37 KiB
Awesome Privacy & Securty
A curated list of useful tools and resources online, that help protect your privacy and keep you safe.
See also: Personal Security Checklist | Privacy-Respecting Software | Security Gadgets | Why Privacy Matters | TLDR🔐
- Information and Guides
- Media
- Security Tools & Services
- Online Tools
- Privacy-Respecting Software, moved to here
- Security Hardware, moved to here
- Research
- Organisations
- More Lists
How-To Guides
- Threat Protection
- Protect against SIM-swap scam: via wired
- How to spot a phishing attack: via EFF
- Protection from Identity Theft: via Restore Privacy
- Harden your MacOS Security: via @drduh on GitHub
- Netowkring
- How to enable DNS over HTTPS: via geekwire
- How to resolve DNS leak issue: via DNSLeakTest
- Protect against WebRTC Leaks: via Restore Privacy
- ISP and DNS privacy tips: via bluz71
- Complete guide to configureing Firefox for Privacy + Speed: via 12bytes
- Beginners guide on getting started with Tor: via ProPrivacy
- Beginners guide to I2P: via The Tin Hat
- How to Use a VPN and Tor together: via ProPrivacy
- Communication
- Devices
- Layers of Personal Tech Security: via The Wire Cutter
- Improving security on iPhone: via lifehacker
- Guide to scrubbing Windows OSs from forensic investigation: by u/moschles, via Reddit
- A curated list of Windows Domain Hardening techniques: by @PaulSec, via: GitHub
- How to Delete your Data Securely: Via EFF - Windows, MacOS and Linux
- Software
- Physical Security
- Hiding from Physical Surveillance: via Snallabolaget
- Guide to opting-out of public data listings and marketing lists: via World Privacy Forum
- Enterprise
- A basic checklist to harden GDPR compliancy: via GDPR Checklist
- Reference Info
- A direcory of websites, apps and services supporting 2FA: via TwoFactorAuth.org
- A directory of direct links to delete your account from web services: via JustDeleteMe.xyz
- Product reviews from a privacy perspective, by Mozilla: via Privacy Not Included
- Surveillance Catalogue - A database secret of government and military surveillance equipment, leaked in the Snowden files: via The Intercept
- See also: The source code for these projects, on WikiLeaks Vault7 and Vault8, and the accompanying press release
Articles
- Encryption
- Overview of projects working on next-generation secure email: via OpenTechFund
- Surveillance
- Twelve Million Phones, One Dataset, Zero Privacy: via NY Times
- Windows data sending: via The Hacker News
- Is your Anti-Virus spying on you: via Restore Privacy
- What does your car know about you?: via Washington Post
- Turns Out Police Stingray Spy Tools Can Indeed Record Calls: via Wired
- UK Police Accessing Private Phone Data Without Warrant: via Restore Privacy
- Rage Against Data Dominance: via Privacy International
- Breaches
- Grindr and OkCupid Spread Personal Details Study Says: via NY Times
- Threats
- 23 reasons not to reveal your DNA: via Internet Health Report
- Security of Third-Party Keyboard Apps on Mobile Devices: via Lenny Zelster
Blogs
- Spread Privacy - Raising the standard of trust online, by DuckDuckGo
- Restore Privacy - Tools and guides about privacy and security
- That One Privacy Site - impartial comparisons and discussions
- The Hated One - Privacy and security videos
- 12Bytes - Opinion Articles about Tech, Privacy and more
- BringBackPrivacy - Easy-reading, sharable privacy articles
- Heimdal - Cyber Security Blog
- Tech Crunch - Cyber Security 101
- OONI, Internet freedom and analysis on blocked sites
- Pixel Privacy - Online privacy guides
- The Privacy Project - Articles and reporting on Privacy, by the NYT
- The Tin Hat - Tutorials and Articles for Online Privacy
- FOSS Bytes- Cyber Security - News about the latest exploits and hacks
- EFF SSD - Tips for safer online communications
- PrivacyTools.io - Tools to protect against mass surveillance
- PrismBreak - Secure app alternatives
- The VERGE guide to privacy - Guides for securing mobile, web and home tech
- Email Self-Defense - Complete guide to secure email
- Security Planner - Great advise for beginners
- My Shaddow - Resources and guides, to help you take controll of your data
Books
- Permanent Record by Edward Snowden
- Sandworm by Andy Greenberg: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers
- Ghost in the Wires by Kevin Mitnick: Kevin tells his story of being the world's most wanted hacker
Podcasts
- Darknet Diaries by Jack Rhysider: Stories from the dark sides of the internet. Listen on Stitcher
- Listen on Stitcher, iTunes, Spotify, PocketCasts
- CYBER by Motherboard: News and analysis about the latest cyber threats
- Listen on Stitcher, SoundCloud, iTunes, Spotify, PocketCasts
- The Privacy, Security, & OSINT Show by Michael Bazzell: Comprehensive guides on Privacy and OSINT
- Listen on Stitcher, SoundCloud, iTunes, Spotify, PocketCasts
- Smashing Security by Graham Cluley and Carole Theriault: Casual, opinionated and humerous chat about current cybersecurity news
- Listen on Stitcher, iTunes, Spotify, PocketCasts
More Security Podcasts on player.fm
More Podcasts (Verification Required): Naked Security | Open Source Security Podcast | Defensive Security Podcast | Malicious Life | Down the Security Rabbit Hole | Cyber Wire | Hacking Humans | Security Now | Cyber Security Interviews | Security Weekly | The Shared Security Podcast | Risky Business | Crypto-Gram Security Podcast | Off the Hook
Videos
- General
- You are being watched by The New York Times
- The Power of Privacy by The Guardian
- Why Privacy matters, even if you have nothing to hide by The Hated One
- TED Talks
- How Online Trackers Track You, and What To Do About It by Luke Crouch
- Why you should switch off your home WiFi by Bram Bonné
- Why Privacy Matters, by Glenn Greenwald
- Fighting viruses, defending the net, by Mikko Hypponen
- The 1s and 0s behind cyber warfare, by Chris Domas
- State Sanctioned Hacking - The Elephant in the Room - Historic, economic and demographic overview of the growing threat to the U.S. from Chinese cyber invasions, by Frank Heidt
- How the IoT is Making Cybercrime Investigation Easier - How our data is changing the nature of "evidence" in digital forensics, by Jonathan Rajewski
- Online Privacy Doesn't Exist - The unexpected dangers our digital breadcrumbs can lead to, by Denelle Dixon
- Data is the new gold, who are the new thieves? - Introduction and demonstration of the power of data, by Tijmen Schep
- Conferences
- DEF CON 27 - Collection of talks from DEF CON 2019, Vegas
- RSA Conference - Collection of security talks from the RSA conferences
- Administraitor.video - A regularly updated collection of new and interesting security confrence talks
- Misc
- Through a PRISM, Darkly - Everything we know about NSA spying, by Kurt Opsahl
See also: awesome-sec-talks by @PaulSec
Online Tools
- Check and Test
- εxodus - Check which trackers any app on the Play Store has
- Have I been Pwned and Dehashed - Check if your details have been compromised
- Redirect Detective - Check where a suspicious URL redirects to
- Utilities
- ExifRemove - Remove Meta/ EXIF data online
- Secure Password Check - Fun little tool, to demonstrate how long it could take to crack a password
- 33Mail or Anonaddy or SimpleLogin Protect your email address, by auto-generating unique permeant aliases for each account, so all emails land in your primary inbox
- Deseat Me - Clean up your online presence
- Anti-Tracking Analysis
- Panopticlick - Check if, and how your browser is tracking you
- Browser Leaks - Check which information is being leaked by your browser
- DNSLeakTest - Check for and fix a DNS leak
- IP Leak - IP Leak test
- Am I Unique? - If your fingerprint is unique, then websites can track you
- Qualys SSL Client Test - Check the SSL/TLS capabilities of your browser
- Phishing, Hacking and Abuse
- VirusTotal - Analyse a suspicious web resource for malware
- ScamAdviser - Check if a website is a scam, before buying from it
- Abuse IP DB - Report an IP address for abuse, spam or attacks, and check the status of any IP
- Phish Tank - Check if a link is a known phishing URL, Submit a phishing URL, browse recent phishing URLs
- Is It Hacked? - Check if a website or page appears to be hacked, hijacked or generally suspicious
- IP Tools
- I Know What You Download - Shows torrents that have been downloaded or distributed from your IP address
- Hetrix Tools - Blacklist Check - Check if your Domain or IP appears on any common blacklists
- Public Domain and Website Scanning Tools
- URL Scan - Scan and analyse websites, shows IP, DNS, domain and host data, as well as info about resources and requests
- Security Trails - Shows all DNS records, historical DNS data and sub domains
- crt.sh - Shows current and previous SSL/ TLS certificates for a given domain, has advanced search option
- Virus Total - Scans any URL, web asset or file for malware
- DomainTools WhoIs - Who Is Lookup. Check who registered a domain name, and find contact details
- Pentest Tools Vulnerability Scanner - Light scan searches for client and server-side vulnerabilities and missing HTTP security headers
- Qualys SSL Server Test - Perform a deep analysis of the configuration of any SSL web server on the public Internet
- Abuse IP DB - Check if an IP or domain has been reported for abuse, or file a report
- RIPEstat - Detailed analysis of IP Addresses (Routing, DNS, Abuse History, Activity etc)
- Multirbl - Complete IP check for sending Mailservers
- IPVoid - Full suit of Domain, IP, and DNS tools for Tracing, Lookup, Checking and Pinging
- Net Neutrality
- Blocked by ORG - Check if your website is blocked by certain ISPs
- Data Rights Finder - Find, understand and use information from privacy policies
- Down For Everyone Or Just Me - Quickly determine if a website is down, or just unavailable for you
- Anonymous Services - The following sites host a veriety of anonymous online services
- Archives
- The Way Back Machine - See previous versions of any website. An archive of 431 billion snapshots over 20 years
- Internet Archive Software Collection - The largest vintage and historical software library
- OpenLibrary - A free, digital library of over 2 million eBooks, and information on over 20 million books
- Archive-It - Collecting and accessing cultural heritage on the web
Privacy-Respecting Software
This section has moved to here. Complete list of privacy-respecting software and services
Security Hardware
This section has moved to here. Products, gadgets and DIY projects to help improve security
Data, API's and Visualisations
- Information Tables
- That One Privacy Site - Detailed VPN Comparison Data
- Hosts to block: someonewhocares/ hosts and StevenBlack/ hosts
- File Signature Table - An up-to-date list of magic numbers, used to identify / verify the content of a file to ensure it has not been tampered with
- Nirsoft - Country IP - List of IP address ranges per country
- Databases
- Exploit Database - A database or Current software vulnerabilities
- Internet Census Data - Includes data on address space allocation, traffic, DNS, service enumeration, internet outages and other internet topology data
- Exodus - Trackers in Android Apps
- URLScan - Service scanning for malicious domains
- Dehashed - Data Breaches and Credentials
- VirusTotal - Detailed virus scans of software
- Abuse IP DB - Database of IPs reported for abuse
- SnusBase - Long standing database hosting breached data
- OpenPhish - A feed of current phishing endpoints
- Default Password - Database of default passwords for various devices by manufacturer and model
- HashToolkit - Database of 'cracked' hashes
- SecLists - Starter list of leaked databases, passwords, usernames etc (Great for programming)
- Qualys SSL Pulse - A continuous and global dashboard for monitoring the quality of SSL / TLS support over time across 150,000 SSL- and TLS-enabled websites, based on Alexa’s list of the most popular sites in the world
- Fun with Live Data 🌠
- Internet
- Tor Flow - Real-time data flow between Tor nodes
- Internet Census - 24-hour world map of average utilization of IPv4 addresses
- ICMP ping requests were sent out via the Carna botnet. Read how this was done on the Official Site or download similar datasets
- Map of Mobile Internet - Shows world data coverage, according to Twitter data
- DomainTools Statistics - Domain registration Numbers and Charts
- Insecam - A directory and feed of insecure or public live webcams
- IKnow - Live data showing what content is being downloaded + distributed via torrents
- Semantic Internet Map - Shows how different websites link together
- Unrelated, but Awesome Data
- BGP Stream - Shows all current outages
- Submarine Cable Map - An up-to-date map of major global internet cables (see also he.net globe and this map)
- FlightRadar24 - World-wide map of live aircraft positions
- Airport WiFi Map - Shows WiFi networks and their passwords for airports around the world
- Stuff in Space - Shows objects orbiting Earth
- Wiggle - Worlds largest WiFi Map showing personal hotspot statistics geographically
- Threat Maps - Real-time hack attempts (malware, phishing, exploit and spam), visualised geographically
- Checkpoint
- FortiGuard
- Fire Eye
- Kaspersky
- BitDefender
- ESET
- Threat But Map
- Looking Glass Cyber Map
- Digital Attack Map
- Kaspersky LogBook - Historic Threat Time Line
- Internet
Academic
- Journals
- Rethinking information privacy‐security: Does it really matter? By Waseem Afzal: via Wiley
- Crypto Paper: Privacy, Security, and Anonymity For Every Internet User, by Crypto Seb: via GitHub
- Challenges in assessing privacy impact, Tales from the Front Line: via Wiley
- A privacy‐preserving multifactor authentication system: via Wiley
- Web Browser Privacy: What Do Browsers Say When They Phone Home?: via scss.tcd.ie
- Implementations and Standards
- The GNU Privacy Guard
- OpenPGP JavaScript Implementation
- WireGuard
- Nym - Next Generation of Privacy infrastructure
Foundations
- Contract for the Web
- Electronic Frountier Foundation - Defending digital privacy + more
- OWASP Foundation
- Freedom House - Fighting for freedom on the net
- Privacy International
- Open Tech Fund
- Freedom of the Press Foundation
- Open Rights Group
- LEAP Encryption Access Project
- The Guardian Project
- Foundation for Applied Privacy
- Safe + Secure - advise for journalists and film makers
- Citizen Lab
- Electronic Privacy Information Center
- American Civil Liberties Union
- Free Software Foundation
- Courage Foundation - Supports those who risk life / liberty to make significant contributions to the historical record
- Fight for the Future - Fighting for a future where technology liberates
- Public Citizen - Standing up to corporate power and hold the government accountable
Government Organisations
- Citizen/ Small business Advice and Infrormation
- UK National Cyber Security Center
- US Cybersecurity - NIST
- Stay Safe Online - US government-backed project, aimed to inform and educate individuals and small businesses about basic digital security
- Cybercrime
- Consumer Fraud Reporting - US's Catalogue of online scams currently circulating, and a means to report cases
- Action Fraud - UK’s national reporting centre for fraud and cyber crime
- Fact Checkling
- Full Fact - UK independent fact checking charity, campaigning to expose bad information, and the harm it does
- CERT - Your local jurisdiction will likely have a Computer emergency response team (historically known as CERT). Who is in charge of handline handles domestic and international computer security incidents.
- Australia - auscert.org.au
- Austria - cert.at
- Bangladesh - cirt.gov.bd
- Bolivia - cgii.gob.bo
- Brazil - cert.br
- Canada - cyber.gc.ca
- China - cert.org.cn
- Columbia - colcert.gov.co
- Croatia - carnet.hr
- Czech Republic - csirt.cz
- Denmark - cert.dk
- Ecuador - ecucert.gob.ec
- Egypt - egcert.eg
- Estonia - ria.ee / CERT-EE
- Finland - kyberturvallisuuskeskus.fi
- France - cert.ssi.gouv.fr
- Germany - cert-bund.de
- Ghana - nca-cert.org.gh
- Hong Kong - hkcert.org
- Iceland - cert.is
- India - CERT-IN
- Indonesia - idsirtii.or.id
- Iran - cert.ir
- Italy - cert-pa.it
- Japan - JPCERT
- Kyrgyzstan - cert.gov.kg
- Luxembourg - circl.lu
- Macau - mocert.org
- Malaysia - mycert.org.my
- Morocco - educert.ma
- Netherlands - ncsc.nl
- New Zealand - cert.govt.nz
- Nigeria - cert.gov.ng
- Norway - norcert
- Pakistan - pakcert.org
- Papua New Guinea - pngcert.org.pg
- Philippines - cspcert.ph
- Poland - cert.pl
- Portugal - cncs.gov.pt/certpt
- Qatar - qcert.org
- Rep of Ireland - ncsc.gov.ie
- Romania - cert.ro
- Russia - gov-cert.ru / cert.ru
- Singapore - csa.gov.sg/singcert
- Slovenia - sk-cert.sk
- South Korea - krcert.or.kr
- Spain - incibe.es
- Sri Lanka - cert.gov.lk
- Sweden - cert.se
- Switzerland - govcert.ch
- Taiwan - twcert.org.tw
- Thailand - thaicert.or.th
- Tonga cert.to
- Ukraine - cert.gov.ua
- UAE - tra.gov.ae/aecert
- United Kingdom - ncsc.gov.uk
- United States - us-cert.gov
Mega Guides
- by Fried
- by ivpn
- by ProPrivacy
- by Heimdal Security
- by Wired
- by Vice
More Awesome GitHub Lists
- Awesome Open Source Apps
- awesome-windows-apps by 'many'
- awesome-macOS-apps by @iCHAIT
- awesome-linux-software by @luong-komorebi
- open-source-ios-apps by @dkhamsing
- open-source-android-apps by @pcqpcq
- awesome-selfhosted by 'many'
- privacy-respecting by @nikitavoloboev
- awesome-privacy by @KevinColemanInc
- privacy-respecting-software by @lissy93
- Guides
- MacOS-Security-and-Privacy-Guide by @drduh
- personal-security-checklist by @lissy93
- Security (Hacking / Pen Testing / Threat Inteligence / CFTs)
- Security_list by @zbetcheckin
- awesome-security by @sbilly
- awesome-sec-talks by @PaulSec
- awesome-threat-intelligence by @hslatman
- awesome-incident-response by @meirwah
- awesome-anti-forensic by @remiflavien1
- awesome-malware-analysis by @rshipp
- awesome-honeypots by @paralax
- awesome-hacking by @carpedm20
- awesome-pentest by @enaqx
- awesome-ctf by @apsdehal
- Misc
- awesome-crypto-papers by @pFarb
- Awesome Lists of Awesome Lists
- More In This Repo
Thanks for visiting, hope you found something useful here :) Contributions are welcome, and much appreciated - to propose an edit raise an issue, or open a PR. See: CONTRIBUTING.md
.
Licensed under Creative Commons, CC BY 4.0, © Alicia Sykes 2020
Found this helpful? Consider sharing it with others, to help them also improve their digital security 😇