your home WiFi is able to view device content (such as camera footage, or motion statistics). So ensure that your WiFi and home networks are properly secured with a strong password and up-to-date firmware. (See the [Router Section](#your-router) for more details)
|
**Protect your Network** | Recommended | On many smart home devices, anybody connected to your home WiFi is able to view the device content (such as camera footages, or motion statistics). So ensure that your WiFi and home networks are properly secured with a strong password and up-to-date firmware. (See the [Router Section](#your-router) for more details)
|
||||||
**Be wary of wearables** | Optional | Wearable smart devices allow companies to log even more data than ever before; they can track your every move to know exactly where you are and what you are doing at any given time. Again, you as the consumer have no control over what is done with that data.
|
**Be wary of wearables** | Optional | Wearable smart devices allow companies to log even more data than ever before; they can track your every move to know exactly where you are and what you are doing at any given time. Again, you as the consumer have no control over what is done with that data.
|
||||||
**Don't connect your home's critical infrastructure to the Internet** | Optional | While a smart thermostat, burglar alarm, smoke detector and other appliances may seem convenient, they by design can be accessed remotely, meaning a hacker can gain control of your entire home, without even needing to be nearby. And by breaching multiple devices, the effects can be very serious.
|
**Don't connect your home's critical infrastructure to the Internet** | Optional | While a smart thermostat, burglar alarm, smoke detector and other appliances may seem convenient, they by design can be accessed remotely, meaning a hacker can gain control of your entire home, without even needing to be nearby. And by breaching multiple devices, the effects can be very serious.
|
||||||
**Don't use Alexa/ Google Home** | Optional | It is a known fact that voice-activated assistants collect a lot of personal data. Consider switching to [MyCroft](https://mycroft.ai/) which is an open source alternative, with much better privacy.
|
**Don't use Alexa/ Google Home** | Optional | It is a known fact that voice-activated assistants collect a lot of personal data. Consider switching to [MyCroft](https://mycroft.ai/) which is an open source alternative, with much better privacy.
|
||||||
@ -257,7 +258,7 @@ The most privacy-respecting option, would be to not use "smart" internet-connect
|
|||||||
|
|
||||||
## Sensible Computing
|
## Sensible Computing
|
||||||
|
|
||||||
Many data breaches, hacks and attacks are caused by human error. The following list contains steps you should take, to reduce the risk of this happening to you. Many of them are common sense, but it's worth takin note of
|
Many data breaches, hacks and attacks are caused by human error. The following list contains steps you should take, to reduce the risk of this happening to you. Many of them are common sense, but it's worth takin note of.
|
||||||
|
|
||||||
|
|
||||||
**Security** | **Priority** | **Details and Hints**
|
**Security** | **Priority** | **Details and Hints**
|
||||||
@ -268,12 +269,12 @@ Many data breaches, hacks and attacks are caused by human error. The following l
|
|||||||
**Prevent Camfecting** | Recommended | It is a good idea to invest in some webcam covers, and microphone blockers to protect against [*camfecting*](https://en.wikipedia.org/wiki/Camfecting), where a malicious actor, or app is able spy on you and your physical space, without your knowledge. See [this guide](https://blog.malwarebytes.com/hacking-2/2019/09/15000-webcams-vulnerable-how-to-protect-webcam-hacking/) for more tips. Mute home assistants, (Alexa, Google Home and Siri) when you are not using them, or at least when you are discussing anything sensitive or anything conversation involving personal details
|
**Prevent Camfecting** | Recommended | It is a good idea to invest in some webcam covers, and microphone blockers to protect against [*camfecting*](https://en.wikipedia.org/wiki/Camfecting), where a malicious actor, or app is able spy on you and your physical space, without your knowledge. See [this guide](https://blog.malwarebytes.com/hacking-2/2019/09/15000-webcams-vulnerable-how-to-protect-webcam-hacking/) for more tips. Mute home assistants, (Alexa, Google Home and Siri) when you are not using them, or at least when you are discussing anything sensitive or anything conversation involving personal details
|
||||||
**Stay protected from shoulder surfers** | Recommended | Be sure to not let anyone 'shoulder surf' (read what is on your screen, when in public space). As they may be able to gather sensitive information about you. You could apply a privacy screen to your [laptop](https://amzn.to/2H7pOX7) and [mobile](https://amzn.to/39oHWrA), in order to restrict data being read from an angle
|
**Stay protected from shoulder surfers** | Recommended | Be sure to not let anyone 'shoulder surf' (read what is on your screen, when in public space). As they may be able to gather sensitive information about you. You could apply a privacy screen to your [laptop](https://amzn.to/2H7pOX7) and [mobile](https://amzn.to/39oHWrA), in order to restrict data being read from an angle
|
||||||
**Educate yourself about phishing attacks** | Recommended | Phishing is an attempt to obtain sensitive information (like an account password) by disguising as a trustworthy person or company. In recent years phishing attacks have become increasingly sophisticated and hackers are learning to use data that people put on the web to create highly specific and targeted attacks. Check the URL before entering any information. Understand the context- were you expecting the email or message, does it feel normal? Employ general good security practices will also help: Use 2FA, don't reuse passwords, close accounts you no longer use and backup your data. See these guides on: [How to Protect against Common Phishing Attacks](https://www.tripwire.com/state-of-security/security-awareness/6-common-phishing-attacks-and-how-to-protect-against-them) and [The Anatomy of a Phishing Email](https://www.howtogeek.com/58642/online-security-breaking-down-the-anatomy-of-a-phishing-email/)
|
**Educate yourself about phishing attacks** | Recommended | Phishing is an attempt to obtain sensitive information (like an account password) by disguising as a trustworthy person or company. In recent years phishing attacks have become increasingly sophisticated and hackers are learning to use data that people put on the web to create highly specific and targeted attacks. Check the URL before entering any information. Understand the context- were you expecting the email or message, does it feel normal? Employ general good security practices will also help: Use 2FA, don't reuse passwords, close accounts you no longer use and backup your data. See these guides on: [How to Protect against Common Phishing Attacks](https://www.tripwire.com/state-of-security/security-awareness/6-common-phishing-attacks-and-how-to-protect-against-them) and [The Anatomy of a Phishing Email](https://www.howtogeek.com/58642/online-security-breaking-down-the-anatomy-of-a-phishing-email/)
|
||||||
**Watch out for Stalkerware** | Recommended | This is malware that is installed directly onto your device by someone you know (partner, parent, boss etc). It allows them to see your location, messages and other app data remotely. The app likely won't show up in your app draw, (but may visible in Settings --> Applications --> View All). Sometimes they can be disguised as a non-conspicuous app (such as a game, flashlight or calculator) which initially don't appear suspicious at all. Look out for unusual battery usage, network requests or high device temperature. If you suspect that stalker ware is on your device, the best way to get rid of it is through a factory reset
|
**Watch out for Stalkerware** | Recommended | This is a malware that is installed directly onto your device by someone you know (partner, parent, boss etc). It allows them to see your location, messages and other app data remotely. The app likely won't show up in your app draw, (but may visible in Settings --> Applications --> View All). Sometimes they can be disguised as a non-conspicuous app (such as a game, flashlight or calculator) which initially don't appear suspicious at all. Look out for unusual battery usage, network requests or high device temperature. If you suspect that stalker ware is on your device, the best way to get rid of it is through a factory reset
|
||||||
**Install Reputable Software from Trusted Sources** | Recommended | It may seem obvious, but so much of the malware many PC users encounter is often as a result of accidentally downloading and installing bad software. Also, some legitimate applications try and you offer slightly dodgy freeware (such as toolbars, anti-virus, and other utilities), be sure to pay attention while completing the installation process. Only download software from legitimate sources (often this isn't the top result in Google) so it's important to double check before downloading. Before installing, check it in [Virus Total](https://www.virustotal.com), which scans installable files using multiple AV checkers
|
**Install Reputable Software from Trusted Sources** | Recommended | It may seem obvious, but so much of the malware many PC users encounter is often as a result of accidentally downloading and installing bad software. Also, some legitimate applications try to offer you slightly dodgy freeware (such as toolbars, anti-virus, and other utilities). Be sure to pay attention while completing the installation process. Only download software from legitimate sources (often this isn't the top result in Google) so it's important to double check before downloading. Before installing, check it in [Virus Total](https://www.virustotal.com), which scans installable files using multiple AV checkers
|
||||||
**Store personal data securely** | Recommended | Backing up important data is important. But ensure that all information that is stored on your phone/ laptop, USB or in a cloud is encrypted. That way, if it is accessed by a hacker (which unfortunately is all too common), it will be almost impossible for them to get to your personal files. For USB devices, see [VeraCrypt](https://www.veracrypt.fr/en/Home.html), cloud backup, see [Cryptomator](https://cryptomator.org), and for your phone and laptop, see [this guide](https://www.howtogeek.com/260507/psa-encrypt-your-pc-phone-and-tablet-now.-youll-regret-it-later-if-you-dont)
|
**Store personal data securely** | Recommended | Backing up important data is important. But ensure that all information that is stored on your phone/laptop, USB or in a cloud is encrypted. That way, if it is accessed by a hacker (which unfortunately is all too common), it will be almost impossible for them to get to your personal files. For USB devices, see [VeraCrypt](https://www.veracrypt.fr/en/Home.html). For cloud backup, see [Cryptomator](https://cryptomator.org), and for your phone and laptop, see [this guide](https://www.howtogeek.com/260507/psa-encrypt-your-pc-phone-and-tablet-now.-youll-regret-it-later-if-you-dont)
|
||||||
**Do not assume a site is secure, just because it is `HTTPS`** | Recommended | Unlike HTTP, data sent over HTTPS is encrypted. However that does not mean you should trust that website by default. HTTPS Certificates can be obtained by anybody, so a cloned or scam site may have a valid certificate (as denoted by the padlock icon). Always check the URL, and don't enter any personal details unless you are certain a website is legitimate. Avoid entering data on any site that is not HTTPS
|
**Do not assume a site is secure, just because it is `HTTPS`** | Recommended | Unlike HTTP, data sent over HTTPS is encrypted. However that does not mean you should trust that website by default. HTTPS Certificates can be obtained by anybody, so a cloned or scam site may have a valid certificate (as denoted by the padlock icon). Always check the URL, and don't enter any personal details unless you are certain a website is legitimate. Avoid entering data on any site that is not HTTPS
|
||||||
**Use Credit Cards, or Virtual Cards when paying online** | Optional | There are risks involved in entering your card details on any website. Credit cards have better consumer protection, compared to debit or bank cards, meaning you are more likely to be recompensated for fraudulent transactions. Better still, paying with a virtual, 1-time card will mean that even if those credentials are compromised a hacker will not be able to lift any of your money. [Privacy.com](https://privacy.com/join/VW7WC) offer virtual payment cards that you can use anywhere on the internet, as does [Revolut Premium](revolut.ngih.net/Q9jdx)
|
**Use Credit Cards, or Virtual Cards when paying online** | Optional | There are risks involved in entering your card details on any website. Credit cards have better consumer protection, compared to debit or bank cards, meaning you are more likely to be recompensated for fraudulent transactions. Better still, paying with a virtual, 1-time card will mean that even if those credentials are compromised a hacker will not be able to lift any of your money. [Privacy.com](https://privacy.com/join/VW7WC) offer virtual payment cards for that you can use anywhere on the internet, as does [Revolut Premium](revolut.ngih.net/Q9jdx)
|
||||||
**Review application permissions** | Optional | Ensure that no apps have unnecessary access to your photos, camera, location, contacts, microphone, call logs etc. See these guides for how to manage app permissions on [Android](https://www.howtogeek.com/230683/how-to-manage-app-permissions-on-android-6.0) and [iOS](https://www.howtogeek.com/211623/how-to-manage-app-permissions-on-your-iphone-or-ipad). On Android, there is a great app called [Exodus Privacy](https://play.google.com/store/apps/details?id=org.eu.exodus_privacy.exodusprivacy), that displays all permissions, and trackers for each of your installed apps
|
**Review application permissions** | Optional | Ensure that no app have unnecessary access to your photos, camera, location, contacts, microphone, call logs etc. See these guides for how to manage app permissions on [Android](https://www.howtogeek.com/230683/how-to-manage-app-permissions-on-android-6.0) and [iOS](https://www.howtogeek.com/211623/how-to-manage-app-permissions-on-your-iphone-or-ipad). On Android, there is a great app called [Exodus Privacy](https://play.google.com/store/apps/details?id=org.eu.exodus_privacy.exodusprivacy), that displays all permissions, and trackers for each of your installed apps
|
||||||
**Opt-out of data sharing** | Optional | Many apps and services automatically opt you in for data collection and sharing. Often this data is sold onto third-parties, who buy customer logs from many companies, and are therefore able to combine them together and easily deduce your identity, and combine it with your habits, purchases, personal details, location etc. For instructions on how to opt-out, see [Simple Opt Out](https://simpleoptout.com)
|
**Opt-out of data sharing** | Optional | Many apps and services automatically opt you in for data collection and sharing. Often this data is sold onto third-parties, who buy customer logs from many companies, and are therefore able to combine them together and easily deduce your identity, and combine it with your habits, purchases, personal details, location etc. For instructions on how to opt-out, see [Simple Opt Out](https://simpleoptout.com)
|
||||||
**Review and update social media privacy** | Optional | Companies regularly update their terms, and that often leads to you being opted back. Check you Facebook, Twitter, Google etc. activity and privacy settings. See also [re-consent](https://github.com/cliqz-oss/re-consent) and [Jumbo](https://www.jumboprivacy.com) which are tools aimed at making this clearer and easier
|
**Review and update social media privacy** | Optional | Companies regularly update their terms, and that often leads to you being opted back. Check you Facebook, Twitter, Google etc. activity and privacy settings. See also [re-consent](https://github.com/cliqz-oss/re-consent) and [Jumbo](https://www.jumboprivacy.com) which are tools aimed at making this clearer and easier
|
||||||
**Compartmentalize** | Advanced | [Compartmentalization](https://en.wikipedia.org/wiki/Compartmentalization_(information_security)) is where to keep several categories of digital activity and files totally separate from each other. It means that if one area is breached, then an attacker will only have a proportion of your data, and the rest will still be safe. For example, store your work and personal files on separate devices, or use different web browsers for different types of activity, or even run certain tasks in a contained VM or on a separate device (such as having a work phone, and personal phone, or using a separate browser for social media/ chat rooms, or even running a VM for using specialist software)
|
**Compartmentalize** | Advanced | [Compartmentalization](https://en.wikipedia.org/wiki/Compartmentalization_(information_security)) is where to keep several categories of digital activity and files totally separate from each other. It means that if one area is breached, then an attacker will only have a proportion of your data, and the rest will still be safe. For example, store your work and personal files on separate devices, or use different web browsers for different types of activity, or even run certain tasks in a contained VM or on a separate device (such as having a work phone, and personal phone, or using a separate browser for social media/ chat rooms, or even running a VM for using specialist software)
|
||||||
|
Loading…
Reference in New Issue
Block a user