Compare commits
9 Commits
37c7c7d3aa
...
bf601bf262
| Author | SHA1 | Date |
|---|---|---|
Ikko Eltociear Ashimine
|
bf601bf262 | |
Liss-Bot
|
dc44d37147 | |
Alicia Sykes
|
6aef521761 | |
Alicia Sykes
|
94ef297f52 | |
|
Alicia Sykes
|
57c3ed120b | |
|
Alicia Sykes
|
454d2c27bf | |
|
Alicia Sykes
|
2899f49625 | |
|
Alicia Sykes
|
f1d69b6b78 | |
|
Ikko Eltociear Ashimine
|
1b63f934cb |
186
CHECKLIST.md
186
CHECKLIST.md
|
|
@ -38,12 +38,12 @@ Most reported data breaches are caused by the use of weak, default or stolen pas
|
||||||
|
|
||||||
**Security** | **Priority** | **Details and Hints**
|
**Security** | **Priority** | **Details and Hints**
|
||||||
--- | --- | ---
|
--- | --- | ---
|
||||||
**Use a Strong Password** | Recommended | If your password is too short, or contains dictionary words, places or names- then it can be easily cracked through brute force, or guessed by someone. The easiest way to make a strong password, is by making it long (12+ characters)- consider using a 'passphrase', made up of many words. Alternatively, use a password generator to create a long, strong random password. Have a play with [HowSecureIsMyPassword.net](https://howsecureismypassword.net), to get an idea of how quickly common passwords can be cracked. Read more about creating strong passwords: [securityinabox.org](https://securityinabox.org/en/passwords/passwords-and-2fa/)
|
**Use a Strong Password** | Essential | If your password is too short, or contains dictionary words, places or names- then it can be easily cracked through brute force, or guessed by someone. The easiest way to make a strong password, is by making it long (12+ characters)- consider using a 'passphrase', made up of many words. Alternatively, use a password generator to create a long, strong random password. Have a play with [HowSecureIsMyPassword.net](https://howsecureismypassword.net), to get an idea of how quickly common passwords can be cracked. Read more about creating strong passwords: [securityinabox.org](https://securityinabox.org/en/passwords/passwords-and-2fa/)
|
||||||
**Don't reuse Passwords** | Recommended | If someone was to reuse a password, and one site they had an account with suffered a leak, then a criminal could easily gain unauthorized access to their other accounts. This is usually done through large-scale automated login requests, and it is called Credential Stuffing. Unfortunately this is all too common, but it's simple to protect against- use a different password for each of your online accounts
|
**Don't reuse Passwords** | Essential | If someone was to reuse a password, and one site they had an account with suffered a leak, then a criminal could easily gain unauthorized access to their other accounts. This is usually done through large-scale automated login requests, and it is called Credential Stuffing. Unfortunately this is all too common, but it's simple to protect against- use a different password for each of your online accounts
|
||||||
**Use a Secure Password Manager** | Recommended | For most people it is going to be near-impossible to remember hundreds of strong and unique passwords. A password manager is an application that generates, stores and auto-fills your login credentials for you. All your passwords will be encrypted against 1 master passwords (which you must remember, and it should be very strong). Most password managers have browser extensions and mobile apps, so whatever device you are on, your passwords can be auto-filled. A good all-rounder is [BitWarden](https://bitwarden.com), or see [Recommended Password Managers](https://github.com/Lissy93/awesome-privacy#password-managers)
|
**Use a Secure Password Manager** | Essential | For most people it is going to be near-impossible to remember hundreds of strong and unique passwords. A password manager is an application that generates, stores and auto-fills your login credentials for you. All your passwords will be encrypted against 1 master passwords (which you must remember, and it should be very strong). Most password managers have browser extensions and mobile apps, so whatever device you are on, your passwords can be auto-filled. A good all-rounder is [BitWarden](https://bitwarden.com), or see [Recommended Password Managers](https://github.com/Lissy93/awesome-privacy#password-managers)
|
||||||
**Avoid sharing passwords** | Recommended | While there may be times that you need to share access to an account with another person, you should generally avoid doing this because it makes it easier for the account to become compromised. If you absolutely do need to share a password for example when working on a team with a shared account this should be done via features built into a password manager.
|
**Avoid sharing passwords** | Essential | While there may be times that you need to share access to an account with another person, you should generally avoid doing this because it makes it easier for the account to become compromised. If you absolutely do need to share a password for example when working on a team with a shared account this should be done via features built into a password manager.
|
||||||
**Enable 2-Factor Authentication** | Recommended | 2FA is where you must provide both something you know (a password) and something you have (such as a code on your phone) to log in. This means that if anyone has got your password (e.g. through phishing, malware or a data breach), they will not be able to log into your account. It's easy to get started, download [an authenticator app](https://github.com/Lissy93/awesome-privacy#2-factor-authentication) onto your phone, and then go to your account security settings and follow the steps to enable 2FA. Next time you log in on a new device, you will be prompted for the code that displays in the app on your phone (it works without internet, and the code usually changes every 30-seconds)
|
**Enable 2-Factor Authentication** | Essential | 2FA is where you must provide both something you know (a password) and something you have (such as a code on your phone) to log in. This means that if anyone has got your password (e.g. through phishing, malware or a data breach), they will not be able to log into your account. It's easy to get started, download [an authenticator app](https://github.com/Lissy93/awesome-privacy#2-factor-authentication) onto your phone, and then go to your account security settings and follow the steps to enable 2FA. Next time you log in on a new device, you will be prompted for the code that displays in the app on your phone (it works without internet, and the code usually changes every 30-seconds)
|
||||||
**Keep Backup Codes Safe** | Recommended | When you enable multi-factor authentication, you will usually be given several codes that you can use if your 2FA method is lost, broken or unavailable. Keep these codes somewhere safe to prevent loss or unauthorized access. You should store these on paper or in a safe place on disk (e.g. in offline storage or in an encrypted file/drive). Don't store these in your Password Manager as 2FA sources and passwords and should be kept separately.
|
**Keep Backup Codes Safe** | Essential | When you enable multi-factor authentication, you will usually be given several codes that you can use if your 2FA method is lost, broken or unavailable. Keep these codes somewhere safe to prevent loss or unauthorized access. You should store these on paper or in a safe place on disk (e.g. in offline storage or in an encrypted file/drive). Don't store these in your Password Manager as 2FA sources and passwords and should be kept separately.
|
||||||
**Sign up for Breach Alerts** | Optional | After a website suffers a significant data breach, the leaked data often ends up on the internet. There are several websites that collect these leaked records, and allow you to search your email address to check if you are in any of their lists. [Firefox Monitor](https://monitor.firefox.com), [Have I been pwned](https://haveibeenpwned.com) and [DeHashed](https://dehashed.com) allow you to sign up for monitoring, where they will notify you if your email address appears in any new data sets. It is useful to know as soon as possible when this happens, so that you can change your passwords for the affected accounts. Have I been pwned also has domain-wide notification, where you can receive alerts if any email addresses under your entire domain appear (useful if you use aliases for [anonymous forwarding](https://github.com/Lissy93/awesome-privacy#anonymous-mail-forwarding))
|
**Sign up for Breach Alerts** | Optional | After a website suffers a significant data breach, the leaked data often ends up on the internet. There are several websites that collect these leaked records, and allow you to search your email address to check if you are in any of their lists. [Firefox Monitor](https://monitor.firefox.com), [Have I been pwned](https://haveibeenpwned.com) and [DeHashed](https://dehashed.com) allow you to sign up for monitoring, where they will notify you if your email address appears in any new data sets. It is useful to know as soon as possible when this happens, so that you can change your passwords for the affected accounts. Have I been pwned also has domain-wide notification, where you can receive alerts if any email addresses under your entire domain appear (useful if you use aliases for [anonymous forwarding](https://github.com/Lissy93/awesome-privacy#anonymous-mail-forwarding))
|
||||||
**Shield your Password/ PIN** | Optional | When typing your password in public places, ensure you are not in direct line of site of a CCTV camera and that no one is able to see over your shoulder. Cover your password or pin code while you type, and do not reveal any plain text passwords on screen
|
**Shield your Password/ PIN** | Optional | When typing your password in public places, ensure you are not in direct line of site of a CCTV camera and that no one is able to see over your shoulder. Cover your password or pin code while you type, and do not reveal any plain text passwords on screen
|
||||||
**Update Critical Passwords Periodically** | Optional | Database leaks and breaches are common, and it is likely that several of your passwords are already somewhere online. Occasionally updating passwords of security-critical accounts can help mitigate this. But providing that all your passwords are long, strong and unique, there is no need to do this too often- annually should be sufficient. Enforcing mandatory password changes within organisations is [no longer recommended](https://duo.com/decipher/microsoft-will-no-longer-recommend-forcing-periodic-password-changes), as it encourages colleagues to select weaker passwords
|
**Update Critical Passwords Periodically** | Optional | Database leaks and breaches are common, and it is likely that several of your passwords are already somewhere online. Occasionally updating passwords of security-critical accounts can help mitigate this. But providing that all your passwords are long, strong and unique, there is no need to do this too often- annually should be sufficient. Enforcing mandatory password changes within organisations is [no longer recommended](https://duo.com/decipher/microsoft-will-no-longer-recommend-forcing-periodic-password-changes), as it encourages colleagues to select weaker passwords
|
||||||
|
|
@ -56,7 +56,7 @@ Most reported data breaches are caused by the use of weak, default or stolen pas
|
||||||
**Avoid using your PM to Generate OTPs** | Advanced | Many password managers are also able to generate 2FA codes. It is best not to use your primary password manager as your 2FA authenticator as well, since it would become a single point of failure if compromised. Instead use a dedicated [authenticator app](https://github.com/Lissy93/awesome-privacy#2-factor-authentication) on your phone or laptop
|
**Avoid using your PM to Generate OTPs** | Advanced | Many password managers are also able to generate 2FA codes. It is best not to use your primary password manager as your 2FA authenticator as well, since it would become a single point of failure if compromised. Instead use a dedicated [authenticator app](https://github.com/Lissy93/awesome-privacy#2-factor-authentication) on your phone or laptop
|
||||||
**Avoid Face Unlock** | Advanced | Most phones and laptops offer a facial recognition authentication feature, using the camera to compare a snapshot of your face with a stored hash. It may be very convenient, but there are numerous ways to [fool it](https://www.forbes.com/sites/jvchamary/2017/09/18/security-apple-face-id-iphone-x/) and gain access to the device, through digital photos and reconstructions from CCTV footage. Unlike your password- there are likely photos of your face on the internet, and videos recorded by surveillance cameras
|
**Avoid Face Unlock** | Advanced | Most phones and laptops offer a facial recognition authentication feature, using the camera to compare a snapshot of your face with a stored hash. It may be very convenient, but there are numerous ways to [fool it](https://www.forbes.com/sites/jvchamary/2017/09/18/security-apple-face-id-iphone-x/) and gain access to the device, through digital photos and reconstructions from CCTV footage. Unlike your password- there are likely photos of your face on the internet, and videos recorded by surveillance cameras
|
||||||
**Watch out for Keyloggers** | Advanced | A hardware [keylogger](https://en.wikipedia.org/wiki/Hardware_keylogger) is a physical device planted between your keyboard and the USB port, which intercepts all key strokes, and sometimes relays data to a remote server. It gives a hacker access to everything typed, including passwords. The best way to stay protected, is just by checking your USB connection after your PC has been unattended. It is also possible for keyloggers to be planted inside the keyboard housing, so look for any signs that the case has been tampered with, and consider bringing your own keyboard to work. Data typed on a virtual keyboard, pasted from the clipboard or auto-filled by a password manager can not be intercepted by a hardware keylogger.
|
**Watch out for Keyloggers** | Advanced | A hardware [keylogger](https://en.wikipedia.org/wiki/Hardware_keylogger) is a physical device planted between your keyboard and the USB port, which intercepts all key strokes, and sometimes relays data to a remote server. It gives a hacker access to everything typed, including passwords. The best way to stay protected, is just by checking your USB connection after your PC has been unattended. It is also possible for keyloggers to be planted inside the keyboard housing, so look for any signs that the case has been tampered with, and consider bringing your own keyboard to work. Data typed on a virtual keyboard, pasted from the clipboard or auto-filled by a password manager can not be intercepted by a hardware keylogger.
|
||||||
**Consider a Hardware Token** | Advanced | A U2F/ FIDO2 security key is a USB (or NFC) device that you insert while logging in to an online service, in to verify your identity, instead of entering a OTP from your authenticator. [SoloKey](https://solokeys.com) and [NitroKey](https://www.nitrokey.com) are examples of such keys. They bring with them several security benefits, since the browser communicates directly with the device and cannot be fooled as to which host is requesting authentication, because the TLS certificate is checked. [This post](https://security.stackexchange.com/a/71704) is a good explanation of the security of using FIDO U2F tokens. Of course it is important to store the physical key somewhere safe, or keep it on your person. Some online accounts allow for several methods of 2FA to be enabled
|
**Consider a Hardware Token** | Advanced | A U2F/ FIDO2 security key is a USB (or NFC) device that you insert while logging in to an online service, in to verify your identity, instead of entering an OTP from your authenticator. [SoloKey](https://solokeys.com) and [NitroKey](https://www.nitrokey.com) are examples of such keys. They bring with them several security benefits, since the browser communicates directly with the device and cannot be fooled as to which host is requesting authentication, because the TLS certificate is checked. [This post](https://security.stackexchange.com/a/71704) is a good explanation of the security of using FIDO U2F tokens. Of course it is important to store the physical key somewhere safe, or keep it on your person. Some online accounts allow for several methods of 2FA to be enabled
|
||||||
**Consider Offline Password Manager** | Advanced | For increased security, an encrypted offline password manager will give you full control over your data. [KeePass](https://keepass.info) is a popular choice, with lots of [plugins](https://keepass.info/plugins.html) and community forks with additional compatibility and functionality. Popular clients include: [KeePassXC](https://keepassxc.org) (desktop), [KeePassDX](https://www.keepassdx.com) (Android) and [StrongBox](https://apps.apple.com/us/app/strongbox-password-safe/id897283731) (iOS). The drawback being that it may be slightly less convenient for some, and it will be up to you to back it up, and store it securely
|
**Consider Offline Password Manager** | Advanced | For increased security, an encrypted offline password manager will give you full control over your data. [KeePass](https://keepass.info) is a popular choice, with lots of [plugins](https://keepass.info/plugins.html) and community forks with additional compatibility and functionality. Popular clients include: [KeePassXC](https://keepassxc.org) (desktop), [KeePassDX](https://www.keepassdx.com) (Android) and [StrongBox](https://apps.apple.com/us/app/strongbox-password-safe/id897283731) (iOS). The drawback being that it may be slightly less convenient for some, and it will be up to you to back it up, and store it securely
|
||||||
**Consider Unique Usernames** | Advanced | Having different passwords for each account is a good first step, but if you also use a unique username, email or phone number to log in, then it will be significantly harder for anyone trying to gain unauthorised access. The easiest method for multiple emails, is using auto-generated aliases for anonymous mail forwarding. This is where [anything]@yourdomain.com will arrive in your inbox, allowing you to use a different email for each account (see [Mail Alias Providers](https://github.com/Lissy93/awesome-privacy#anonymous-mail-forwarding)). Usernames are easier, since you can use your password manager to generate, store and auto-fill these. Virtual phone numbers can be generated through your VOIP provider
|
**Consider Unique Usernames** | Advanced | Having different passwords for each account is a good first step, but if you also use a unique username, email or phone number to log in, then it will be significantly harder for anyone trying to gain unauthorised access. The easiest method for multiple emails, is using auto-generated aliases for anonymous mail forwarding. This is where [anything]@yourdomain.com will arrive in your inbox, allowing you to use a different email for each account (see [Mail Alias Providers](https://github.com/Lissy93/awesome-privacy#anonymous-mail-forwarding)). Usernames are easier, since you can use your password manager to generate, store and auto-fill these. Virtual phone numbers can be generated through your VOIP provider
|
||||||
|
|
||||||
|
|
@ -75,21 +75,21 @@ This section outlines the steps you can take, to be better protected from threat
|
||||||
|
|
||||||
**Security** | **Priority** | **Details and Hints**
|
**Security** | **Priority** | **Details and Hints**
|
||||||
--- | --- | ---
|
--- | --- | ---
|
||||||
**Block Ads** | Recommended | Using an ad-blocker can help improve your privacy, by blocking the trackers that ads implement. [uBlock Origin](https://github.com/gorhill/uBlock) is a very efficient and open source browser addon, developed by Raymond Hill. When 3rd-party ads are displayed on a webpage, they have the ability to track you, gathering personal information about you and your habits, which can then be sold, or used to show you more targeted ads, and some ads are plain malicious or fake. Blocking ads also makes pages load faster, uses less data and provides a less cluttered experience.
|
**Block Ads** | Essential | Using an ad-blocker can help improve your privacy, by blocking the trackers that ads implement. [uBlock Origin](https://github.com/gorhill/uBlock) is a very efficient and open source browser addon, developed by Raymond Hill. When 3rd-party ads are displayed on a webpage, they have the ability to track you, gathering personal information about you and your habits, which can then be sold, or used to show you more targeted ads, and some ads are plain malicious or fake. Blocking ads also makes pages load faster, uses less data and provides a less cluttered experience.
|
||||||
**Ensure Website is Legitimate** | Basic | It may sound obvious, but when you logging into any online accounts, double check the URL is correct. Storing commonly visited sites in your bookmarks is a good way to ensure the URL is easy to find. When visiting new websites, look for common signs that it could be unsafe: Browser warnings, redirects, on-site spam and pop-ups. You can also check a website using a tool, such as: [Virus Total URL Scanner](https://www.virustotal.com/gui/home/url), [IsLegitSite](https://www.islegitsite.com), [Google Safe Browsing Status](https://transparencyreport.google.com/safe-browsing/search) if you are unsure.
|
**Ensure Website is Legitimate** | Basic | It may sound obvious, but when you logging into any online accounts, double check the URL is correct. Storing commonly visited sites in your bookmarks is a good way to ensure the URL is easy to find. When visiting new websites, look for common signs that it could be unsafe: Browser warnings, redirects, on-site spam and pop-ups. You can also check a website using a tool, such as: [Virus Total URL Scanner](https://www.virustotal.com/gui/home/url), [IsLegitSite](https://www.islegitsite.com), [Google Safe Browsing Status](https://transparencyreport.google.com/safe-browsing/search) if you are unsure.
|
||||||
**Watch out for Browser Malware** | Basic | Your system or browser can be compromised by spyware, miners, browser hijackers, malicious redirects, adware etc. You can usually stay protected, just by: ignoring pop-ups, be wary of what your clicking, don't proceed to a website if your browser warns you it may be malicious. Common signs of browser malware include: default search engine or homepage has been modified, toolbars, unfamiliar extensions or icons, significantly more ads, errors and pages loading much slower than usual. These articles from Heimdal explain [signs of browser malware](https://heimdalsecurity.com/blog/warning-signs-operating-system-infected-malware), [how browsers get infected](https://heimdalsecurity.com/blog/practical-online-protection-where-malware-hides) and [how to remove browser malware](https://heimdalsecurity.com/blog/malware-removal).
|
**Watch out for Browser Malware** | Basic | Your system or browser can be compromised by spyware, miners, browser hijackers, malicious redirects, adware etc. You can usually stay protected, just by: ignoring pop-ups, be wary of what your clicking, don't proceed to a website if your browser warns you it may be malicious. Common signs of browser malware include: default search engine or homepage has been modified, toolbars, unfamiliar extensions or icons, significantly more ads, errors and pages loading much slower than usual. These articles from Heimdal explain [signs of browser malware](https://heimdalsecurity.com/blog/warning-signs-operating-system-infected-malware), [how browsers get infected](https://heimdalsecurity.com/blog/practical-online-protection-where-malware-hides) and [how to remove browser malware](https://heimdalsecurity.com/blog/malware-removal).
|
||||||
**Use a Privacy-Respecting Browser** | Recommended | [Firefox](https://www.mozilla.org/en-US/firefox/new) (with a few tweaks) and [Brave](https://brave.com) are secure, private-respecting browsers. Both are fast, open source, user-friendly and available on all major operating systems. Your browser has access to everything that you do online, so if possible, avoid Google Chrome, Edge and Safari as (without correct configuration) all three of them, collect usage data, call home and allow for invasive tracking. Firefox requires a few changes to achieve optimal security, for example - [arkenfox](https://github.com/arkenfox/user.js/wiki) or [12byte](https://12bytes.org/firefox-configuration-guide-for-privacy-freaks-and-performance-buffs/)'s user.js configs. See more: [Privacy Browsers](https://github.com/Lissy93/awesome-privacy#browsers).
|
**Use a Privacy-Respecting Browser** | Essential | [Firefox](https://www.mozilla.org/en-US/firefox/new) (with a few tweaks) and [Brave](https://brave.com) are secure, private-respecting browsers. Both are fast, open source, user-friendly and available on all major operating systems. Your browser has access to everything that you do online, so if possible, avoid Google Chrome, Edge and Safari as (without correct configuration) all three of them, collect usage data, call home and allow for invasive tracking. Firefox requires a few changes to achieve optimal security, for example - [arkenfox](https://github.com/arkenfox/user.js/wiki) or [12byte](https://12bytes.org/firefox-configuration-guide-for-privacy-freaks-and-performance-buffs/)'s user.js configs. See more: [Privacy Browsers](https://github.com/Lissy93/awesome-privacy#browsers).
|
||||||
**Use a Private Search Engine** | Recommended | Using a privacy-preserving, non-tracking search engine, will reduce risk that your search terms are not logged, or used against you. Consider [DuckDuckGo](https://duckduckgo.com), [Qwant](https://www.qwant.com), or [SearX](https://searx.me) (self-hosted). Google implements some [incredibly invasive](https://hackernoon.com/data-privacy-concerns-with-google-b946f2b7afea) tracking policies, and have a history of displaying [biased search results](https://www.businessinsider.com/evidence-that-google-search-results-are-biased-2014-10). Therefore Google, along with Bing, Baidu, Yahoo and Yandex are incompatible with anyone looking to protect their privacy. It is recommended to update your [browsers default search](https://duckduckgo.com/install) to a privacy-respecting search engine.
|
**Use a Private Search Engine** | Essential | Using a privacy-preserving, non-tracking search engine, will reduce risk that your search terms are not logged, or used against you. Consider [DuckDuckGo](https://duckduckgo.com), [Qwant](https://www.qwant.com), or [SearX](https://searx.me) (self-hosted). Google implements some [incredibly invasive](https://hackernoon.com/data-privacy-concerns-with-google-b946f2b7afea) tracking policies, and have a history of displaying [biased search results](https://www.businessinsider.com/evidence-that-google-search-results-are-biased-2014-10). Therefore Google, along with Bing, Baidu, Yahoo and Yandex are incompatible with anyone looking to protect their privacy. It is recommended to update your [browsers default search](https://duckduckgo.com/install) to a privacy-respecting search engine.
|
||||||
**Remove Unnecessary Browser Addons** | Recommended | Extensions are able to see, log or modify anything you do in the browser, and some innocent looking browser apps, have malicious intentions. Websites can see which extensions you have installed, and may use this to enhance your fingerprint, to more accurately identify/ track you. Both Firefox and Chrome web stores allow you to check what permissions/access rights an extension requires before you install it. Check the reviews. Only install extensions you really need, and removed those which you haven't used in a while.
|
**Remove Unnecessary Browser Addons** | Essential | Extensions are able to see, log or modify anything you do in the browser, and some innocent looking browser apps, have malicious intentions. Websites can see which extensions you have installed, and may use this to enhance your fingerprint, to more accurately identify/ track you. Both Firefox and Chrome web stores allow you to check what permissions/access rights an extension requires before you install it. Check the reviews. Only install extensions you really need, and removed those which you haven't used in a while.
|
||||||
**Keep Browser Up-to-date** | Recommended | Browser vulnerabilities are constantly being [discovered](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=browser) and patched, so it’s important to keep it up to date, to avoid a zero-day exploit. You can [see which browser version you're using here](https://www.whatismybrowser.com/), or follow [this guide](https://www.whatismybrowser.com/guides/how-to-update-your-browser/) for instructions on how to update. Some browsers will auto-update to the latest stable version.
|
**Keep Browser Up-to-date** | Essential | Browser vulnerabilities are constantly being [discovered](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=browser) and patched, so it’s important to keep it up to date, to avoid a zero-day exploit. You can [see which browser version you're using here](https://www.whatismybrowser.com/), or follow [this guide](https://www.whatismybrowser.com/guides/how-to-update-your-browser/) for instructions on how to update. Some browsers will auto-update to the latest stable version.
|
||||||
**Check for HTTPS** | Recommended | If you enter information on a non-HTTPS website, this data is transported unencrypted and can therefore be read by anyone who intercepts it. Do not enter any data on a non-HTTPS website, but also do not let the green padlock give you a false sense of security, just because a website has SSL certificate, does not mean that it is legitimate or trustworthy. [HTTPS-Everywhere](https://www.eff.org/https-everywhere) (developed by the [EFF](https://www.eff.org/)) used to be a browser extension/addon that automatically enabled HTTPS on websites, but as of 2022 is now deprecated. In their [accouncement article](https://www.eff.org/) the EFF explains that most browsers now integrate such protections. Additionally, it provides instructions for Firefox, Chrome, Edge and Safari browsers on how to enable their HTTPS secure protections.
|
**Check for HTTPS** | Essential | If you enter information on a non-HTTPS website, this data is transported unencrypted and can therefore be read by anyone who intercepts it. Do not enter any data on a non-HTTPS website, but also do not let the green padlock give you a false sense of security, just because a website has SSL certificate, does not mean that it is legitimate or trustworthy. [HTTPS-Everywhere](https://www.eff.org/https-everywhere) (developed by the [EFF](https://www.eff.org/)) used to be a browser extension/addon that automatically enabled HTTPS on websites, but as of 2022 is now deprecated. In their [accouncement article](https://www.eff.org/) the EFF explains that most browsers now integrate such protections. Additionally, it provides instructions for Firefox, Chrome, Edge and Safari browsers on how to enable their HTTPS secure protections.
|
||||||
**Use DNS-over-HTTPS** | Recommended | Traditional DNS makes requests in plain text for everyone to see. It allows for eavesdropping and manipulation of DNS data through man-in-the-middle attacks. Whereas DNS-over-HTTPS performs DNS resolution via the HTTPS protocol, meaning data between you and your DNS resolver is encrypted. A popular option is Cloudflare's 1.1.1.1, or compare providers- it is simple to enable in-browser. Note that DoH comes with its own issues, mostly preventing web filtering.
|
**Use DNS-over-HTTPS** | Essential | Traditional DNS makes requests in plain text for everyone to see. It allows for eavesdropping and manipulation of DNS data through man-in-the-middle attacks. Whereas DNS-over-HTTPS performs DNS resolution via the HTTPS protocol, meaning data between you and your DNS resolver is encrypted. A popular option is Cloudflare's 1.1.1.1, or compare providers- it is simple to enable in-browser. Note that DoH comes with its own issues, mostly preventing web filtering.
|
||||||
**Multi-Session Containers** | Recommended | Compartmentalisation is really important to keep different aspects of your browsing separate. For example, using different profiles for work, general browsing, social media, online shopping etc will reduce the number associations that data brokers can link back to you. One option is to make use of Firefox Containers which is designed exactly for this purpose. Alternatively, you could use different browsers for different tasks (Brave, Firefox, Tor etc).
|
**Multi-Session Containers** | Essential | Compartmentalisation is really important to keep different aspects of your browsing separate. For example, using different profiles for work, general browsing, social media, online shopping etc will reduce the number associations that data brokers can link back to you. One option is to make use of Firefox Containers which is designed exactly for this purpose. Alternatively, you could use different browsers for different tasks (Brave, Firefox, Tor etc).
|
||||||
**Use Incognito** | Recommended | When using someone else's machine, ensure that you're in a private/ incognito session. This will prevent browser history, cookies and some data being saved, but is not fool-proof- you can still be tracked.
|
**Use Incognito** | Essential | When using someone else's machine, ensure that you're in a private/ incognito session. This will prevent browser history, cookies and some data being saved, but is not fool-proof- you can still be tracked.
|
||||||
**Understand Your Browser Fingerprint** | Recommended | Browser Fingerprinting is an incredibly accurate method of tracking, where a website identifies you based on your device information. You can view your fingerprint at amiunique.org- The aim is to be as un-unique as possible.
|
**Understand Your Browser Fingerprint** | Essential | Browser Fingerprinting is an incredibly accurate method of tracking, where a website identifies you based on your device information. You can view your fingerprint at amiunique.org- The aim is to be as un-unique as possible.
|
||||||
**Manage Cookies** | Recommended | Clearing cookies regularly is one step you can take to help reduce websites from tracking you. Cookies may also store your session token, which if captured, would allow someone to access your accounts without credentials. To mitigate this you should clear cookies often.
|
**Manage Cookies** | Essential | Clearing cookies regularly is one step you can take to help reduce websites from tracking you. Cookies may also store your session token, which if captured, would allow someone to access your accounts without credentials. To mitigate this you should clear cookies often.
|
||||||
**Block Third-Party Cookies** | Recommended | Third-party cookies placed on your device by a website other than the one you’re visiting. This poses a privacy risk, as a 3rd entity can collect data from your current session. This guide explains how you can disable 3rd-party cookies, and you can check here ensure this worked.
|
**Block Third-Party Cookies** | Essential | Third-party cookies placed on your device by a website other than the one you’re visiting. This poses a privacy risk, as a 3rd entity can collect data from your current session. This guide explains how you can disable 3rd-party cookies, and you can check here ensure this worked.
|
||||||
**Block Third-Party Trackers** | Recommended | Blocking trackers will help to stop websites, advertisers, analytics and more from tracking you in the background. Privacy Badger, DuckDuckGo Privacy Essentials, uBlock Origin and uMatrix (advanced) are all very effective, open source tracker-blockers available for all major browsers.
|
**Block Third-Party Trackers** | Essential | Blocking trackers will help to stop websites, advertisers, analytics and more from tracking you in the background. Privacy Badger, DuckDuckGo Privacy Essentials, uBlock Origin and uMatrix (advanced) are all very effective, open source tracker-blockers available for all major browsers.
|
||||||
**Beware of Redirects** | Optional | While some redirects are harmless, others, such as Unvalidated redirects are used in phishing attacks, it can make a malicious link seem legitimate. If you are unsure about a redirect URL, you can check where it forwards to with a tool like RedirectDetective.
|
**Beware of Redirects** | Optional | While some redirects are harmless, others, such as Unvalidated redirects are used in phishing attacks, it can make a malicious link seem legitimate. If you are unsure about a redirect URL, you can check where it forwards to with a tool like RedirectDetective.
|
||||||
**Do Not Sign Into Your Browser** | Optional | Many browsers allow you to sign in, in order to sync history, bookmarks and other browsing data across devices. However this not only allows for further data collection, but also increases attack surface through providing another avenue for a malicious actor to get hold of personal information.
|
**Do Not Sign Into Your Browser** | Optional | Many browsers allow you to sign in, in order to sync history, bookmarks and other browsing data across devices. However this not only allows for further data collection, but also increases attack surface through providing another avenue for a malicious actor to get hold of personal information.
|
||||||
**Disallow Prediction Services** | Optional | Some browsers allow for prediction services, where you receive real-time search results or URL auto-fill. If this is enabled then data is sent to Google (or your default search engine) with every keypress, rather than when you hit enter.
|
**Disallow Prediction Services** | Optional | Some browsers allow for prediction services, where you receive real-time search results or URL auto-fill. If this is enabled then data is sent to Google (or your default search engine) with every keypress, rather than when you hit enter.
|
||||||
|
|
@ -131,10 +131,10 @@ The big companies providing "free" email service, don't have a good reputation f
|
||||||
|
|
||||||
**Security** | **Priority** | **Details and Hints**
|
**Security** | **Priority** | **Details and Hints**
|
||||||
--- | --- | ---
|
--- | --- | ---
|
||||||
**Have more than one email address** | Recommended | Consider using a different email address for security-critical communications from trivial mail such as newsletters. This compartmentalization could reduce the amount of damage caused by a data breach, and also make it easier to recover a compromised account.
|
**Have more than one email address** | Essential | Consider using a different email address for security-critical communications from trivial mail such as newsletters. This compartmentalization could reduce the amount of damage caused by a data breach, and also make it easier to recover a compromised account.
|
||||||
**Keep Email Address Private** | Recommended | Do not share your primary email publicly, as mail addresses are often the starting point for most phishing attacks.
|
**Keep Email Address Private** | Essential | Do not share your primary email publicly, as mail addresses are often the starting point for most phishing attacks.
|
||||||
**Keep your Account Secure** | Recommended | Use a long and unique password, enable 2FA and be careful while logging in. Your email account provides an easy entry point to all your other online accounts for an attacker.
|
**Keep your Account Secure** | Essential | Use a long and unique password, enable 2FA and be careful while logging in. Your email account provides an easy entry point to all your other online accounts for an attacker.
|
||||||
**Disable Automatic Loading of Remote Content** | Recommended | Email messages can contain remote content such as images or stylesheets, often automatically loaded from the server. You should disable this, as it exposes your IP address and device information, and is often used for tracking. For more info, see [this article](https://www.theverge.com/2019/7/3/20680903/email-pixel-trackers-how-to-stop-images-automatic-download).
|
**Disable Automatic Loading of Remote Content** | Essential | Email messages can contain remote content such as images or stylesheets, often automatically loaded from the server. You should disable this, as it exposes your IP address and device information, and is often used for tracking. For more info, see [this article](https://www.theverge.com/2019/7/3/20680903/email-pixel-trackers-how-to-stop-images-automatic-download).
|
||||||
**Use Plaintext** | Optional | There are two main types of emails on the internet: plaintext and HTML. The former is strongly preferred for privacy & security as HTML messages often include identifiers in links and inline images, which can collect usage and personal data. There's also numerous risks of remote code execution targeting the HTML parser of your mail client, which cannot be exploited if you are using plaintext. For more info, as well as setup instructions for your mail provider, see [UsePlaintext.email](https://useplaintext.email/).
|
**Use Plaintext** | Optional | There are two main types of emails on the internet: plaintext and HTML. The former is strongly preferred for privacy & security as HTML messages often include identifiers in links and inline images, which can collect usage and personal data. There's also numerous risks of remote code execution targeting the HTML parser of your mail client, which cannot be exploited if you are using plaintext. For more info, as well as setup instructions for your mail provider, see [UsePlaintext.email](https://useplaintext.email/).
|
||||||
**Don’t connect third-party apps to your email account** | Optional | If you give a third-party app or plug-in full access to your inbox, they effectively have full unhindered access to all your emails and their contents, which poses significant security and privacy risks.
|
**Don’t connect third-party apps to your email account** | Optional | If you give a third-party app or plug-in full access to your inbox, they effectively have full unhindered access to all your emails and their contents, which poses significant security and privacy risks.
|
||||||
**Don't Share Sensitive Data via Email** | Optional | Emails are very easily intercepted. Furthermore, you can’t be sure of how secure your recipient's environment is. Therefore, emails cannot be considered safe for exchanging confidential information, unless it is encrypted.
|
**Don't Share Sensitive Data via Email** | Optional | Emails are very easily intercepted. Furthermore, you can’t be sure of how secure your recipient's environment is. Therefore, emails cannot be considered safe for exchanging confidential information, unless it is encrypted.
|
||||||
|
|
@ -166,14 +166,14 @@ The big companies providing "free" email service, don't have a good reputation f
|
||||||
|
|
||||||
**Security** | **Priority** | **Details and Hints**
|
**Security** | **Priority** | **Details and Hints**
|
||||||
--- | --- | ---
|
--- | --- | ---
|
||||||
**Only Use Fully End-to-End Encrypted Messengers** | Recommended | End-to-end encryption is a system of communication where messages are encrypted on your device and not decrypted until they reach the intended recipient. This ensures that any actor who intercepts traffic cannot read the message contents, nor can anybody with access to the central servers where data is stored.
|
**Only Use Fully End-to-End Encrypted Messengers** | Essential | End-to-end encryption is a system of communication where messages are encrypted on your device and not decrypted until they reach the intended recipient. This ensures that any actor who intercepts traffic cannot read the message contents, nor can anybody with access to the central servers where data is stored.
|
||||||
**Use only Open Source Messaging Platforms** | Recommended | If code is open source then it can be independently examined and audited by anyone qualified to do so, to ensure that there are no backdoors, vulnerabilities, or other security issues.
|
**Use only Open Source Messaging Platforms** | Essential | If code is open source then it can be independently examined and audited by anyone qualified to do so, to ensure that there are no backdoors, vulnerabilities, or other security issues.
|
||||||
**Use a "Trustworthy" Messaging Platform** | Recommended | When selecting an encrypted messaging app, ensure it's fully open source, stable, actively maintained, and ideally backed by reputable developers.
|
**Use a "Trustworthy" Messaging Platform** | Essential | When selecting an encrypted messaging app, ensure it's fully open source, stable, actively maintained, and ideally backed by reputable developers.
|
||||||
**Check Security Settings** | Recommended | Enable security settings, including contact verification, security notifications, and encryption. Disable optional non-security features such as read receipt, last online, and typing notification.
|
**Check Security Settings** | Essential | Enable security settings, including contact verification, security notifications, and encryption. Disable optional non-security features such as read receipt, last online, and typing notification.
|
||||||
**Ensure your Recipients Environment is Secure** | Recommended | Your conversation can only be as secure as the weakest link. Often the easiest way to infiltrate a communications channel is to target the individual or node with the least protection.
|
**Ensure your Recipients Environment is Secure** | Essential | Your conversation can only be as secure as the weakest link. Often the easiest way to infiltrate a communications channel is to target the individual or node with the least protection.
|
||||||
**Disable Cloud Services** | Recommended | Some mobile messaging apps offer a web or desktop companion. This not only increases attack surface but it has been linked to several critical security issues, and should therefore be avoided, if possible.
|
**Disable Cloud Services** | Essential | Some mobile messaging apps offer a web or desktop companion. This not only increases attack surface but it has been linked to several critical security issues, and should therefore be avoided, if possible.
|
||||||
**Secure Group Chats** | Recommended | The risk of compromise rises exponentially, the more participants are in a group, as the attack surface increases. Periodically check that all participants are legitimate.
|
**Secure Group Chats** | Essential | The risk of compromise rises exponentially, the more participants are in a group, as the attack surface increases. Periodically check that all participants are legitimate.
|
||||||
**Create a Safe Environment for Communication** | Recommended | There are several stages where your digital communications could be monitored or intercepted. This includes: your or your participants' device, your ISP, national gateway or government logging, the messaging provider, the servers.
|
**Create a Safe Environment for Communication** | Essential | There are several stages where your digital communications could be monitored or intercepted. This includes: your or your participants' device, your ISP, national gateway or government logging, the messaging provider, the servers.
|
||||||
**Agree on a Communication Plan** | Optional | In certain situations, it may be worth making a communication plan. This should include primary and backup methods of securely getting in hold with each other.
|
**Agree on a Communication Plan** | Optional | In certain situations, it may be worth making a communication plan. This should include primary and backup methods of securely getting in hold with each other.
|
||||||
**Strip Meta-Data from Media** | Optional | Metadata is "Data about Data" or additional information attached to a file or transaction. When you send a photo, audio recording, video, or document you may be revealing more than you intended to.
|
**Strip Meta-Data from Media** | Optional | Metadata is "Data about Data" or additional information attached to a file or transaction. When you send a photo, audio recording, video, or document you may be revealing more than you intended to.
|
||||||
**Defang URLs** | Optional | Sending links via various services can unintentionally expose your personal information. This is because, when a thumbnail or preview is generated- it happens on the client-side.
|
**Defang URLs** | Optional | Sending links via various services can unintentionally expose your personal information. This is because, when a thumbnail or preview is generated- it happens on the client-side.
|
||||||
|
|
@ -199,16 +199,16 @@ Secure your account, lock down your privacy settings, but know that even after d
|
||||||
|
|
||||||
**Security** | **Priority** | **Details and Hints**
|
**Security** | **Priority** | **Details and Hints**
|
||||||
--- | --- | ---
|
--- | --- | ---
|
||||||
**Secure your Account** | Recommended | Social media profiles get stolen or taken over all too often. To protect your account: use a unique and strong password, and enable 2-factor authentication.
|
**Secure your Account** | Essential | Social media profiles get stolen or taken over all too often. To protect your account: use a unique and strong password, and enable 2-factor authentication.
|
||||||
**Check Privacy Settings** | Recommended | Most social networks allow you to control your privacy settings. Ensure that you are comfortable with what data you are currently exposing and to whom.
|
**Check Privacy Settings** | Essential | Most social networks allow you to control your privacy settings. Ensure that you are comfortable with what data you are currently exposing and to whom.
|
||||||
**Think of All Interactions as Public** | Recommended | There are still numerous methods of viewing a users 'private' content across many social networks. Therefore, before uploading, posting or commenting on anything, think "Would I mind if this was totally public?"
|
**Think of All Interactions as Public** | Essential | There are still numerous methods of viewing a users 'private' content across many social networks. Therefore, before uploading, posting or commenting on anything, think "Would I mind if this was totally public?"
|
||||||
**Think of All Interactions as Permanent** | Recommended | Pretty much every post, comment, photo etc is being continuously backed up by a myriad of third-party services, who archive this data and make it indexable and publicly available almost forever.
|
**Think of All Interactions as Permanent** | Essential | Pretty much every post, comment, photo etc is being continuously backed up by a myriad of third-party services, who archive this data and make it indexable and publicly available almost forever.
|
||||||
**Don't Reveal too Much** | Recommended | Profile information creates a goldmine of info for hackers, the kind of data that helps them personalize phishing scams. Avoid sharing too much detail (DoB, Hometown, School etc).
|
**Don't Reveal too Much** | Essential | Profile information creates a goldmine of info for hackers, the kind of data that helps them personalize phishing scams. Avoid sharing too much detail (DoB, Hometown, School etc).
|
||||||
**Be Careful what you Upload** | Recommended | Status updates, comments, check-ins and media can unintentionally reveal a lot more than you intended them to. This is especially relevant to photos and videos, which may show things in the background.
|
**Be Careful what you Upload** | Essential | Status updates, comments, check-ins and media can unintentionally reveal a lot more than you intended them to. This is especially relevant to photos and videos, which may show things in the background.
|
||||||
**Don't Share Email or Phone Number** | Recommended | Posting your real email address or mobile number, gives hackers, trolls and spammers more munition to use against you, and can also allow separate aliases, profiles or data points to be connected.
|
**Don't Share Email or Phone Number** | Essential | Posting your real email address or mobile number, gives hackers, trolls and spammers more munition to use against you, and can also allow separate aliases, profiles or data points to be connected.
|
||||||
**Don't Grant Unnecessary Permissions** | Recommended | By default many of the popular social networking apps will ask for permission to access your contacts, call log, location, messaging history etc. If they don’t need this access, don’t grant it.
|
**Don't Grant Unnecessary Permissions** | Essential | By default many of the popular social networking apps will ask for permission to access your contacts, call log, location, messaging history etc. If they don’t need this access, don’t grant it.
|
||||||
**Be Careful of 3rd-Party Integrations** | Recommended | Avoid signing up for accounts using a Social Network login, revoke access to social apps you no longer use.
|
**Be Careful of 3rd-Party Integrations** | Essential | Avoid signing up for accounts using a Social Network login, revoke access to social apps you no longer use.
|
||||||
**Avoid Publishing Geo Data while still Onsite** | Recommended | If you plan to share any content that reveals a location, then wait until you have left that place. This is particularly important when you are taking a trip, at a restaurant, campus, hotel/resort, public building or airport.
|
**Avoid Publishing Geo Data while still Onsite** | Essential | If you plan to share any content that reveals a location, then wait until you have left that place. This is particularly important when you are taking a trip, at a restaurant, campus, hotel/resort, public building or airport.
|
||||||
**Remove metadata before uploading media** | Optional | Most smartphones and some cameras automatically attach a comprehensive set of additional data (called EXIF data) to each photograph. Remove this data before uploading.
|
**Remove metadata before uploading media** | Optional | Most smartphones and some cameras automatically attach a comprehensive set of additional data (called EXIF data) to each photograph. Remove this data before uploading.
|
||||||
**Implement Image Cloaking** | Advanced | Tools like Fawkes can be used to very subtly, slightly change the structure of faces within photos in a way that is imperceptible by humans, but will prevent facial recognition systems from being able to recognize a given face.
|
**Implement Image Cloaking** | Advanced | Tools like Fawkes can be used to very subtly, slightly change the structure of faces within photos in a way that is imperceptible by humans, but will prevent facial recognition systems from being able to recognize a given face.
|
||||||
**Consider Spoofing GPS in home vicinity** | Advanced | Even if you yourself never use social media, there is always going to be others who are not as careful, and could reveal your location.
|
**Consider Spoofing GPS in home vicinity** | Advanced | Even if you yourself never use social media, there is always going to be others who are not as careful, and could reveal your location.
|
||||||
|
|
@ -229,10 +229,10 @@ This section covers how you connect your devices to the internet securely, inclu
|
||||||
|
|
||||||
**Security** | **Priority** | **Details and Hints**
|
**Security** | **Priority** | **Details and Hints**
|
||||||
--- | --- | ---
|
--- | --- | ---
|
||||||
**Use a VPN** | Recommended | Use a reputable, paid-for VPN. This can help protect sites you visit from logging your real IP, reduce the amount of data your ISP can collect, and increase protection on public WiFi.
|
**Use a VPN** | Essential | Use a reputable, paid-for VPN. This can help protect sites you visit from logging your real IP, reduce the amount of data your ISP can collect, and increase protection on public WiFi.
|
||||||
**Change your Router Password** | Recommended | After getting a new router, change the password. Default router passwords are publicly available, meaning anyone within proximity would be able to connect.
|
**Change your Router Password** | Essential | After getting a new router, change the password. Default router passwords are publicly available, meaning anyone within proximity would be able to connect.
|
||||||
**Use WPA2, and a strong password** | Recommended | There are different authentication protocols for connecting to WiFi. Currently, the most secure options are WPA2 and WPA3 (on newer routers).
|
**Use WPA2, and a strong password** | Essential | There are different authentication protocols for connecting to WiFi. Currently, the most secure options are WPA2 and WPA3 (on newer routers).
|
||||||
**Keep router firmware up-to-date** | Recommended | Manufacturers release firmware updates that fix security vulnerabilities, implement new standards, and sometimes add features or improve the performance of your router.
|
**Keep router firmware up-to-date** | Essential | Manufacturers release firmware updates that fix security vulnerabilities, implement new standards, and sometimes add features or improve the performance of your router.
|
||||||
**Implement a Network-Wide VPN** | Optional | If you configure your VPN on your router, firewall, or home server, then traffic from all devices will be encrypted and routed through it, without needing individual VPN apps.
|
**Implement a Network-Wide VPN** | Optional | If you configure your VPN on your router, firewall, or home server, then traffic from all devices will be encrypted and routed through it, without needing individual VPN apps.
|
||||||
**Protect against DNS leaks** | Optional | When using a VPN, it is extremely important to exclusively use the DNS server of your VPN provider or secure service.
|
**Protect against DNS leaks** | Optional | When using a VPN, it is extremely important to exclusively use the DNS server of your VPN provider or secure service.
|
||||||
**Use a secure VPN Protocol** | Optional | OpenVPN and WireGuard are open source, lightweight, and secure tunneling protocols. Avoid using PPTP or SSTP.
|
**Use a secure VPN Protocol** | Optional | OpenVPN and WireGuard are open source, lightweight, and secure tunneling protocols. Avoid using PPTP or SSTP.
|
||||||
|
|
@ -277,13 +277,13 @@ More of us are concerned about how [governments use collect and use our smart ph
|
||||||
|
|
||||||
**Security** | **Priority** | **Details and Hints**
|
**Security** | **Priority** | **Details and Hints**
|
||||||
--- | --- | ---
|
--- | --- | ---
|
||||||
**Encrypt your Device** | Recommended | In order to keep your data safe from physical access, use file encryption. This will mean if your device is lost or stolen, no one will have access to your data.
|
**Encrypt your Device** | Essential | In order to keep your data safe from physical access, use file encryption. This will mean if your device is lost or stolen, no one will have access to your data.
|
||||||
**Turn off connectivity features that aren’t being used** | Recommended | When you're not using WiFi, Bluetooth, NFC etc, turn those features off. There are several common threats that utilise these features.
|
**Turn off connectivity features that aren’t being used** | Essential | When you're not using WiFi, Bluetooth, NFC etc, turn those features off. There are several common threats that utilise these features.
|
||||||
**Keep app count to a minimum** | Recommended | Uninstall apps that you don’t need or use regularly. As apps often run in the background, slowing your device down, but also collecting data.
|
**Keep app count to a minimum** | Essential | Uninstall apps that you don’t need or use regularly. As apps often run in the background, slowing your device down, but also collecting data.
|
||||||
**App Permissions** | Recommended | Don’t grant apps permissions that they don’t need. For Android, Bouncer is an app that allows you to grant temporary/ 1-off permissions.
|
**App Permissions** | Essential | Don’t grant apps permissions that they don’t need. For Android, Bouncer is an app that allows you to grant temporary/ 1-off permissions.
|
||||||
**Only install Apps from official source** | Recommended | Applications on Apple App Store and Google Play Store are scanned and cryptographically signed, making them less likely to be malicious.
|
**Only install Apps from official source** | Essential | Applications on Apple App Store and Google Play Store are scanned and cryptographically signed, making them less likely to be malicious.
|
||||||
**Be Careful of Phone Charging Threats** | Optional | Juice Jacking is when hackers use public charging stations to install malware on your smartphone or tablet through a compromised USB port.
|
**Be Careful of Phone Charging Threats** | Optional | Juice Jacking is when hackers use public charging stations to install malware on your smartphone or tablet through a compromised USB port.
|
||||||
**Set up a mobile carrier PIN** | Recommended | SIM hijacking is when a hacker is able to get your mobile number transferred to their sim. The easiest way to protect against this is to set up a PIN through your mobile provider.
|
**Set up a mobile carrier PIN** | Essential | SIM hijacking is when a hacker is able to get your mobile number transferred to their sim. The easiest way to protect against this is to set up a PIN through your mobile provider.
|
||||||
**Opt-out of Caller ID Listings** | Optional | To keep your details private, you can unlist your number from caller ID apps like TrueCaller, CallApp, SyncMe, and Hiya.
|
**Opt-out of Caller ID Listings** | Optional | To keep your details private, you can unlist your number from caller ID apps like TrueCaller, CallApp, SyncMe, and Hiya.
|
||||||
**Use Offline Maps** | Optional | Consider using an offline maps app, such as OsmAnd or Organic Maps, to reduce data leaks from map apps.
|
**Use Offline Maps** | Optional | Consider using an offline maps app, such as OsmAnd or Organic Maps, to reduce data leaks from map apps.
|
||||||
**Opt-out of personalized ads** | Optional | You can slightly reduce the amount of data collected by opting-out of seeing personalized ads.
|
**Opt-out of personalized ads** | Optional | You can slightly reduce the amount of data collected by opting-out of seeing personalized ads.
|
||||||
|
|
@ -314,17 +314,17 @@ Although Windows and OS X are easy to use and convenient, they both are far from
|
||||||
|
|
||||||
**Security** | **Priority** | **Details and Hints**
|
**Security** | **Priority** | **Details and Hints**
|
||||||
--- | --- | ---
|
--- | --- | ---
|
||||||
**Keep your System up-to-date** | Recommended | System updates contain fixes/patches for security issues, improve performance, and sometimes add new features. Install new updates when prompted.
|
**Keep your System up-to-date** | Essential | System updates contain fixes/patches for security issues, improve performance, and sometimes add new features. Install new updates when prompted.
|
||||||
**Encrypt your Device** | Recommended | Use BitLocker for Windows, FileVault on MacOS, or LUKS on Linux, to enable full disk encryption. This prevents unauthorized access if your computer is lost or stolen.
|
**Encrypt your Device** | Essential | Use BitLocker for Windows, FileVault on MacOS, or LUKS on Linux, to enable full disk encryption. This prevents unauthorized access if your computer is lost or stolen.
|
||||||
**Backup Important Data** | Recommended | Maintaining encrypted backups prevents loss due to ransomware, theft, or damage. Consider using Cryptomator for cloud files or VeraCrypt for USB drives.
|
**Backup Important Data** | Essential | Maintaining encrypted backups prevents loss due to ransomware, theft, or damage. Consider using Cryptomator for cloud files or VeraCrypt for USB drives.
|
||||||
**Be Careful Plugging USB Devices into your Computer** | Recommended | USB devices can pose serious threats. Consider making a USB sanitizer with CIRCLean to safely check USB devices.
|
**Be Careful Plugging USB Devices into your Computer** | Essential | USB devices can pose serious threats. Consider making a USB sanitizer with CIRCLean to safely check USB devices.
|
||||||
**Activate Screen-Lock when Idle** | Recommended | Lock your computer when away and set it to require a password on resume from screensaver or sleep to prevent unauthorized access.
|
**Activate Screen-Lock when Idle** | Essential | Lock your computer when away and set it to require a password on resume from screensaver or sleep to prevent unauthorized access.
|
||||||
**Disable Cortana or Siri** | Recommended | Voice-controlled assistants can have privacy implications due to data sent back for processing. Disable or limit their listening capabilities.
|
**Disable Cortana or Siri** | Essential | Voice-controlled assistants can have privacy implications due to data sent back for processing. Disable or limit their listening capabilities.
|
||||||
**Review your Installed Apps** | Recommended | Keep installed applications to a minimum to reduce exposure to vulnerabilities and regularly clear application caches.
|
**Review your Installed Apps** | Essential | Keep installed applications to a minimum to reduce exposure to vulnerabilities and regularly clear application caches.
|
||||||
**Manage Permissions** | Recommended | Control which apps have access to your location, camera, microphone, contacts, and other sensitive information.
|
**Manage Permissions** | Essential | Control which apps have access to your location, camera, microphone, contacts, and other sensitive information.
|
||||||
**Disallow Usage Data from being sent to the Cloud** | Recommended | Limit the amount of usage information or feedback sent to the cloud to protect your privacy.
|
**Disallow Usage Data from being sent to the Cloud** | Essential | Limit the amount of usage information or feedback sent to the cloud to protect your privacy.
|
||||||
**Avoid Quick Unlock** | Recommended | Use a strong password instead of biometrics or short PINs for unlocking your computer to enhance security.
|
**Avoid Quick Unlock** | Essential | Use a strong password instead of biometrics or short PINs for unlocking your computer to enhance security.
|
||||||
**Power Off Computer, instead of Standby** | Recommended | Shut down your device when not in use, especially if your disk is encrypted, to keep data secure.
|
**Power Off Computer, instead of Standby** | Essential | Shut down your device when not in use, especially if your disk is encrypted, to keep data secure.
|
||||||
**Don't link your PC with your Microsoft or Apple Account** | Optional | Use a local account only to prevent data syncing and exposure. Avoid using sync services that compromise privacy.
|
**Don't link your PC with your Microsoft or Apple Account** | Optional | Use a local account only to prevent data syncing and exposure. Avoid using sync services that compromise privacy.
|
||||||
**Check which Sharing Services are Enabled** | Optional | Disable network sharing features you are not using to close gateways to common threats.
|
**Check which Sharing Services are Enabled** | Optional | Disable network sharing features you are not using to close gateways to common threats.
|
||||||
**Don't use Root/Admin Account for Non-Admin Tasks** | Optional | Use an unprivileged user account for daily tasks and only elevate permissions for administrative changes to mitigate vulnerabilities.
|
**Don't use Root/Admin Account for Non-Admin Tasks** | Optional | Use an unprivileged user account for daily tasks and only elevate permissions for administrative changes to mitigate vulnerabilities.
|
||||||
|
|
@ -368,13 +368,13 @@ The most privacy-respecting option, would be to not use "smart" internet-connect
|
||||||
|
|
||||||
**Security** | **Priority** | **Details and Hints**
|
**Security** | **Priority** | **Details and Hints**
|
||||||
--- | --- | ---
|
--- | --- | ---
|
||||||
**Rename devices to not specify brand/model** | Recommended | Change default device names to something generic to prevent targeted attacks by obscuring brand or model information.
|
**Rename devices to not specify brand/model** | Essential | Change default device names to something generic to prevent targeted attacks by obscuring brand or model information.
|
||||||
**Disable microphone and camera when not in use** | Recommended | Use hardware switches to turn off microphones and cameras on smart devices to protect against accidental recordings or targeted access.
|
**Disable microphone and camera when not in use** | Essential | Use hardware switches to turn off microphones and cameras on smart devices to protect against accidental recordings or targeted access.
|
||||||
**Understand what data is collected, stored and transmitted** | Recommended | Research and ensure comfort with the data handling practices of smart home devices before purchase, avoiding devices that share data with third parties.
|
**Understand what data is collected, stored and transmitted** | Essential | Research and ensure comfort with the data handling practices of smart home devices before purchase, avoiding devices that share data with third parties.
|
||||||
**Set privacy settings, and opt out of sharing data with third parties** | Recommended | Adjust app settings for strictest privacy controls and opt-out of data sharing with third parties wherever possible.
|
**Set privacy settings, and opt out of sharing data with third parties** | Essential | Adjust app settings for strictest privacy controls and opt-out of data sharing with third parties wherever possible.
|
||||||
**Don't link your smart home devices to your real identity** | Recommended | Use anonymous usernames and passwords, avoiding sign-up/log-in via social media or other third-party services to maintain privacy.
|
**Don't link your smart home devices to your real identity** | Essential | Use anonymous usernames and passwords, avoiding sign-up/log-in via social media or other third-party services to maintain privacy.
|
||||||
**Keep firmware up-to-date** | Recommended | Regularly update smart device firmware to apply security patches and enhancements.
|
**Keep firmware up-to-date** | Essential | Regularly update smart device firmware to apply security patches and enhancements.
|
||||||
**Protect your Network** | Recommended | Secure your home WiFi and network to prevent unauthorized access to smart devices.
|
**Protect your Network** | Essential | Secure your home WiFi and network to prevent unauthorized access to smart devices.
|
||||||
**Be wary of wearables** | Optional | Consider the extensive data collection capabilities of wearable devices and their implications for privacy.
|
**Be wary of wearables** | Optional | Consider the extensive data collection capabilities of wearable devices and their implications for privacy.
|
||||||
**Don't connect your home's critical infrastructure to the Internet** | Optional | Evaluate the risks of internet-connected thermostats, alarms, and detectors due to potential remote access by hackers.
|
**Don't connect your home's critical infrastructure to the Internet** | Optional | Evaluate the risks of internet-connected thermostats, alarms, and detectors due to potential remote access by hackers.
|
||||||
**Mitigate Alexa/ Google Home Risks** | Optional | Consider privacy-focused alternatives like Mycroft or use Project Alias to prevent idle listening by voice-activated assistants.
|
**Mitigate Alexa/ Google Home Risks** | Optional | Consider privacy-focused alternatives like Mycroft or use Project Alias to prevent idle listening by voice-activated assistants.
|
||||||
|
|
@ -394,8 +394,8 @@ Note about credit cards: Credit cards have technological methods in place to det
|
||||||
|
|
||||||
**Security** | **Priority** | **Details and Hints**
|
**Security** | **Priority** | **Details and Hints**
|
||||||
--- | --- | ---
|
--- | --- | ---
|
||||||
**Sign up for Fraud Alerts and Credit Monitoring** | Recommended | Enable fraud alerts and credit monitoring through Experian, TransUnion, or Equifax to be alerted of suspicious activity.
|
**Sign up for Fraud Alerts and Credit Monitoring** | Essential | Enable fraud alerts and credit monitoring through Experian, TransUnion, or Equifax to be alerted of suspicious activity.
|
||||||
**Apply a Credit Freeze** | Recommended | Prevent unauthorized credit inquiries by freezing your credit through Experian, TransUnion, and Equifax.
|
**Apply a Credit Freeze** | Essential | Prevent unauthorized credit inquiries by freezing your credit through Experian, TransUnion, and Equifax.
|
||||||
**Use Virtual Cards** | Optional | Utilize virtual card numbers for online transactions to protect your real banking details. Services like Privacy.com and MySudo offer such features.
|
**Use Virtual Cards** | Optional | Utilize virtual card numbers for online transactions to protect your real banking details. Services like Privacy.com and MySudo offer such features.
|
||||||
**Use Cash for Local Transactions** | Optional | Pay with cash for local and everyday purchases to avoid financial profiling by institutions.
|
**Use Cash for Local Transactions** | Optional | Pay with cash for local and everyday purchases to avoid financial profiling by institutions.
|
||||||
**Use Cryptocurrency for Online Transactions** | Optional | Opt for privacy-focused cryptocurrencies like Monero for online transactions to maintain anonymity. Use cryptocurrencies wisely to ensure privacy.
|
**Use Cryptocurrency for Online Transactions** | Optional | Opt for privacy-focused cryptocurrencies like Monero for online transactions to maintain anonymity. Use cryptocurrencies wisely to ensure privacy.
|
||||||
|
|
@ -420,17 +420,17 @@ Many data breaches, hacks and attacks are caused by human error. The following l
|
||||||
|
|
||||||
**Security** | **Priority** | **Details and Hints**
|
**Security** | **Priority** | **Details and Hints**
|
||||||
--- | --- | ---
|
--- | --- | ---
|
||||||
**Verify Recipients** | Recommended | Emails can be easily spoofed. Verify the sender's authenticity, especially for sensitive actions, and prefer entering URLs manually rather than clicking links in emails.
|
**Verify Recipients** | Essential | Emails can be easily spoofed. Verify the sender's authenticity, especially for sensitive actions, and prefer entering URLs manually rather than clicking links in emails.
|
||||||
**Don't Trust Your Popup Notifications** | Recommended | Fake pop-ups can be deployed by malicious actors. Always check the URL before entering any information on a popup.
|
**Don't Trust Your Popup Notifications** | Essential | Fake pop-ups can be deployed by malicious actors. Always check the URL before entering any information on a popup.
|
||||||
**Never Leave Device Unattended** | Recommended | Unattended devices can be compromised even with strong passwords. Use encryption and remote erase features like Find My Phone for lost devices.
|
**Never Leave Device Unattended** | Essential | Unattended devices can be compromised even with strong passwords. Use encryption and remote erase features like Find My Phone for lost devices.
|
||||||
**Prevent Camfecting** | Recommended | Protect against camfecting by using webcam covers and microphone blockers. Mute home assistants when not in use or discussing sensitive matters.
|
**Prevent Camfecting** | Essential | Protect against camfecting by using webcam covers and microphone blockers. Mute home assistants when not in use or discussing sensitive matters.
|
||||||
**Stay protected from shoulder surfers** | Recommended | Use privacy screens on laptops and mobiles to prevent others from reading your screen in public spaces.
|
**Stay protected from shoulder surfers** | Essential | Use privacy screens on laptops and mobiles to prevent others from reading your screen in public spaces.
|
||||||
**Educate yourself about phishing attacks** | Recommended | Be cautious of phishing attempts. Verify URLs, context of received messages, and employ good security practices like using 2FA and not reusing passwords.
|
**Educate yourself about phishing attacks** | Essential | Be cautious of phishing attempts. Verify URLs, context of received messages, and employ good security practices like using 2FA and not reusing passwords.
|
||||||
**Watch out for Stalkerware** | Recommended | Be aware of stalkerware installed by acquaintances for spying. Look out for signs like unusual battery usage and perform factory resets if suspected.
|
**Watch out for Stalkerware** | Essential | Be aware of stalkerware installed by acquaintances for spying. Look out for signs like unusual battery usage and perform factory resets if suspected.
|
||||||
**Install Reputable Software from Trusted Sources** | Recommended | Only download software from legitimate sources and check files with tools like Virus Total before installation.
|
**Install Reputable Software from Trusted Sources** | Essential | Only download software from legitimate sources and check files with tools like Virus Total before installation.
|
||||||
**Store personal data securely** | Recommended | Ensure all personal data on devices or in the cloud is encrypted to protect against unauthorized access.
|
**Store personal data securely** | Essential | Ensure all personal data on devices or in the cloud is encrypted to protect against unauthorized access.
|
||||||
**Obscure Personal Details from Documents** | Recommended | When sharing documents, obscure personal details with opaque rectangles to prevent information leakage.
|
**Obscure Personal Details from Documents** | Essential | When sharing documents, obscure personal details with opaque rectangles to prevent information leakage.
|
||||||
**Do not assume a site is secure, just because it is `HTTPS`** | Recommended | HTTPS does not guarantee a website's legitimacy. Verify URLs and exercise caution with personal data.
|
**Do not assume a site is secure, just because it is `HTTPS`** | Essential | HTTPS does not guarantee a website's legitimacy. Verify URLs and exercise caution with personal data.
|
||||||
**Use Virtual Cards when paying online** | Optional | Use virtual cards for online payments to protect your banking details and limit transaction risks.
|
**Use Virtual Cards when paying online** | Optional | Use virtual cards for online payments to protect your banking details and limit transaction risks.
|
||||||
**Review application permissions** | Optional | Regularly review and manage app permissions to ensure no unnecessary access to sensitive device features.
|
**Review application permissions** | Optional | Regularly review and manage app permissions to ensure no unnecessary access to sensitive device features.
|
||||||
**Opt-out of public lists** | Optional | Remove yourself from public databases and marketing lists to reduce unwanted contacts and potential risks.
|
**Opt-out of public lists** | Optional | Remove yourself from public databases and marketing lists to reduce unwanted contacts and potential risks.
|
||||||
|
|
@ -452,16 +452,16 @@ Strong authentication, encrypted devices, patched software and anonymous web bro
|
||||||
|
|
||||||
**Security** | **Priority** | **Details and Hints**
|
**Security** | **Priority** | **Details and Hints**
|
||||||
--- | --- | ---
|
--- | --- | ---
|
||||||
**Destroy Sensitive Documents** | Recommended | Shred or redact sensitive documents before disposal to protect against identity theft and maintain confidentiality.
|
**Destroy Sensitive Documents** | Essential | Shred or redact sensitive documents before disposal to protect against identity theft and maintain confidentiality.
|
||||||
**Opt-Out of Public Records** | Recommended | Contact people search websites to opt-out from listings that show personal information, using guides like Michael Bazzell's Personal Data Removal Workbook.
|
**Opt-Out of Public Records** | Essential | Contact people search websites to opt-out from listings that show personal information, using guides like Michael Bazzell's Personal Data Removal Workbook.
|
||||||
**Watermark Documents** | Recommended | Add a watermark with the recipient's name and date to digital copies of personal documents to trace the source of a breach.
|
**Watermark Documents** | Essential | Add a watermark with the recipient's name and date to digital copies of personal documents to trace the source of a breach.
|
||||||
**Don't Reveal Info on Inbound Calls** | Recommended | Only share personal data on calls you initiate and verify the recipient's phone number.
|
**Don't Reveal Info on Inbound Calls** | Essential | Only share personal data on calls you initiate and verify the recipient's phone number.
|
||||||
**Stay Alert** | Recommended | Be aware of your surroundings and assess potential risks in new environments.
|
**Stay Alert** | Essential | Be aware of your surroundings and assess potential risks in new environments.
|
||||||
**Secure Perimeter** | Recommended | Ensure physical security of locations storing personal info devices, minimizing external access and using intrusion detection systems.
|
**Secure Perimeter** | Essential | Ensure physical security of locations storing personal info devices, minimizing external access and using intrusion detection systems.
|
||||||
**Physically Secure Devices** | Recommended | Use physical security measures like Kensington locks, webcam covers, and privacy screens for devices.
|
**Physically Secure Devices** | Essential | Use physical security measures like Kensington locks, webcam covers, and privacy screens for devices.
|
||||||
**Keep Devices Out of Direct Sight** | Recommended | Prevent devices from being visible from outside to mitigate risks from lasers and theft.
|
**Keep Devices Out of Direct Sight** | Essential | Prevent devices from being visible from outside to mitigate risks from lasers and theft.
|
||||||
**Protect your PIN** | Recommended | Shield your PIN entry from onlookers and cameras, and clean touchscreens after use.
|
**Protect your PIN** | Essential | Shield your PIN entry from onlookers and cameras, and clean touchscreens after use.
|
||||||
**Check for Skimmers** | Recommended | Inspect ATMs and public devices for skimming devices and tampering signs before use.
|
**Check for Skimmers** | Essential | Inspect ATMs and public devices for skimming devices and tampering signs before use.
|
||||||
**Protect your Home Address** | Optional | Use alternative locations, forwarding addresses, and anonymous payment methods to protect your home address.
|
**Protect your Home Address** | Optional | Use alternative locations, forwarding addresses, and anonymous payment methods to protect your home address.
|
||||||
**Use a PIN, Not Biometrics** | Advanced | Prefer PINs over biometrics for device security in situations where legal coercion to unlock devices may occur.
|
**Use a PIN, Not Biometrics** | Advanced | Prefer PINs over biometrics for device security in situations where legal coercion to unlock devices may occur.
|
||||||
**Reduce exposure to CCTV** | Advanced | Wear disguises and choose routes with fewer cameras to avoid surveillance.
|
**Reduce exposure to CCTV** | Advanced | Wear disguises and choose routes with fewer cameras to avoid surveillance.
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"properties": {
|
"properties": {
|
||||||
"point": { "type": "string" },
|
"point": { "type": "string" },
|
||||||
"priority": { "type": "string", "enum": ["recommended", "optional", "advanced"] },
|
"priority": { "type": "string", "enum": ["essential", "optional", "advanced"] },
|
||||||
"details": { "type": "string" }
|
"details": { "type": "string" }
|
||||||
},
|
},
|
||||||
"required": ["point", "priority", "details"]
|
"required": ["point", "priority", "details"]
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@
|
||||||
2-factor authentication, keep on top of breaches and take care while logging into your accounts.
|
2-factor authentication, keep on top of breaches and take care while logging into your accounts.
|
||||||
checklist:
|
checklist:
|
||||||
- point: Use a Strong Password
|
- point: Use a Strong Password
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
If your password is too short, or contains dictionary words, places or names- then it can be easily
|
If your password is too short, or contains dictionary words, places or names- then it can be easily
|
||||||
cracked through brute force, or guessed by someone. The easiest way to make a strong password, is by
|
cracked through brute force, or guessed by someone. The easiest way to make a strong password, is by
|
||||||
|
|
@ -21,7 +21,7 @@
|
||||||
[securityinabox.org](https://securityinabox.org/en/passwords/passwords-and-2fa/)
|
[securityinabox.org](https://securityinabox.org/en/passwords/passwords-and-2fa/)
|
||||||
|
|
||||||
- point: Don't reuse Passwords
|
- point: Don't reuse Passwords
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
If someone was to reuse a password, and one site they had an account with suffered a leak, then a
|
If someone was to reuse a password, and one site they had an account with suffered a leak, then a
|
||||||
criminal could easily gain unauthorized access to their other accounts. This is usually done through
|
criminal could easily gain unauthorized access to their other accounts. This is usually done through
|
||||||
|
|
@ -29,7 +29,7 @@
|
||||||
too common, but it's simple to protect against- use a different password for each of your online accounts
|
too common, but it's simple to protect against- use a different password for each of your online accounts
|
||||||
|
|
||||||
- point: Use a Secure Password Manager
|
- point: Use a Secure Password Manager
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
For most people it is going to be near-impossible to remember hundreds of strong and unique passwords.
|
For most people it is going to be near-impossible to remember hundreds of strong and unique passwords.
|
||||||
A password manager is an application that generates, stores and auto-fills your login credentials for you.
|
A password manager is an application that generates, stores and auto-fills your login credentials for you.
|
||||||
|
|
@ -39,7 +39,7 @@
|
||||||
[Recommended Password Managers](https://github.com/Lissy93/awesome-privacy#password-managers)
|
[Recommended Password Managers](https://github.com/Lissy93/awesome-privacy#password-managers)
|
||||||
|
|
||||||
- point: Avoid sharing passwords
|
- point: Avoid sharing passwords
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
While there may be times that you need to share access to an account with another person, you should
|
While there may be times that you need to share access to an account with another person, you should
|
||||||
generally avoid doing this because it makes it easier for the account to become compromised. If you
|
generally avoid doing this because it makes it easier for the account to become compromised. If you
|
||||||
|
|
@ -47,7 +47,7 @@
|
||||||
should be done via features built into a password manager.
|
should be done via features built into a password manager.
|
||||||
|
|
||||||
- point: Enable 2-Factor Authentication
|
- point: Enable 2-Factor Authentication
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
2FA is where you must provide both something you know (a password) and something you have (such as a
|
2FA is where you must provide both something you know (a password) and something you have (such as a
|
||||||
code on your phone) to log in. This means that if anyone has got your password (e.g. through phishing,
|
code on your phone) to log in. This means that if anyone has got your password (e.g. through phishing,
|
||||||
|
|
@ -58,7 +58,7 @@
|
||||||
(it works without internet, and the code usually changes every 30-seconds)
|
(it works without internet, and the code usually changes every 30-seconds)
|
||||||
|
|
||||||
- point: Keep Backup Codes Safe
|
- point: Keep Backup Codes Safe
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
When you enable multi-factor authentication, you will usually be given several codes that you can use if
|
When you enable multi-factor authentication, you will usually be given several codes that you can use if
|
||||||
your 2FA method is lost, broken or unavailable. Keep these codes somewhere safe to prevent loss or
|
your 2FA method is lost, broken or unavailable. Keep these codes somewhere safe to prevent loss or
|
||||||
|
|
@ -229,7 +229,7 @@
|
||||||
minimise online tracking and improve privacy.
|
minimise online tracking and improve privacy.
|
||||||
checklist:
|
checklist:
|
||||||
- point: Block Ads
|
- point: Block Ads
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Using an ad-blocker can help improve your privacy, by blocking the trackers that ads implement.
|
Using an ad-blocker can help improve your privacy, by blocking the trackers that ads implement.
|
||||||
[uBlock Origin](https://github.com/gorhill/uBlock) is a very efficient and open source browser addon,
|
[uBlock Origin](https://github.com/gorhill/uBlock) is a very efficient and open source browser addon,
|
||||||
|
|
@ -261,7 +261,7 @@
|
||||||
and [how to remove browser malware](https://heimdalsecurity.com/blog/malware-removal).
|
and [how to remove browser malware](https://heimdalsecurity.com/blog/malware-removal).
|
||||||
|
|
||||||
- point: Use a Privacy-Respecting Browser
|
- point: Use a Privacy-Respecting Browser
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
[Firefox](https://www.mozilla.org/en-US/firefox/new) (with a few tweaks) and [Brave](https://brave.com)
|
[Firefox](https://www.mozilla.org/en-US/firefox/new) (with a few tweaks) and [Brave](https://brave.com)
|
||||||
are secure, private-respecting browsers. Both are fast, open source, user-friendly and available on all
|
are secure, private-respecting browsers. Both are fast, open source, user-friendly and available on all
|
||||||
|
|
@ -272,7 +272,7 @@
|
||||||
user.js configs. See more: [Privacy Browsers](https://github.com/Lissy93/awesome-privacy#browsers).
|
user.js configs. See more: [Privacy Browsers](https://github.com/Lissy93/awesome-privacy#browsers).
|
||||||
|
|
||||||
- point: Use a Private Search Engine
|
- point: Use a Private Search Engine
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Using a privacy-preserving, non-tracking search engine, will reduce risk that your search terms are not
|
Using a privacy-preserving, non-tracking search engine, will reduce risk that your search terms are not
|
||||||
logged, or used against you. Consider [DuckDuckGo](https://duckduckgo.com), [Qwant](https://www.qwant.com),
|
logged, or used against you. Consider [DuckDuckGo](https://duckduckgo.com), [Qwant](https://www.qwant.com),
|
||||||
|
|
@ -283,7 +283,7 @@
|
||||||
to a privacy-respecting search engine.
|
to a privacy-respecting search engine.
|
||||||
|
|
||||||
- point: Remove Unnecessary Browser Addons
|
- point: Remove Unnecessary Browser Addons
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Extensions are able to see, log or modify anything you do in the browser, and some innocent looking
|
Extensions are able to see, log or modify anything you do in the browser, and some innocent looking
|
||||||
browser apps, have malicious intentions. Websites can see which extensions you have installed, and may
|
browser apps, have malicious intentions. Websites can see which extensions you have installed, and may
|
||||||
|
|
@ -292,7 +292,7 @@
|
||||||
Check the reviews. Only install extensions you really need, and removed those which you haven't used in a while.
|
Check the reviews. Only install extensions you really need, and removed those which you haven't used in a while.
|
||||||
|
|
||||||
- point: Keep Browser Up-to-date
|
- point: Keep Browser Up-to-date
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Browser vulnerabilities are constantly being [discovered](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=browser)
|
Browser vulnerabilities are constantly being [discovered](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=browser)
|
||||||
and patched, so it’s important to keep it up to date, to avoid a zero-day exploit. You can [see which browser
|
and patched, so it’s important to keep it up to date, to avoid a zero-day exploit. You can [see which browser
|
||||||
|
|
@ -300,7 +300,7 @@
|
||||||
for instructions on how to update. Some browsers will auto-update to the latest stable version.
|
for instructions on how to update. Some browsers will auto-update to the latest stable version.
|
||||||
|
|
||||||
- point: Check for HTTPS
|
- point: Check for HTTPS
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
If you enter information on a non-HTTPS website, this data is transported unencrypted and can therefore
|
If you enter information on a non-HTTPS website, this data is transported unencrypted and can therefore
|
||||||
be read by anyone who intercepts it. Do not enter any data on a non-HTTPS website, but also do not let
|
be read by anyone who intercepts it. Do not enter any data on a non-HTTPS website, but also do not let
|
||||||
|
|
@ -312,7 +312,7 @@
|
||||||
for Firefox, Chrome, Edge and Safari browsers on how to enable their HTTPS secure protections.
|
for Firefox, Chrome, Edge and Safari browsers on how to enable their HTTPS secure protections.
|
||||||
|
|
||||||
- point: Use DNS-over-HTTPS
|
- point: Use DNS-over-HTTPS
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Traditional DNS makes requests in plain text for everyone to see. It allows for eavesdropping and
|
Traditional DNS makes requests in plain text for everyone to see. It allows for eavesdropping and
|
||||||
manipulation of DNS data through man-in-the-middle attacks. Whereas DNS-over-HTTPS performs DNS
|
manipulation of DNS data through man-in-the-middle attacks. Whereas DNS-over-HTTPS performs DNS
|
||||||
|
|
@ -321,7 +321,7 @@
|
||||||
Note that DoH comes with its own issues, mostly preventing web filtering.
|
Note that DoH comes with its own issues, mostly preventing web filtering.
|
||||||
|
|
||||||
- point: Multi-Session Containers
|
- point: Multi-Session Containers
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Compartmentalisation is really important to keep different aspects of your browsing separate. For
|
Compartmentalisation is really important to keep different aspects of your browsing separate. For
|
||||||
example, using different profiles for work, general browsing, social media, online shopping etc
|
example, using different profiles for work, general browsing, social media, online shopping etc
|
||||||
|
|
@ -330,35 +330,35 @@
|
||||||
use different browsers for different tasks (Brave, Firefox, Tor etc).
|
use different browsers for different tasks (Brave, Firefox, Tor etc).
|
||||||
|
|
||||||
- point: Use Incognito
|
- point: Use Incognito
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
When using someone else's machine, ensure that you're in a private/ incognito session. This will
|
When using someone else's machine, ensure that you're in a private/ incognito session. This will
|
||||||
prevent browser history, cookies and some data being saved, but is not fool-proof- you can still
|
prevent browser history, cookies and some data being saved, but is not fool-proof- you can still
|
||||||
be tracked.
|
be tracked.
|
||||||
|
|
||||||
- point: Understand Your Browser Fingerprint
|
- point: Understand Your Browser Fingerprint
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Browser Fingerprinting is an incredibly accurate method of tracking, where a website identifies you
|
Browser Fingerprinting is an incredibly accurate method of tracking, where a website identifies you
|
||||||
based on your device information. You can view your fingerprint at amiunique.org- The aim is to be
|
based on your device information. You can view your fingerprint at amiunique.org- The aim is to be
|
||||||
as un-unique as possible.
|
as un-unique as possible.
|
||||||
|
|
||||||
- point: Manage Cookies
|
- point: Manage Cookies
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Clearing cookies regularly is one step you can take to help reduce websites from tracking you.
|
Clearing cookies regularly is one step you can take to help reduce websites from tracking you.
|
||||||
Cookies may also store your session token, which if captured, would allow someone to access your
|
Cookies may also store your session token, which if captured, would allow someone to access your
|
||||||
accounts without credentials. To mitigate this you should clear cookies often.
|
accounts without credentials. To mitigate this you should clear cookies often.
|
||||||
|
|
||||||
- point: Block Third-Party Cookies
|
- point: Block Third-Party Cookies
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Third-party cookies placed on your device by a website other than the one you’re visiting. This
|
Third-party cookies placed on your device by a website other than the one you’re visiting. This
|
||||||
poses a privacy risk, as a 3rd entity can collect data from your current session. This guide explains
|
poses a privacy risk, as a 3rd entity can collect data from your current session. This guide explains
|
||||||
how you can disable 3rd-party cookies, and you can check here ensure this worked.
|
how you can disable 3rd-party cookies, and you can check here ensure this worked.
|
||||||
|
|
||||||
- point: Block Third-Party Trackers
|
- point: Block Third-Party Trackers
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Blocking trackers will help to stop websites, advertisers, analytics and more from tracking you in
|
Blocking trackers will help to stop websites, advertisers, analytics and more from tracking you in
|
||||||
the background. Privacy Badger, DuckDuckGo Privacy Essentials, uBlock Origin and uMatrix (advanced)
|
the background. Privacy Badger, DuckDuckGo Privacy Essentials, uBlock Origin and uMatrix (advanced)
|
||||||
|
|
@ -555,26 +555,26 @@
|
||||||
|
|
||||||
checklist:
|
checklist:
|
||||||
- point: Have more than one email address
|
- point: Have more than one email address
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Consider using a different email address for security-critical communications from trivial mail such
|
Consider using a different email address for security-critical communications from trivial mail such
|
||||||
as newsletters. This compartmentalization could reduce the amount of damage caused by a data breach,
|
as newsletters. This compartmentalization could reduce the amount of damage caused by a data breach,
|
||||||
and also make it easier to recover a compromised account.
|
and also make it easier to recover a compromised account.
|
||||||
|
|
||||||
- point: Keep Email Address Private
|
- point: Keep Email Address Private
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Do not share your primary email publicly, as mail addresses are often the starting point for most
|
Do not share your primary email publicly, as mail addresses are often the starting point for most
|
||||||
phishing attacks.
|
phishing attacks.
|
||||||
|
|
||||||
- point: Keep your Account Secure
|
- point: Keep your Account Secure
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Use a long and unique password, enable 2FA and be careful while logging in. Your email account
|
Use a long and unique password, enable 2FA and be careful while logging in. Your email account
|
||||||
provides an easy entry point to all your other online accounts for an attacker.
|
provides an easy entry point to all your other online accounts for an attacker.
|
||||||
|
|
||||||
- point: Disable Automatic Loading of Remote Content
|
- point: Disable Automatic Loading of Remote Content
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Email messages can contain remote content such as images or stylesheets, often automatically loaded
|
Email messages can contain remote content such as images or stylesheets, often automatically loaded
|
||||||
from the server. You should disable this, as it exposes your IP address and device information, and
|
from the server. You should disable this, as it exposes your IP address and device information, and
|
||||||
|
|
@ -709,7 +709,7 @@
|
||||||
intro: ''
|
intro: ''
|
||||||
checklist:
|
checklist:
|
||||||
- point: Only Use Fully End-to-End Encrypted Messengers
|
- point: Only Use Fully End-to-End Encrypted Messengers
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
End-to-end encryption is a system of communication where messages are encrypted on your device and
|
End-to-end encryption is a system of communication where messages are encrypted on your device and
|
||||||
not decrypted until they reach the intended recipient. This ensures that any actor who intercepts
|
not decrypted until they reach the intended recipient. This ensures that any actor who intercepts
|
||||||
|
|
@ -717,43 +717,43 @@
|
||||||
data is stored.
|
data is stored.
|
||||||
|
|
||||||
- point: Use only Open Source Messaging Platforms
|
- point: Use only Open Source Messaging Platforms
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
If code is open source then it can be independently examined and audited by anyone qualified to do
|
If code is open source then it can be independently examined and audited by anyone qualified to do
|
||||||
so, to ensure that there are no backdoors, vulnerabilities, or other security issues.
|
so, to ensure that there are no backdoors, vulnerabilities, or other security issues.
|
||||||
|
|
||||||
- point: Use a "Trustworthy" Messaging Platform
|
- point: Use a "Trustworthy" Messaging Platform
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
When selecting an encrypted messaging app, ensure it's fully open source, stable, actively maintained,
|
When selecting an encrypted messaging app, ensure it's fully open source, stable, actively maintained,
|
||||||
and ideally backed by reputable developers.
|
and ideally backed by reputable developers.
|
||||||
|
|
||||||
- point: Check Security Settings
|
- point: Check Security Settings
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Enable security settings, including contact verification, security notifications, and encryption.
|
Enable security settings, including contact verification, security notifications, and encryption.
|
||||||
Disable optional non-security features such as read receipt, last online, and typing notification.
|
Disable optional non-security features such as read receipt, last online, and typing notification.
|
||||||
|
|
||||||
- point: Ensure your Recipients Environment is Secure
|
- point: Ensure your Recipients Environment is Secure
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Your conversation can only be as secure as the weakest link. Often the easiest way to infiltrate a
|
Your conversation can only be as secure as the weakest link. Often the easiest way to infiltrate a
|
||||||
communications channel is to target the individual or node with the least protection.
|
communications channel is to target the individual or node with the least protection.
|
||||||
|
|
||||||
- point: Disable Cloud Services
|
- point: Disable Cloud Services
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Some mobile messaging apps offer a web or desktop companion. This not only increases attack surface but
|
Some mobile messaging apps offer a web or desktop companion. This not only increases attack surface but
|
||||||
it has been linked to several critical security issues, and should therefore be avoided, if possible.
|
it has been linked to several critical security issues, and should therefore be avoided, if possible.
|
||||||
|
|
||||||
- point: Secure Group Chats
|
- point: Secure Group Chats
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
The risk of compromise rises exponentially, the more participants are in a group, as the attack surface
|
The risk of compromise rises exponentially, the more participants are in a group, as the attack surface
|
||||||
increases. Periodically check that all participants are legitimate.
|
increases. Periodically check that all participants are legitimate.
|
||||||
|
|
||||||
- point: Create a Safe Environment for Communication
|
- point: Create a Safe Environment for Communication
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
There are several stages where your digital communications could be monitored or intercepted. This includes:
|
There are several stages where your digital communications could be monitored or intercepted. This includes:
|
||||||
your or your participants' device, your ISP, national gateway or government logging, the messaging provider,
|
your or your participants' device, your ISP, national gateway or government logging, the messaging provider,
|
||||||
|
|
@ -852,61 +852,61 @@
|
||||||
effectively public. If possible, avoid using conventional social media networks.
|
effectively public. If possible, avoid using conventional social media networks.
|
||||||
checklist:
|
checklist:
|
||||||
- point: Secure your Account
|
- point: Secure your Account
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Social media profiles get stolen or taken over all too often. To protect your account: use a unique
|
Social media profiles get stolen or taken over all too often. To protect your account: use a unique
|
||||||
and strong password, and enable 2-factor authentication.
|
and strong password, and enable 2-factor authentication.
|
||||||
|
|
||||||
- point: Check Privacy Settings
|
- point: Check Privacy Settings
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Most social networks allow you to control your privacy settings. Ensure that you are comfortable with
|
Most social networks allow you to control your privacy settings. Ensure that you are comfortable with
|
||||||
what data you are currently exposing and to whom.
|
what data you are currently exposing and to whom.
|
||||||
|
|
||||||
- point: Think of All Interactions as Public
|
- point: Think of All Interactions as Public
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
There are still numerous methods of viewing a users 'private' content across many social networks.
|
There are still numerous methods of viewing a users 'private' content across many social networks.
|
||||||
Therefore, before uploading, posting or commenting on anything, think "Would I mind if this was totally public?"
|
Therefore, before uploading, posting or commenting on anything, think "Would I mind if this was totally public?"
|
||||||
|
|
||||||
- point: Think of All Interactions as Permanent
|
- point: Think of All Interactions as Permanent
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Pretty much every post, comment, photo etc is being continuously backed up by a myriad of third-party
|
Pretty much every post, comment, photo etc is being continuously backed up by a myriad of third-party
|
||||||
services, who archive this data and make it indexable and publicly available almost forever.
|
services, who archive this data and make it indexable and publicly available almost forever.
|
||||||
|
|
||||||
- point: Don't Reveal too Much
|
- point: Don't Reveal too Much
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Profile information creates a goldmine of info for hackers, the kind of data that helps them personalize
|
Profile information creates a goldmine of info for hackers, the kind of data that helps them personalize
|
||||||
phishing scams. Avoid sharing too much detail (DoB, Hometown, School etc).
|
phishing scams. Avoid sharing too much detail (DoB, Hometown, School etc).
|
||||||
|
|
||||||
- point: Be Careful what you Upload
|
- point: Be Careful what you Upload
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Status updates, comments, check-ins and media can unintentionally reveal a lot more than you intended
|
Status updates, comments, check-ins and media can unintentionally reveal a lot more than you intended
|
||||||
them to. This is especially relevant to photos and videos, which may show things in the background.
|
them to. This is especially relevant to photos and videos, which may show things in the background.
|
||||||
|
|
||||||
- point: Don't Share Email or Phone Number
|
- point: Don't Share Email or Phone Number
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Posting your real email address or mobile number, gives hackers, trolls and spammers more munition to
|
Posting your real email address or mobile number, gives hackers, trolls and spammers more munition to
|
||||||
use against you, and can also allow separate aliases, profiles or data points to be connected.
|
use against you, and can also allow separate aliases, profiles or data points to be connected.
|
||||||
|
|
||||||
- point: Don't Grant Unnecessary Permissions
|
- point: Don't Grant Unnecessary Permissions
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
By default many of the popular social networking apps will ask for permission to access your contacts,
|
By default many of the popular social networking apps will ask for permission to access your contacts,
|
||||||
call log, location, messaging history etc. If they don’t need this access, don’t grant it.
|
call log, location, messaging history etc. If they don’t need this access, don’t grant it.
|
||||||
|
|
||||||
- point: Be Careful of 3rd-Party Integrations
|
- point: Be Careful of 3rd-Party Integrations
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Avoid signing up for accounts using a Social Network login, revoke access to social apps you no longer
|
Avoid signing up for accounts using a Social Network login, revoke access to social apps you no longer
|
||||||
use.
|
use.
|
||||||
|
|
||||||
- point: Avoid Publishing Geo Data while still Onsite
|
- point: Avoid Publishing Geo Data while still Onsite
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
If you plan to share any content that reveals a location, then wait until you have left that place.
|
If you plan to share any content that reveals a location, then wait until you have left that place.
|
||||||
This is particularly important when you are taking a trip, at a restaurant, campus, hotel/resort, public
|
This is particularly important when you are taking a trip, at a restaurant, campus, hotel/resort, public
|
||||||
|
|
@ -964,25 +964,25 @@
|
||||||
including configuring your router and setting up a VPN.
|
including configuring your router and setting up a VPN.
|
||||||
checklist:
|
checklist:
|
||||||
- point: Use a VPN
|
- point: Use a VPN
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Use a reputable, paid-for VPN. This can help protect sites you visit from logging your real IP, reduce
|
Use a reputable, paid-for VPN. This can help protect sites you visit from logging your real IP, reduce
|
||||||
the amount of data your ISP can collect, and increase protection on public WiFi.
|
the amount of data your ISP can collect, and increase protection on public WiFi.
|
||||||
|
|
||||||
- point: Change your Router Password
|
- point: Change your Router Password
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
After getting a new router, change the password. Default router passwords are publicly available,
|
After getting a new router, change the password. Default router passwords are publicly available,
|
||||||
meaning anyone within proximity would be able to connect.
|
meaning anyone within proximity would be able to connect.
|
||||||
|
|
||||||
- point: Use WPA2, and a strong password
|
- point: Use WPA2, and a strong password
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
There are different authentication protocols for connecting to WiFi. Currently, the most secure options
|
There are different authentication protocols for connecting to WiFi. Currently, the most secure options
|
||||||
are WPA2 and WPA3 (on newer routers).
|
are WPA2 and WPA3 (on newer routers).
|
||||||
|
|
||||||
- point: Keep router firmware up-to-date
|
- point: Keep router firmware up-to-date
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Manufacturers release firmware updates that fix security vulnerabilities, implement new standards, and
|
Manufacturers release firmware updates that fix security vulnerabilities, implement new standards, and
|
||||||
sometimes add features or improve the performance of your router.
|
sometimes add features or improve the performance of your router.
|
||||||
|
|
@ -1171,31 +1171,31 @@
|
||||||
And this doesn't include all of the internet traffic that intelligence agencies around the world have unhindered access to.
|
And this doesn't include all of the internet traffic that intelligence agencies around the world have unhindered access to.
|
||||||
checklist:
|
checklist:
|
||||||
- point: Encrypt your Device
|
- point: Encrypt your Device
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
In order to keep your data safe from physical access, use file encryption. This will mean if your
|
In order to keep your data safe from physical access, use file encryption. This will mean if your
|
||||||
device is lost or stolen, no one will have access to your data.
|
device is lost or stolen, no one will have access to your data.
|
||||||
|
|
||||||
- point: Turn off connectivity features that aren’t being used
|
- point: Turn off connectivity features that aren’t being used
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
When you're not using WiFi, Bluetooth, NFC etc, turn those features off. There are several common threats
|
When you're not using WiFi, Bluetooth, NFC etc, turn those features off. There are several common threats
|
||||||
that utilise these features.
|
that utilise these features.
|
||||||
|
|
||||||
- point: Keep app count to a minimum
|
- point: Keep app count to a minimum
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Uninstall apps that you don’t need or use regularly. As apps often run in the background, slowing your
|
Uninstall apps that you don’t need or use regularly. As apps often run in the background, slowing your
|
||||||
device down, but also collecting data.
|
device down, but also collecting data.
|
||||||
|
|
||||||
- point: App Permissions
|
- point: App Permissions
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Don’t grant apps permissions that they don’t need. For Android, Bouncer is an app that allows you to grant
|
Don’t grant apps permissions that they don’t need. For Android, Bouncer is an app that allows you to grant
|
||||||
temporary/ 1-off permissions.
|
temporary/ 1-off permissions.
|
||||||
|
|
||||||
- point: Only install Apps from official source
|
- point: Only install Apps from official source
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Applications on Apple App Store and Google Play Store are scanned and cryptographically signed, making them
|
Applications on Apple App Store and Google Play Store are scanned and cryptographically signed, making them
|
||||||
less likely to be malicious.
|
less likely to be malicious.
|
||||||
|
|
@ -1207,7 +1207,7 @@
|
||||||
through a compromised USB port.
|
through a compromised USB port.
|
||||||
|
|
||||||
- point: Set up a mobile carrier PIN
|
- point: Set up a mobile carrier PIN
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
SIM hijacking is when a hacker is able to get your mobile number transferred to their sim. The easiest way
|
SIM hijacking is when a hacker is able to get your mobile number transferred to their sim. The easiest way
|
||||||
to protect against this is to set up a PIN through your mobile provider.
|
to protect against this is to set up a PIN through your mobile provider.
|
||||||
|
|
@ -1319,66 +1319,66 @@
|
||||||
compromised can have detrimental effects.
|
compromised can have detrimental effects.
|
||||||
checklist:
|
checklist:
|
||||||
- point: Keep your System up-to-date
|
- point: Keep your System up-to-date
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
System updates contain fixes/patches for security issues, improve performance, and sometimes add new
|
System updates contain fixes/patches for security issues, improve performance, and sometimes add new
|
||||||
features. Install new updates when prompted.
|
features. Install new updates when prompted.
|
||||||
|
|
||||||
- point: Encrypt your Device
|
- point: Encrypt your Device
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Use BitLocker for Windows, FileVault on MacOS, or LUKS on Linux, to enable full disk encryption. This
|
Use BitLocker for Windows, FileVault on MacOS, or LUKS on Linux, to enable full disk encryption. This
|
||||||
prevents unauthorized access if your computer is lost or stolen.
|
prevents unauthorized access if your computer is lost or stolen.
|
||||||
|
|
||||||
- point: Backup Important Data
|
- point: Backup Important Data
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Maintaining encrypted backups prevents loss due to ransomware, theft, or damage. Consider using
|
Maintaining encrypted backups prevents loss due to ransomware, theft, or damage. Consider using
|
||||||
Cryptomator for cloud files or VeraCrypt for USB drives.
|
Cryptomator for cloud files or VeraCrypt for USB drives.
|
||||||
|
|
||||||
- point: Be Careful Plugging USB Devices into your Computer
|
- point: Be Careful Plugging USB Devices into your Computer
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
USB devices can pose serious threats. Consider making a USB sanitizer with CIRCLean to safely check USB
|
USB devices can pose serious threats. Consider making a USB sanitizer with CIRCLean to safely check USB
|
||||||
devices.
|
devices.
|
||||||
|
|
||||||
- point: Activate Screen-Lock when Idle
|
- point: Activate Screen-Lock when Idle
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Lock your computer when away and set it to require a password on resume from screensaver or sleep to
|
Lock your computer when away and set it to require a password on resume from screensaver or sleep to
|
||||||
prevent unauthorized access.
|
prevent unauthorized access.
|
||||||
|
|
||||||
- point: Disable Cortana or Siri
|
- point: Disable Cortana or Siri
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Voice-controlled assistants can have privacy implications due to data sent back for processing. Disable
|
Voice-controlled assistants can have privacy implications due to data sent back for processing. Disable
|
||||||
or limit their listening capabilities.
|
or limit their listening capabilities.
|
||||||
|
|
||||||
- point: Review your Installed Apps
|
- point: Review your Installed Apps
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Keep installed applications to a minimum to reduce exposure to vulnerabilities and regularly clear
|
Keep installed applications to a minimum to reduce exposure to vulnerabilities and regularly clear
|
||||||
application caches.
|
application caches.
|
||||||
|
|
||||||
- point: Manage Permissions
|
- point: Manage Permissions
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Control which apps have access to your location, camera, microphone, contacts, and other sensitive
|
Control which apps have access to your location, camera, microphone, contacts, and other sensitive
|
||||||
information.
|
information.
|
||||||
|
|
||||||
- point: Disallow Usage Data from being sent to the Cloud
|
- point: Disallow Usage Data from being sent to the Cloud
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Limit the amount of usage information or feedback sent to the cloud to protect your privacy.
|
Limit the amount of usage information or feedback sent to the cloud to protect your privacy.
|
||||||
|
|
||||||
- point: Avoid Quick Unlock
|
- point: Avoid Quick Unlock
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Use a strong password instead of biometrics or short PINs for unlocking your computer to enhance
|
Use a strong password instead of biometrics or short PINs for unlocking your computer to enhance
|
||||||
security.
|
security.
|
||||||
|
|
||||||
- point: Power Off Computer, instead of Standby
|
- point: Power Off Computer, instead of Standby
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Shut down your device when not in use, especially if your disk is encrypted, to keep data secure.
|
Shut down your device when not in use, especially if your disk is encrypted, to keep data secure.
|
||||||
|
|
||||||
|
|
@ -1567,37 +1567,37 @@
|
||||||
internet-connected home devices.
|
internet-connected home devices.
|
||||||
checklist:
|
checklist:
|
||||||
- point: Rename devices to not specify brand/model
|
- point: Rename devices to not specify brand/model
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Change default device names to something generic to prevent targeted attacks by obscuring brand or model information.
|
Change default device names to something generic to prevent targeted attacks by obscuring brand or model information.
|
||||||
|
|
||||||
- point: Disable microphone and camera when not in use
|
- point: Disable microphone and camera when not in use
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Use hardware switches to turn off microphones and cameras on smart devices to protect against accidental recordings or targeted access.
|
Use hardware switches to turn off microphones and cameras on smart devices to protect against accidental recordings or targeted access.
|
||||||
|
|
||||||
- point: Understand what data is collected, stored and transmitted
|
- point: Understand what data is collected, stored and transmitted
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Research and ensure comfort with the data handling practices of smart home devices before purchase, avoiding devices that share data with third parties.
|
Research and ensure comfort with the data handling practices of smart home devices before purchase, avoiding devices that share data with third parties.
|
||||||
|
|
||||||
- point: Set privacy settings, and opt out of sharing data with third parties
|
- point: Set privacy settings, and opt out of sharing data with third parties
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Adjust app settings for strictest privacy controls and opt-out of data sharing with third parties wherever possible.
|
Adjust app settings for strictest privacy controls and opt-out of data sharing with third parties wherever possible.
|
||||||
|
|
||||||
- point: Don't link your smart home devices to your real identity
|
- point: Don't link your smart home devices to your real identity
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Use anonymous usernames and passwords, avoiding sign-up/log-in via social media or other third-party services to maintain privacy.
|
Use anonymous usernames and passwords, avoiding sign-up/log-in via social media or other third-party services to maintain privacy.
|
||||||
|
|
||||||
- point: Keep firmware up-to-date
|
- point: Keep firmware up-to-date
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Regularly update smart device firmware to apply security patches and enhancements.
|
Regularly update smart device firmware to apply security patches and enhancements.
|
||||||
|
|
||||||
- point: Protect your Network
|
- point: Protect your Network
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Secure your home WiFi and network to prevent unauthorized access to smart devices.
|
Secure your home WiFi and network to prevent unauthorized access to smart devices.
|
||||||
|
|
||||||
|
|
@ -1657,12 +1657,12 @@
|
||||||
for security, but terrible for data privacy.
|
for security, but terrible for data privacy.
|
||||||
checklist:
|
checklist:
|
||||||
- point: Sign up for Fraud Alerts and Credit Monitoring
|
- point: Sign up for Fraud Alerts and Credit Monitoring
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Enable fraud alerts and credit monitoring through Experian, TransUnion, or Equifax to be alerted of suspicious activity.
|
Enable fraud alerts and credit monitoring through Experian, TransUnion, or Equifax to be alerted of suspicious activity.
|
||||||
|
|
||||||
- point: Apply a Credit Freeze
|
- point: Apply a Credit Freeze
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Prevent unauthorized credit inquiries by freezing your credit through Experian, TransUnion, and Equifax.
|
Prevent unauthorized credit inquiries by freezing your credit through Experian, TransUnion, and Equifax.
|
||||||
|
|
||||||
|
|
@ -1731,57 +1731,57 @@
|
||||||
|
|
||||||
checklist:
|
checklist:
|
||||||
- point: Verify Recipients
|
- point: Verify Recipients
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Emails can be easily spoofed. Verify the sender's authenticity, especially for sensitive actions, and prefer entering URLs manually rather than clicking links in emails.
|
Emails can be easily spoofed. Verify the sender's authenticity, especially for sensitive actions, and prefer entering URLs manually rather than clicking links in emails.
|
||||||
|
|
||||||
- point: Don't Trust Your Popup Notifications
|
- point: Don't Trust Your Popup Notifications
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Fake pop-ups can be deployed by malicious actors. Always check the URL before entering any information on a popup.
|
Fake pop-ups can be deployed by malicious actors. Always check the URL before entering any information on a popup.
|
||||||
|
|
||||||
- point: Never Leave Device Unattended
|
- point: Never Leave Device Unattended
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Unattended devices can be compromised even with strong passwords. Use encryption and remote erase features like Find My Phone for lost devices.
|
Unattended devices can be compromised even with strong passwords. Use encryption and remote erase features like Find My Phone for lost devices.
|
||||||
|
|
||||||
- point: Prevent Camfecting
|
- point: Prevent Camfecting
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Protect against camfecting by using webcam covers and microphone blockers. Mute home assistants when not in use or discussing sensitive matters.
|
Protect against camfecting by using webcam covers and microphone blockers. Mute home assistants when not in use or discussing sensitive matters.
|
||||||
|
|
||||||
- point: Stay protected from shoulder surfers
|
- point: Stay protected from shoulder surfers
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Use privacy screens on laptops and mobiles to prevent others from reading your screen in public spaces.
|
Use privacy screens on laptops and mobiles to prevent others from reading your screen in public spaces.
|
||||||
|
|
||||||
- point: Educate yourself about phishing attacks
|
- point: Educate yourself about phishing attacks
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Be cautious of phishing attempts. Verify URLs, context of received messages, and employ good security practices like using 2FA and not reusing passwords.
|
Be cautious of phishing attempts. Verify URLs, context of received messages, and employ good security practices like using 2FA and not reusing passwords.
|
||||||
|
|
||||||
- point: Watch out for Stalkerware
|
- point: Watch out for Stalkerware
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Be aware of stalkerware installed by acquaintances for spying. Look out for signs like unusual battery usage and perform factory resets if suspected.
|
Be aware of stalkerware installed by acquaintances for spying. Look out for signs like unusual battery usage and perform factory resets if suspected.
|
||||||
|
|
||||||
- point: Install Reputable Software from Trusted Sources
|
- point: Install Reputable Software from Trusted Sources
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Only download software from legitimate sources and check files with tools like Virus Total before installation.
|
Only download software from legitimate sources and check files with tools like Virus Total before installation.
|
||||||
|
|
||||||
- point: Store personal data securely
|
- point: Store personal data securely
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
Ensure all personal data on devices or in the cloud is encrypted to protect against unauthorized access.
|
Ensure all personal data on devices or in the cloud is encrypted to protect against unauthorized access.
|
||||||
|
|
||||||
- point: Obscure Personal Details from Documents
|
- point: Obscure Personal Details from Documents
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
When sharing documents, obscure personal details with opaque rectangles to prevent information leakage.
|
When sharing documents, obscure personal details with opaque rectangles to prevent information leakage.
|
||||||
|
|
||||||
- point: Do not assume a site is secure, just because it is `HTTPS`
|
- point: Do not assume a site is secure, just because it is `HTTPS`
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: >-
|
details: >-
|
||||||
HTTPS does not guarantee a website's legitimacy. Verify URLs and exercise caution with personal data.
|
HTTPS does not guarantee a website's legitimacy. Verify URLs and exercise caution with personal data.
|
||||||
|
|
||||||
|
|
@ -1864,43 +1864,43 @@
|
||||||
|
|
||||||
checklist:
|
checklist:
|
||||||
- point: Destroy Sensitive Documents
|
- point: Destroy Sensitive Documents
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: Shred or redact sensitive documents before disposal to protect against identity theft and maintain confidentiality.
|
details: Shred or redact sensitive documents before disposal to protect against identity theft and maintain confidentiality.
|
||||||
|
|
||||||
- point: Opt-Out of Public Records
|
- point: Opt-Out of Public Records
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: Contact people search websites to opt-out from listings that show personal information, using guides like Michael Bazzell's Personal Data Removal Workbook.
|
details: Contact people search websites to opt-out from listings that show personal information, using guides like Michael Bazzell's Personal Data Removal Workbook.
|
||||||
|
|
||||||
- point: Watermark Documents
|
- point: Watermark Documents
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: Add a watermark with the recipient's name and date to digital copies of personal documents to trace the source of a breach.
|
details: Add a watermark with the recipient's name and date to digital copies of personal documents to trace the source of a breach.
|
||||||
|
|
||||||
- point: Don't Reveal Info on Inbound Calls
|
- point: Don't Reveal Info on Inbound Calls
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: Only share personal data on calls you initiate and verify the recipient's phone number.
|
details: Only share personal data on calls you initiate and verify the recipient's phone number.
|
||||||
|
|
||||||
- point: Stay Alert
|
- point: Stay Alert
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: Be aware of your surroundings and assess potential risks in new environments.
|
details: Be aware of your surroundings and assess potential risks in new environments.
|
||||||
|
|
||||||
- point: Secure Perimeter
|
- point: Secure Perimeter
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: Ensure physical security of locations storing personal info devices, minimizing external access and using intrusion detection systems.
|
details: Ensure physical security of locations storing personal info devices, minimizing external access and using intrusion detection systems.
|
||||||
|
|
||||||
- point: Physically Secure Devices
|
- point: Physically Secure Devices
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: Use physical security measures like Kensington locks, webcam covers, and privacy screens for devices.
|
details: Use physical security measures like Kensington locks, webcam covers, and privacy screens for devices.
|
||||||
|
|
||||||
- point: Keep Devices Out of Direct Sight
|
- point: Keep Devices Out of Direct Sight
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: Prevent devices from being visible from outside to mitigate risks from lasers and theft.
|
details: Prevent devices from being visible from outside to mitigate risks from lasers and theft.
|
||||||
|
|
||||||
- point: Protect your PIN
|
- point: Protect your PIN
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: Shield your PIN entry from onlookers and cameras, and clean touchscreens after use.
|
details: Shield your PIN entry from onlookers and cameras, and clean touchscreens after use.
|
||||||
|
|
||||||
- point: Check for Skimmers
|
- point: Check for Skimmers
|
||||||
priority: Recommended
|
priority: Essential
|
||||||
details: Inspect ATMs and public devices for skimming devices and tampering signs before use.
|
details: Inspect ATMs and public devices for skimming devices and tampering signs before use.
|
||||||
|
|
||||||
- point: Protect your Home Address
|
- point: Protect your Home Address
|
||||||
|
|
|
||||||
|
|
@ -1,14 +1,16 @@
|
||||||
|
|
||||||
import { $, component$ } from "@builder.io/qwik";
|
import { $, component$, useContext } from "@builder.io/qwik";
|
||||||
import Icon from "~/components/core/icon";
|
import Icon from "~/components/core/icon";
|
||||||
import { data } from '~/mock-data';
|
|
||||||
import type { Section } from '~/types/PSC';
|
import type { Section } from '~/types/PSC';
|
||||||
import { useTheme } from '~/store/theme-store';
|
import { useTheme } from '~/store/theme-store';
|
||||||
import articles from '~/data/articles';
|
import articles from '~/data/articles';
|
||||||
|
import { ChecklistContext } from '~/store/checklist-context';
|
||||||
|
|
||||||
|
|
||||||
export default component$(() => {
|
export default component$(() => {
|
||||||
|
|
||||||
|
const data = useContext(ChecklistContext);
|
||||||
|
|
||||||
const { theme, setTheme } = useTheme();
|
const { theme, setTheme } = useTheme();
|
||||||
|
|
||||||
const themes = [
|
const themes = [
|
||||||
|
|
@ -50,7 +52,7 @@ export default component$(() => {
|
||||||
Checklists
|
Checklists
|
||||||
</summary>
|
</summary>
|
||||||
<ul class="p-2 bg-base-100 rounded-t-none z-10">
|
<ul class="p-2 bg-base-100 rounded-t-none z-10">
|
||||||
{data.map((item: Section, index: number) => (
|
{data.value.map((item: Section, index: number) => (
|
||||||
<li key={`checklist-nav-${index}`} class={`hover:bg-${item.color}-600 hover:bg-opacity-15`}>
|
<li key={`checklist-nav-${index}`} class={`hover:bg-${item.color}-600 hover:bg-opacity-15`}>
|
||||||
<a href={`/checklist/${item.slug}`}>
|
<a href={`/checklist/${item.slug}`}>
|
||||||
<Icon color={item.color} class="mr-2" icon={item.icon} width={16} height={16} />
|
<Icon color={item.color} class="mr-2" icon={item.icon} width={16} height={16} />
|
||||||
|
|
@ -106,7 +108,7 @@ export default component$(() => {
|
||||||
<li>
|
<li>
|
||||||
<a href="/checklist"><Icon class="mr-2" icon="all" width={16} height={16} />Checklists</a>
|
<a href="/checklist"><Icon class="mr-2" icon="all" width={16} height={16} />Checklists</a>
|
||||||
<ul>
|
<ul>
|
||||||
{data.map((item: Section, index: number) => (
|
{data.value.map((item: Section, index: number) => (
|
||||||
<li key={`checklist-side-${index}`} class={`hover:bg-${item.color}-600 hover:bg-opacity-15`}>
|
<li key={`checklist-side-${index}`} class={`hover:bg-${item.color}-600 hover:bg-opacity-15`}>
|
||||||
<a href={`/checklist/${item.slug}`}>
|
<a href={`/checklist/${item.slug}`}>
|
||||||
<Icon color={item.color} class="mr-2" icon={item.icon} width={16} height={16} />
|
<Icon color={item.color} class="mr-2" icon={item.icon} width={16} height={16} />
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,7 @@ export default component$((props: { section: Section }) => {
|
||||||
const originalFilters = {
|
const originalFilters = {
|
||||||
show: 'all', // 'all', 'remaining', 'completed'
|
show: 'all', // 'all', 'remaining', 'completed'
|
||||||
levels: {
|
levels: {
|
||||||
recommended: true,
|
essential: true,
|
||||||
optional: true,
|
optional: true,
|
||||||
advanced: true,
|
advanced: true,
|
||||||
},
|
},
|
||||||
|
|
@ -33,7 +33,7 @@ export default component$((props: { section: Section }) => {
|
||||||
|
|
||||||
const getBadgeClass = (priority: Priority, precedeClass: string = '') => {
|
const getBadgeClass = (priority: Priority, precedeClass: string = '') => {
|
||||||
switch (priority.toLocaleLowerCase()) {
|
switch (priority.toLocaleLowerCase()) {
|
||||||
case 'recommended':
|
case 'essential':
|
||||||
return `${precedeClass}success`;
|
return `${precedeClass}success`;
|
||||||
case 'optional':
|
case 'optional':
|
||||||
return `${precedeClass}warning`;
|
return `${precedeClass}warning`;
|
||||||
|
|
@ -87,7 +87,7 @@ export default component$((props: { section: Section }) => {
|
||||||
case 'advice':
|
case 'advice':
|
||||||
return item.point;
|
return item.point;
|
||||||
case 'level':
|
case 'level':
|
||||||
return ['recommended', 'optional', 'advanced'].indexOf(item.priority.toLowerCase());
|
return ['essential', 'optional', 'advanced'].indexOf(item.priority.toLowerCase());
|
||||||
default:
|
default:
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
@ -198,8 +198,8 @@ export default component$((props: { section: Section }) => {
|
||||||
<span class="text-sm">Basic</span>
|
<span class="text-sm">Basic</span>
|
||||||
<input
|
<input
|
||||||
type="checkbox"
|
type="checkbox"
|
||||||
checked={filterState.levels.recommended}
|
checked={filterState.levels.essential}
|
||||||
onChange$={() => (filterState.levels.recommended = !filterState.levels.recommended)}
|
onChange$={() => (filterState.levels.essential = !filterState.levels.essential)}
|
||||||
class="checkbox checkbox-sm checked:checkbox-success"
|
class="checkbox checkbox-sm checked:checkbox-success"
|
||||||
/>
|
/>
|
||||||
</label>
|
</label>
|
||||||
|
|
|
||||||
|
|
@ -151,7 +151,7 @@ export default component$(() => {
|
||||||
totalProgress.value = progress;
|
totalProgress.value = progress;
|
||||||
})
|
})
|
||||||
|
|
||||||
makeDataAndDrawChart('recommended', 'hsl(var(--su, 158 64% 52%))');
|
makeDataAndDrawChart('essential', 'hsl(var(--su, 158 64% 52%))');
|
||||||
makeDataAndDrawChart('optional', 'hsl(var(--wa, 43 96% 56%))');
|
makeDataAndDrawChart('optional', 'hsl(var(--wa, 43 96% 56%))');
|
||||||
makeDataAndDrawChart('advanced', 'hsl(var(--er, 0 91% 71%))');
|
makeDataAndDrawChart('advanced', 'hsl(var(--er, 0 91% 71%))');
|
||||||
}));
|
}));
|
||||||
|
|
@ -212,7 +212,7 @@ export default component$(() => {
|
||||||
return Promise.all([
|
return Promise.all([
|
||||||
buildDataForPriority('advanced', 'hsl(0 91% 71%/75%)'),
|
buildDataForPriority('advanced', 'hsl(0 91% 71%/75%)'),
|
||||||
buildDataForPriority('optional', 'hsl(43 96% 56%/75%)'),
|
buildDataForPriority('optional', 'hsl(43 96% 56%/75%)'),
|
||||||
buildDataForPriority('recommended', 'hsl(158 64% 52%/75%)'),
|
buildDataForPriority('essential', 'hsl(158 64% 52%/75%)'),
|
||||||
]).then(datasets => ({
|
]).then(datasets => ({
|
||||||
labels,
|
labels,
|
||||||
datasets,
|
datasets,
|
||||||
|
|
@ -274,7 +274,7 @@ export default component$(() => {
|
||||||
}));
|
}));
|
||||||
|
|
||||||
const items = [
|
const items = [
|
||||||
{ id: 'recommended-container', label: 'Essential' },
|
{ id: 'essential-container', label: 'Essential' },
|
||||||
{ id: 'optional-container', label: 'Optional' },
|
{ id: 'optional-container', label: 'Optional' },
|
||||||
{ id: 'advanced-container', label: 'Advanced' },
|
{ id: 'advanced-container', label: 'Advanced' },
|
||||||
];
|
];
|
||||||
|
|
|
||||||
|
|
@ -1,130 +0,0 @@
|
||||||
|
|
||||||
import type { Section } from './types/PSC';
|
|
||||||
|
|
||||||
export const data: Section[] = [
|
|
||||||
{
|
|
||||||
title: 'Authentication',
|
|
||||||
slug: 'authentication',
|
|
||||||
description: 'Securing your online account login credentials',
|
|
||||||
icon: 'password',
|
|
||||||
intro: 'Most reported data breaches are caused by the use of weak, default or stolen passwords (according to [this Verizon report](http://www.verizonenterprise.com/resources/reports/rp_dbir-2016-executive-summary_xg_en.pdf)).' +
|
|
||||||
'Use long, strong and unique passwords, manage them in a secure password manager, enable 2-factor authentication, keep on top of breaches and take care while logging into your accounts.',
|
|
||||||
checklist: [
|
|
||||||
{
|
|
||||||
point: 'Use a Strong Password',
|
|
||||||
priority: 'recommended',
|
|
||||||
details: `If your password is too short, or contains dictionary words, places or names- then it can be easily cracked through brute force, or guessed by someone. The easiest way to make a strong password, is by making it long (12+ characters)- consider using a 'passphrase', made up of many words. Alternatively, use a password generator to create a long, strong random password. Have a play with [HowSecureIsMyPassword.net](https://howsecureismypassword.net), to get an idea of how quickly common passwords can be cracked. Read more about creating strong passwords: [securityinabox.org](https://securityinabox.org/en/passwords/passwords-and-2fa/)`,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
point: 'Don\'t reuse Passwords',
|
|
||||||
priority: 'optional',
|
|
||||||
details: `If someone was to reuse a password, and one site they had an account with suffered a leak, then a criminal could easily gain unauthorized access to their other accounts. This is usually done through large-scale automated login requests, and it is called Credential Stuffing. Unfortunately this is all too common, but it's simple to protect against- use a different password for each of your online accounts`,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
point: 'Use a Secure Password Manager',
|
|
||||||
priority: 'advanced',
|
|
||||||
details: `For most people it is going to be near-impossible to remember hundreds of strong and unique passwords. A password manager is an application that generates, stores and auto-fills your login credentials for you. All your passwords will be encrypted against 1 master passwords (which you must remember, and it should be very strong). Most password managers have browser extensions and mobile apps, so whatever device you are on, your passwords can be auto-filled. A good all-rounder is [BitWarden](https://bitwarden.com), or see [Recommended Password Managers](https://github.com/Lissy93/awesome-privacy#password-managers)`,
|
|
||||||
},
|
|
||||||
],
|
|
||||||
color: 'yellow',
|
|
||||||
},
|
|
||||||
{
|
|
||||||
title: 'Web Browsing',
|
|
||||||
slug: 'web-browsing',
|
|
||||||
description: 'Avoiding tracking, censorship, and data collection online',
|
|
||||||
icon: 'browser',
|
|
||||||
intro: '',
|
|
||||||
checklist: [],
|
|
||||||
color: 'emerald',
|
|
||||||
},
|
|
||||||
{
|
|
||||||
title: 'Email',
|
|
||||||
slug: 'email',
|
|
||||||
description: 'Protecting the gateway to your online accounts',
|
|
||||||
icon: 'email',
|
|
||||||
intro: '',
|
|
||||||
checklist: [],
|
|
||||||
color: 'teal',
|
|
||||||
},
|
|
||||||
{
|
|
||||||
title: 'Messaging',
|
|
||||||
slug: 'messaging',
|
|
||||||
description: 'Keeping your communications private and secure',
|
|
||||||
icon: 'messaging',
|
|
||||||
intro: '',
|
|
||||||
checklist: [],
|
|
||||||
color: 'cyan',
|
|
||||||
},
|
|
||||||
{
|
|
||||||
title: 'Social Media',
|
|
||||||
slug: 'social-media',
|
|
||||||
description: 'Minimizing the risks associated with using online communities',
|
|
||||||
icon: 'social',
|
|
||||||
intro: '',
|
|
||||||
checklist: [],
|
|
||||||
color: 'blue',
|
|
||||||
},
|
|
||||||
{
|
|
||||||
title: 'Networks',
|
|
||||||
slug: 'networks',
|
|
||||||
description: 'Safeguarding your network traffic',
|
|
||||||
icon: 'network',
|
|
||||||
intro: '',
|
|
||||||
checklist: [],
|
|
||||||
color: 'violet',
|
|
||||||
},
|
|
||||||
{
|
|
||||||
title: 'Mobile Devices',
|
|
||||||
slug: 'mobile-devices',
|
|
||||||
description: 'Reduce invasive tracking for cells, smartphones and tablets',
|
|
||||||
icon: 'mobile',
|
|
||||||
intro: '',
|
|
||||||
checklist: [],
|
|
||||||
color: 'fuchsia',
|
|
||||||
},
|
|
||||||
{
|
|
||||||
title: 'Personal Computers',
|
|
||||||
slug: 'personal-computers',
|
|
||||||
description: 'Securing your PC\'s operating system, data & activity',
|
|
||||||
icon: 'computer',
|
|
||||||
intro: '',
|
|
||||||
checklist: [],
|
|
||||||
color: 'pink',
|
|
||||||
},
|
|
||||||
{
|
|
||||||
title: 'Smart Home',
|
|
||||||
slug: 'smart-home',
|
|
||||||
description: 'Using IoT devices without compromising your privacy',
|
|
||||||
icon: 'home',
|
|
||||||
intro: '',
|
|
||||||
checklist: [],
|
|
||||||
color: 'red',
|
|
||||||
},
|
|
||||||
{
|
|
||||||
title: 'Personal Finance',
|
|
||||||
slug: 'personal-finance',
|
|
||||||
description: 'Protecting your funds, financial accounts and transactions',
|
|
||||||
icon: 'finance',
|
|
||||||
intro: '',
|
|
||||||
checklist: [],
|
|
||||||
color: 'purple',
|
|
||||||
},
|
|
||||||
{
|
|
||||||
title: 'Human Aspect',
|
|
||||||
slug: 'human-aspect',
|
|
||||||
description: 'Avoiding social engineering security risks',
|
|
||||||
icon: 'human',
|
|
||||||
intro: '',
|
|
||||||
checklist: [],
|
|
||||||
color: 'indigo',
|
|
||||||
},
|
|
||||||
{
|
|
||||||
title: 'Physical Security',
|
|
||||||
slug: 'physical-security',
|
|
||||||
description: 'Taking measures to prevent IRL security incidents',
|
|
||||||
icon: 'physical',
|
|
||||||
intro: '',
|
|
||||||
checklist: [],
|
|
||||||
color: 'lime',
|
|
||||||
},
|
|
||||||
];
|
|
||||||
|
|
@ -18,7 +18,7 @@ export interface Section {
|
||||||
furtherResources?: Link[],
|
furtherResources?: Link[],
|
||||||
}
|
}
|
||||||
|
|
||||||
export type Priority = 'recommended' | 'optional' | 'advanced';
|
export type Priority = 'essential' | 'optional' | 'advanced';
|
||||||
|
|
||||||
export interface Checklist {
|
export interface Checklist {
|
||||||
point: string,
|
point: string,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue