personal-security-checklist/4_Privacy_And_Security_Links.md

Awesome Privacy & Securty

A curated list of notable guides, articles, tools and media - relating to digital security, internet freedom and online privacy

See also: Personal Security Checklist | Privacy-Respecting Software | Security Gadgets | Why Privacy Matters | TLDR🔐

• Information and Guides
  • How-To Guides
  • Articles
  • Blogs
• Media
  • Books
  • Podcasts
  • Videos
• Security Tools & Services
  • Online Tools
  • Privacy-Respecting Software, moved to here
  • Security Hardware, moved to here
• Research
  • Data and API's
  • Academic
• Organisations
  • Foundations
  • Government Organisations
• More Lists
  • Mega Guides
  • Other GitHub Security Lists

How-To Guides

• Threat Protection
  • Protect against SIM-swap scam: via wired
  • How to spot a phishing attack: via EFF
  • Protection from Identity Theft: via Restore Privacy
  • Harden your MacOS Security: via @drduh on GitHub
  • Protecting from key-stroke-logging, with KeyScrambler: via TechRepublic
  • Permanently and Securely Delete ‘Files and Directories’ in Linux: via TechMint
• Netowkring
  • How to enable DNS over HTTPS: via geekwire
  • How to resolve DNS leak issue: via DNSLeakTest
  • Protect against WebRTC Leaks: via Restore Privacy
  • ISP and DNS privacy tips: via bluz71
  • Complete guide to configureing Firefox for Privacy + Speed: via 12bytes
  • Beginners guide on getting started with Tor: via ProPrivacy
  • Beginners guide to I2P: via The Tin Hat
  • How to Use a VPN and Tor together: via ProPrivacy
• Communication
  • Email Self-Defense, Configure your mail client securly, from scratch - via FSF.org
  • How to avoid Phishing Attacks: via EFF
  • How to use PGP: Via EFF - Windows, MacOS and Linux
• Devices
  • How to Enable Encryption on your Devices: via SpreadPrivacy.com
  • How to Delete your Data Securely: Via EFF - Windows, MacOS and Linux
  • Layers of Personal Tech Security: via The Wire Cutter
  • Improving security on iPhone: via lifehacker
  • Guide to scrubbing Windows OSs from forensic investigation: by u/moschles, via Reddit
  • A curated list of Windows Domain Hardening techniques: by @PaulSec, via: GitHub
• Software
  • How to use Vera Crypt: via howtogeek
  • How to use KeePassXC: via EFF
• Physical Security
  • Hiding from Physical Surveillance: via Snallabolaget
  • Guide to opting-out of public data listings and marketing lists: via World Privacy Forum
  • Living Anonymously, Workbook: via Intel Techniques
• Enterprise
  • A basic checklist to harden GDPR compliancy: via GDPR Checklist
• Reference Info
  • A direcory of websites, apps and services supporting 2FA: via TwoFactorAuth.org
  • A directory of direct links to delete your account from web services: via JustDeleteMe.xyz
  • Product reviews from a privacy perspective, by Mozilla: via Privacy Not Included
  • Surveillance Catalogue - Database of secret government surveillance equipment, Snowden: via The Intercept
    • See also: The source code, on WikiLeaks Vault7 and Vault8, and the accompanying press release
  • Who Has Your Back? - Which companies hand over your comply with Government Data Requests 2019: via EFF
  • Open project to rate, annotate, and archive privacy policies: via PrivacySpy.org
  • Check who your local and government representatives in your local area are WhoAreMyRepresentatives.org
  • Impartial VPN Comparison Data: via ThatOnePrivacySite
  • Hosts to block: via someonewhocares/ hosts / StevenBlack/ hosts
  • Magic Numbers - Up-to-date file signature table, to identify / verify files have not been tampered with: via GaryKessler
  • List of IP ranges per country: via Nirsoft
  • Database of default passwords for various devices by manufacturer and model: via Default-Password.info

Articles

• General
  • 8-point manifesto, of why Privacy Matters: via whyprivacymatters.org
  • Rethinking Digital Ads: via TheInternetHealthReport
• Encryption
  • Overview of projects working on next-generation secure email: via OpenTechFund
• Surveillance
  • Twelve Million Phones, One Dataset, Zero Privacy: via NY Times
  • Windows data sending: via The Hacker News
  • Is your Anti-Virus spying on you: via Restore Privacy
  • What does your car know about you?: via Washington Post
  • Turns Out Police Stingray Spy Tools Can Indeed Record Calls: via Wired
  • UK Police Accessing Private Phone Data Without Warrant: via Restore Privacy
  • Rage Against Data Dominance: via Privacy International
  • NSA Files Decoded, What the revelations mean for you: via The Guardian
• Breaches
  • Grindr and OkCupid Spread Personal Details Study Says: via NY Times
  • The Asia-Pacific Cyber Espionage Campaign that Went Undetected for 5 Years: via TheHackerNews
• Threats
  • 23 reasons not to reveal your DNA: via Internet Health Report
  • Security of Third-Party Keyboard Apps on Mobile Devices: via Lenny Zelster
  • Mobile Websites Can Tap Into Your Phone's Sensors Without Asking: via Wired

Blogs

• Spread Privacy - Raising the standard of trust online, by DuckDuckGo
• Restore Privacy - Tools and guides about privacy and security
• That One Privacy Site - impartial comparisons and discussions
• The Hated One - Privacy and security videos
• 12Bytes - Opinion Articles about Tech, Privacy and more
• BringBackPrivacy - Easy-reading, sharable privacy articles
• Heimdal - Cyber Security Blog
• Tech Crunch - Cyber Security 101
• OONI, Internet freedom and analysis on blocked sites
• Pixel Privacy - Online privacy guides
• The Privacy Project - Articles and reporting on Privacy, by the NYT
• The Tin Hat - Tutorials and Articles for Online Privacy
• FOSS Bytes- Cyber Security - News about the latest exploits and hacks
• EFF SSD - Tips for safer online communications
• PrivacyTools.io - Tools to protect against mass surveillance
• PrismBreak - Secure app alternatives
• The VERGE guide to privacy - Guides for securing mobile, web and home tech
• Email Self-Defense - Complete guide to secure email
• Security Planner - Great advise for beginners
• My Shaddow - Resources and guides, to help you take controll of your data
• Internet Health Report - Mozilla is documenting and explaining what’s happening to openness and freedom on the Internet
• Worth Hiding - Posts about privacy, politics and the law
• The Hacker News - Up-to-date Cybersecurity News and Analysis

Books

• Permanent Record by Edward Snowden
• Sandworm by Andy Greenberg: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers
• Extreme Privacy by Michael Bazzell: Thoroughly detailed guide for protecting your privacy both electronically and physically
• Ghost in the Wires by Kevin Mitnick: Kevin tells his story of being the world's most wanted hacker
• The Art of Invisibility, by Kevin Mitnick: You How to Be Safe in the Age of Big Brother

Podcasts

• Darknet Diaries by Jack Rhysider: Stories from the dark sides of the internet.
  
• CYBER by Motherboard: News and analysis about the latest cyber threats
  
• The Privacy, Security, & OSINT Show by Michael Bazzell: Comprehensive guides on Privacy and OSINT
  
• Smashing Security by Graham Cluley and Carole Theriault: Casual, opinionated and humerous chat about current cybersecurity news
  
• IRL Podcast by Mozilla: Online Life is Real Life, Stories about the future of the Web
  
• Random but Memorable by 1Password - A Security advice podcast
  

More Security Podcasts on player.fm

More Podcasts (Verification Required): Naked Security | Open Source Security Podcast | Defensive Security Podcast | Malicious Life | Down the Security Rabbit Hole | Cyber Wire | Hacking Humans | Security Now | Cyber Security Interviews | Security Weekly | The Shared Security Podcast | Risky Business | Crypto-Gram Security Podcast | Off the Hook

Videos

• General
  • You are being watched by The New York Times
  • The Power of Privacy by The Guardian
  • Why Privacy matters, even if you have nothing to hide by The Hated One
  • The Unhackable Email Service by Freethink
• TED Talks
  • How Online Trackers Track You, and What To Do About It by Luke Crouch
  • Why you should switch off your home WiFi by Bram Bonné
  • Why Privacy Matters, by Glenn Greenwald
  • Fighting viruses, defending the net, by Mikko Hypponen
  • The 1s and 0s behind cyber warfare, by Chris Domas
  • State Sanctioned Hacking - The Elephant in the Room - Historic, economic and demographic overview of the growing threat to the U.S. from Chinese cyber invasions, by Frank Heidt
  • How the IoT is Making Cybercrime Investigation Easier - How our data is changing the nature of "evidence" in digital forensics, by Jonathan Rajewski
  • Online Privacy Doesn't Exist - The unexpected dangers our digital breadcrumbs can lead to, by Denelle Dixon
  • Data is the new gold, who are the new thieves? - Introduction and demonstration of the power of data, by Tijmen Schep
• Conferences
  • DEF CON 27 - Collection of talks from DEF CON 2019, Vegas
  • RSA Conference - Collection of security talks from the RSA conferences
  • Administraitor.video - A regularly updated collection of new and interesting security confrence talks
• Misc
  • Through a PRISM, Darkly - Everything we know about NSA spying, by Kurt Opsahl

See also: awesome-sec-talks by @PaulSec

Online Tools

• Check and Test
  • εxodus - Check which trackers any app on the Play Store has
  • Have I been Pwned and Dehashed - Check if your details have been compromised
  • Redirect Detective - Check where a suspicious URL redirects to
  • Botometer - An AI script to check if a certain username is a bot
• Utilities
  • ExifRemove - Remove Meta/ EXIF data online
  • Secure Password Check - Fun little tool, to demonstrate how long it could take to crack a password
  • 33Mail or Anonaddy or SimpleLogin Protect your email address, by auto-generating unique permeant aliases for each account, so all emails land in your primary inbox
  • Deseat Me - Clean up your online presence
• Anti-Tracking Analysis
  • Panopticlick - Check if, and how your browser is tracking you
  • Browser Leaks - Check which information is being leaked by your browser
  • DNSLeakTest - Check for and fix a DNS leak
  • IP Leak - IP Leak test
  • Am I Unique? - If your fingerprint is unique, then websites can track you
  • Qualys SSL Client Test - Check the SSL/TLS capabilities of your browser
• Phishing, Hacking and Abuse
  • VirusTotal - Analyse a suspicious web resource for malware
  • ScamAdviser - Check if a website is a scam, before buying from it
  • Abuse IP DB - Report an IP address for abuse, spam or attacks, and check the status of any IP
  • Phish Tank - Check if a link is a known phishing URL, Submit a phishing URL, browse recent phishing URLs
  • Is It Hacked? - Check if a website or page appears to be hacked, hijacked or generally suspicious
• IP Tools
  • I Know What You Download - Shows torrents that have been downloaded or distributed from your IP address
  • Hetrix Tools - Blacklist Check - Check if your Domain or IP appears on any common blacklists
• Public Domain and Website Scanning Tools
  • URL Scan - Scan and analyse websites, shows IP, DNS, domain and host data, as well as info about resources and requests
  • Security Trails - Shows all DNS records, historical DNS data and sub domains
  • crt.sh - Shows current and previous SSL/ TLS certificates for a given domain, has advanced search option
  • Virus Total - Scans any URL, web asset or file for malware
  • DomainTools WhoIs - Who Is Lookup. Check who registered a domain name, and find contact details
  • Pentest Tools Vulnerability Scanner - Light scan searches for client and server-side vulnerabilities and missing HTTP security headers
  • Qualys SSL Server Test - Perform a deep analysis of the configuration of any SSL web server on the public Internet
  • Abuse IP DB - Check if an IP or domain has been reported for abuse, or file a report
  • RIPEstat - Detailed analysis of IP Addresses (Routing, DNS, Abuse History, Activity etc)
  • Multirbl - Complete IP check for sending Mailservers
  • IPVoid - Full suit of Domain, IP, and DNS tools for Tracing, Lookup, Checking and Pinging
• Net Neutrality
  • Blocked by ORG - Check if your website is blocked by certain ISPs
  • Data Rights Finder - Find, understand and use information from privacy policies
  • Down For Everyone Or Just Me - Quickly determine if a website is down, or just unavailable for you
• Anonymous Services - The following sites host a veriety of anonymous online services
  • NixNet
  • Snopyta
  • Disroot
• Archives
  • The Way Back Machine - See previous versions of any website. An archive of 431 billion snapshots over 20 years
  • PolitiTweet - Archives Tweets from powerful public figures, and records silent retractions and deleted tweets
  • Internet Archive Software Collection - The largest vintage and historical software library
  • OpenLibrary - A free, digital library of over 2 million eBooks, and information on over 20 million books
  • Archive-It - Collecting and accessing cultural heritage on the web

Privacy-Respecting Software

This section has moved to here. Complete list of privacy-respecting software and services

Security Hardware

This section has moved to here. Products, gadgets and DIY projects to help improve security

Data, API's and Visualisations

• Research Results
  • Internet Census Data - Includes data on address space allocation, traffic, DNS, service enumeration, internet outages and other internet topology data
  • Web Tracking Data by Princeton University - This is the largest and most detailed analysis of online tracking to date, and measures both stateful (cookie-based) and stateless (fingerprinting-based) tracking. The crawls were made with OpenWPM
  • Who has your Back? by EFF - Anual report assessing how companies handle personal data
    • Historic Reports: 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | 2018 | 2019
  • Sensor Access Data - A Crawl of the Mobile Web Measuring Sensor Accesses, Illinois
  • Canalys Newsroom - Research Studies on Security, Privacy, Technology and Finance
• Databases
  • Exodus - Trackers in Android Apps
  • Exploit Database - A database or Current software vulnerabilities
  • URLScan - Service scanning for malicious domains, with historical results
  • Dehashed - Data Breaches and Credentials
  • VirusTotal - Detailed virus scans of software
  • Abuse IP DB - Database of IPs reported for abuse
  • SnusBase - Long standing database hosting breached data
  • OpenPhish - A feed of current phishing endpoints
  • HashToolkit - Database of 'cracked' hashes
  • SecLists - Starter list of leaked databases, passwords, usernames etc (Great for programming)
  • Qualys SSL Pulse - A continuous and global dashboard for monitoring the quality of SSL / TLS support over time across 150,000 SSL- and TLS-enabled websites, based on Alexa’s list of the most popular sites in the world
• Fun with Live Data 🌠
  • Internet
    • Tor Flow - Real-time data flow between Tor nodes
    • Internet Census - 24-hour world map of average utilization of IPv4 addresses
      • ICMP ping requests were sent out via the Carna botnet. Read how this was done on the Official Site or download similar datasets
    • Map of Mobile Internet - Shows world data coverage, according to Twitter data
    • DomainTools Statistics - Domain registration Numbers and Charts
    • Insecam - A directory and feed of insecure or public live webcams
    • IKnow - Live data showing what content is being downloaded + distributed via torrents
    • Semantic Internet Map - Shows how different websites link together
  • Unrelated, but Awesome Data
    • BGP Stream - Shows all current outages
    • Submarine Cable Map - An up-to-date map of major global internet cables (see also he.net globe and this map)
    • FlightRadar24 - World-wide map of live aircraft positions
    • Airport WiFi Map - Shows WiFi networks and their passwords for airports around the world
    • Stuff in Space - Shows objects orbiting Earth
    • Wiggle - Worlds largest WiFi Map showing personal hotspot statistics geographically
  • Threat Maps - Real-time hack attempts (malware, phishing, exploit and spam), visualised geographically
    • Checkpoint
    • FortiGuard
    • Fire Eye
    • Kaspersky
    • BitDefender
    • ESET
    • Threat But Map
    • Looking Glass Cyber Map
    • Digital Attack Map
    • Kaspersky LogBook - Historic Threat Time Line

Academic

• Journals
  • Rethinking information privacy‐security: Does it really matter? By Waseem Afzal: via Wiley
  • Crypto Paper: Privacy, Security, and Anonymity For Every Internet User, by Crypto Seb: via GitHub
  • Challenges in assessing privacy impact, Tales from the Front Line: via Wiley
  • A privacy‐preserving multifactor authentication system: via Wiley
  • Web Browser Privacy: What Do Browsers Say When They Phone Home?: via scss.tcd.ie
  • Online Tracking, A 1-million-site Measurement and Analysis: via Princeton University
  • Detecting and Defending Against Third-Party Tracking on the Web: via Franziska Roesner
  • Is Google degrading search? Consumer Harm from Universal Search: via law.berkeley.edu
  • A Comprehensive Evaluation of Third-Party Cookie Policies: via WhoLeftOpenTheCookieJar.com
  • Recognizing Speech From Gyroscope Signals: via Stanford
  • A Study of Scripts Accessing Smartphone Sensors: via sensor-js.xyz
  • Pixel Perfect, Fingerprinting Canvas in HTML5: hovav.net
  • Shining the Floodlights on Mobile Web Tracking — A Privacy Survey: via semanticscholar.org
  • Characterizing the Use of Browser-Based Blocking Extensions To Prevent Online Tracking: via aruneshmathur.co.in
  • Privacy implications of email tracking: via senglehardt.com
  • Battery Status Not Included, Assessing Privacy in Web Standards: via princeton.edu
  • De-anonymizing Web Browsing Data with Social Networks: via princeton.edu
  • The Surveillance Implications of Web Tracking: via senglehardt.com
  • Understanding Facebook Connect login permissions: via jbonneau.com
• Implementations and Standards
  • The GNU Privacy Guard
  • OpenPGP JavaScript Implementation
  • WireGuard
  • Nym - Next Generation of Privacy infrastructure
  • REC-X.509 - The standard defining the format of public key certificates, used across most internet protocols and applications

Foundations

• Contract for the Web
• Electronic Frountier Foundation - Defending digital privacy + more
• OWASP Foundation
• Freedom House - Fighting for freedom on the net
• Privacy International
• Open Tech Fund
• Freedom of the Press Foundation
• Open Rights Group
• LEAP Encryption Access Project
• The Guardian Project
• Foundation for Applied Privacy
• Safe + Secure - advise for journalists and film makers
• Citizen Lab
• Electronic Privacy Information Center
• American Civil Liberties Union
• Free Software Foundation
• Courage Foundation - Supports those who risk life / liberty to make significant contributions to the historical record
• Fight for the Future - Fighting for a future where technology liberates
• Public Citizen - Standing up to corporate power and hold the government accountable

Government Organisations

• Citizen/ Small business Advice and Infrormation
  • UK National Cyber Security Center
  • US Cybersecurity - NIST
  • Stay Safe Online - US government-backed project, aimed to inform and educate individuals and small businesses about basic digital security
• Cybercrime
  • Consumer Fraud Reporting - US's Catalogue of online scams currently circulating, and a means to report cases
  • Action Fraud - UK’s national reporting centre for fraud and cyber crime
• Fact Checkling
  • Full Fact - UK independent fact checking charity, campaigning to expose bad information, and the harm it does
• CERT - Your local jurisdiction will likely have a Computer emergency response team (historically known as CERT). Who is in charge of handline handles domestic and international computer security incidents.
  • A-C - Australia: auscert.org.au | Austria: cert.at | Bangladesh: cirt.gov.bd | Bolivia: cgii.gob.bo | Brazil: cert.br | Canada: cyber.gc.ca | China: cert.org.cn | Columbia: colcert.gov.co | Croatia: carnet.hr | Czech Republic: csirt.cz
  • D-G - Denmark: cert.dk | Ecuador: ecucert.gob.ec | Egypt: egcert.eg | Estonia: ria.ee / CERT-EE | Finland: kyberturvallisuuskeskus.fi | France: cert.ssi.gouv.fr | Germany: cert-bund.de | Ghana: nca-cert.org.gh
  • H-M - Hong Kong: hkcert.org | Iceland: cert.is | India: CERT-IN | Indonesia: idsirtii.or.id | Iran: cert.ir | Italy: cert-pa.it | Japan: JPCERT | Kyrgyzstan: cert.gov.kg | Luxembourg: circl.lu | Macau: mocert.org | Malaysia: mycert.org.my | Morocco: educert.ma
  • N-P - Netherlands: ncsc.nl | New Zealand: cert.govt.nz | Nigeria: cert.gov.ng | Norway: norcert | Pakistan: pakcert.org | Papua New Guinea: pngcert.org.pg | Philippines: cspcert.ph | Poland: cert.pl | Portugal: cncs.gov.pt/certpt
  • Q-S - Qatar: qcert.org | Rep of Ireland: ncsc.gov.ie | Romania: cert.ro | Russia: gov-cert.ru / cert.ru | Singapore: csa.gov.sg/singcert | Slovenia: sk-cert.sk | South Korea: krcert.or.kr | Spain: incibe.es | Sri Lanka - cert.gov.lk | Sweden: cert.se | Switzerland: [govcert.ch]
  • T-Z - Taiwan: twcert.org.tw | Thailand: thaicert.or.th | Tonga: cert.to | Ukraine:cert.gov.ua | UAE: tra.gov.ae/aecert | United Kingdom: ncsc.gov.uk | United States: us-cert.gov
  • Global: first.org - The global Forum of Incident Response and Security Teams

Mega Guides

• by Fried
• by ivpn
• by ProPrivacy
• by Heimdal Security
• by Wired
• by Vice

More Awesome GitHub Lists

• Awesome Open Source Apps
  • awesome-windows-apps by 'many'
  • awesome-macOS-apps by @iCHAIT
  • awesome-linux-software by @luong-komorebi
  • open-source-ios-apps by @dkhamsing
  • open-source-android-apps by @pcqpcq
  • awesome-selfhosted by 'many'
  • privacy-respecting by @nikitavoloboev
  • awesome-privacy by @KevinColemanInc
  • privacy-respecting-software by @lissy93
• Guides
  • MacOS-Security-and-Privacy-Guide by @drduh
  • personal-security-checklist by @lissy93
• Security (Hacking / Pen Testing / Threat Inteligence / CFTs)
  • Security_list by @zbetcheckin
  • awesome-security by @sbilly
  • awesome-sec-talks by @PaulSec
  • awesome-threat-intelligence by @hslatman
  • awesome-incident-response by @meirwah
  • awesome-anti-forensic by @remiflavien1
  • awesome-malware-analysis by @rshipp
  • awesome-lockpicking by @fabacab
  • awesome-hacking by @carpedm20
  • awesome-honeypots by @paralax
  • awesome-forensics by @cugu
  • awesome-pentest by @enaqx
  • awesome-ctf by @apsdehal
  • awesome-osint by @jivoi
  • SecLists by @danielmiessler
• Misc
  • awesome-crypto-papers by @pFarb
• Awesome Lists of Awesome Lists
  • awesome by @sindresorhus
  • lists by @jnv
• More In This Repo
  • Personal Security Checklist by @lissy93
  • Privacy-Respecting Software
  • Importance of Privacy & Security
  • Digital Security Gadgets / DIY hardware
  • TLDR - Condensed Summary of this Repo

---

Thanks for visiting, hope you found something useful here :) Contributions are welcome, and much appreciated - to propose an edit raise an issue, or open a PR. See: CONTRIBUTING.md.

Licensed under Creative Commons, CC BY 4.0, © Alicia Sykes 2020

---

Found this helpful? Consider sharing it with others, to help them also improve their digital security 😇