personal-security-checklist/4_Privacy_And_Security_Links.md
2022-07-07 12:43:21 +01:00

67 KiB
Raw Blame History

Awesome Privacy & Security Links

Awesome PRs Welcome License Contributors

A curated list of notable guides, articles, tools and media - relating to digital security, internet freedom and online privacy

See also: Personal Security Checklist | Privacy-Respecting Software | Security Gadgets | Why Privacy Matters | TLDR🔐

Contents

How-To Guides

  • Threat Protection
    • Protect against SIM-swap scam: via wired
    • How to spot a phishing attack: via EFF
    • Protection from Identity Theft: via Restore Privacy
    • Protecting from key-stroke-logging, with KeyScrambler: via TechRepublic
    • Guide to Hash Checks, to ensure a program has not been tampered with: via ProPrivacy
    • Permanently and Securely Delete Files and Directories in Linux: via TechMint
  • Networking
  • Communication
  • Devices
  • Software
    • Complete guide to configuring Firefox for Privacy + Speed: via 12bytes
    • Firefox Configuration Guide for Beginners: via 12bytes
    • How to use Vera Crypt: via howtogeek
    • How to use KeePassXC: via EFF
    • How to use uMatrix browser addon to block trackers: via ProPrivacy
    • How to set up 2-Factor Auth on common websites: via The Verge
    • How to use DuckDuckGo advanced search features: via Ghacks
    • How to use Cryptomator (encrypt files on cloud storage): via It's Foss
  • Physical Security
  • Enterprise
  • Reference Info
    • A direcory of websites, apps and services supporting 2FA: via TwoFactorAuth.org
    • A directory of direct links to delete your account from web services: via JustDeleteMe.xyz
    • Impartial VPN Comparison Data: via ThatOnePrivacySite
    • Terms of Service; Didn't Read - Vital resource that summarizes and extracts the key details from Privacy Policies/ Terms of Services, aiming to fix the issues caused by blindly agreeing to these Terms: via tosdr.org
    • Free, open-source and privacy-respecting alternatives to popular software: via Switching.Software
    • Product reviews from a privacy perspective, by Mozilla: via Privacy Not Included
    • Surveillance Catalogue - Database of secret government surveillance equipment, Snowden: via The Intercept
    • Who Has Your Back? - Which companies hand over your comply with Government Data Requests 2019: via EFF
    • Check who your local and government representatives in your local area are WhoAreMyRepresentatives.org
    • Open project to rate, annotate, and archive privacy policies: via PrivacySpy.org
    • Hosts to block: via someonewhocares/ hosts / StevenBlack/ hosts
    • Magic Numbers - Up-to-date file signature table, to identify / verify files have not been tampered with: via GaryKessler
    • List of IP ranges per country: via Nirsoft
    • Database of default passwords for various devices by manufacturer and model: via Default-Password.info
  • All-in-one digital and physical security
    • Umbrella: an open source iOS/Android/Web app for learning about and managing digital, operational and physical security (from safe communication to dealing with a kidnap) via Security First

Articles

  • General
  • Encryption
    • Overview of projects working on next-generation secure email: via OpenTechFund
    • Anatomy of a GPG Key: via @DaveSteele
  • Surveillance
    • Twelve Million Phones, One Dataset, Zero Privacy: via NY Times
    • Windows data sending: via The Hacker News
    • Is your Anti-Virus spying on you: via Restore Privacy
    • What does your car know about you?: via Washington Post
    • Turns Out Police Stingray Spy Tools Can Indeed Record Calls: via Wired
    • UK Police Accessing Private Phone Data Without Warrant: via Restore Privacy
    • Rage Against Data Dominance: via Privacy International
    • NSA Files Decoded, What the revelations mean for you: via The Guardian
    • How to Track a Cellphone Without GPS—or Consent: via Gizmodo
    • Apps able to track device location, through power manager: via Wired
    • Hackers and governments can see you through your phones camera: via Business Insider
    • Law Enforcement Geo-Fence Data Requests - How an Innocent cyclist became a suspect when cops accessed his Google location data: via Daily Mail
    • IBM Used NYPD Surveillance Footage to Develop Technology That Lets Police Search by Skin Color: via TheIntercept
  • Threats
    • 23 reasons not to reveal your DNA: via Internet Health Report
    • Security of Third-Party Keyboard Apps on Mobile Devices: via Lenny Zelster
    • Mobile Websites Can Tap Into Your Phone's Sensors Without Asking: via Wired
    • Non-admin accounts mitigate 94% of critical Windows vulnerabilities: via ghacks
    • Android Apps are able to monitor screen state, data usage, installed app details and more without any permissions: by @databurn-in, via GitHub
      • See also, PrivacyBreacher - an app developed by @databurn-in, which demonstrates these issues
    • How URL Previews in Apps can Leak Personal Info: via hunch.ly
    • Big data privacy risks: via CSO Online
    • Anti-Doxing Guide (For Activists Facing Attacks): via Equality Labs
  • Breaches
    • Wired guide to data breaches - past, present and future: via Wired
    • Grindr and OkCupid Spread Personal Details Study Says: via NY Times
    • The Asia-Pacific Cyber Espionage Campaign that Went Undetected for 5 Years: via TheHackerNews
    • ClearView AI Data Breach - 3 Billion Faces: via Forbes
    • The MongoDB hack and the importance of secure defaults: via Synk
    • Truecaller Data Breach 47.5 Million Indian Truecaller Records On Sale: via GBHackers
    • Hundreds of millions of Facebook user records were exposed on Amazon cloud server: via CBS News
    • Microsoft data breach exposes 250 million customer support records: via Graham Cluley
  • Data Collection
    • Ring Doorbell App Packed with Third-Party Trackers: via EFF
    • How a highly targeted ad can track your precise movements: via Wired
      • Based on the paper, Using Ad Targeting for Surveillance on a Budget: via Washington.edu
    • How websites can see your full personal details, from your phone contract info: via Medium/@philipn
    • Facebook and Americas largest companies give worker data to Equifax: via FastCompany
    • Exfiltration of personal data by session-replay scripts: via Freedom-to-Tinker
    • Apple's iTerm2 Leaks Everything You Hover in Your Terminal via DNS Requests: via BleepingComputer
    • Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking: via propublica.org

Blogs

  • Security Reserachers
    • Krebs on Security - Lots of up-to-date, in-depth interesting cyber security news and investigations, by a true legend in the field and NY Times Bestseller, Brian Krebs. RSS
    • Schneier on Security - Commentary, news, essays and more all about cryptography, cyber security and privacy. New posts are written almost daily, and this is also home to the famous Crypto Gram weekly newsletter, that's been popular since 1994. By the world-renowned security professional, and serial bestselling author, Bruce Schneier. RSS
    • Troy Hunt - Security researcher and data breach collector. RSS
    • Graham Cluley - Security news, advise and opinion. From Graham Cluley, co-host of Smashing Security.
    • The Last Watch Dog - Privacy and Security articles, opinion and media by Byron Acohido
    • Daniel Miessler - Summaries recent news and events, and focuses on security, technology and people. RSS
    • Errata Security - Covers latest interesting news, and explains concepts clearly. By Robert Graham and David Maynor. RSS
    • Underground Tradecraft - Counterintelligence, OPSEC and Tradecraft for everyone
  • Cyber Security News
    • Dark Reading - Well-known cyber security news site, with articles on a range of topics, ranging from data breaches, IoT, cloud security and threat intelligence. RSS
    • Threat Post - News and Articles Cloud Security, Malware, Vulnerabilities, Waterfall Security and Podcasts. RSS
    • We Live Security - Security news, views, and insight, by ESET + Community. RSS
    • The Hacker News - News and info covering Data Breaches, Cyber Attacks, Vulnerabilities, Malware. RSS
    • Sophos: Naked Security - Security news and updates, presented in an easy-to-digest format. RSS
    • IT Security Guru - Combines top cyber security news from multiple sites, easier to stay up-to-date
    • FOSS Bytes - Cyber Security - News about the latest exploits and hacks
  • Cyber Security Infomation
  • Privacy Guides
  • Privacy News
  • Internet Freedom
    • OONI, Internet freedom and analysis on blocked sites
    • Internet Health Report - Mozilla is documenting and explaining whats happening to openness and freedom on the Internet
    • Worth Hiding - Posts about privacy, politics and the law

Books

  • Permanent Record by Edward Snowden
  • Sandworm by Andy Greenberg: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers
  • Extreme Privacy by Michael Bazzell: Thoroughly detailed guide for protecting your privacy both electronically and physically
  • Ghost in the Wires by Kevin Mitnick: Kevin tells his story of being the world's most wanted hacker
  • The Art of Invisibility, by Kevin Mitnick: You How to Be Safe in the Age of Big Brother
  • Eyes in the Sky: The Secret Rise of Gorgon Stare and How It Will Watch Us All, by Arthur Holla Michel: Outlines the capabilities of the digital imaging in continuous aerial and satellite surveillance, and discusses both the current systems that are deployed, and the technical feasibility of future plans

Podcasts

  • Darknet Diaries by Jack Rhysider: Stories from the dark sides of the internet.
    Stitcher iTunes Spotify Google Podcasts PocketCasts
  • CYBER by Motherboard: News and analysis about the latest cyber threats
    Stitcher iTunes Spotify SoundCloud PocketCasts
  • The Privacy, Security, & OSINT Show by Michael Bazzell: Comprehensive guides on Privacy and OSINT
    Stitcher iTunes Spotify SoundCloud PocketCasts
  • Smashing Security by Graham Cluley and Carole Theriault: Casual, opinionated and humerous chat about current cybersecurity news
    Stitcher iTunes Spotify Google Podcasts PocketCasts
  • IRL Podcast by Mozilla: Online Life is Real Life, Stories about the future of the Web
    Stitcher iTunes Spotify Google Podcasts PocketCasts
  • Random but Memorable by 1Password - A Security advice podcast
    Stitcher iTunes Spotify Google Podcasts PocketCasts

More Security Podcasts on player.fm

More Podcasts (Verification Required): Naked Security | Open Source Security Podcast | Defensive Security Podcast | Malicious Life | Down the Security Rabbit Hole | Cyber Wire | Hacking Humans | Security Now | Cyber Security Interviews | Security Weekly | The Shared Security Podcast | Risky Business | Crypto-Gram Security Podcast | Off the Hook | Opt Out Podcast

Videos

See also: awesome-sec-talks by @PaulSec

Online Tools

  • Check and Test
  • Utilities
    • Privacy.sexy - A collection of commands you can run to impplement best prctices on Windows or MacOS
    • ExifRemove - Remove Meta/ EXIF data online
    • Secure Password Check - Fun little tool, to demonstrate how long it could take to crack a password
    • 33Mail or Anonaddy or SimpleLogin Protect your email address, by auto-generating unique permeant aliases for each account, so all emails land in your primary inbox
    • Deseat Me - Clean up your online presence
  • Anti-Tracking Analysis
  • Phishing, Hacking and Abuse
    • VirusTotal - Analyse a suspicious web resource for malware
    • ScamAdviser - Check if a website is a scam, before buying from it
    • Abuse IP DB - Report an IP address for abuse, spam or attacks, and check the status of any IP
    • Phish Tank - Check if a link is a known phishing URL, Submit a phishing URL, browse recent phishing URLs
    • Is It Hacked? - Check if a website or page appears to be hacked, hijacked or generally suspicious
  • IP Tools
  • Public Domain and Website Scanning Tools
    • URL Scan - Scan and analyse websites, shows IP, DNS, domain and host data, as well as info about resources and requests
    • Security Trails - Shows all DNS records, historical DNS data and sub domains
    • crt.sh - Shows current and previous SSL/ TLS certificates for a given domain, has advanced search option
    • Virus Total - Scans any URL, web asset or file for malware
    • DomainTools WhoIs - Who Is Lookup. Check who registered a domain name, and find contact details
    • Pentest Tools Vulnerability Scanner - Light scan searches for client and server-side vulnerabilities and missing HTTP security headers
    • Qualys SSL Server Test - Perform a deep analysis of the configuration of any SSL web server on the public Internet
    • Abuse IP DB - Check if an IP or domain has been reported for abuse, or file a report
    • RIPEstat - Detailed analysis of IP Addresses (Routing, DNS, Abuse History, Activity etc)
    • Multirbl - Complete IP check for sending Mailservers
    • IPVoid - Full suit of Domain, IP, and DNS tools for Tracing, Lookup, Checking and Pinging
  • Net Neutrality
  • Anonymous Services - The following sites host a veriety of anonymous online services
  • Archives
    • The Way Back Machine - See previous versions of any website. An archive of 431 billion snapshots over 20 years
    • PolitiTweet - Archives Tweets from powerful public figures, and records silent retractions and deleted tweets
    • Internet Archive Software Collection - The largest vintage and historical software library
    • OpenLibrary - A free, digital library of over 2 million eBooks, and information on over 20 million books
    • Archive-It - Collecting and accessing cultural heritage on the web

Privacy-Respecting Software

This section has moved to here. Complete list of privacy-respecting software and services

Security Hardware

This section has moved to here. Products, gadgets and DIY projects to help improve security

Data, API's and Visualisations

  • Research Results
    • Internet Census Data - Includes data on address space allocation, traffic, DNS, service enumeration, internet outages and other internet topology data
    • Web Tracking Data by Princeton University - This is the largest and most detailed analysis of online tracking to date, and measures both stateful (cookie-based) and stateless (fingerprinting-based) tracking. The crawls were made with OpenWPM
    • Who has your Back? by EFF - Anual report assessing how companies handle personal data
    • Lists of Websites Abusing Session Replay - Third-party sesssion replay scripts, record all your acions and allow them to be watched by a human. This list of websites include this
    • Sensor Access Data - A Crawl of the Mobile Web Measuring Sensor Accesses, Illinois
    • Canalys Newsroom - Research Studies on Security, Privacy, Technology and Finance
    • Data Never Sleeps - An infographic visualizing how much data is generated every minute (2019)
    • What they Know about You - An Infographic showing what information are Giant Tech Companies collecting from you (2020)
  • Databases
    • Exodus - Trackers in Android Apps
    • Exploit Database - A database or Current software vulnerabilities
    • URLScan - Service scanning for malicious domains, with historical results
    • Dehashed - Data Breaches and Credentials
    • VirusTotal - Detailed virus scans of software
    • Abuse IP DB - Database of IPs reported for abuse
    • SnusBase - Long standing database hosting breached data
    • OpenPhish - A feed of current phishing endpoints
    • HashToolkit - Database of 'cracked' hashes
    • SecLists - Starter list of leaked databases, passwords, usernames etc (Great for programming)
    • Qualys SSL Pulse - A continuous and global dashboard for monitoring the quality of SSL / TLS support over time across 150,000 SSL - and TLS-enabled websites, based on Alexas list of the most popular sites in the world
    • Tor Bulk Exit List - List of all exit nodes (IP) in use on the Tor network
  • Fun with Live Data 🌠

Interested in discovering more awesome real-time data visualizations? Check out this post, here 🌠

Academic

  • Journals

    • Rethinking information privacysecurity: Does it really matter? By Waseem Afzal: via Wiley
    • Crypto Paper: Privacy, Security, and Anonymity For Every Internet User, by Crypto Seb: via GitHub
    • Challenges in assessing privacy impact, Tales from the Front Line: via Wiley
    • A privacypreserving multifactor authentication system: via Wiley
    • Web Browser Privacy: What Do Browsers Say When They Phone Home?: via scss.tcd.ie
    • Online Tracking, A 1-million-site Measurement and Analysis: via Princeton University
    • Detecting and Defending Against Third-Party Tracking on the Web: via Franziska Roesner
    • Is Google degrading search? Consumer Harm from Universal Search: via law.berkeley.edu
    • A Comprehensive Evaluation of Third-Party Cookie Policies: via WhoLeftOpenTheCookieJar.com
    • The Dangers of Surveillance: via Harvard Law Review
    • Recognizing Speech From Gyroscope Signals: via Stanford
    • A Study of Scripts Accessing Smartphone Sensors: via sensor-js.xyz
    • Pixel Perfect, Fingerprinting Canvas in HTML5: hovav.net
    • Shining the Floodlights on Mobile Web Tracking — A Privacy Survey: via semanticscholar.org
    • Characterizing the Use of Browser-Based Blocking Extensions To Prevent Online Tracking: via aruneshmathur.co.in
    • Privacy implications of email tracking: via senglehardt.com
    • Battery Status Not Included, Assessing Privacy in Web Standards: via princeton.edu
    • Achieving Anonymity Against Major Face Recognition Algorithms: via ruhr-uni-bochum.de
    • De-anonymizing Web Browsing Data with Social Networks: via princeton.edu
    • The Surveillance Implications of Web Tracking: via senglehardt.com
    • Understanding Facebook Connect login permissions: via jbonneau.com
    • Corporate Surveillance in Everyday Life, How Companies Collect, Combine, Analyze, Trade, and Use Personal Data on Billions: By Wolfie Christl, via crackedlabs.org
    • Using Ad Targeting for Surveillance on a Budget: via washington.edu
    • Cross-Site WebSocket Hijacking: via christian-schneider.net
    • Location Tracking using Mobile Device Power Analysis: scribd.com
    • HORNET, High-speed Onion Routing at the Network Layer: via arxiv.org
    • Decoy Routing: Toward Unblockable Internet Communication: via usenix.org
    • Trackers Vs Firefox, Comparing different blocking utilities: via GitHub - @jawz101
    • 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy: via ssrn.com
  • Write-Ups

    • Privacy - An Encyclopedic Definition and Background stanford.edu
  • Implementations and Standards

Foundations

Governance

Mega Guides

  • Very thorough list of things to be aware of and defensive steps, by Michael Horowitz: defensivecomputingchecklist.com
  • Software reccomendations and advice for privacy: privacytools.io
  • Tips and tricks, for internet freedom, data health and privacy: datadetoxkit.org
  • Digital security tools and tactics: securityinabox.org
  • Online privacy guide, and software reccomendations: via Fried
  • Guide to security through encryption: via ProPrivacy
  • Large collection of beginner security guides: Heimdal Security
  • The Motherboard guide to not getting hacked: via Vice
  • Online anonimity, and Tor + VPN tutorials: via ivpn

More Awesome GitHub Lists


Thanks for visiting, hope you found something useful here :) Contributions are welcome, and much appreciated - to propose an edit raise an issue, or open a PR. See: CONTRIBUTING.md.

Licensed under Creative Commons, CC BY 4.0, © Alicia Sykes 2020

Attribution 4.0 International


Found this helpful? Consider sharing it with others, to help them also improve their digital security 😇

Share on Twitter Share on LinkedIn Share on Facebook Share on Mastodon