mirror of
https://github.com/Lissy93/personal-security-checklist.git
synced 2024-12-18 04:04:36 -05:00
165 lines
13 KiB
Markdown
165 lines
13 KiB
Markdown
|
||
## Contributors 🙌
|
||
|
||
Thanks goes to these wonderful people
|
||
|
||
<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
|
||
<!-- prettier-ignore-start -->
|
||
<!-- markdownlint-disable -->
|
||
<table>
|
||
<tr>
|
||
<td align="center"><a href="https://gitlab.com/W1nst0n"><img src="https://avatars3.githubusercontent.com/u/55300518?v=4" width="90px;" alt=""/><br /><sub><b>0x192</b></sub></a><br /><a href="#security-0x192" title="Security">🛡️</a></td>
|
||
<td align="center"><a href="https://keybase.io/pipboy96"><img src="https://avatars1.githubusercontent.com/u/46632672?v=4" width="90px;" alt=""/><br /><sub><b>pipboy96</b></sub></a><br /><a href="#security-pipboy96" title="Security">🛡️</a></td>
|
||
<td align="center"><a href="https://aliciasykes.com"><img src="https://avatars1.githubusercontent.com/u/1862727?v=4" width="90px;" alt=""/><br /><sub><b>Alicia Sykes</b></sub></a><br /><a href="#security-Lissy93" title="Security">🛡️</a></td>
|
||
<td align="center"><a href="https://twitter.com/mwleeds"><img src="https://avatars2.githubusercontent.com/u/7833263?v=4" width="90px;" alt=""/><br /><sub><b>Matthew Leeds</b></sub></a><br /><a href="#security-mwleeds" title="Security">🛡️</a></td>
|
||
<td align="center"><a href="http://jaiminpandya.com"><img src="https://avatars0.githubusercontent.com/u/20967911?v=4" width="90px;" alt=""/><br /><sub><b>Jaimin Pandya</b></sub></a><br /><a href="#security-pndyjack" title="Security">🛡️</a></td>
|
||
<td align="center"><a href="https://twitter.com/ilesinge"><img src="https://avatars3.githubusercontent.com/u/501674?v=4" width="90px;" alt=""/><br /><sub><b>Alexandre G.-Raymond</b></sub></a><br /><a href="#security-ilesinge" title="Security">🛡️</a></td>
|
||
<td align="center"><a href="https://github.com/guestx86"><img src="https://avatars2.githubusercontent.com/u/56132403?v=4" width="90px;" alt=""/><br /><sub><b>guestx86</b></sub></a><br /><a href="#security-guestx86" title="Security">🛡️</a></td>
|
||
</tr>
|
||
<tr>
|
||
<td align="center"><a href="https://www.baturin.org"><img src="https://avatars0.githubusercontent.com/u/482212?v=4" width="90px;" alt=""/><br /><sub><b>Daniil Baturin</b></sub></a><br /><a href="#security-dmbaturin" title="Security">🛡️</a></td>
|
||
<td align="center"><a href="https://transitiontech.ca"><img src="https://avatars2.githubusercontent.com/u/1264398?v=4" width="90px;" alt=""/><br /><sub><b>ansuz</b></sub></a><br /><a href="#security-ansuz" title="Security">🛡️</a></td>
|
||
<td align="center"><a href="https://github.com/8264"><img src="https://avatars0.githubusercontent.com/u/23311938?v=4" width="90px;" alt=""/><br /><sub><b>8264</b></sub></a><br /><a href="#security-8264" title="Security">🛡️</a></td>
|
||
<td align="center"><a href="https://github.com/101lols"><img src="https://avatars1.githubusercontent.com/u/29000894?v=4" width="90px;" alt=""/><br /><sub><b>101lols</b></sub></a><br /><a href="#security-101lols" title="Security">🛡️</a></td>
|
||
</tr>
|
||
</table>
|
||
|
||
<!-- markdownlint-enable -->
|
||
<!-- prettier-ignore-end -->
|
||
<!-- ALL-CONTRIBUTORS-LIST:END -->
|
||
|
||
<!-- To add yourself to the table, copy the row above and replace with your details. Max 7 <td> (columns) per <tr> (row). -->
|
||
|
||
|
||
*This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification.*
|
||
|
||
[Contributions](/CONTRIBUTING.md) of any kind welcome!
|
||
|
||
Special Thanks to [Stefan Keim](https://github.com/indus) and [Matt (IPv4) Cowley](https://github.com/MattIPv4) from [JS.org](https://js.org), for providing the domain used for our GitHub Page ([security-list.js.org](https://security-list.js.org)).
|
||
|
||
And of course, and huge thank you to the awesome developers behind the projects listed in the [Privacy-Respecting Software list](/5_Privacy_Respecting_Software.md). The effort, time and love they've put into each one of those applications is immediately apparent, they've done an amazing job 💞
|
||
|
||
|
||
## References 📝
|
||
|
||
|
||
<blockquote>
|
||
"2019 Data Breach Investigations Report - EMEA", Verizon Enterprise Solutions, 2020. [Online]. Available: https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report-emea.pdf. [Accessed: 25- Apr- 2020]
|
||
|
||
"Web Browser Privacy: What Do Browsers Say When They Phone Home?", Feb 2020. [Online].
|
||
Available: https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf. [Accessed: 27- Apr- 2020]
|
||
|
||
"Comments on the Competition and Markets Authority’s interim report on online platforms and digital advertising", Privacyinternational.org, Jan 2020. [Online].
|
||
Available: https://privacyinternational.org/sites/default/files/2020-04/20.02.12_CMA_PI_Comments_Interim_Report_FINAL.pdf. [Accessed: 02- May- 2020]
|
||
|
||
"Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design", 1998. [Online].
|
||
Available: https://dl.packetstormsecurity.net/cracked/des/cracking-des.htm. [Accessed: 25- Apr- 2020]
|
||
|
||
"Digital Identity Guidelines", 2020. [Online].
|
||
Available: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-3.pdf. [Accessed: 25- Apr- 2020]
|
||
|
||
"DNS Security - Getting it Right", Open Rights Group, 2020. [Online].
|
||
Available: https://www.openrightsgroup.org/about/reports/dns-security-getting-it-right. [Accessed: 25- Apr- 2020]
|
||
|
||
"DNS-over-HTTPS performance | SamKnows", Samknows.com, 2020. [Online].
|
||
Available: https://www.samknows.com/blog/dns-over-https-performance. [Accessed: 25- Apr- 2020]
|
||
|
||
J. Eckenrode and S. Friedman, "The state of cybersecurity at financial institutions", 2018. [Online].
|
||
Available: https://www2.deloitte.com/us/en/insights/industry/financial-services/state-of-cybersecurity-at-financial-institutions.html. [Accessed: 25- Apr- 2020]
|
||
|
||
E. Foundation, "Cracking DES", Shop.oreilly.com, 1998. [Online].
|
||
Available: http://shop.oreilly.com/product/9781565925205.do. [Accessed: 25- Apr- 2020]
|
||
|
||
"Google data collection, research and findings", Digital Content Next, 2020. [Online].
|
||
Available: https://digitalcontentnext.org/blog/2018/08/21/google-data-collection-research/. [Accessed: 25- Apr- 2020]
|
||
|
||
S. Lekies, B. Stock, M. Wentzel and M. Johns, "The Unexpected Dangers of Dynamic JavaScript", UseNix & SAP, 2020. [Online]. Available: https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-lekies.pdf. [Accessed: 25- Apr- 2020]
|
||
|
||
"Privacy concerns with social networking services", 2020. [Online]. Available: https://en.wikipedia.org/wiki/Privacy_concerns_with_social_networking_services. [Accessed: 25- Apr- 2020]
|
||
|
||
D. Tian, G. Hernandez, J. Choi, V. Frost, C. Ruales, P. Traynor, H. Vijayakumar, L. Harrison, A. Rahmati, M. Grace and K. Butler, "Vulnerability Analysis of AT Commands Within the Android Ecosystem", Cise.ufl.edu, 2020. [Online].
|
||
Available: https://www.cise.ufl.edu/~butler/pubs/usenix18-atcmd.pdf. [Accessed: 25- Apr- 2020]
|
||
|
||
S. Topuzov, "Phone hacking through SS7 is frighteningly easy and effective", Blog.securegroup.com, 2020. [Online].
|
||
Available: https://blog.securegroup.com/phone-hacking-through-ss7-is-frighteningly-easy-and-effective. [Accessed: 25- Apr- 2020]
|
||
|
||
J. Heidemann, Y. Pradkin, R. Govindan, C. Papadopoulos and J. Bannister, "Exploring Visible Internet Hosts through Census and Survey", Isi.edu, 2020. [Online].
|
||
Available: https://www.isi.edu/~johnh/PAPERS/Heidemann07c.pdf. [Accessed: 10- May- 2020]
|
||
|
||
Michalevsky, Y., Boneh, D. and Nakibly, G., 2014. Recognizing Speech From Gyroscope Signals. [online] Usenix.org. Available at: <https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-michalevsky.pdf> [Accessed 26 May 2020].
|
||
|
||
Favaretto, M., Clercq, E. and Simone Elger, B., 2019. Big Data And Discrimination: Perils, Promises And Solutions. A Systematic Review. [online] springeropen. Available at: <https://journalofbigdata.springeropen.com/articles/10.1186/s40537-019-0177-4> [Accessed 26 May 2020].
|
||
|
||
Web Browser Privacy: What Do Browsers Say When They Phone Home?, n.d. https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf.
|
||
|
||
A Comprehensive Evaluation of Third-Party Cookie Policies, n.d. https://wholeftopenthecookiejar.com/static/tpc-paper.pdf.
|
||
|
||
A Study of Scripts Accessing Smartphone Sensors, n.d. https://sensor-js.xyz/webs-sixth-sense-ccs18.pdf.
|
||
|
||
Acar, Abbas, Wenyi Liu, Raheem Beyah, Kemal Akkaya, and Arif Selcuk Uluagac. “A Privacy‐Preserving Multifactor Authentication System.” Security and
|
||
Privacy 2, no. 6 (2019). https://doi.org/10.1002/spy2.94.
|
||
|
||
Afzal, Waseem. “Rethinking Information Privacy-Security: Does It Really Matter?” Proceedings of the American Society for Information Science and
|
||
Technology 50, no. 1 (2013): 1–10. https://doi.org/10.1002/meet.14505001095.
|
||
|
||
Battery Status Not Included, Assessing Privacy in Web Standards, n.d. https://www.cs.princeton.edu/~arvindn/publications/battery-status-case-study.pdf.
|
||
Christl, Wolfie. Corporate Surveillance in Everyday Life, How Companies Collect, Combine, Analyze, Trade, and Use Personal Data on Billions, n.d.
|
||
https://crackedlabs.org/dl/CrackedLabs_Christl_CorporateSurveillance.pdf.
|
||
|
||
Das, Anupam, Gunes Acar, Nikita Borisov, and Amogh Pradeep. “The Webs Sixth Sense.” Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018. https://doi.org/10.1145/3243734.3243860.
|
||
|
||
Englehardt, Steven, Dillon Reisman, Christian Eubank, Peter Zimmerman, Jonathan Mayer, Arvind Narayanan, and Edward W. Felten. “Cookies That Give You Away.” Proceedings of the 24th International Conference on World Wide Web - WWW 15, 2015. https://doi.org/10.1145/2736277.2741679.
|
||
|
||
Englehardt, Steven, Jeffrey Han, and Arvind Narayanan. “I Never Signed up for This! Privacy Implications of Email Tracking.” Proceedings on Privacy Enhancing Technologies 2018, no. 1 (January 2018): 109–26. https://doi.org/10.1515/popets-2018-0006.
|
||
|
||
Ferra, Fenia, Isabel Wagner, Eerke Boiten, Lee Hadlington, Ismini Psychoula, and Richard Snape. “Challenges in Assessing Privacy Impact: Tales from the Front Lines.” Security and Privacy 3, no. 2 (2019). https://doi.org/10.1002/spy2.101.
|
||
|
||
hmathur, arunes. Characterizing the Use of Browser-Based Blocking Extensions To Prevent Online Tracking, n.d. http://aruneshmathur.co.in/files/publications/SOUPS18_Tracking.pdf.
|
||
|
||
Lebeck, Kiron, Kimberly Ruth, Tadayoshi Kohno, and Franziska Roesner. “Towards Security and Privacy for Multi-User Augmented Reality: Foundations with End Users.” 2018 IEEE Symposium on Security and Privacy (SP), 2018. https://doi.org/10.1109/sp.2018.00051.
|
||
|
||
Location Tracking using Mobile Device Power Analysis, n.d. https://www.scribd.com/doc/256304846/PowerSpy-Location-Tracking-using-Mobile-Device-Power-Analysis.
|
||
|
||
Online Tracking, A 1-million-site Measurement and Analysis, n.d. https://www.cs.princeton.edu/~arvindn/publications/OpenWPM_1_million_site_tracking_measurement.pdf.
|
||
|
||
Pixel Perfect, Fingerprinting Canvas in HTML5, n.d. https://hovav.net/ucsd/dist/canvas.pdf.
|
||
|
||
Recognizing Speech From Gyroscope Signals, n.d. https://crypto.stanford.edu/gyrophone/.
|
||
|
||
Roesner, Franziska. Detecting and Defending Against Third-Party Tracking on the Web, n.d. http://www.franziroesner.com/pdf/webtracking-NSDI2012.pdf.
|
||
|
||
Schneider, Christian. Cross-Site WebSocket Hijacking, n.d. http://www.christian-schneider.net/CrossSiteWebSocketHijacking.html.
|
||
|
||
Seb, Crypto. Crypto Paper: Privacy, Security, and Anonymity For Every Internet User, n.d. https://github.com/cryptoseb/cryptopaper.
|
||
|
||
Shining the Floodlights on Mobile Web Tracking — A Privacy Survey, n.d. https://pdfs.semanticscholar.org/80bb/5c9119ff4fc2374103b4f3d6a8f614b3c2ed.pdf.
|
||
|
||
Su, Jessica, Ansh Shukla, Sharad Goel, and Arvind Narayanan. “De-Anonymizing Web Browsing Data with Social Networks.” Proceedings of the 26th International Conference on World Wide Web, March 2017. https://doi.org/10.1145/3038912.3052714.
|
||
|
||
The Surveillance Implications of Web Tracking, n.d. https://senglehardt.com/papers/www15_cookie_surveil.pdf.
|
||
|
||
Trackers Vs Firefox, Comparing different blocking utilities, n.d. https://github.com/jawz101/TrackersVsFirefox.
|
||
|
||
Understanding Facebook Connect login permissions, n.d. http://jbonneau.com/doc/RB14-fb_permissions.pdf.
|
||
|
||
Vines, Paul, Franziska Roesner, and Tadayoshi Kohno. “Exploring ADINT.” Proceedings of the 2017 on Workshop on Privacy in the Electronic Society - WPES 17, 2017. https://doi.org/10.1145/3139550.3139567.
|
||
|
||
Yelp, Luca Wu. Is Google degrading search? Consumer Harm from Universal Search, n.d. https://www.law.berkeley.edu/wp-content/uploads/2015/04/Luca-Wu-Yelp-Is-Google-Degrading-Search-2015.pdf.
|
||
|
||
</blockquote>
|
||
|
||
**Above References apply to the Content in the Following Files**:<br>
|
||
[TLDR](/2_TLDR_Short_List.md) | [Intro](/0_Why_It_Matters.md) | [The Personal Security Checklist](/README.md) | [Privacy-Respecting Software](/5_Privacy_Respecting_Software.md) | [Security Hardware](/6_Privacy_and-Security_Gadgets.md) | [Further Links](/4_Privacy_And_Security_Links.md)
|
||
|
||
## Stars 🌟
|
||
|
||
[![Stargazers over time](https://starchart.cc/Lissy93/personal-security-checklist.svg)](https://star-history.t9t.io/#Lissy93/personal-security-checklist)
|
||
|
||
Thank you [@caarlos0](https://github.com/caarlos0) for the above [Star Chart](https://github.com/caarlos0/starcharts) ☺️
|
||
|
||
|
||
---
|
||
|
||
Licensed under [Creative Commons, CC BY 4.0](/LICENSE.md), © [Alicia Sykes](https://aliciasykes.com) 2020
|
||
|