mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2024-12-21 05:44:34 -05:00
Convert KB pages HTML to admonitions (#2425)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
This commit is contained in:
parent
0140f0ab7e
commit
05e5832161
@ -44,11 +44,14 @@ These tend to be good options for recurring/subscription payments online, while
|
||||
|
||||
Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose.
|
||||
|
||||
!!! danger
|
||||
<div class="admonition danger" markdown>
|
||||
<p class="admonition-title">Danger</p>
|
||||
|
||||
The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity.
|
||||
The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity.
|
||||
|
||||
Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust.
|
||||
Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust.
|
||||
|
||||
</div>
|
||||
|
||||
### Privacy Coins
|
||||
|
||||
|
@ -45,13 +45,16 @@ Setting up bad configurations like these is difficult to do accidentally, becaus
|
||||
|
||||
---
|
||||
|
||||
!!! info "VPN/SSH Fingerprinting"
|
||||
<div class="admonition info" markdown>
|
||||
<p class="admonition-title">VPN/SSH Fingerprinting</p>
|
||||
|
||||
The Tor Project [notes](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN#vpnssh-fingerprinting) that *theoretically* using a VPN to hide Tor activities from your ISP may not be foolproof. VPNs have been found to be vulnerable to website traffic fingerprinting, where an adversary can still guess what website is being visited, because all websites have specific traffic patterns.
|
||||
The Tor Project [notes](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN#vpnssh-fingerprinting) that *theoretically* using a VPN to hide Tor activities from your ISP may not be foolproof. VPNs have been found to be vulnerable to website traffic fingerprinting, where an adversary can still guess what website is being visited, because all websites have specific traffic patterns.
|
||||
|
||||
Therefore, it's not unreasonable to believe that encrypted Tor traffic hidden by a VPN could also be detected via similar methods. There are no research papers on this subject, and we still consider the benefits of using a VPN to far outweigh these risks, but it is something to keep in mind.
|
||||
Therefore, it's not unreasonable to believe that encrypted Tor traffic hidden by a VPN could also be detected via similar methods. There are no research papers on this subject, and we still consider the benefits of using a VPN to far outweigh these risks, but it is something to keep in mind.
|
||||
|
||||
If you still believe that pluggable transports (bridges) provide additional protection against website traffic fingerprinting that a VPN does not, you always have the option to use a bridge **and** a VPN in conjunction.
|
||||
If you still believe that pluggable transports (bridges) provide additional protection against website traffic fingerprinting that a VPN does not, you always have the option to use a bridge **and** a VPN in conjunction.
|
||||
|
||||
</div>
|
||||
|
||||
Determining whether you should first use a VPN to connect to the Tor network will require some common sense and knowledge of your own government's and ISP's policies relating to what you're connecting to. However, again in most cases you will be better off being seen as connecting to a commercial VPN network than directly to the Tor network. If VPN providers are censored in your area, then you can also consider using Tor pluggable transports (e.g. Snowflake or meek bridges) as an alternative, but using these bridges may arouse more suspicion than standard WireGuard/OpenVPN tunnels.
|
||||
|
||||
|
@ -29,9 +29,12 @@ There are usually multiple ways to sign up for an account, each with their own b
|
||||
|
||||
The most common way to create a new account is by an email address and password. When using this method, you should use a password manager and follow [best practices](passwords-overview.md) regarding passwords.
|
||||
|
||||
!!! tip
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Tip</p>
|
||||
|
||||
You can use your password manager to organize other authentication methods too! Just add the new entry and fill the appropriate fields, you can add notes for things like security questions or a backup key.
|
||||
You can use your password manager to organize other authentication methods too! Just add the new entry and fill the appropriate fields, you can add notes for things like security questions or a backup key.
|
||||
|
||||
</div>
|
||||
|
||||
You will be responsible for managing your login credentials. For added security, you can set up [MFA](multi-factor-authentication.md) on your accounts.
|
||||
|
||||
|
@ -77,18 +77,21 @@ One of the clearest threat models is one where people *know who you are* and one
|
||||
|
||||
1. **Known identity** - A known identity is used for things where you must declare your name. There are many legal documents and contracts where a legal identity is required. This could range from opening a bank account, signing a property lease, obtaining a passport, customs declarations when importing items, or otherwise dealing with your government. These things will usually lead to credentials such as credit cards, credit rating checks, account numbers, and possibly physical addresses.
|
||||
|
||||
We don't suggest using a VPN or Tor for any of these things, as your identity is already known through other means.
|
||||
We don't suggest using a VPN or Tor for any of these things, as your identity is already known through other means.
|
||||
|
||||
!!! tip
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Tip</p>
|
||||
|
||||
When shopping online, the use of a [parcel locker](https://en.wikipedia.org/wiki/Parcel_locker) can help keep your physical address private.
|
||||
When shopping online, the use of a [parcel locker](https://en.wikipedia.org/wiki/Parcel_locker) can help keep your physical address private.
|
||||
|
||||
</div>
|
||||
|
||||
2. **Unknown identity** - An unknown identity could be a stable pseudonym that you regularly use. It is not anonymous because it doesn't change. If you're part of an online community, you may wish to retain a persona that others know. This pseudonym isn't anonymous because—if monitored for long enough—details about the owner can reveal further information, such as the way they write, their general knowledge about topics of interest, etc.
|
||||
|
||||
You may wish to use a VPN for this, to mask your IP address. Financial transactions are more difficult to mask: You could consider using anonymous cryptocurrencies, such as [Monero](https://www.getmonero.org/). Employing altcoin shifting may also help to disguise where your currency originated. Typically, exchanges require KYC (know your customer) to be completed before they'll allow you to exchange fiat currency into any kind of cryptocurrency. Local meet-up options may also be a solution; however, those are often more expensive and sometimes also require KYC.
|
||||
You may wish to use a VPN for this, to mask your IP address. Financial transactions are more difficult to mask: You could consider using anonymous cryptocurrencies, such as [Monero](https://www.getmonero.org/). Employing altcoin shifting may also help to disguise where your currency originated. Typically, exchanges require KYC (know your customer) to be completed before they'll allow you to exchange fiat currency into any kind of cryptocurrency. Local meet-up options may also be a solution; however, those are often more expensive and sometimes also require KYC.
|
||||
|
||||
3. **Anonymous identity** - Even with experience, anonymous identities are difficult to maintain over long periods of time. They should be short-term and short-lived identities which are rotated regularly.
|
||||
|
||||
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
|
||||
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
|
||||
|
||||
[^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident).
|
||||
|
@ -35,19 +35,25 @@ When it comes to application security, we generally don't (and sometimes can't)
|
||||
|
||||
To minimize the damage that a malicious piece of software *could* do, you should employ security by compartmentalization. For example, this could come in the form of using different computers for different jobs, using virtual machines to separate different groups of related applications, or using a secure operating system with a strong focus on application sandboxing and mandatory access control.
|
||||
|
||||
!!! tip
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Tip</p>
|
||||
|
||||
Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources.
|
||||
Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources.
|
||||
|
||||
Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
|
||||
Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
|
||||
|
||||
</div>
|
||||
|
||||
<span class="pg-red">:material-target-account: Targeted Attacks</span>
|
||||
|
||||
Targeted attacks against a specific person are more problematic to deal with. Common attacks include sending malicious documents via email, exploiting vulnerabilities (e.g. in browsers and operating systems), and physical attacks. If this is a concern for you, you should employ more advanced threat mitigation strategies.
|
||||
|
||||
!!! tip
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Tip</p>
|
||||
|
||||
By design, **web browsers**, **email clients**, and **office applications** typically run untrusted code, sent to you from third parties. Running multiple virtual machines—to separate applications like these from your host system, as well as each other—is one technique you can use to mitigate the chance of an exploit in these applications compromising the rest of your system. For example, technologies like Qubes OS or Microsoft Defender Application Guard on Windows provide convenient methods to do this.
|
||||
By design, **web browsers**, **email clients**, and **office applications** typically run untrusted code, sent to you from third parties. Running multiple virtual machines—to separate applications like these from your host system, as well as each other—is one technique you can use to mitigate the chance of an exploit in these applications compromising the rest of your system. For example, technologies like Qubes OS or Microsoft Defender Application Guard on Windows provide convenient methods to do this.
|
||||
|
||||
</div>
|
||||
|
||||
If you are concerned about **physical attacks** you should use an operating system with a secure verified boot implementation, such as Android, iOS, macOS, or [Windows (with TPM)](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process). You should also make sure that your drive is encrypted, and that the operating system uses a TPM or Secure [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) or [Element](https://developers.google.com/android/security/android-ready-se) to rate limit attempts to enter the encryption passphrase. You should avoid sharing your computer with people you don't trust, because most desktop operating systems don't encrypt data separately per-user.
|
||||
|
||||
@ -61,13 +67,16 @@ The obvious problem with this is that the service provider (or a hacker who has
|
||||
|
||||
Thankfully, E2EE can alleviate this issue by encrypting communications between you and your desired recipients before they are even sent to the server. The confidentiality of your messages is guaranteed, assuming the service provider doesn't have access to the private keys of either party.
|
||||
|
||||
!!! note "Note on Web-based Encryption"
|
||||
<div class="admonition note" markdown>
|
||||
<p class="admonition-title">Note on Web-based Encryption</p>
|
||||
|
||||
In practice, the effectiveness of different E2EE implementations varies. Applications, such as [Signal](../real-time-communication.md#signal), run natively on your device, and every copy of the application is the same across different installations. If the service provider were to introduce a [backdoor](https://en.wikipedia.org/wiki/Backdoor_(computing)) in their application—in an attempt to steal your private keys—it could later be detected with [reverse engineering](https://en.wikipedia.org/wiki/Reverse_engineering).
|
||||
In practice, the effectiveness of different E2EE implementations varies. Applications, such as [Signal](../real-time-communication.md#signal), run natively on your device, and every copy of the application is the same across different installations. If the service provider were to introduce a [backdoor](https://en.wikipedia.org/wiki/Backdoor_(computing)) in their application—in an attempt to steal your private keys—it could later be detected with [reverse engineering](https://en.wikipedia.org/wiki/Reverse_engineering).
|
||||
|
||||
On the other hand, web-based E2EE implementations, such as Proton Mail's webmail or Bitwarden's *Web Vault*, rely on the server dynamically serving JavaScript code to the browser to handle cryptography. A malicious server can target you and send you malicious JavaScript code to steal your encryption key (and it would be extremely hard to notice). Because the server can choose to serve different web clients to different people—even if you noticed the attack—it would be incredibly hard to prove the provider's guilt.
|
||||
On the other hand, web-based E2EE implementations, such as Proton Mail's webmail or Bitwarden's *Web Vault*, rely on the server dynamically serving JavaScript code to the browser to handle cryptography. A malicious server can target you and send you malicious JavaScript code to steal your encryption key (and it would be extremely hard to notice). Because the server can choose to serve different web clients to different people—even if you noticed the attack—it would be incredibly hard to prove the provider's guilt.
|
||||
|
||||
Therefore, you should use native applications over web clients whenever possible.
|
||||
Therefore, you should use native applications over web clients whenever possible.
|
||||
|
||||
</div>
|
||||
|
||||
Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
|
||||
|
||||
@ -77,17 +86,23 @@ Even with E2EE, service providers can still profile you based on **metadata**, w
|
||||
|
||||
Mass surveillance is the intricate effort to monitor the "behavior, many activities, or information" of an entire (or substantial fraction of a) population.[^1] It often refers to government programs, such as the ones [disclosed by Edward Snowden in 2013](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)). However, it can also be carried out by corporations, either on behalf of government agencies or by their own initiative.
|
||||
|
||||
!!! abstract "Atlas of Surveillance"
|
||||
<div class="admonition abstract" markdown>
|
||||
<p class="admonition-title">Atlas of Surveillance</p>
|
||||
|
||||
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org/) by the [Electronic Frontier Foundation](https://www.eff.org/).
|
||||
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org/) by the [Electronic Frontier Foundation](https://www.eff.org/).
|
||||
|
||||
In France you can take a look at the [Technolopolice website](https://technopolice.fr/villes/) maintained by the non-profit association La Quadrature du Net.
|
||||
In France you can take a look at the [Technopolice website](https://technopolice.fr/villes/) maintained by the non-profit association La Quadrature du Net.
|
||||
|
||||
</div>
|
||||
|
||||
Governments often justify mass surveillance programs as necessary means to combat terrorism and prevent crime. However, breaching human rights, it's most often used to disproportionately target minority groups and political dissidents, among others.
|
||||
|
||||
!!! quote "ACLU: [*The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward*](https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward)"
|
||||
<div class="admonition quote" markdown>
|
||||
<p class="admonition-title">ACLU: <em><a href="https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward">The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward</a></em></p>
|
||||
|
||||
In the face of [Edward Snowden's disclosures of government programs such as [PRISM](https://en.wikipedia.org/wiki/PRISM) and [Upstream](https://en.wikipedia.org/wiki/Upstream_collection)], intelligence officials also admitted that the NSA had for years been secretly collecting records about virtually every American’s phone calls — who’s calling whom, when those calls are made, and how long they last. This kind of information, when amassed by the NSA day after day, can reveal incredibly sensitive details about people’s lives and associations, such as whether they have called a pastor, an abortion provider, an addiction counselor, or a suicide hotline.
|
||||
In the face of [Edward Snowden's disclosures of government programs such as [PRISM](https://en.wikipedia.org/wiki/PRISM) and [Upstream](https://en.wikipedia.org/wiki/Upstream_collection)], intelligence officials also admitted that the NSA had for years been secretly collecting records about virtually every American’s phone calls — who’s calling whom, when those calls are made, and how long they last. This kind of information, when amassed by the NSA day after day, can reveal incredibly sensitive details about people’s lives and associations, such as whether they have called a pastor, an abortion provider, an addiction counselor, or a suicide hotline.
|
||||
|
||||
</div>
|
||||
|
||||
Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2]
|
||||
|
||||
@ -133,11 +148,14 @@ Censorship on corporate platforms is increasingly common, as platforms like Twit
|
||||
|
||||
People concerned with the threat of censorship can use technologies like [Tor](../advanced/tor-overview.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../real-time-communication.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily.
|
||||
|
||||
!!! tip
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Tip</p>
|
||||
|
||||
While evading censorship itself can be easy, hiding the fact that you are doing it can be very problematic.
|
||||
While evading censorship itself can be easy, hiding the fact that you are doing it can be very problematic.
|
||||
|
||||
You should consider which aspects of the network your adversary can observe, and whether you have plausible deniability for your actions. For example, using [encrypted DNS](../advanced/dns-overview.md#what-is-encrypted-dns) can help you bypass rudimentary, DNS-based censorship systems, but it can't truly hide what you are visiting from your ISP. A VPN or Tor can help hide what you are visiting from network administrators, but can't hide that you're using those networks in the first place. Pluggable transports (such as Obfs4proxy, Meek, or Shadowsocks) can help you evade firewalls that block common VPN protocols or Tor, but your circumvention attempts can still be detected by methods like probing or [deep packet inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection).
|
||||
You should consider which aspects of the network your adversary can observe, and whether you have plausible deniability for your actions. For example, using [encrypted DNS](../advanced/dns-overview.md#what-is-encrypted-dns) can help you bypass rudimentary, DNS-based censorship systems, but it can't truly hide what you are visiting from your ISP. A VPN or Tor can help hide what you are visiting from network administrators, but can't hide that you're using those networks in the first place. Pluggable transports (such as Obfs4proxy, Meek, or Shadowsocks) can help you evade firewalls that block common VPN protocols or Tor, but your circumvention attempts can still be detected by methods like probing or [deep packet inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection).
|
||||
|
||||
</div>
|
||||
|
||||
You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught.
|
||||
|
||||
|
@ -139,9 +139,12 @@ The command will prevent an adversary from bypassing MFA when the computer boots
|
||||
|
||||
### Linux
|
||||
|
||||
!!! warning
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Warning</p>
|
||||
|
||||
If the hostname of your system changes (such as due to DHCP), you would be unable to login. It is vital that you set up a proper hostname for your computer before following this guide.
|
||||
If the hostname of your system changes (such as due to DHCP), you would be unable to login. It is vital that you set up a proper hostname for your computer before following this guide.
|
||||
|
||||
</div>
|
||||
|
||||
The `pam_u2f` module on Linux can provide two-factor authentication for logging in on most popular Linux distributions. If you have a hardware security key that supports U2F, you can set up MFA authentication for your login. Yubico has a guide [Ubuntu Linux Login Guide - U2F](https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F) which should work on any distribution. The package manager commands—such as `apt-get`—and package names may however differ. This guide does **not** apply to Qubes OS.
|
||||
|
||||
|
@ -26,9 +26,12 @@ You should avoid changing passwords that you have to remember (such as your pass
|
||||
|
||||
When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
|
||||
|
||||
!!! tip "Checking for data breaches"
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Checking for data breaches</p>
|
||||
|
||||
If your password manager lets you check for compromised passwords, make sure to do so and promptly change any password that may have been exposed in a data breach. Alternatively, you could follow [Have I Been Pwned's Latest Breaches feed](https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches) with the help of a [news aggregator](../news-aggregators.md).
|
||||
If your password manager lets you check for compromised passwords, make sure to do so and promptly change any password that may have been exposed in a data breach. Alternatively, you could follow [Have I Been Pwned's Latest Breaches feed](https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches) with the help of a [news aggregator](../news-aggregators.md).
|
||||
|
||||
</div>
|
||||
|
||||
## Creating strong passwords
|
||||
|
||||
@ -48,9 +51,12 @@ An example of a diceware passphrase is `viewable fastness reluctant squishy seve
|
||||
|
||||
To generate a diceware passphrase using real dice, follow these steps:
|
||||
|
||||
!!! note
|
||||
<div class="admonition Note" markdown>
|
||||
<p class="admonition-title">Note</p>
|
||||
|
||||
These instructions assume that you are using [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
|
||||
These instructions assume that you are using [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
|
||||
|
||||
</div>
|
||||
|
||||
1. Roll a six-sided die five times, noting down the number after each roll.
|
||||
|
||||
@ -60,31 +66,37 @@ To generate a diceware passphrase using real dice, follow these steps:
|
||||
|
||||
4. Repeat this process until your passphrase has as many words as you need, which you should separate with a space.
|
||||
|
||||
!!! warning "Important"
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Important</p>
|
||||
|
||||
You should **not** re-roll words until you get a combination of words that appeal to you. The process should be completely random.
|
||||
You should **not** re-roll words until you get a combination of words that appeal to you. The process should be completely random.
|
||||
|
||||
</div>
|
||||
|
||||
If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
|
||||
|
||||
We recommend using [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
|
||||
|
||||
??? note "Explanation of entropy and strength of diceware passphrases"
|
||||
<details class="note" markdown>
|
||||
<summary>Explanation of entropy and strength of diceware passphrases</summary>
|
||||
|
||||
To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
|
||||
To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
|
||||
|
||||
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as $\text{log}_2(\text{WordsInList})$ and the overall entropy of the passphrase is calculated as $\text{log}_2(\text{WordsInList}^\text{WordsInPhrase})$.
|
||||
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as $\text{log}_2(\text{WordsInList})$ and the overall entropy of the passphrase is calculated as $\text{log}_2(\text{WordsInList}^\text{WordsInPhrase})$.
|
||||
|
||||
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy ($\text{log}_2(7776)$), and a seven word passphrase derived from it has ~90.47 bits of entropy ($\text{log}_2(7776^7)$).
|
||||
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy ($\text{log}_2(7776)$), and a seven word passphrase derived from it has ~90.47 bits of entropy ($\text{log}_2(7776^7)$).
|
||||
|
||||
The [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is $\text{WordsInList}^\text{WordsInPhrase}$, or in our case, $7776^7$.
|
||||
The [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is $\text{WordsInList}^\text{WordsInPhrase}$, or in our case, $7776^7$.
|
||||
|
||||
Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
|
||||
Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
|
||||
|
||||
On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
|
||||
On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
|
||||
|
||||
- Your adversary knows that you used the diceware method.
|
||||
- Your adversary knows the specific wordlist that you used.
|
||||
- Your adversary knows how many words your passphrase contains.
|
||||
- Your adversary knows that you used the diceware method.
|
||||
- Your adversary knows the specific wordlist that you used.
|
||||
- Your adversary knows how many words your passphrase contains.
|
||||
|
||||
</details>
|
||||
|
||||
To sum it up, diceware passphrases are your best option when you need something that is both easy to remember *and* exceptionally strong.
|
||||
|
||||
@ -98,13 +110,16 @@ There are many good options to choose from, both cloud-based and local. Choose o
|
||||
|
||||
[List of recommended password managers](../passwords.md){ .md-button }
|
||||
|
||||
!!! warning "Don't place your passwords and TOTP tokens inside the same password manager"
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Don't place your passwords and TOTP tokens inside the same password manager</p>
|
||||
|
||||
When using TOTP codes as [multi-factor authentication](../multi-factor-authentication.md), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md#authenticator-apps).
|
||||
When using TOTP codes as [multi-factor authentication](../multi-factor-authentication.md), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md#authenticator-apps).
|
||||
|
||||
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
|
||||
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
|
||||
|
||||
Furthermore, we do not recommend storing single-use recovery codes in your password manager. Those should be stored separately such as in an encrypted container on an offline storage device.
|
||||
Furthermore, we do not recommend storing single-use recovery codes in your password manager. Those should be stored separately such as in an encrypted container on an offline storage device.
|
||||
|
||||
</div>
|
||||
|
||||
### Backups
|
||||
|
||||
|
@ -11,9 +11,12 @@ Normally, an ISP can see the flow of internet traffic entering and exiting your
|
||||
|
||||
Using a VPN hides even this information from your ISP, by shifting the trust you place in your network to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing through it.
|
||||
|
||||
!!! note
|
||||
<div class="admonition note" markdown>
|
||||
<p class="admonition-title">Note</p>
|
||||
|
||||
When we refer to "Virtual Private Networks" on this website, we are usually referring to **commercial** [VPN providers](../vpn.md), who you pay a monthly fee to in exchange for routing your internet traffic securely through their public servers. There are many other forms of VPN, such as ones you host yourself or ones operated by workplaces which allow you to securely connect to internal/employee network resources, however, these VPNs are usually designed for accessing remote networks securely, rather than protecting the privacy of your internet connection.
|
||||
When we refer to "Virtual Private Networks" on this website, we are usually referring to **commercial** [VPN providers](../vpn.md), who you pay a monthly fee to in exchange for routing your internet traffic securely through their public servers. There are many other forms of VPN, such as ones you host yourself or ones operated by workplaces which allow you to securely connect to internal/employee network resources, however, these VPNs are usually designed for accessing remote networks securely, rather than protecting the privacy of your internet connection.
|
||||
|
||||
</div>
|
||||
|
||||
## How does a VPN work?
|
||||
|
||||
|
@ -98,13 +98,19 @@ An app may request a permission for a specific feature it has. For example, any
|
||||
|
||||
[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal.
|
||||
|
||||
!!! warning
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Warning</p>
|
||||
|
||||
If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely.
|
||||
If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely.
|
||||
|
||||
!!! note
|
||||
</div>
|
||||
|
||||
Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
|
||||
<div class="admonition note" markdown>
|
||||
<p class="admonition-title">Note</p>
|
||||
|
||||
Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
|
||||
|
||||
</div>
|
||||
|
||||
## Privacy Features
|
||||
|
||||
|
@ -145,9 +145,12 @@ After enabling stolen data protection, [certain actions](https://support.apple.c
|
||||
|
||||
iPhones are already resistant to brute-force attacks by making you wait long periods of time after multiple failed attempts; however, there have historically been exploits to get around this. To be extra safe, you can set your phone to wipe itself after 10 failed passcode attempts.
|
||||
|
||||
!!! warning
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Warning</p>
|
||||
|
||||
With this setting enabled, someone could intentionally wipe your phone by entering the wrong password many times. Make sure you have proper backups and only enable this setting if you feel comfortable with it.
|
||||
With this setting enabled, someone could intentionally wipe your phone by entering the wrong password many times. Make sure you have proper backups and only enable this setting if you feel comfortable with it.
|
||||
|
||||
</div>
|
||||
|
||||
- [x] Turn on **Erase Data**
|
||||
|
||||
|
@ -155,9 +155,12 @@ macOS employs defense in depth by relying on multiple layers of software and har
|
||||
|
||||
### Software Security
|
||||
|
||||
!!! warning
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Warning</p>
|
||||
|
||||
macOS allows you to install beta updates. These are unstable and may come with extra telemetry since they're for testing purposes. Because of this, we recommend you avoid beta software in general.
|
||||
macOS allows you to install beta updates. These are unstable and may come with extra telemetry since they're for testing purposes. Because of this, we recommend you avoid beta software in general.
|
||||
|
||||
</div>
|
||||
|
||||
#### Signed System Volume
|
||||
|
||||
@ -177,9 +180,12 @@ System Integrity Protection makes critical file locations read-only to protect a
|
||||
|
||||
macOS apps downloaded from the App Store are required to be sandboxed usng the [App Sandbox](https://developer.apple.com/documentation/security/app_sandbox).
|
||||
|
||||
!!! warning
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Warning</p>
|
||||
|
||||
Software downloaded from outside the official App Store is not required to be sandboxed. You should avoid non-App Store software as much as possible.
|
||||
Software downloaded from outside the official App Store is not required to be sandboxed. You should avoid non-App Store software as much as possible.
|
||||
|
||||
</div>
|
||||
|
||||
##### Antivirus
|
||||
|
||||
|
@ -9,9 +9,12 @@ description: Qubes is an operating system built around isolating apps within *qu
|
||||
|
||||
Qubes uses [compartmentalization](https://www.qubes-os.org/intro/) to keep the system secure. Qubes are created from templates, the defaults being for Fedora, Debian and [Whonix](../desktop.md#whonix). Qubes OS also allows you to create once-use [disposable](https://www.qubes-os.org/doc/how-to-use-disposables/) *qubes*.
|
||||
|
||||
??? "The term *qubes* is gradually being updated to avoid referring to them as "virtual machines"."
|
||||
<details class="note" markdown>
|
||||
<summary>The term <em>qubes</em> is gradually being updated to avoid referring to them as "virtual machines".</summary>
|
||||
|
||||
Some of the information here and on the Qubes OS documentation may contain conflicting language as the "appVM" term is gradually being changed to "qube". Qubes are not entire virtual machines, but maintain similar functionalities to VMs.
|
||||
Some of the information here and on the Qubes OS documentation may contain conflicting language as the "appVM" term is gradually being changed to "qube". Qubes are not entire virtual machines, but maintain similar functionalities to VMs.
|
||||
|
||||
</details>
|
||||
|
||||
![Qubes architecture](../assets/img/qubes/qubes-trust-level-architecture.png)
|
||||
<figcaption>Qubes Architecture, Credit: What is Qubes OS Intro</figcaption>
|
||||
@ -40,9 +43,12 @@ You can [copy and paste text](https://www.qubes-os.org/doc/how-to-copy-and-paste
|
||||
|
||||
To copy and paste files and directories (folders) from one *qube* to another, you can use the option **Copy to Other AppVM...** or **Move to Other AppVM...**. The difference is that the **Move** option will delete the original file. Either option will protect your clipboard from being leaked to any other *qubes*. This is more secure than air-gapped file transfer. An air-gapped computer will still be forced to parse partitions or file systems. That is not required with the inter-qube copy system.
|
||||
|
||||
??? "Qubes do not have their own filesystems."
|
||||
<details class="note" markdown>
|
||||
<summary>Qubes do not have their own filesystems.</summary>
|
||||
|
||||
You can [copy and move files](https://www.qubes-os.org/doc/how-to-copy-and-move-files/) between *qubes*. When doing so the changes aren't immediately made and can be easily undone in case of an accident. When you run a *qube*, it does not have a persistent filesystem. You can create and delete files, but these changes are ephemeral.
|
||||
You can [copy and move files](https://www.qubes-os.org/doc/how-to-copy-and-move-files/) between *qubes*. When doing so the changes aren't immediately made and can be easily undone in case of an accident. When you run a *qube*, it does not have a persistent filesystem. You can create and delete files, but these changes are ephemeral.
|
||||
|
||||
</details>
|
||||
|
||||
### Inter-VM Interactions
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user