67 KiB
Awesome Privacy & Security Links
A curated list of notable guides, articles, tools and media - relating to digital security, internet freedom and online privacy
See also: Personal Security Checklist | Privacy-Respecting Software | Security Gadgets | Why Privacy Matters | TLDR🔐
Contents
- Information and Guides
- Media
- Security Tools & Services
- Online Tools
- Privacy-Respecting Software, moved to here
- Security Hardware, moved to here
- Research
- Organisations
- More Lists
How-To Guides
- Threat Protection
- Protect against SIM-swap scam: via wired
- How to spot a phishing attack: via EFF
- Protection from Identity Theft: via Restore Privacy
- Protecting from key-stroke-logging, with KeyScrambler: via TechRepublic
- Guide to Hash Checks, to ensure a program has not been tampered with: via ProPrivacy
- Permanently and Securely Delete ‘Files and Directories’ in Linux: via TechMint
- Networking
- How to enable DNS over HTTPS: via geekwire
- How to resolve DNS leak issue: via DNSLeakTest
- Protect against WebRTC Leaks: via Restore Privacy
- ISP and DNS privacy tips: via bluz71
- Beginners guide on getting started with Tor: via ProPrivacy
- Beginners guide to I2P: via The Tin Hat
- About Using VPN and Tor together: via ProPrivacy
- How to use
__nomap
, to reduce public exposure of SSID: via ghacks - Up-to-date router configurations for advanced security: via RouterSecurity.org
- Communication
- Email Self-Defense, Configure your mail client securly, from scratch - via FSF.org
- How to avoid Phishing Attacks: via EFF
- How to use PGP: Via EFF - Windows, MacOS and Linux
- A Step-by-Step Guide to Generating More Secure GPG Keys: via spin.atomicobject.com
- How to Maintain Anonyimity in Bitcoin Transactions: coinsutra.com
- Beginners Guide to Signal (secure messaging app): via Freedom of the Press Foundation
- How to use OTR messaging with Adium (MacOS): via CalyxiIstitute.org
- Full guide to using plaintext emails: via useplaintext.email
- Devices
- How to Enable Encryption on your Devices: via SpreadPrivacy.com
- How to Delete your Data Securely: Via EFF - Windows, MacOS and Linux
- Layers of Personal Tech Security: via The Wire Cutter
- Device-Specific Privacy Guides: via SpreadPrivacy
- For: Windows 10, MacOS, Linux, Android and iOS
- Guide to scrubbing Windows OSs from forensic investigation: by u/moschles, via Reddit
- A curated list of Windows Domain Hardening techniques: by @PaulSec, via: GitHub
- Configuring Gboard for better Privacy: via Ghacks
- Settings to update on iPhone, for better privacy: via lifehacker
- How to check App Permissions (Android, iOS, Mac & Windows): via Wired
- How to manage Self-Encrypting Drives: via TechSpot
- Harden your MacOS Security: via @drduh on GitHub
- Software
- Complete guide to configuring Firefox for Privacy + Speed: via 12bytes
- Firefox Configuration Guide for Beginners: via 12bytes
- How to use Vera Crypt: via howtogeek
- How to use KeePassXC: via EFF
- How to use uMatrix browser addon to block trackers: via ProPrivacy
- How to set up 2-Factor Auth on common websites: via The Verge
- How to use DuckDuckGo advanced search features: via Ghacks
- How to use Cryptomator (encrypt files on cloud storage): via It's Foss
- Physical Security
- Guide to Living Anonymously, Personal Data Removal and Credit Freeze: via IntelTechniques.com
- Hiding from Physical Surveillance: via Snallabolaget
- Guide to opting-out of public data listings and marketing lists: via World Privacy Forum
- Enterprise
- A basic checklist to harden GDPR compliancy: via GDPR Checklist
- Reference Info
- A direcory of websites, apps and services supporting 2FA: via TwoFactorAuth.org
- A directory of direct links to delete your account from web services: via JustDeleteMe.xyz
- Impartial VPN Comparison Data: via ThatOnePrivacySite
- Terms of Service; Didn't Read - Vital resource that summarizes and extracts the key details from Privacy Policies/ Terms of Services, aiming to fix the issues caused by blindly agreeing to these Terms: via tosdr.org
- Free, open-source and privacy-respecting alternatives to popular software: via Switching.Software
- Product reviews from a privacy perspective, by Mozilla: via Privacy Not Included
- Surveillance Catalogue - Database of secret government surveillance equipment, Snowden: via The Intercept
- See also: The source code, on WikiLeaks Vault7 and Vault8, and the accompanying press release
- Who Has Your Back? - Which companies hand over your comply with Government Data Requests 2019: via EFF
- Check who your local and government representatives in your local area are WhoAreMyRepresentatives.org
- Open project to rate, annotate, and archive privacy policies: via PrivacySpy.org
- Hosts to block: via someonewhocares/ hosts / StevenBlack/ hosts
- Magic Numbers - Up-to-date file signature table, to identify / verify files have not been tampered with: via GaryKessler
- List of IP ranges per country: via Nirsoft
- Database of default passwords for various devices by manufacturer and model: via Default-Password.info
- All-in-one digital and physical security
- Umbrella: an open source iOS/Android/Web app for learning about and managing digital, operational and physical security (from safe communication to dealing with a kidnap) via Security First
Articles
- General
- 8-point manifesto, of why Privacy Matters: via whyprivacymatters.org
- Rethinking Digital Ads: via TheInternetHealthReport
- Encryption
- Overview of projects working on next-generation secure email: via OpenTechFund
- Anatomy of a GPG Key: via @DaveSteele
- Surveillance
- Twelve Million Phones, One Dataset, Zero Privacy: via NY Times
- Windows data sending: via The Hacker News
- Is your Anti-Virus spying on you: via Restore Privacy
- What does your car know about you?: via Washington Post
- Turns Out Police Stingray Spy Tools Can Indeed Record Calls: via Wired
- UK Police Accessing Private Phone Data Without Warrant: via Restore Privacy
- Rage Against Data Dominance: via Privacy International
- NSA Files Decoded, What the revelations mean for you: via The Guardian
- How to Track a Cellphone Without GPS—or Consent: via Gizmodo
- Apps able to track device location, through power manager: via Wired
- Hackers and governments can see you through your phone’s camera: via Business Insider
- Law Enforcement Geo-Fence Data Requests - How an Innocent cyclist became a suspect when cops accessed his Google location data: via Daily Mail
- IBM Used NYPD Surveillance Footage to Develop Technology That Lets Police Search by Skin Color: via TheIntercept
- Threats
- 23 reasons not to reveal your DNA: via Internet Health Report
- Security of Third-Party Keyboard Apps on Mobile Devices: via Lenny Zelster
- Mobile Websites Can Tap Into Your Phone's Sensors Without Asking: via Wired
- Non-admin accounts mitigate 94% of critical Windows vulnerabilities: via ghacks
- Android Apps are able to monitor screen state, data usage, installed app details and more without any permissions: by @databurn-in, via GitHub
- See also, PrivacyBreacher - an app developed by @databurn-in, which demonstrates these issues
- How URL Previews in Apps can Leak Personal Info: via hunch.ly
- Big data privacy risks: via CSO Online
- Anti-Doxing Guide (For Activists Facing Attacks): via Equality Labs
- Breaches
- Wired guide to data breaches - past, present and future: via Wired
- Grindr and OkCupid Spread Personal Details Study Says: via NY Times
- The Asia-Pacific Cyber Espionage Campaign that Went Undetected for 5 Years: via TheHackerNews
- ClearView AI Data Breach - 3 Billion Faces: via Forbes
- The MongoDB hack and the importance of secure defaults: via Synk
- Truecaller Data Breach – 47.5 Million Indian Truecaller Records On Sale: via GBHackers
- Hundreds of millions of Facebook user records were exposed on Amazon cloud server: via CBS News
- Microsoft data breach exposes 250 million customer support records: via Graham Cluley
- Data Collection
- Ring Doorbell App Packed with Third-Party Trackers: via EFF
- How a highly targeted ad can track your precise movements: via Wired
- Based on the paper, Using Ad Targeting for Surveillance on a Budget: via Washington.edu
- How websites can see your full personal details, from your phone contract info: via Medium/@philipn
- Facebook and America’s largest companies give worker data to Equifax: via FastCompany
- Exfiltration of personal data by session-replay scripts: via Freedom-to-Tinker
- Apple's iTerm2 Leaks Everything You Hover in Your Terminal via DNS Requests: via BleepingComputer
- Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking: via propublica.org
Blogs
- Security Reserachers
- Krebs on Security - Lots of up-to-date, in-depth interesting cyber security news and investigations, by a true legend in the field and NY Times Bestseller, Brian Krebs. RSS
- Schneier on Security - Commentary, news, essays and more all about cryptography, cyber security and privacy. New posts are written almost daily, and this is also home to the famous Crypto Gram weekly newsletter, that's been popular since 1994. By the world-renowned security professional, and serial bestselling author, Bruce Schneier. RSS
- Troy Hunt - Security researcher and data breach collector. RSS
- Graham Cluley - Security news, advise and opinion. From Graham Cluley, co-host of Smashing Security.
- The Last Watch Dog - Privacy and Security articles, opinion and media by Byron Acohido
- Daniel Miessler - Summaries recent news and events, and focuses on security, technology and people. RSS
- Errata Security - Covers latest interesting news, and explains concepts clearly. By Robert Graham and David Maynor. RSS
- Underground Tradecraft - Counterintelligence, OPSEC and Tradecraft for everyone
- Cyber Security News
- Dark Reading - Well-known cyber security news site, with articles on a range of topics, ranging from data breaches, IoT, cloud security and threat intelligence. RSS
- Threat Post - News and Articles Cloud Security, Malware, Vulnerabilities, Waterfall Security and Podcasts. RSS
- We Live Security - Security news, views, and insight, by ESET + Community. RSS
- The Hacker News - News and info covering Data Breaches, Cyber Attacks, Vulnerabilities, Malware. RSS
- Sophos: Naked Security - Security news and updates, presented in an easy-to-digest format. RSS
- IT Security Guru - Combines top cyber security news from multiple sites, easier to stay up-to-date
- FOSS Bytes - Cyber Security - News about the latest exploits and hacks
- Cyber Security Infomation
- Heimdal - Personal Cyber Security Tutorials and Articles
- Tech Crunch - Cyber Security 101
- Email Self-Defense - Complete guide to secure email
- Security Planner - Great advise for beginners
- My Shaddow - Resources and guides, to help you take controll of your data
- Privacy Guides
- EFF SSD - Tips for safer online communications
- Restore Privacy - Tools and guides about privacy and security
- That One Privacy Site - impartial comparisons and discussions
- The Hated One - Privacy and security videos
- 12Bytes - Tech, Privacy and more (Note, sometimes covers controversial topics)
- Pixel Privacy - Online privacy guides
- The Tin Hat - Tutorials and Articles for Online Privacy
- PrivacyTools.io - Tools to protect against mass surveillance
- PrismBreak - Secure app alternatives
- The VERGE guide to privacy - Guides for securing mobile, web and home tech
- Privacy News
- Spread Privacy - Raising the standard of trust online, by DuckDuckGo
- BringBackPrivacy - Easy-reading, sharable privacy articles
- The Privacy Project - Articles and reporting on Privacy, by the NYT
- Internet Freedom
- OONI, Internet freedom and analysis on blocked sites
- Internet Health Report - Mozilla is documenting and explaining what’s happening to openness and freedom on the Internet
- Worth Hiding - Posts about privacy, politics and the law
Books
- Permanent Record by Edward Snowden
- Sandworm by Andy Greenberg: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers
- Extreme Privacy by Michael Bazzell: Thoroughly detailed guide for protecting your privacy both electronically and physically
- Ghost in the Wires by Kevin Mitnick: Kevin tells his story of being the world's most wanted hacker
- The Art of Invisibility, by Kevin Mitnick: You How to Be Safe in the Age of Big Brother
- Eyes in the Sky: The Secret Rise of Gorgon Stare and How It Will Watch Us All, by Arthur Holla Michel: Outlines the capabilities of the digital imaging in continuous aerial and satellite surveillance, and discusses both the current systems that are deployed, and the technical feasibility of future plans
Podcasts
- Darknet Diaries by Jack Rhysider: Stories from the dark sides of the internet.
- CYBER by Motherboard: News and analysis about the latest cyber threats
- The Privacy, Security, & OSINT Show by Michael Bazzell: Comprehensive guides on Privacy and OSINT
- Smashing Security by Graham Cluley and Carole Theriault: Casual, opinionated and humerous chat about current cybersecurity news
- IRL Podcast by Mozilla: Online Life is Real Life, Stories about the future of the Web
- Random but Memorable by 1Password - A Security advice podcast
More Security Podcasts on player.fm
More Podcasts (Verification Required): Naked Security | Open Source Security Podcast | Defensive Security Podcast | Malicious Life | Down the Security Rabbit Hole | Cyber Wire | Hacking Humans | Security Now | Cyber Security Interviews | Security Weekly | The Shared Security Podcast | Risky Business | Crypto-Gram Security Podcast | Off the Hook | Opt Out Podcast
Videos
- General
- You are being watched by The New York Times
- The Power of Privacy by The Guardian
- Why Privacy matters, even if you have nothing to hide by The Hated One
- The Unhackable Email Service by Freethink
- NSA Whistleblower: Government Collecting Everything You Do by Empire Files
- Cryptography
- Advanced Into to GnuPGP by Neal Walfield (walfield.org)
- TED Talks
- How Online Trackers Track You, and What To Do About It by Luke Crouch
- Why you should switch off your home WiFi by Bram Bonné
- Why Privacy Matters, by Glenn Greenwald
- Fighting viruses, defending the net, by Mikko Hypponen
- The 1s and 0s behind cyber warfare, by Chris Domas
- State Sanctioned Hacking - The Elephant in the Room - Historic, economic and demographic overview of the growing threat to the U.S. from Chinese cyber invasions, by Frank Heidt
- How the IoT is Making Cybercrime Investigation Easier - How our data is changing the nature of "evidence" in digital forensics, by Jonathan Rajewski
- Online Privacy Doesn't Exist - The unexpected dangers our digital breadcrumbs can lead to, by Denelle Dixon
- Data is the new gold, who are the new thieves? - Introduction and demonstration of the power of data, by Tijmen Schep
- Conferences
- DEF CON 27 - Collection of talks from DEF CON 2019, Vegas
- RSA Conference - Collection of security talks from the RSA conferences
- Administraitor.video - A regularly updated collection of new and interesting security confrence talks
- Misc
- Through a PRISM, Darkly - Everything we know about NSA spying, by Kurt Opsahl
- What it REALLY takes to have True Privacy in the 21st Cen by @MalcomVetter
See also: awesome-sec-talks by @PaulSec
Online Tools
- Check and Test
- εxodus - Check which trackers any app on the Play Store has
- Have I been Pwned and Dehashed - Check if your details have been compromised
- Redirect Detective - Check where a suspicious URL redirects to
- Botometer - An AI script to check if a certain username is a bot
- Utilities
- Privacy.sexy - A collection of commands you can run to impplement best prctices on Windows or MacOS
- ExifRemove - Remove Meta/ EXIF data online
- Secure Password Check - Fun little tool, to demonstrate how long it could take to crack a password
- 33Mail or Anonaddy or SimpleLogin Protect your email address, by auto-generating unique permeant aliases for each account, so all emails land in your primary inbox
- Deseat Me - Clean up your online presence
- Anti-Tracking Analysis
- Panopticlick - Check if, and how your browser is tracking you
- Browser Leaks - Check which information is being leaked by your browser
- DNSLeakTest - Check for and fix a DNS leak
- IP Leak - IP Leak test
- Am I Unique? - If your fingerprint is unique, then websites can track you
- Qualys SSL Client Test - Check the SSL/TLS capabilities of your browser
- Phishing, Hacking and Abuse
- VirusTotal - Analyse a suspicious web resource for malware
- ScamAdviser - Check if a website is a scam, before buying from it
- Abuse IP DB - Report an IP address for abuse, spam or attacks, and check the status of any IP
- Phish Tank - Check if a link is a known phishing URL, Submit a phishing URL, browse recent phishing URLs
- Is It Hacked? - Check if a website or page appears to be hacked, hijacked or generally suspicious
- IP Tools
- I Know What You Download - Shows torrents that have been downloaded or distributed from your IP address
- Hetrix Tools - Blacklist Check - Check if your Domain or IP appears on any common blacklists
- Check: The Tor Project - Check if your connected via Tor, and diagnose issues
- Public Domain and Website Scanning Tools
- URL Scan - Scan and analyse websites, shows IP, DNS, domain and host data, as well as info about resources and requests
- Security Trails - Shows all DNS records, historical DNS data and sub domains
- crt.sh - Shows current and previous SSL/ TLS certificates for a given domain, has advanced search option
- Virus Total - Scans any URL, web asset or file for malware
- DomainTools WhoIs - Who Is Lookup. Check who registered a domain name, and find contact details
- Pentest Tools Vulnerability Scanner - Light scan searches for client and server-side vulnerabilities and missing HTTP security headers
- Qualys SSL Server Test - Perform a deep analysis of the configuration of any SSL web server on the public Internet
- Abuse IP DB - Check if an IP or domain has been reported for abuse, or file a report
- RIPEstat - Detailed analysis of IP Addresses (Routing, DNS, Abuse History, Activity etc)
- Multirbl - Complete IP check for sending Mailservers
- IPVoid - Full suit of Domain, IP, and DNS tools for Tracing, Lookup, Checking and Pinging
- Net Neutrality
- Blocked by ORG - Check if your website is blocked by certain ISPs
- Data Rights Finder - Find, understand and use information from privacy policies
- Down For Everyone Or Just Me - Quickly determine if a website is down, or just unavailable for you
- Anonymous Services - The following sites host a veriety of anonymous online services
- Archives
- The Way Back Machine - See previous versions of any website. An archive of 431 billion snapshots over 20 years
- PolitiTweet - Archives Tweets from powerful public figures, and records silent retractions and deleted tweets
- Internet Archive Software Collection - The largest vintage and historical software library
- OpenLibrary - A free, digital library of over 2 million eBooks, and information on over 20 million books
- Archive-It - Collecting and accessing cultural heritage on the web
Privacy-Respecting Software
This section has moved to here. Complete list of privacy-respecting software and services
Security Hardware
This section has moved to here. Products, gadgets and DIY projects to help improve security
Data, API's and Visualisations
- Research Results
- Internet Census Data - Includes data on address space allocation, traffic, DNS, service enumeration, internet outages and other internet topology data
- Web Tracking Data by Princeton University - This is the largest and most detailed analysis of online tracking to date, and measures both stateful (cookie-based) and stateless (fingerprinting-based) tracking. The crawls were made with OpenWPM
- Who has your Back? by EFF - Anual report assessing how companies handle personal data
- Lists of Websites Abusing Session Replay - Third-party sesssion replay scripts, record all your acions and allow them to be watched by a human. This list of websites include this
- Sensor Access Data - A Crawl of the Mobile Web Measuring Sensor Accesses, Illinois
- Canalys Newsroom - Research Studies on Security, Privacy, Technology and Finance
- Data Never Sleeps - An infographic visualizing how much data is generated every minute (2019)
- What they Know about You - An Infographic showing what information are Giant Tech Companies collecting from you (2020)
- Databases
- Exodus - Trackers in Android Apps
- Exploit Database - A database or Current software vulnerabilities
- URLScan - Service scanning for malicious domains, with historical results
- Dehashed - Data Breaches and Credentials
- VirusTotal - Detailed virus scans of software
- Abuse IP DB - Database of IPs reported for abuse
- SnusBase - Long standing database hosting breached data
- OpenPhish - A feed of current phishing endpoints
- HashToolkit - Database of 'cracked' hashes
- SecLists - Starter list of leaked databases, passwords, usernames etc (Great for programming)
- Qualys SSL Pulse - A continuous and global dashboard for monitoring the quality of SSL / TLS support over time across 150,000 SSL - and TLS-enabled websites, based on Alexa’s list of the most popular sites in the world
- Tor Bulk Exit List - List of all exit nodes (IP) in use on the Tor network
- Fun with Live Data 🌠
- Internet
- Tor Flow - Real-time data flow between Tor nodes
- Internet Census - 24-hour world map of average utilization of IPv4 addresses
- ICMP ping requests were sent out via the Carna botnet. Read how this was done on the Official Site or download similar datasets
- Map of Mobile Internet - Shows world data coverage, according to Twitter data
- IKnow - Live data showing what content is being downloaded + distributed via torrents
- Semantic Internet Map - Shows how different websites link together
- Wiggle - Worlds largest WiFi Map showing personal hotspot statistics geographically
- BGP Stream - Shows all current outages
- Freedom House - Censorship Map - Global internet freedom and democracy status per country, over time
- DomainTools Statistics - Domain registration Numbers and Charts
- Insecam - A directory and feed of insecure or public live webcams
- Cyber
- Checkpoint - Geographical plotting of Malware, Phishing and Exploits
- Comparitech Ransomware Attack Map - Geographically plotted ransomware attacks and stats
- FortiGuard - Incoming & Outgoing Attacks per Country
- Kaspersky Stats - Shows detailed threats per second from a variety of categories
- Kaspersky LogBook - Historic Threat Time Line
- See also
- Every AV-provider and wannabe security company has a matrix-style cyber map nowadays, here are some less-spectacular ones, which didn't make it onto the list: Fire Eye, BitDefender, ESET, Looking Glass Cyber Map, Digital Attack Map
- pewpew is a sweet web component, that you can use to build your own threat map (with sound effects!)
- Unrelated, but Awesome Data
- Submarine Cable Map - An up-to-date map of major global internet cables (see also he.net and this)
- FlightRadar24 - World-wide map of live aircraft positions
- Marine Traffic - World-wide map of live ships, tankers, cargo & passenger vessels and more
- Stuff in Space - Shows objects orbiting Earth
- Asterank - A scientific and economic database of over 600,000 asteroids
- Flight Misery Map - Real-time US geographical flight delay & cancellation trends
- Meteor Showers - Shows commit locations, simulating meteor showers with time
- Airport WiFi Map - Shows WiFi networks and their passwords for airports around the world
- One in a Million - A real-time Twitter map
- ListenToWikipedia - Wikipedia edits, represented by a tone, depending on size, built by Hatnote
- BitListen - Real-time BTC transactions, represented by bubbles and tones
- FiatLeak - Real-time crypto stats
- Google Search Terms - Hourly Google Search Trends, in your location
- Sentiment Sweep - Geographic sentiment analysis on real-time Twitter data (- I made this one)
- Three Thousand Years - Shows major events throughout history, using Wikipedia data
- Wiki-Atlas - Wikipedia articles, categorized and plotted on a map
- ncov2019/live - Real-time Covid-19 data, map and dashboard (by Avi Schiffmann)
- National Grid: Live Status - Real-time UK energy stats (by Kate Morley) (similar to Grid Watch)
- Globe of Economic Complexity - Visualize's 15 Trillion dollars of world trade, where each dot is $100,000,000 of export
- Internet
Interested in discovering more awesome real-time data visualizations? Check out this post, here 🌠
Academic
-
Journals
- Rethinking information privacy‐security: Does it really matter? By Waseem Afzal: via Wiley
- Crypto Paper: Privacy, Security, and Anonymity For Every Internet User, by Crypto Seb: via GitHub
- Challenges in assessing privacy impact, Tales from the Front Line: via Wiley
- A privacy‐preserving multifactor authentication system: via Wiley
- Web Browser Privacy: What Do Browsers Say When They Phone Home?: via scss.tcd.ie
- Online Tracking, A 1-million-site Measurement and Analysis: via Princeton University
- Detecting and Defending Against Third-Party Tracking on the Web: via Franziska Roesner
- Is Google degrading search? Consumer Harm from Universal Search: via law.berkeley.edu
- A Comprehensive Evaluation of Third-Party Cookie Policies: via WhoLeftOpenTheCookieJar.com
- The Dangers of Surveillance: via Harvard Law Review
- Recognizing Speech From Gyroscope Signals: via Stanford
- A Study of Scripts Accessing Smartphone Sensors: via sensor-js.xyz
- Pixel Perfect, Fingerprinting Canvas in HTML5: hovav.net
- Shining the Floodlights on Mobile Web Tracking — A Privacy Survey: via semanticscholar.org
- Characterizing the Use of Browser-Based Blocking Extensions To Prevent Online Tracking: via aruneshmathur.co.in
- Privacy implications of email tracking: via senglehardt.com
- Battery Status Not Included, Assessing Privacy in Web Standards: via princeton.edu
- Achieving Anonymity Against Major Face Recognition Algorithms: via ruhr-uni-bochum.de
- De-anonymizing Web Browsing Data with Social Networks: via princeton.edu
- The Surveillance Implications of Web Tracking: via senglehardt.com
- Understanding Facebook Connect login permissions: via jbonneau.com
- Corporate Surveillance in Everyday Life, How Companies Collect, Combine, Analyze, Trade, and Use Personal Data on Billions: By Wolfie Christl, via crackedlabs.org
- Using Ad Targeting for Surveillance on a Budget: via washington.edu
- Cross-Site WebSocket Hijacking: via christian-schneider.net
- Location Tracking using Mobile Device Power Analysis: scribd.com
- HORNET, High-speed Onion Routing at the Network Layer: via arxiv.org
- Decoy Routing: Toward Unblockable Internet Communication: via usenix.org
- Trackers Vs Firefox, Comparing different blocking utilities: via GitHub - @jawz101
- 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy: via ssrn.com
-
Write-Ups
- Privacy - An Encyclopedic Definition and Background stanford.edu
-
Implementations and Standards
- The GNU Privacy Guard
- OpenPGP JavaScript Implementation
- WireGuard
- Nym - Next Generation of Privacy infrastructure
- REC-X.509 - The standard defining the format of public key certificates, used across most internet protocols and applications
- obfs4-spec & obfs3-protocol-spec - The Tor obfourscator and Pluggable transport for obfuscated traffic
Foundations
- Contract for the Web
- Electronic Frountier Foundation - Defending digital privacy + more
- OWASP Foundation
- Freedom House - Fighting for freedom on the net
- Privacy International
- Open Tech Fund
- Freedom of the Press Foundation
- Open Rights Group
- LEAP Encryption Access Project
- The Guardian Project
- Foundation for Applied Privacy
- Safe + Secure - advise for journalists and film makers
- Citizen Lab
- Electronic Privacy Information Center
- American Civil Liberties Union
- Free Software Foundation
- Calyx Institute - Brooklyn-based organisation, aiming to educate the public about privacy in digital communications
- Courage Foundation - Supports those who risk life / liberty to make significant contributions to the historical record
- Fight for the Future - Fighting for a future where technology liberates
- Public Citizen - Standing up to corporate power and hold the government accountable
- The DNS Privacy Project - Collaborative open project to promote, implement and deploy DNS Privacy
- Epic - Washington DC-based organisation raising attention to emerging privacy and civil liberties issues
Governance
- Citizen/ Small business Advice and Infrormation
- UK National Cyber Security Center
- US Cybersecurity - NIST
- Stay Safe Online - US government-backed project, aimed to inform and educate individuals and small businesses about basic digital security
- Annual Credit Report - US Free Credit Reports
- Cybercrime
- Consumer Fraud Reporting - US's Catalogue of online scams currently circulating, and a means to report cases
- Action Fraud - UK’s national reporting centre for fraud and cyber crime
- Crime Stoppers - UK Independent Charity, for reporting crimes anonymously
- Fact Checkling
- Full Fact - UK independent fact checking charity, campaigning to expose bad information, and the harm it does
- Snopes - Transparent fact checking service, with documented sources. Their investigative reporting uses evidence-based and contextualized analysis
- FactCheck.org - US Site debunking misinformation shared on social media
- Media Bias Fact Check - Focusing on media bias, and comparing different view points on each story from over 3000 sources
- AP Fact Check - Fact checking service provided by AP News
- CERT - Your local jurisdiction will likely have a Computer emergency response team (historically known as CERT). Who is in charge of handline handles domestic and international computer security incidents.
- A-C - Australia: auscert.org.au | Austria: cert.at | Bangladesh: cirt.gov.bd | Bolivia: cgii.gob.bo | Brazil: cert.br | Canada: cyber.gc.ca | China: cert.org.cn | Columbia: colcert.gov.co | Croatia: carnet.hr | Czech Republic: csirt.cz
- D-G - Denmark: cert.dk | Ecuador: ecucert.gob.ec | Egypt: egcert.eg | Estonia: ria.ee / CERT-EE | Finland: kyberturvallisuuskeskus.fi | France: cert.ssi.gouv.fr | Germany: cert-bund.de | Ghana: nca-cert.org.gh
- H-M - Hong Kong: hkcert.org | Iceland: cert.is | India: CERT-IN | Indonesia: idsirtii.or.id | Iran: cert.ir | Italy: cert-pa.it | Japan: JPCERT | Kyrgyzstan: cert.gov.kg | Luxembourg: circl.lu | Macau: mocert.org | Malaysia: mycert.org.my | Morocco: educert.ma
- N-P - Netherlands: ncsc.nl | New Zealand: cert.govt.nz | Nigeria: cert.gov.ng | Norway: norcert | Pakistan: pakcert.org | Papua New Guinea: pngcert.org.pg | Philippines: cspcert.ph | Poland: cert.pl | Portugal: cncs.gov.pt/certpt
- Q-S - Qatar: qcert.org | Rep of Ireland: ncsc.gov.ie | Romania: cert.ro | Russia: gov-cert.ru / cert.ru | Singapore: csa.gov.sg/singcert | Slovenia: sk-cert.sk | South Korea: krcert.or.kr | Spain: incibe.es | Sri Lanka - cert.gov.lk | Sweden: cert.se | Switzerland: [govcert.ch]
- T-Z - Taiwan: twcert.org.tw | Thailand: thaicert.or.th | Tonga: cert.to | Ukraine:cert.gov.ua | UAE: tra.gov.ae/aecert | United Kingdom: ncsc.gov.uk | United States: us-cert.gov
- Global: first.org - The global Forum of Incident Response and Security Teams
Mega Guides
- Very thorough list of things to be aware of and defensive steps, by Michael Horowitz: defensivecomputingchecklist.com
- Software reccomendations and advice for privacy: privacytools.io
- Tips and tricks, for internet freedom, data health and privacy: datadetoxkit.org
- Digital security tools and tactics: securityinabox.org
- Online privacy guide, and software reccomendations: via Fried
- Guide to security through encryption: via ProPrivacy
- Large collection of beginner security guides: Heimdal Security
- The Motherboard guide to not getting hacked: via Vice
- Online anonimity, and Tor + VPN tutorials: via ivpn
More Awesome GitHub Lists
- Awesome Open Source Apps
- awesome-windows-apps by 'many'
- awesome-macOS-apps by @iCHAIT
- awesome-linux-software by @luong-komorebi
- open-source-ios-apps by @dkhamsing
- open-source-android-apps by @pcqpcq
- awesome-selfhosted by 'many'
- privacy-respecting by @nikitavoloboev
- awesome-privacy by @KevinColemanInc
- privacy-respecting-software by @lissy93
- Guides
- MacOS-Security-and-Privacy-Guide by @drduh
- YubiKey-Guide by @drduh
- Debian-Privacy-Server-Guide by @drduh
- personal-security-checklist by @lissy93
- Security Links (Hacking / Pen Testing / Threat Inteligence / CFTs)
- Security_list by @zbetcheckin
- awesome-security by @sbilly
- awesome-sec-talks by @PaulSec
- awesome-threat-intelligence by @hslatman
- awesome-incident-response by @meirwah
- awesome-anti-forensic by @remiflavien1
- awesome-malware-analysis by @rshipp
- awesome-lockpicking by @fabacab
- awesome-hacking by @carpedm20
- awesome-honeypots by @paralax
- awesome-forensics by @cugu
- awesome-pentest by @enaqx
- awesome-ctf by @apsdehal
- awesome-osint by @jivoi
- SecLists by @danielmiessler
- Infosec_Reference by @rmusser01
- Misc
- awesome-crypto-papers by @pFarb
- Awesome Lists of Awesome Lists
- More In This Repo
Thanks for visiting, hope you found something useful here :) Contributions are welcome, and much appreciated - to propose an edit raise an issue, or open a PR. See: CONTRIBUTING.md
.
Licensed under Creative Commons, CC BY 4.0, © Alicia Sykes 2020
Found this helpful? Consider sharing it with others, to help them also improve their digital security 😇