Markdown style consistency (#858)

Signed-off-by: Daniel Gray <dng@disroot.org>
This commit is contained in:
Jonah Aragon 2022-04-03 08:50:08 +00:00 committed by Daniel Gray
parent 929b942a4d
commit 46aa2088e5
No known key found for this signature in database
GPG Key ID: 41911F722B0F9AE3
35 changed files with 557 additions and 295 deletions

8
.markdownlint.yml Normal file
View File

@ -0,0 +1,8 @@
default: true
line-length: false
no-inline-html: false
code-block-style: false
no-hard-tabs:
spaces-per-tab: 4
emphasis-style:
style: "asterisk"

View File

@ -1,4 +1,5 @@
---
title: "Android"
icon: 'fontawesome/brands/android'
---
Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system.
@ -70,10 +71,13 @@ DivestOS 16.0, 17.1, and 18.1 implements GrapheneOS's [`INTERNET`](https://devel
Not all of the supported devices have [verified boot](https://source.android.com/security/verifiedboot), and some perform it better than others.
## Android security and privacy features
### User Profiles
Multiple user profiles (Settings → System → Multiple users) are the simplest way to isolate in Android. With user profiles you can limit a user from making calls, SMS or installing apps on the device. Each profile is encrypted using its own encryption key and cannot access the data of any other profiles. Even the device owner cannot view the data of other profiles without knowing their password. Multiple user profiles is a more secure method of isolation.
### Work Profile
[Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
A **device controller** such as [Shelter](#recommended-apps) is required, unless you're using CalyxOS which includes one.
@ -83,6 +87,7 @@ The work profile is dependent on a device controller to function. Features such
This method is generally less secure than a secondary user profile; however, it does allow you the convenience of running apps in both the work and personal profiles simultaneously.
### Verified Boot
[Verified Boot](https://source.android.com/security/verifiedboot) is an important part of the Android security model. It provides protection against [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, malware persistence, and ensures security updates cannot be downgraded with [rollback protection](https://source.android.com/security/verifiedboot/verified-boot#rollback-protection).
Android 10 and above has moved away from full-disk encryption (FDE) to more flexible [file-based encryption](https://source.android.com/security/encryption/file-based).
@ -92,9 +97,11 @@ Each user's data is encrypted using their own unique encryption key, and the ope
Unfortunately, original equipment manufacturers (OEMs) are only obliged to support Verified Boot on their stock Android distribution. Only a few OEMs such as Google support custom Android Verified Boot (AVB) key enrollment on their devices. Some AOSP derivatives such as LineageOS or /e/ OS do not support Verified Boot even on hardware with Verified Boot support for third party operating systems. We recommend that you check for support **before** purchasing a new device. AOSP derivatives which do not support Verified Boot are **not** recommended.
### VPN Killswitch
Android 7 and above supports a VPN killswitch and it is available without the need to install third party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in ⚙️ Settings → Network & internet → VPN → ⚙️ → Block connections without VPN.
### Global Toggles
Modern Android devices have global toggles for disabling [Bluetooth](https://en.wikipedia.org/wiki/Bluetooth) and location services. Android 12 introduced toggles for the camera and microphone. When not in use, we recommend disabling these features. Apps cannot use disabled features (even if granted individual permission) until re-enabled.
## Recommended Apps
@ -125,7 +132,6 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest
All versions are signed using the same signature so they should be compatible with each other.
### Shelter
!!! recommendation
@ -152,7 +158,6 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest
When using Shelter, you are placing complete trust in its developer as Shelter would be acting as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) for the work profile and has extensive access to the data stored within it.
### Auditor
!!! recommendation
@ -244,9 +249,10 @@ Main privacy features include:
You should **never** use blur to redact [text in images](https://bishopfox.com/blog/unredacter-tool-never-pixelation). If you want to redact text in an image, draw a box over the text. For this we suggest [Pocket Paint](https://github.com/Catrobat/Paintroid) or [Imagepipe](https://codeberg.org/Starfish/Imagepipe).
## General Recommendations
### Avoid Root
[Rooting](https://en.wikipedia.org/wiki/Rooting_(Android)) Android phones can decrease security significantly as it weakens the complete [Android security model](https://en.wikipedia.org/wiki/Android_(operating_system)#Security_and_privacy). This can decrease privacy should there be an exploit that is assisted by the decreased security. Common rooting methods involve directly tampering with the boot partition, making it impossible to perform successful [Verified Boot](https://source.android.com/security/verifiedboot). Apps that require root will also modify the system partition meaning that Verified Boot would have to remain disabled. Having root exposed directly in the user interface also increases the [attack surface](https://en.wikipedia.org/wiki/Attack_surface) of your device and may assist in [privilege escalation](https://en.wikipedia.org/wiki/Privilege_escalation) vulnerabilities and [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) policy bypasses.
Adblockers (AdAway) which modify the [hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) and firewalls (AFWall+) which require root access persistently are dangerous and should not be used. They are also not the correct way to solve their intended purposes. For Adblocking we suggest encrypted [DNS](/dns) or [VPN](/providers/vpn/) server blocking solutions instead. RethinkDNS, TrackerControl and AdAway in non-root mode will take up the VPN slot (by using a local loopback VPN) preventing you from using privacy enhancing services such as Orbot or a real VPN server.
@ -256,6 +262,7 @@ AFWall+ works based on the [packet filtering](https://en.wikipedia.org/wiki/Fire
We do not believe that the security sacrifices made by rooting a phone are worth the questionable privacy benefits of those apps.
### Firmware Updates
Firmware updates are critical for maintaining security and without them your device cannot be secure. Original equipment manufacturers (OEMs)—in other words, phone manufacturers—have support agreements with their partners to provide the closed source components for a limited support period. These are detailed in the monthly [Android Security Bulletins](https://source.android.com/security/bulletin).
As the components of the phone such as the processor and radio technologies rely on closed source components, the updates must be provided by the respective manufacturers. Therefore it is important that you purchase a device within an active support cycle. [Qualcomm](https://www.qualcomm.com/news/releases/2020/12/16/qualcomm-and-google-announce-collaboration-extend-android-os-support-and) and [Samsung](https://news.samsung.com/us/samsung-galaxy-security-extending-updates-knox/) support their devices for 4 years while cheaper products often have shorter support. With the introduction of the [Pixel 6](https://support.google.com/pixelphone/answer/4457705), Google now makes their own system on chip (SoC) and they will provide 5 years of support.
@ -263,14 +270,17 @@ As the components of the phone such as the processor and radio technologies rely
Devices that have reached their end-of-life (EoL) and are no longer supported by the SoC manufacturer, cannot receive firmware updates from OEM vendors or after market Android distributors. This means that security issues with those devices will remain unfixed.
### Android Versions
It's important to not use an [end-of-life](https://endoflife.date/android) version of Android. Newer versions of Android not only receive security updates for the operating system but also important privacy enhancing updates too. For example, [prior to Android 10](https://developer.android.com/about/versions/10/privacy/changes), any user apps with the [`READ_PHONE_STATE`](https://developer.android.com/reference/android/Manifest.permission#READ_PHONE_STATE) permission could access sensitive and unique serial numbers of your phone such as [IMEI](https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity), [MEID](https://en.wikipedia.org/wiki/Mobile_equipment_identifier), your SIM card's [IMSI](https://en.wikipedia.org/wiki/International_mobile_subscriber_identity), whereas now they must be system apps to do so. System apps are only provided by the OEM or Android distribution.
### Android Permissions
[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant users control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All user installed apps are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore there is no need to install any antivirus apps. The savings you make from not purchasing or subscribing to security apps is better spent on paying for a supported device in the future.
Should you want to run an app that you're unsure about, consider using a user or work [profile](/android/#android-security-privacy).
### Advanced Protection Program
If you have a Google account we suggest enrolling in the [Advanced Protection Program](https://landing.google.com/advancedprotection/). It is available at no cost to anyone with two or more hardware security keys with [U2F](https://en.wikipedia.org/wiki/Universal_2nd_Factor) support.
The Advanced Protection Program provides enhanced threat monitoring and enables:
@ -282,27 +292,32 @@ The Advanced Protection Program provides enhanced threat monitoring and enables:
- Stricter recovery process for accounts with lost credentials
For users that are using the privileged Google Play Services (common on stock operating systems), the Advanced Protection Program also comes with [additional benefits](https://support.google.com/accounts/answer/9764949?hl=en) such as:
- Not allowing app installation outside of the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge)
- Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?hl=en#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work)
- Warning the user about unverified applications
### SafetyNet and Play Integrity API
[SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financal apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities.
As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services.
### Advertising ID
All devices with Google Play Services installed automatically generate an [advertising ID](https://support.google.com/googleplay/android-developer/answer/6048248?hl=en) used for targeted advertising. Disable this feature to limit the data collected about you.
On Android distributions with [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), go to ⚙️ Settings → Apps → Sandboxed Google Play → Google Settings → Ads and select **Delete advertising ID**.
On Android distributions with privileged Google Play Services (such as stock OSes), the setting may be in one of several locations. Check
- ⚙️ Settings → Google → Ads
- ⚙️ Settings → Privacy → Ads
Depending on your system, you will either be given the option to delete your advertising ID or to "Opt out of interest-based ads". You should delete the advertising ID if you are given the option to, and if you are not, we recommend that you opt out of interested-based ads and then reset your advertising ID.
### Android Device Shopping
Google Pixels are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot). Some other phones such as the Fairphone and OnePlus devices also support custom Android Verified Boot (AVB) key enrollment. However, there have been issues with their older models. In the past they were using [test keys](https://social.coop/@dazinism/105346943304083054) or not doing proper verification, making Verified Boot on those devices useless.
Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution. Phones that cannot be unlocked will often have an [IMEI](https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity) starting with "35", that includes phones from purchased from Verizon, Telus, Rogers, EE, etc.
@ -310,6 +325,7 @@ Avoid buying phones from mobile network operators. These often have a **locked b
Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen there's a possibility of [IMEI blacklisting](https://www.gsma.com/security/resources/imei-blacklisting/). There is also a risk involved with you being associated with the activity of the previous owner.
We have these general tips:
- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
- Consider price beating options and specials offered at [brick and mortar](https://en.wikipedia.org/wiki/Brick_and_mortar) stores.
- Look at online community bargain sites in your country. These can alert you to good sales.
@ -323,9 +339,11 @@ The installation of GrapheneOS on a Pixel phone is easy with their [web installe
A [CalyxOS membership](https://calyxinstitute.org/membership/calyxos) also entitles you to a device preloaded with CalyxOS.
## GrapheneOS's App Store
GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
## F-Droid
F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third party repositories and not be confined to Google's [walled garden](https://en.wikipedia.org/wiki/Closed_platform) has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds/) for some applications, and is dedicated to free and open source software. However, there are problems with the official F-Droid client, their quality control, and how they build, sign and deliver packages, outlined in this [post](https://wonderfall.dev/fdroid-issues/).
### Droid-ify
@ -347,6 +365,7 @@ To mitigate these problems, we recommend [Droid-ify](https://github.com/Iamlooke
- [:fontawesome-brands-github: GitHub](https://github.com/Iamlooker/Droid-ify)
### Where to get your applications
Sometimes the official F-Droid repository may fall behind on updates. F-Droid maintainers reuse package IDs while signing apps with their own keys, which is not ideal as it does give the F-Droid team ultimate trust. The Google Play version of some apps may contain unwanted telemetry or lack features that are available in the F-Droid version. The Google Play Store requires a Google account to login which is not great for privacy. The [Aurora Store](https://auroraoss.com/download/AuroraStore/) (a Google Play Store proxy) does not always work, though it does most of the time.
We have these general tips:
@ -358,21 +377,25 @@ We have these general tips:
Evaluate whether the additional features in the F-Droid build are worth the slower updates. Also think about whether faster updates from the Google Play Store are worth the potential privacy isues in your [threat model](/threat-modeling/).
## Security comparison of GrapheneOS and CalyxOS
### Profiles
CalyxOS includes a device controller app so there is no need to install a third party app like [Shelter](/android/#recommended-apps). GrapheneOS plans to introduce nested profile support with better isolation in the future.
GrapheneOS extends the [user profile](/android/#android-security-privacy) feature allowing a user to press an "End Session" button. This button clears the encryption key from memory. There are plans to add a [cross profile notifications system](https://github.com/GrapheneOS/os-issue-tracker/issues/88) in the future.
### Sandboxed Google Play vs Privileged MicroG
When Google Play services are used on GrapheneOS, they run as a user app and are contained within a user or work profile.
Sandboxed Google Play is confined using the highly restrictive, default [`untrusted_app`](https://source.android.com/security/selinux/concepts) domain provided by [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux). Permissions for apps to use Google Play Services can be revoked at any time by the user.
MicroG is a reimplementation of Google Play Services. This means it needs to be updated every time Android has a major version update (or the Android API changes). It also needs to run in the highly privileged [`system_app`](https://source.android.com/security/selinux/concepts) SELinux domain like normal Google Play Services and requires access to [signature spoofing](https://madaidans-insecurities.github.io/android.html#microg-signature-spoofing) so this is less secure than the Sandboxed Google Play approach. We do not believe MicroG provides any privacy advantages over Sandboxed Google Play except for the option to _shift trust_ of the location backend from Google to another provider such as Mozilla or DejaVu.
MicroG is a reimplementation of Google Play Services. This means it needs to be updated every time Android has a major version update (or the Android API changes). It also needs to run in the highly privileged [`system_app`](https://source.android.com/security/selinux/concepts) SELinux domain like normal Google Play Services and requires access to [signature spoofing](https://madaidans-insecurities.github.io/android.html#microg-signature-spoofing) so this is less secure than the Sandboxed Google Play approach. We do not believe MicroG provides any privacy advantages over Sandboxed Google Play except for the option to *shift trust* of the location backend from Google to another provider such as Mozilla or DejaVu.
From a usability point of view, Sandboxed Google Play also works well with far more applications than MicroG, thanks to its support for services like [Google Play Games](https://play.google.com/googleplaygames) and [In-app Billing API](https://android-doc.github.io/google/play/billing/api.html).
### Privileged App Extensions
Android 12 comes with special support for seamless app updates with [third party app stores](https://android-developers.googleblog.com/2020/09/listening-to-developer-feedback-to.html). The popular Free and Open Source Software (FOSS) repository [F-Droid](https://f-droid.org) doesn't implement this feature and requires a [privileged extension](https://f-droid.org/en/packages/org.fdroid.fdroid.privileged) to be included with the Android distribution in order to have unattended app installation.
GrapheneOS doesn't compromise on security; therefore, they do not include the F-Droid extension. Users have to confirm all updates manually if they want to use F-Droid. Alternatively, they can use the Droid-ify client which does support seamless app updates in Android 12. GrapheneOS officially recommends [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play) instead. Many FOSS Android apps are also in Google Play but sometimes they are not (like [NewPipe](/video-streaming)).
@ -380,6 +403,7 @@ GrapheneOS doesn't compromise on security; therefore, they do not include the F-
CalyxOS includes the [privileged extension](https://f-droid.org/en/packages/org.fdroid.fdroid.privileged), which may lower device security. Seamless app updates should be possible with [Aurora Store](https://auroraoss.com) in Android 12.
### Additional hardening
GrapheneOS improves upon [AOSP](https://source.android.com/) security with:
- **Hardened WebView:** Vanadium WebView requires [64-bit](https://en.wikipedia.org/wiki/64-bit_computing) processes on the [WebView](https://developer.android.com/reference/android/webkit/WebView) process and disables legacy [32-bit](https://en.wikipedia.org/wiki/32-bit_computing) processes. It uses hardened compiler options such as [`-fwrapv`](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html) and [`-fstack-protector-strong`](https://gcc.gnu.org/onlinedocs/gcc-4.9.3/gcc/Optimize-Options.html), which can help protect against [stack buffer overflows](https://en.wikipedia.org/wiki/Stack_buffer_overflow). [API](https://en.wikipedia.org/wiki/API)s such as the [battery status API](https://chromestatus.com/feature/4537134732017664) are disabled for privacy reasons. All system apps on GrapheneOS use the Vanadium WebView which means user installed apps that use WebView will also benefit from Vanadium's hardening. The [Vanadium patch set](https://github.com/GrapheneOS/Vanadium/tree/12/patches) is a lot more comprehensive than CalyxOS's [Chromium patch set](https://gitlab.com/CalyxOS/chromium-patches) which is derived from it.

View File

@ -16,9 +16,11 @@ Please note that **like any VPN**, Outline/Shadowsocks cannot provide nearly the
Outline is developed by Jigsaw, which is a subsidiary of Alphabet Inc (Google). It is important to note that neither Jigsaw nor Google can see your internet traffic when using Outline, because you will be installing the actual Outline Server on your own machine, not Googles. Outline is completely open source and was audited in [2017](https://s3.amazonaws.com/outline-vpn/static_downloads/ros-report.pdf) by Radically Open Security and in [2018](https://s3.amazonaws.com/outline-vpn/static_downloads/cure53-report.pdf) by Cure53, and both security firms supported Jigsaws security claims. For more information on the data Jigsaw is able to collect when using Outline, see their [article on data collection](https://support.getoutline.org/s/article/Data-collection).
### Prerequisites
All you will need to complete this guide is a computer running Windows, macOS, or Linux. You will also need to know some basic commands: [How to SSH](https://www.howtogeek.com/311287/how-to-connect-to-an-ssh-server-from-windows-macos-or-linux/) in to a server you purchase. We will also assume you know how to purchase and set up a Linux server with SSH access, more info in Step 2.
### Step 1 — Download & Install Outline Manager
Outline allows you to setup and configure your servers from an easy-to-use management console called Outline Manager, which can be downloaded from [getoutline.org](https://getoutline.org). It has binaries available for Windows, macOS, and Linux.
Simply download and install the Outline Manager application to your computer.
@ -28,6 +30,7 @@ Simply download and install the Outline Manager application to your computer.
Note: getoutline.org is blocked in China and likely other countries, however you can download the releases directly from [their GitHub page](https://github.com/Jigsaw-Code/outline-server/releases) as well.
### Step 2 — Choose a Server Provider
Outline has the ability to create servers on three different providers automatically: DigitalOcean, Google Cloud, and Amazon Web Services. In some situations, Google Cloud or AWS may be preferable, because they are less likely to be blocked by hostile ISPs/governments and will therefore allow you to more likely circumvent internet censorship. However, keep in mind that the server provider you choose—like any VPN provider—will have the technical ability to read your internet traffic. This is much less likely to happen when using a cloud provider versus a commercial VPN, which is why we recommend self-hosting, but it is still possible. Choose a provider you trust.
Additionally, keep in mind that many US-based cloud providers block all network traffic to and from [countries sanctioned by the United States](https://en.wikipedia.org/wiki/United_States_sanctions#Countries), including AWS and Google Cloud. Users in or visiting those countries may wish to find a European-based hosting provider to run their Outline Server on.
@ -39,6 +42,7 @@ Finally, if you want to go with DigitalOcean you can use my affiliate link to re
For this guide we are not going to use an automatic provider in Outline Manager, rather we will manually configure a Linux server. We are using Debian 10. Other distros may work as well, but you may need to install Docker manually.
### Step 3 — Configure Your Server
First, we need to update our system and install `curl`. Connect to your server via SSH and enter the following commands:
Next open Outline Manager on your local machine and you should be given 4 options to configure a server. Select the “Set Up” button under the “Advanced, Set up Outline anywhere” option.
@ -52,6 +56,7 @@ Connect to your server over SSH and paste the code from above in the Outline Man
After it completes, it will give you a long line starting with `{"apiUrl"` (depending on your Terminals color support it will appear as green). Copy that line, and paste it in the second box back in Outline Manager. Then, click “Done”.
### Step 4 — Connect Your Devices
Download the Outline app on the device you want to connect. Outline has applications for the following operating systems:
* [Android](https://play.google.com/store/apps/details?id=org.outline.android.client)
@ -68,6 +73,7 @@ Back in Outline Manager, select your server in the sidebar. On the far right sid
Once you add your server, thats it! In the Outline clients its just a matter of pressing “Connect”, and all your traffic will be proxied through your server! You can use this connection to keep your traffic safe when youre on public WiFi networks, or just to keep your browsing hidden from your ISP.
### Conclusion
That should be all you need to get your very own VPN up and running! **Do not share your access key with anyone**, this is the key starting with `ss://`. If you want to grant other users access to your server, click “Add a new key” in Outline Manager and give them a new, unique key. If you share a key, anyone with knowledge of that key will be able to see all the traffic of anyone else using the key. It should go without saying, but dont send people keys over unencrypted channels: No Facebook Messenger, no emails. Stick with [Signal, Wire, or Briar](/real-time-communication) if you dont have a secure app already.
With Outline, there is no need to worry about the security of your server. Everything is set to automatically update with no intervention required! Another thing to note: The port on your Outline server is randomly generated. This is so the port cant be easily blocked by nation/ISP level censors, however, this VPN may not function on some networks that only allow access to port 80/443, or on servers that only allow traffic on certain ports. These are edge-cases, but something to keep in mind, and if they apply you may need to look for more technical options.

View File

@ -18,6 +18,7 @@ Furthermore, this doesn't only happen at your home. Every network you connect to
Fortunately, more and more websites are beginning to use HTTPS, thanks to free certificates from Let's Encrypt and Cloudflare. But many sites still don't (at least by default), and even HTTPS doesn't solve the problem that your ISP can see the websites you're visiting.
## How VPNs can protect us
Luckily, you can hide all this information from your ISP using a VPN. Instead of letting your ISP see all the websites you visit, VPNs only let them see that you are connected (using an **encrypted** connection) to the VPN provider's servers.
*Basically, instead of connecting directly to the Internet, you connect to one of your VPN providers servers, which connects you to the Internet.*
@ -25,6 +26,7 @@ Luckily, you can hide all this information from your ISP using a VPN. Instead of
So, `you <----> Internet` becomes `you <----> VPN <----> Internet` and your ISP can only see the `you <----> VPN` part.
## More ways VPNs can protect us
So VPNs are pretty handy, but hiding your traffic from your ISP isn't the only advantage a VPN provides.
Did you know that if youre on a public Wi-Fi network, <mark>anyone connected to the same network can see as much as your ISP can</mark>? Obviously, this isnt an issue at home, unless you have very creepy neighbors and an open Wi-Fi network. However, it is a problem in public places with Wi-Fi, such as cafés.
@ -38,6 +40,7 @@ This also provides an added side-benefit: Most VPN providers have servers in man
But even if you use a different IP address than your “normal” one, isnt it still personally identifiable? Nope. Many people use the same server, letting the websites you visit see only that youre using the same VPN as many other people.
## Drawbacks of a VPN
But VPNs aren't all powerful tools to protect your privacy. In fact, there are a number of glaring issues that should not be overlooked when making the decision to use one.
Most importantly, using a VPN only *shifts* the power to view your traffic from your ISP to the VPN provider itself. That means that all the traffic your ISP used to be able to see, your VPN provider will still be able to. Therefore, choosing a trustworthy VPN is important. Many will be able to find a provider that they can trust more than their ISP, but some may not.
@ -47,6 +50,7 @@ Using a commercial VPN provider is almost like entrusting your data to a black b
Finally, using a VPN will not make you anonymous in any way. Your VPN provider or especially dedicated attackers will be able to trace a connection back to you fairly trivially. Your VPN provider will also likely have a money trail leading back to you.
## So what?
If you're looking for perfect anonymity, there are better options. Software like the Tor Browser provides privacy and anonymity *by design*, whereas VPNs provide privacy based on trust alone. You cannot rely on "no logging" claims to protect you.
If you just need protection on a public Wi-Fi network, from your ISP, or just from copyright warnings in the mail, a VPN might be the solution for you.

View File

@ -7,6 +7,7 @@ template: overrides/blog.html
So [you know what a VPN is](/blog/2019/10/05/understanding-vpns), but there are so many options to choose from! Well before we dive into this, let's get one thing off the bat:
## Avoid Free VPNs
Privacy-respecting VPNs can provide their service because you pay them for it. Free VPNs are **worse** than your ISP when it comes to respecting your privacy, because **selling your data is the only way they can make money**, whereas an ISP is primarily paid for by you.
> If youre not paying for it, youre the product.
@ -14,14 +15,17 @@ Privacy-respecting VPNs can provide their service because you pay them for it. F
This isn't to say all paid VPNs automatically become trustworthy, far from it. In fact many paid VPN providers have been known to or suspected to have sold their users' data or have done some otherwise shady things with it. Always completely evaluate the VPN provider you choose, rather than just take theirs or anyone else's word for it. The main takeaway here is that it is impossible to provide a service like a VPN — which requires servers, bandwidth, time, and energy to maintain — for free for thousands of users, without having some sort of other monetization model.
## Choosing a VPN
Alright, now we can get into it. The first thing we need to decide is _why_ exactly you need a VPN. Most people will fall into the following two camps:
### 1. Avoiding Geographical Restrictions
Maybe you want to watch BBC online, possibly avoid creeps at cafés, but dont really care about your VPN logging your traffic — just like your ISP does.
**Therefore**: You want a VPN with servers in countries like US, UK — basically where services like Netflix work. (Tip: Netflix is continually banning VPNs, so be sure to use one that isnt blocked. You might want to look into the [r/NetflixViaVPN](https://www.reddit.com/r/NetflixViaVPN) Subreddit for help with this one).
### 2. Maximizing Your Privacy Online
Being **Privacy** Guides, this is the big one for us. If you really care about your privacy, you'll want to look for a provider that at the very least does the following:
* Supports modern technologies like OpenVPN or WireGuard.
@ -34,6 +38,7 @@ These 4 points should always be considered when you're evaluating a VPN provider
Let me explain what these points mean exactly in more detail, so you know what to look for.
## Modern Technology
You should be able to connect to your VPN with any **OpenVPN** client. L2TP, PPTP, and IPSec are all insecure technologies that should not be used. A new technology called **WireGuard** looks very promising, but is still in active development and not recommended for use.
While we're looking at technology, take a look at whether your provider has their own client for you to download and connect with. These applications usually make using your VPN a lot simpler, and sometimes safer. If they do, ask the following questions:
@ -42,11 +47,13 @@ While we're looking at technology, take a look at whether your provider has thei
* **Does the client have a killswitch?** Not many generic OpenVPN clients come with this functionality, but many custom VPN clients will. A killswitch option allows you to completely disable your internet connection when the VPN is disconnected. This will make sure that you don't accidentally connect to the internet with your ISP's connection.
## Anonymous Payments
This one's an easy one. Take a look at how you're able to pay for your provider's subscription. Some providers will take cash in the mail as payment, a great way to pay without leaving a digital money trail. Others will allow you to pay with gift cards from major retailers like Amazon, Target, and Wal-Mart (which you can hopefully obtain anonymously with cash, replacing the mail middleman from before). Still others will accept various cryptocurrencies.
If not leaving a money trail is important, you'll want to make sure you aren't paying with something linked to you financially, like a credit or debit card, or PayPal. If your provider doesn't accept the payment forms above, you aren't entirely out of luck however. You can still use a prepaid debit card to pay for things as anonymously as possible. But consider: If your provider isn't dedicated to making easy, anonymous payment alternatives available to you, how focused are they on your privacy?
## Strong Security
Most providers using OpenVPN will also be using strong encryption methods, but still make sure you double-check before choosing a provider. What you'll want to look for from your provider at a minimum is:
* **RSA-2048 encryption.** Ideally, they should support RSA-4096 connections, for maximum security.
@ -57,6 +64,7 @@ In addition, look into whether your provider has ever had their security practic
Independent audits are important because, while ultimately the actual security of the service will come down to _trusting_ the providers, a successful security audit demonstrates that the provider at least has the _capability_ to provide you with a secure connection, instead of just taking their claims at face value.
## Public Trust
You want to remain private, but your provider shouldn't. If your provider is hiding their ownership information and their leadership from you behind some Panamanian shell company, what other business practices might they be hiding?
> You wouldn't trust your finances to someone with a fake identity, so why trust them with your internet data?
@ -66,6 +74,7 @@ Find out where your choice is incorporated. Who owns it? What other companies ha
Frequent transparency reports are a huge plus too. They should publish information related to government requests, so you know what their responses look like. All VPN providers will need to respond to legitimate legal requests, but does your choice reject or counter as many as possible?
## So what next?
If you're currently using a commercial VPN, use this information to evaluate their business. Do they seem trustworthy?
At Privacy Guides we've [evaluated](/vpn) a huge number of VPN providers along similar criteria to these. In our opinion, as of October 2019, Mullvad leads the pack with respect to all these criteria, with IVPN and ProtonVPN falling just slightly behind but catching up quickly. There are still a huge number of providers out there, however. The way to find the best solution for you, is by researching providers with _your_ criteria in mind.

View File

@ -16,22 +16,27 @@ Firefox is fantastic out of the box, but where it really shines is customizabili
Before we get started, there's a couple things that should be noted that are not only applicable to this guide, but privacy in general:
## Considerations
Protecting your privacy online is a tricky proposition, there are so many factors to take into consideration on an individual basis for any one guide or site to cover comprehensively. You will need to take into account things like threat modeling and your general preferences before making any changes or following any recommendations.
### Threat Modeling
*What is [threat modeling](/threat-modeling/)?* Consider who you're trying to keep your data hidden from. Do you need to keep your information hidden from the government, or just the average stranger? Maybe you're just looking for alternatives to Big Tech Corporations like Google and Facebook. You'll also want to consider how much time and resources you want to spend hiding your data from those "threats". Some solutions might not be feasible from a financial or time standpoint and you'll have to make compromises. Taking all those questions into account creates a basic *threat model* for you to work with.
We want to publish a more complete guide on threat modeling in the future, so stay tuned to this blog for further updates. But for now, just keep those thoughts in the back of your mind as we go through this article. Not every solution might be for you, or conversely you may need to pay more attention to certain areas we aren't able to cover completely.
### Browser Fingerprinting
Another consideration is your browser's fingerprint. When you visit a web page, your browser voluntarily sends information about its configuration, such as available fonts, browser type, and add-ons. If this combination of information is unique, it may be possible to identify and track you without using more common tracking tools, like cookies.
That's right, add-ons contribute to your fingerprint. Another thing a lot of people miss when they are setting up their browser is that <mark>more is not always the best solution to your problems</mark>. You don't need to use every add-on and tweak that offers privacy, and the more you configure the greater chance there is that your browser will appear more unique to websites. Think about your specific situation and pick and choose the add-ons and tweaks we recommend only if you think they will help *you*.
## Firefox Privacy Settings
We'll start off with the easy solutions. Firefox has a number of privacy settings built in, no add-ons necessary! Open your *Options* page (*Preferences* on macOS) and we'll go through them one at a time.
### DNS over HTTPS
DNS (or the Domain Name System) is what your browser uses to turn domain names like `privacyguides.org` into IP addresses like `145.239.169.56`. Because computers can only make connections to IP addresses, it's necessary to use DNS every time you visit a new domain. But DNS is unencrypted by default, that means everyone on your network (including your ISP) can view what domains you're looking up, and in some situations even change the IP answers to redirect you to their own websites! Encrypting your DNS traffic can shield your queries and add some additional protection to your browsing.
Encrypted DNS takes many forms: DNS over HTTPS (DoH), DNS over TLS, DNSCrypt, etc., but they all accomplish the same thing. They keep your DNS queries private from your ISP, and they make sure they aren't tampered with in transit between your DNS provider. Fortunately, Firefox recently added native DoH support to the browser. On the **General** page of your preferences, scroll down to and open **Network Settings**. At the bottom of the window you will be able to select "Enable DNS over HTTPS" and choose a provider:
@ -43,6 +48,7 @@ Keep in mind that by using DoH you're sending all your queries to a single provi
It should also be noted that even with DoH, your ISP will still be able to see what domain you're connecting to because of a technology called Server Name Indication (SNI). Until SNI is encrypted as well, there's no getting around it. Encrypted SNI (eSNI) is in the works — and can actually be [enabled on Firefox](https://blog.cloudflare.com/encrypt-that-sni-firefox-edition/) today — but it only works with a small number of servers, mainly ones operated by Cloudflare, so its use is limited currently. Therefore, while DoH provides some additional privacy and integrity protections, its use as a privacy tool is limited until other supplemental tools like eSNI and [DNSSEC](https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en) are finalized and implemented.
### Change Your Search Engine
This is an easy one. In the Search tab, change your Default Search Engine to something other than Google.
![Screenshot of the search engine preferences](/assets/img/blog/firefox-privacy-2.png){:.img-fluid .w-75 .mx-auto .d-block}
@ -50,6 +56,7 @@ This is an easy one. In the Search tab, change your Default Search Engine to som
Out of the built-in options, DuckDuckGo is the most privacy respecting service, but there's a number of [search engines we would recommend](https://privacyguides.org/providers/search-engines/) that can be easily installed as well.
### Enhanced Tracking Protection
Now we'll delve into the biggest set of options for people like us, Firefox's Privacy & Security tab. First up is their Enhanced Tracking Protection. This set of filters is set to *Standard* by default, but we'll want to change it to *Strict* for more comprehensive coverage.
![Screenshot of strict tracking protection enabled](/assets/img/blog/firefox-privacy-3.png){:.img-fluid .w-75 .mx-auto .d-block}
@ -63,11 +70,13 @@ Disabling Enhanced Tracking Protection will of course decrease your privacy on t
Another benefit of Firefox's Enhanced Tracking Protection is that it can actually speed up your browsing! Advertising networks and social media embeds can sometimes make your browser download huge files just to show an ad or a like button, and blocking those out trims the fat, in a sense.
### Disabling Telemetrics
When you use Firefox, Mozilla collects information about what you do, what kind of extensions you have installed, and various other aspects of your browser. While they claim to do this in a privacy-respecting way, sending as little data as possible is always preferred from a privacy standpoint, so we would go ahead and uncheck all the boxes under **Firefox Data Collection and Use** just to be safe.
![Screenshot of Firefox data collection checkboxes](/assets/img/blog/firefox-privacy-5.png){:.img-fluid .w-75 .mx-auto .d-block}
### Clearing Cookies and Site Data
This one is for more advanced users, so if you don't understand what this is doing you can skip this section. Firefox provides the option to delete all your cookies and site data every time Firefox is closed. Cookies and site data are little pieces of information sites store in your browser, and they have a myriad of uses. They are used for things like keeping you logged in and saving your website preferences, but they also can be used to track you across different websites. By deleting your cookies regularly, your browser will appear clean to websites, making you harder to track.
![Screenshot of cookies and site data](/assets/img/blog/firefox-privacy-6.png){:.img-fluid .w-75 .mx-auto .d-block}
@ -75,6 +84,7 @@ This one is for more advanced users, so if you don't understand what this is doi
This will likely log you out of websites quite often, so make sure that's an inconvenience you're willing to put up with for enhanced privacy.
## Firefox Privacy Add-ons
Of course, just the browser settings alone won't go quite far enough to protect your privacy. Mozilla has made a lot of compromises in order to provide a more functional browsing experience for the average user, which is completely understandable. But, we can take it even further with some browser add-ons that prevent tracking and make your experience more private and secure.
There are a number of [fantastic add-ons for Firefox](https://privacyguides.org/browsers/#addons), but they aren't all necessary for everyone. Some of them provide redundant functionality to each other, and some of them accomplish similar tasks to the settings we've enabled above.
@ -90,9 +100,11 @@ Keeping all that in mind, there are three add-ons I would consider necessary for
Out of the box, these add-ons only complement the settings we've described in this article already, and they have sane defaults that won't break the sites you visit.
### uBlock Origin
[**uBlock Origin**](https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/) is an efficient ad- and tracker-blocker that is easy on memory, and yet can load and enforce thousands more filters than competing blockers. We trust it because it is completely open-source. Additionally, unlike its competitors it has no monetization strategy: There's no "Acceptable" ads program or a similar whitelist like many other adblockers feature.
### HTTPS Everywhere
HTTPS is the secure, encrypted version of HTTP. When you see an address starting with https:// along with the padlock in your browser's address bar, you know that your connection to the website is completely secure. This is of course important when you're logging into websites and sending your passwords and emails in a form. But it also prevents people on your network and your ISP from snooping in on what you're reading, or changing the contents of an unencrypted webpage to whatever they want.
Therefore, [**HTTPS Everywhere**](https://addons.mozilla.org/en-US/firefox/addon/https-everywhere) is a must-have extension, all it does is upgrade your HTTP connections to HTTPS wherever possible. And because it works silently in the background, you probably will never notice it! We trust HTTPS Everywhere because it is completely open-source, and is developed by the [Electronic Frontier Foundation](https://www.eff.org/https-everywhere), a non-profit dedicated to private and secure technologies.
@ -100,17 +112,21 @@ Therefore, [**HTTPS Everywhere**](https://addons.mozilla.org/en-US/firefox/addon
Of course, it only works with sites that support HTTPS on the server's side, so you'll still need to keep an eye on your address bar to make sure you're securely connected. But fortunately more and more websites have implemented HTTPS, thanks to the advent of free certificates from organizations like Let's Encrypt.
### Decentraleyes
When you connect to many websites, your browser is most likely making connections to a myriad of "Content Delivery Networks" like Google Fonts, Akamai, and Cloudflare, to download fonts and Javascript that make the website run. This generally makes websites look and feel better, but it means you're constantly making connections to these servers, allowing them to build a fairly accurate tracking profile of you.
[**Decentraleyes**](https://addons.mozilla.org/en-US/firefox/addon/decentraleyes) works by impersonating those CDNs locally in your browser. When a website wants to download a program like jQuery, instead of connecting to a remote CDN Decentraleyes will serve the file from its own cache of files. This means that you'll won't have to make remote CDN connections for the files that Decentraleyes supports, and therefore the remote CDNs can't track your browser. Decentraleyes may even speed up your browsing, because everything is stored locally instead of on a far-away server. Everything happens instantly, and you won't see a difference in the websites you visit.
### Additional Firefox Privacy Add-ons
There is of course more functionality that can be achieved at the expense of more time spent configuring your browser and reduced website functionality. If you're looking for the most privacy options possible however, they may be for you. Check out the page on [Browser add-ons at Privacy Guides](https://privacyguides.org/browsers/#addons) for further information and additional resources.
## More Privacy Functionality
Firefox has developed a number of other privacy tools that can be used to enhance your privacy or security. They may be worth looking into, but they have some drawbacks that would prevent me from recommending them outright.
### Firefox Private Network
**Firefox Private Network** is a new extension developed by Mozilla that serves as a [Virtual Private Network](/blog/2019/10/05/understanding-vpns) (VPN), securing you on public WiFi networks and other situations where you might trust Mozilla more than the ISP or network administrator. It is free in beta, but will likely be available at some subscription pricing once the test pilot ends.
Firefox Private Network is still just a VPN, and there are a number of drawbacks you would want to consider before using it. Ultimately, your VPN provider of choice will be able to see your web traffic. All you are accomplishing is shifting the trust from your network to the VPN provider, in this case *Cloudflare*, the operators behind this service.
@ -122,14 +138,17 @@ And finally, Cloudflare and Mozilla are both US companies. There are a number of
If you require a Virtual Private Network, we would look elsewhere. There are a number of [good VPN providers](https://privacyguides.org/providers/vpn/) like Mullvad that will provide a better experience at a low cost.
### Multi-Account Containers
Mozilla has an in-house add-on called [**Multi-Account Containers**](https://support.mozilla.org/en-US/kb/containers) that allows you to isolate websites from each other. For example, you could have Facebook in a container separate from your other browsing. In this situation, Facebook would only be able to set cookies with your profile on sites within the container, keeping your other browsing protected.
A containers setup may be a good alternative to techniques like regularly deleting cookies, but requires a lot of manual intervention to setup and maintain. If you want complete control of what websites can do in your browser, it's definitely worth looking into, but we wouldn't call it a necessary addition by any means.
## Additional Resources
[ghacks user.js](https://github.com/ghacksuserjs/ghacks-user.js) — For more advanced users, the ghacks user.js is a "configuration file that can control hundreds of Firefox settings [...] which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage".
[Mozilla's Privacy Policy](https://www.mozilla.org/en-US/privacy/) — Of course, we always recommend reading through the privacy statement of any organization you deal with, and Mozilla is no exception.
## Firefox Privacy Summary
In conclusion, we believe that Firefox is the most promising browser for privacy-conscious individuals. The non-profit behind it seems truly dedicated to promoting user control and privacy, and the good defaults coupled with the sheer customizability of the browser allow you to truly protect your information when you browse the web.

View File

@ -17,11 +17,13 @@ We chose the name Privacy Guides because it represents two things for us as an o
As a name, it moves us past recommendations of various tools and focuses us more on the bigger picture. We want to provide more _education_rather than _direction_surrounding privacy-related topics. You can see the very beginnings of this work in our new page on [threat modeling](https://privacyguides.org/threat-modeling/), or our [VPN](https://privacyguides.org/providers/vpn/) and [Email Provider](https://privacyguides.org/providers/email/) recommendations, but this is just the start of what we eventually hope to accomplish.
### Website Development
Our project has always been community-oriented and open-sourced. The source code for PrivacyTools is currently archived at [https://github.com/privacytools/privacytools.io](https://github.com/privacytools/privacytools.io). This repository will remain online as an archive of everything on PrivacyTools up to this transition.
The source code for our new website is available at [https://github.com/privacyguides/privacyguides.org](https://github.com/privacyguides/privacyguides.org). All updates from PrivacyTools have been merged into this new repository, and this is where all future work will take place.
### Services
PrivacyTools also runs a number of online services in use by many users. Some of these services are federated, namely Mastodon, Matrix, and PeerTube. Due to the technical nature of federation, it is impossible for us to change the domain name on these services, and because we cannot guarantee the future of the privacytools.io domain name we will be shutting down these services in the coming months.
We strongly urge users of these services to migrate to alternative providers in the near future. We hope that we will be able to provide enough time to make this as seamless of a transition as possible for our users.
@ -33,11 +35,13 @@ Other services being operated by PrivacyTools currently will be discontinued. Th
Our future direction for online services is uncertain, but will be a longer-term discussion within our community after our work is complete on this initial transition. We are very aware that whatever direction we move from here will have to be done in a way that is sustainable in the very long term.
### r/PrivacyGuides
PrivacyTools has a sizable community on Reddit, but to ensure a unified image we have created a new Subreddit at [r/PrivacyGuides](https://www.reddit.com/r/PrivacyGuides/) that we encourage all Reddit users to join.
In the coming weeks our current plan is to wind down discussions on r/privacytoolsIO. We will be opening r/PrivacyGuides to lots of the discussions most people are used to shortly, but encouraging general “privacy news” or headline-type posts to be posted on [r/Privacy](https://www.reddit.com/r/privacy/) instead. In our eyes, r/Privacy is the “who/what/when/where” of the privacy community on Reddit, the best place to find the latest news and information; while r/PrivacyGuides is the “how”: a place to share and discuss tools, tips, tricks, and other advice. We think focusing on these strong points will serve to strengthen both communities, and we hope the good moderators of r/Privacy agree :)
### Final Thoughts
The former active team at PrivacyTools universally agrees on this direction towards Privacy Guides, and will be working exclusively on Privacy Guides rather than any “PrivacyTools” related projects. We intend to redirect PriavcyTools to new Privacy Guides properties for as long as possible, and archive existing PrivacyTools work as a pre-transition snapshot.
Privacy Guides additionally welcomes back PrivacyTools former sysadmin [Jonah](https://twitter.com/JonahAragon), who will be joining the projects leadership team.

View File

@ -11,9 +11,11 @@ A lot changed between 2019 and now, not least in regards to Firefox. Since our l
Now that so many privacy features are built into the browser, there is little need for extensions made by third-party developers. Accordingly, we have updated our very outdated [browser](https://privacyguides.org/browsers/) section. If you've got an old browser profile we suggest **creating a new one**. Some of the old advice may make your browser *more* unique.
#### Privacy Tweaks "about:config"
We're no longer recommending that users set `about:config` switches manually. Those switches need to be up to date and continuously maintained. They should be studied before blindly making modifications. Sometimes their behaviour changes in between Firefox releases, is superseded by other keys or they are removed entirely. We do not see any point in duplicating the efforts of the community [Arkenfox](https://github.com/arkenfox/user.js) project. Arkenfox has very good documentation in their [wiki](https://github.com/arkenfox/user.js/wiki) and we use it ourselves.
#### LocalCDN and Decentraleyes
These extensions aren't required with Total Cookie Protection (TCP), which is enabled if you've set Enhanced Tracking Protection (ETP) to **Strict**.
Replacing scripts on CDNs with local versions is not a comprehensive solution and is a form of [enumeration of badness](https://www.ranum.com/security/computer_security/editorials/dumb/). While it may work with some scripts that are included it doesn't help with most other third-party connections.
@ -21,20 +23,25 @@ Replacing scripts on CDNs with local versions is not a comprehensive solution an
CDN extensions never really improved privacy as far as sharing your IP address was concerned and their usage is fingerprintable as this Tor Project developer [points out](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22089#note_2639603). They are the wrong tool for the job and are not a substitute for a good VPN or Tor. Its worth noting the [resources](https://git.synz.io/Synzvato/decentraleyes/-/tree/master/resources) for Decentraleyes are hugely out of date and would not be likely used anyway.
#### NeatURLs and ClearURLS
Previously we recommended ClearURLs to remove tracking parameters from URLs you might visit. These extensions are no longer needed with uBlock Origin's [`removeparam`](https://github.com/gorhill/uBlock/wiki/Static-filter-syntax#removeparam) feature.
#### HTTPS Everywhere
The EFF announced back in September they were [deprecating HTTPS-Everywhere](https://www.eff.org/deeplinks/2021/09/https-actually-everywhere) as most browsers now have an HTTPS-Only feature. We are pleased to see privacy features built into the browser and Firefox 91 introduced [HTTPS by Default in Private Browsing](https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-https-by-default-in-private-browsing/).
#### Multi Account Containers and Temporary Containers
Container extensions aren't as important as they used to be for privacy now that we have [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/).
Multi Account Container will still have some use if you use [Mozilla VPN](https://en.wikipedia.org/wiki/Mozilla_VPN) as it is going to be [integrated](https://github.com/mozilla/multi-account-containers/issues/2210) allowing you to configure specified containers to use a particular VPN server. Another use might be if you want to login to multiple accounts on the same domain.
#### Just-In-Time Compilation (JIT)
What is "Disable JIT" in Bromite? This option disables the JavaScript performance feature [JIT](https://en.wikipedia.org/wiki/Just-in-time_compilation). It can increase security but at the cost of performance. Those trade-offs vary wildly and are explored in [this](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/) publication by Johnathan Norman from the Microsoft Edge team. This option is very much a security vs performance option.
#### Mozilla browsers on Android
We don't recommend any Mozilla based browsers on Android. This is because we don't feel that [GeckoView](https://mozilla.github.io/geckoview) is quite as secure as it could be as it doesn't support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture), soon to be coming in desktop browsers or [isolated processes](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
We also noticed that there isn't an option for [HTTPS-Only mode](https://github.com/mozilla-mobile/fenix/issues/16952#issuecomment-907960218). The only way to get something similar is to install the [deprecated](https://www.eff.org/deeplinks/2021/09/https-actually-everywhere) extension [HTTPS Everywhere](https://www.eff.org/https-everywhere).
@ -42,6 +49,7 @@ We also noticed that there isn't an option for [HTTPS-Only mode](https://github.
There are places which Firefox on Android shines for example browsing news websites where you may want to *partially* load some JavaScript (but not all) using medium or hard [blocking mode](https://github.com/gorhill/uBlock/wiki/Blocking-mode). The [reader view](https://support.mozilla.org/en-US/kb/view-articles-reader-view-firefox-android) is also pretty cool. We expect things will change in the future, so we're keeping a close eye on this.
#### Fingerprinting
Firefox has the ability to block known third party [fingerprinting resources](https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/). Mozilla has [advanced protection](https://support.mozilla.org/kb/firefox-protection-against-fingerprinting) against fingerprinting (RFP is enabled with Arkenfox).
We do not recommend extensions that promise to change your [browser fingerprint](https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead/). Some of those extensions [are detectable](https://www.cse.chalmers.se/~andrei/codaspy17.pdf) by websites through JavaScript and [CSS](https://hal.archives-ouvertes.fr/hal-03152176/file/style-fingerprinting-usenix.pdf) methods, particularly those which inject anything into the web content.
@ -50,4 +58,4 @@ This includes **all** extensions that try to change the user agent or other brow
---
_Special thanks to [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) and [Tommy](https://tommytran.io) for their help with providing advice and further documentation during the research phase._
*Special thanks to [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) and [Tommy](https://tommytran.io) for their help with providing advice and further documentation during the research phase.*

View File

@ -1,7 +1,7 @@
---
title: "Write for us!"
icon: material/currency-usd
---
Have some privacy knowledge? We would love your contributions! We are offering bounties between $100 and $300 per article on a variety of privacy-related topics and guides.
If you are interested, please email [jonah@privacyguides.org](mailto:jonah@privacyguides.org) with the topic(s) you'd like to write about. **Written content must be original**, accurate, well-referenced, and meet a number of criteria prior to payout. Articles should typically be around 1000-2000 words, you want to get the point across entirely, but not overfilled with unnecessary information that makes it difficult for beginners to follow. Familiarity with GitHub and Markdown is not a must, but will make the process significantly easier for both of us.

View File

@ -5,7 +5,9 @@ icon: octicons/browser-16
These are our current web browser recommendations and settings. We recommend keeping extensions to a minimum: they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
## General Recommendations
### Tor Browser
!!! recommendation
![Tor Browser logo](/assets/img/browsers/tor.svg){ align=right }
@ -29,7 +31,9 @@ These are our current web browser recommendations and settings. We recommend kee
- [:fontawesome-brands-git: Source](https://trac.torproject.org/projects/tor)
## Desktop Browser Recommendations
### Firefox
!!! recommendation
![Firefox logo](/assets/img/browsers/firefox.svg){ align=right }
@ -90,11 +94,13 @@ These are our current web browser recommendations and settings. We recommend kee
- [:fontawesome-brands-git: Source](https://hg.mozilla.org/mozilla-central)
## Mobile Browser Recommendations
On Android, Mozilla's engine [GeckoView](https://mozilla.github.io/geckoview/) has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196). Firefox on Android also doesn't yet have [HTTPS-Only mode](https://github.com/mozilla-mobile/fenix/issues/16952#issuecomment-907960218) built-in. We do not recommend Firefox or any Gecko based browsers at this time.
On iOS all web browsers use [WKWebView](https://developer.apple.com/documentation/webkit/wkwebview), so all browsers on the App Store are essentially Safari under the hood.
### Bromite
!!! recommendation
![Bromite logo](/assets/img/browsers/bromite.svg){ align=right }
@ -122,6 +128,7 @@ On iOS all web browsers use [WKWebView](https://developer.apple.com/documentatio
- [:fontawesome-brands-github: Source](https://github.com/bromite/bromite)
### Safari
!!! recommendation
![Safari logo](/assets/img/browsers/safari.svg){ align=right }
@ -173,6 +180,7 @@ On iOS all web browsers use [WKWebView](https://developer.apple.com/documentatio
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/safari/id1146562112)
## Additional Resources
### uBlock Origin
!!! recommendation
@ -199,6 +207,7 @@ On iOS all web browsers use [WKWebView](https://developer.apple.com/documentatio
- [:fontawesome-brands-github: Source](https://github.com/gorhill/uBlock)
### AdGuard for Safari
!!! recommendation
![AdGuard logo](/assets/img/browsers/adguard.svg){ align=right }
@ -217,6 +226,7 @@ On iOS all web browsers use [WKWebView](https://developer.apple.com/documentatio
- [:fontawesome-brands-git: Source](https://github.com/AdguardTeam/AdGuardForSafari)
### Terms of Service; Didn't Read
!!! recommendation
![Terms of Service; Didn't Read logo](/assets/img/browsers/terms_of_service_didnt_read.svg){ align=right }

View File

@ -5,9 +5,11 @@ icon: material/calendar
Calendaring and contacts are some of the most sensitive data posess. Use only products that use end-to-end encryption (E2EE) at rest. This prevents a provider from reading your data.
## Software as a service (SaaS) only
These products are included with an subscription to the respective [email providers](/providers/email).
### Tutanota
!!! recommendation
![Tutanota logo](/assets/img/calendar-contacts/tutanota.svg#only-light){ align=right }
@ -28,6 +30,7 @@ These products are included with an subscription to the respective [email provid
- [:fontawesome-brands-github: Source](https://github.com/tutao/tutanota)
### Proton Calendar
!!! recommendation
![Proton Calendar logo](/assets/img/calendar-contacts/proton-calendar.jpg){ align=right }
@ -41,9 +44,11 @@ These products are included with an subscription to the respective [email provid
- [:fontawesome-brands-github: Source](https://github.com/ProtonMail/WebClients)
## Self-hostable
Some of these options are self-hostable, or able to be hosted by third party providers for a fee:
### EteSync
!!! recommendation
![EteSync logo](/assets/img/calendar-contacts/etesync.svg){ align=right }
@ -62,6 +67,7 @@ Some of these options are self-hostable, or able to be hosted by third party pro
- [:fontawesome-brands-github: Source](https://github.com/etesync)
### Nextcloud
!!! recommendation
![Nextcloud logo](/assets/img/calendar-contacts/nextcloud.svg){ align=right }
@ -84,6 +90,7 @@ Some of these options are self-hostable, or able to be hosted by third party pro
- [:fontawesome-brands-github: Source](https://github.com/nextcloud)
### DecSync
!!! recommendation
**DecSync** can be used to synchronize RSS, contacts, calendars and tasks without a server by using file synchronization software such as [Syncthing](/software/file-sharing/#sync).

View File

@ -7,6 +7,7 @@ If you are currently using a Cloud Storage Service like Dropbox, Google Drive, M
Trust your provider by using an alternative below that supports [end-to-end encryption (E2EE)](https://wikipedia.org/wiki/End-to-end_encryption).
### Nextcloud
!!! recommendation
![Nextcloud logo](/assets/img/cloud/nextcloud.svg){ align=right }
@ -32,6 +33,7 @@ Trust your provider by using an alternative below that supports [end-to-end encr
- [:fontawesome-brands-github: Source](https://github.com/nextcloud)
### Proton Drive
!!! recommendation
![Proton Drive logo](/assets/img/cloud/protondrive.svg){ align=right }
@ -48,6 +50,7 @@ Trust your provider by using an alternative below that supports [end-to-end encr
- [:fontawesome-brands-github: Source](https://github.com/ProtonMail/WebClients)
### Cryptee
!!! recommendation
![Cryptee logo](./assets/img/cloud/cryptee.svg#only-light){ align=right }
@ -61,6 +64,7 @@ Trust your provider by using an alternative below that supports [end-to-end encr
- [:fontawesome-brands-github: Source](https://github.com/cryptee/web-client)
### Tahoe-LAFS (Advanced)
!!! recommendation
![Tahoe-LAFS logo](./assets/img/cloud/tahoe-lafs.svg#only-light){ align=right }

View File

@ -5,6 +5,7 @@ icon: material/dns
The [Domain Name System (DNS)](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to [IP](https://en.wikipedia.org/wiki/Internet_Protocol) addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
## What is DNS?
When you visit a website, a numerical address is returned. For example, when you visit `privacyguides.org`, the address `192.98.54.105` is returned.
DNS has existed since the [early days](https://en.wikipedia.org/wiki/Domain_Name_System#History) of the Internet. DNS requests made to and from DNS servers are **not** generally encrypted. In a residential setting, a customer is given servers by the [ISP](https://en.wikipedia.org/wiki/Internet_service_provider) via [Dynamic Host Configuration Protocol (DHCP)](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol).
@ -14,8 +15,10 @@ Unencrypted DNS requests are able to be easily **surveilled** and **modified** i
Below, we discuss and provide a tutorial to prove what an outside observer may see using regular unencrypted DNS and [encrypted DNS](/dns/#what-is-encrypted-dns).
### Unencrypted DNS
1. Using [`tshark`](https://www.wireshark.org/docs/man-pages/tshark.html) (part of the [Wireshark](https://en.wikipedia.org/wiki/Wireshark) project) we can monitor and record internet packet flow. This command records packets that meet the rules specified:
```
```bash
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
@ -60,42 +63,51 @@ If you run the Wireguard command above, the top pane shows the "[frames](https:/
An observer could modify any of these packets.
## What is "encrypted DNS"?
Encrypted DNS can refer to one of a number of protocols, the most common ones being:
### DNSCrypt
[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. The [protocol](https://en.wikipedia.org/wiki/DNSCrypt#Protocol) operates on [port 443](https://en.wikipedia.org/wiki/Well-known_ports) and works with both the [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) or [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS (DoH)](/dns/#dns-over-https-doh).
### DNS over TLS (DoT)
[**DNS over TLS (DoT)**](https://en.wikipedia.org/wiki/DNS_over_TLS) is another method for encrypting DNS communication that is defined in [RFC 7858](https://datatracker.ietf.org/doc/html/rfc7858). Support was first implemented in [Android 9](https://en.wikipedia.org/wiki/Android_Pie), [iOS 14](https://en.wikipedia.org/wiki/IOS_14), and on Linux in [systemd-resolved](https://www.freedesktop.org/software/systemd/man/resolved.conf.html#DNSOverTLS=) in version 237. Preference in the industry has been moving away from DoT to [DNS over HTTPS](/dns/#dns-over-https-doh) in recent years, as DoT is a [complex protocol](https://dnscrypt.info/faq/) and has varying compliance to the RFC across the implementations that exist. DoT also operates on a dedicated port 853 and that can be blocked easily by restrictive firewalls.
### DNS over HTTPS (DoH)
[**DNS over HTTPS**](https://en.wikipedia.org/wiki/DNS_over_HTTPS) as defined in [RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484) packages queries in the [HTTP/2](https://en.wikipedia.org/wiki/HTTP/2) protocol and provides security with [HTTPS](https://en.wikipedia.org/wiki/HTTPS). Support was first added in web browsers such as [Firefox 60](https://support.mozilla.org/en-US/kb/firefox-dns-over-https) and [Chrome 83](https://blog.chromium.org/2020/05/a-safer-and-more-private-browsing-DoH.html).
Native implementations showed up in [iOS 14](https://en.wikipedia.org/wiki/IOS_14), [macOS 11](https://en.wikipedia.org/wiki/MacOS_11), [Microsoft Windows](https://docs.microsoft.com/en-us/windows-server/networking/dns/doh-client-support), and Android 13 (however it won't be enabled [by default](https://android-review.googlesource.com/c/platform/packages/modules/DnsResolver/+/1833144)). General Linux desktop support is waiting on the systemd [implementation](https://github.com/systemd/systemd/issues/8639) so installing third party software is still required as described [below](/dns/#linux).
## What can an outside party see?
In this example we will record what happens when we make a DoH request:
1. First, start `tshark`:
```
```bash
tshark -w /tmp/dns_doh.pcap -f "tcp port https and host 1.1.1.1"
```
2. Second, make a request with `curl`:
```
```bash
curl -vI --doh-url https://1.1.1.1/dns-query https://privacyguides.org
```
3. After making the request, we can stop the packet capture with <kbd>CTRL</kbd> + <kbd>C</kbd>.
4. Analyse the results in Wireshark:
```
```bash
wireshark -r /tmp/dns_doh.pcap
```
We can see the [connection establishment](https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment) and [TLS handshake](https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/) that occurs with any encrypted connection. When looking at the "application data" packets that follow, none of them contain the domain we requested or the IP address returned.
## Why **shouldn't** I use encrypted DNS?
In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](/threat-modeling/). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](https://torproject.org) or a [VPN](/providers/vpn/) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity. We made this flow chart to describe when you *should* use "encrypted DNS":
``` mermaid
@ -116,15 +128,18 @@ graph TB
When we do a DNS lookup, it's generally because we want to access a resource. Below, we will discuss some of the methods that may disclose your browsing activities even when using encrypted DNS:
### IP Address
The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides.
This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform, (e.g. Github Pages, Cloudflare Pages, Netlify, Wordpress, Blogger, etc). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
### Server Name Indication (SNI)
Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
```
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
```
@ -133,13 +148,16 @@ Server Name Indication is typically used when a IP address hosts many websites.
3. After visiting the website, we what to stop the packet capture with <kbd>CTRL</kbd> + <kbd>C</kbd>.
4. Next we want to analyze the results:
```
```bash
wireshark -r /tmp/pg.pcap
```
We will see the [connection establishment](https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment), followed by the [TLS handshake](https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/) for the Privacy Guides website. Around frame 5. you'll see a "Client Hello".
5. Expand the triangle &#9656; next to each field:
```
```text
▸ Transport Layer Security
▸ TLSv1.3 Record Layer: Handshake Protocol: Client Hello
▸ Handshake Protocol: Client Hello
@ -148,7 +166,8 @@ Server Name Indication is typically used when a IP address hosts many websites.
```
6. We can see the [Server Name Indication (SNI)](https://en.wikipedia.org/wiki/Server_Name_Indication) value which discloses the website we are visiting. The `tshark` command can give you the value directly for all packets containing a SNI value:
```
```bash
tshark -r /tmp/pg.pcap -Tfields -Y tls.handshake.extensions_server_name -e tls.handshake.extensions_server_name
```
@ -157,6 +176,7 @@ This means even if we are using "Encrypted DNS" servers, the domain will likely
Governments, in particular [China](https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/) and [Russia](https://www.zdnet.com/article/russia-wants-to-ban-the-use-of-secure-protocols-such-as-tls-1-3-doh-dot-esni/), have either already [started blocking](https://en.wikipedia.org/wiki/Server_Name_Indication#Encrypted_Client_Hello) it or expressed a desire to do so. Recently, Russia has [started blocking foreign websites](https://github.com/net4people/bbs/issues/108) that use the [HTTP/3](https://en.wikipedia.org/wiki/HTTP/3) standard. This is because the [QUIC](https://en.wikipedia.org/wiki/QUIC) protocol that is a part of HTTP/3 requires that `ClientHello` also be encrypted.
### Online Certificate Status Protocol (OCSP)
Another way your browser can disclose your browsing activities is with the [Online Certificate Status Protocol](https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol). When visiting a [HTTPS](https://en.wikipedia.org/wiki/HTTPS) website, the browser might check to see if the [X.509](https://en.wikipedia.org/wiki/X.509) [certificate](https://en.wikipedia.org/wiki/Public_key_certificate) has been [revoked](https://en.wikipedia.org/wiki/Certificate_revocation_list). This is generally done through the [HTTP](https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol) protocol, meaning it is **not** encrypted.
The OCSP request contains the certificate "[serial number](https://en.wikipedia.org/wiki/Public_key_certificate#Common_fields)", which is unique. It is sent to the "OCSP responder" in order to check its status.
@ -164,40 +184,49 @@ The OCSP request contains the certificate "[serial number](https://en.wikipedia.
We can simulate what a browser would do using the [`openssl`](https://en.wikipedia.org/wiki/OpenSSL) command.
1. Get the server certificate and use [`sed`](https://en.wikipedia.org/wiki/Sed) to keep just the important part and write it out to a file:
```
```bash
openssl s_client -connect privacyguides.org:443 < /dev/null 2>&1 |
sed -n '/^-*BEGIN/,/^-*END/p' > /tmp/pg_server.cert
```
2. Get the intermediate certificate. [Certificate Authorities (CA)](https://en.wikipedia.org/wiki/Certificate_authority) normally don't sign a certificate directly; they use what is known as an "intermediate" certificate.
```
```bash
openssl s_client -showcerts -connect privacyguides.org:443 < /dev/null 2>&1 |
sed -n '/^-*BEGIN/,/^-*END/p' > /tmp/pg_and_intermediate.cert
```
3. The first certificate in `pg_and_intermediate.cert` is actually the server certificate from step 1. We can use `sed` again to delete until the first instance of END:
```
```bash
sed -n '/^-*END CERTIFICATE-*$/!d;:a n;p;ba' \
/tmp/pg_and_intermediate.cert > /tmp/intermediate_chain.cert
```
4. Get the OCSP responder for the server certificate:
```
```bash
openssl x509 -noout -ocsp_uri -in /tmp/pg_server.cert
```
If we want to see all the details of the certificate we can use:
```
```bash
openssl x509 -text -noout -in /tmp/pg_server.cert
```
Our certificate shows the Lets Encrypt certificate responder.
5. Start the packet capture:
```
```bash
tshark -w /tmp/pg_ocsp.pcap -f "tcp port http"
```
6. Make the OCSP request:
```
```bash
openssl ocsp -issuer /tmp/intermediate_chain.cert \
-cert /tmp/pg_server.cert \
-text \
@ -205,11 +234,14 @@ We can simulate what a browser would do using the [`openssl`](https://en.wikiped
```
7. Open the capture:
```
```bash
wireshark -r /tmp/pg_ocsp.pcap
```
There will be two packets with the "OCSP" protocol; a "Request" and a "Response". For the "Request" we can see the "serial number" by expanding the triangle &#9656; next to each field:
```
```bash
▸ Online Certificate Status Protocol
▸ tbsRequest
▸ requestList: 1 item
@ -217,8 +249,10 @@ We can simulate what a browser would do using the [`openssl`](https://en.wikiped
▸ reqCert
serialNumber
```
For the "Response" we can also see the "serial number":
```
```bash
▸ Online Certificate Status Protocol
▸ responseBytes
▸ BasicOCSPResponse
@ -229,14 +263,16 @@ We can simulate what a browser would do using the [`openssl`](https://en.wikiped
serialNumber
```
7. Or use `tshark` to filter the packets for the Serial Number:
```
8. Or use `tshark` to filter the packets for the Serial Number:
```bash
tshark -r /tmp/pg_ocsp.pcap -Tfields -Y ocsp.serialNumber -e ocsp.serialNumber
```
If the network observer has the public certificate, which is publicly available, they can match the serial number with that certificate and therefore determine the site you're visiting from that. The process can be automated and can associate IP addresses with serial numbers. It is also possible to check [Certificate Transparency](https://en.wikipedia.org/wiki/Certificate_Transparency) logs for the serial number.
## Why should I use encrypted DNS?
You should only use DNS if your [threat model](/threat-modeling/) doesn't require you to hide any of your browsing activity. Encrypted DNS should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences.
Encrypted DNS can also help if your ISP obnoxiously redirects you to other websites. These are our recommendations for servers:
@ -263,14 +299,17 @@ The criteria for servers for this table are:
- [QNAME Minimization](/dns/#what-is-qname-minimization)
## What is DNSSEC and when is it used?
[Domain Name System Security Extensions (DNSSEC)](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) is used to provide authenticity to the records being fetched from upstream DNS servers. It doesn't provide confidentiality, for that we use one of the [encrypted DNS](/dns#what-is-encrypted-dns) protocols discussed above.
## What is QNAME minimization?
A QNAME is a "qualified name", for example `privacyguides.org`. QNAME minimisation reduces the amount of information sent from the DNS server to the [authoritative name server](https://en.wikipedia.org/wiki/Name_server#Authoritative_name_server).
Instead of sending the whole domain `privacyguides.org`, QNAME minimization means the DNS server will ask for all the records that end in `.org`. Further technical description is defined in [RFC 7816](https://datatracker.ietf.org/doc/html/rfc7816).
## What is EDNS Client Subnet (ECS)?
The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a method for a recursive DNS resolver to specify a [subnetwork](https://en.wikipedia.org/wiki/Subnetwork) for the [host or client](https://en.wikipedia.org/wiki/Client_(computing)) which is making the DNS query.
It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network (CDN)](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps.
@ -280,9 +319,11 @@ This feature does come at a privacy cost, as it tells the DNS server some inform
## Native Operating System Support
### Android
Android 9 and above support DNS over TLS. Android 13 will support DNS over HTTPS. The settings can be found in: *Settings* &rarr; *Network & Internet* &rarr; *Private DNS*.
### Apple Devices
The latest versions of iOS, iPadOS, tvOS, and macOS, support both DoT and DoH. Both protocols are supported natively via [configuration profiles](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) or through the [DNS Settings API](https://developer.apple.com/documentation/networkextension/dns_settings).
After installation of either a configuration profile or an app that utilizes the DNS Settings API, the DNS configuration can be selected. If a VPN is active, resolution within the VPN tunnel will use the VPN's DNS settings and not your system-wide settings.
@ -293,20 +334,24 @@ After installation of either a configuration profile or an app that utilizes the
Apple does not provide a native interface for creating encrypted DNS profiles. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) is an unofficial tool for creating your own encrypted DNS profiles, however they will not be signed. Signed profiles are preferred; signing validates a profile's origin and helps to ensure the integrity of the profiles. A green "Verified" label is given to signed configuration profiles. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html).
* **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [ControlD](https://kb.controld.com/en/tutorials), [NextDNS](https://apple.nextdns.io), [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/).
- **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [ControlD](https://kb.controld.com/en/tutorials), [NextDNS](https://apple.nextdns.io), [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/).
### Windows
Windows users can [turn on DoH](https://docs.microsoft.com/en-us/windows-server/networking/dns/doh-client-support) by accessing Windows settings in the control panel.
Select *Settings* &rarr; *Network & Internet* &rarr; *Ethernet* or *WiFi*, &rarr; *Edit DNS Settings* &rarr; Preferred DNS encryption &rarr; *Encrypted only (DNS over HTTPS)*.
### Linux
`systemd-resolved` doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639), which many Linux distributions use to do their DNS lookups. If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS.
## Encrypted DNS Proxies
Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](/dns/#unencrypted-dns) resolver to forward to. Typically it is used on platforms that don't natively support [encrypted DNS](/dns/#what-is-encrypted-dns).
### RethinkDNS
!!! recommendation
![RethinkDNS logo](/assets/img/android/rethinkdns.svg#only-light){ align=right }
@ -322,6 +367,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](/d
- [:fontawesome-brands-github: Source](https://github.com/celzero/rethink-app)
### DNSCloak
!!! recommendation
![DNSCloak logo](/assets/img/ios/dnscloak.png){ align=right }
@ -335,6 +381,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](/d
- [:fontawesome-brands-github: Source](https://github.com/s-s/dnscloak)
### dnscrypt-proxy
!!! recommendation
![dnscrypt-proxy logo](/assets/img/dns/dnscrypt-proxy.svg){ align=right }

View File

@ -12,6 +12,7 @@ Discover free, open-source, and secure email clients, along with some email alte
[Real-time Communication](/real-time-communication){ .md-button .md-button--primary }
### Thunderbird
!!! recommendation
![Thunderbird logo](/assets/img/email-clients/thunderbird.svg){ align=right }
@ -28,6 +29,7 @@ Discover free, open-source, and secure email clients, along with some email alte
- [:fontawesome-brands-git: Source](https://hg.mozilla.org/comm-central)
### GNOME Evolution
!!! recommendation
![Evolution logo](/assets/img/email-clients/evolution.svg){ align=right }
@ -41,6 +43,7 @@ Discover free, open-source, and secure email clients, along with some email alte
- [:fontawesome-brands-gitlab: Source](https://gitlab.gnome.org/GNOME/evolution)
### Kontact
!!! recommendation
![Kontact logo](/assets/img/email-clients/kontact.svg){ align=right }
@ -55,6 +58,7 @@ Discover free, open-source, and secure email clients, along with some email alte
- [:fontawesome-brands-git: Source](https://invent.kde.org/pim/kmail)
### Mailvelope
!!! recommendation
![Mailvelope logo](/assets/img/email-clients/mailvelope.svg){ align=right }
@ -69,8 +73,8 @@ Discover free, open-source, and secure email clients, along with some email alte
- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/mailvelope/dgcbddhdhjppfdfjpciagmmibadmoapc)
- [:fontawesome-brands-github: Source](https://github.com/mailvelope/mailvelope)
### K-9 Mail
!!! recommendation
![K-9 Mail logo](/assets/img/email-clients/k9mail.svg){ align=right }
@ -85,6 +89,7 @@ Discover free, open-source, and secure email clients, along with some email alte
- [:fontawesome-brands-github: Source](https://github.com/k9mail)
### FairEmail
!!! recommendation
![FairEmail logo](/assets/img/email-clients/fairemail.svg){ align=right }
@ -99,6 +104,7 @@ Discover free, open-source, and secure email clients, along with some email alte
- [:fontawesome-brands-github: Source](https://github.com/M66B/FairEmail)
### Canary Mail
!!! recommendation
![Canary Mail logo](/assets/img/email-clients/canarymail.svg){ align=right }
@ -120,6 +126,7 @@ Discover free, open-source, and secure email clients, along with some email alte
- [:fontawesome-brands-windows: Windows](https://download.canarymail.io/get_windows)
### Neomutt
!!! recommendation
![Neomutt logo](/assets/img/email-clients/mutt.svg){ align=right }

View File

@ -494,7 +494,6 @@ Advanced users may consider setting up their own email server. Mailservers requi
**[Mailcow](https://mailcow.email)** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mailserver with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. **[Mailcow Dockerized docs](https://mailcow.github.io/mailcow-dockerized-docs/)**
For a more manual approach we've picked out these two articles.
- [Setting up a mail server with OpenSMTPD, Dovecot and Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/) (2019)

View File

@ -5,9 +5,11 @@ icon: material/file-lock
Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails, or files, you should pick an option here.
## Multi-platform
The options listed here are multi-platform and great for creating encrypted backups of your data.
### VeraCrypt
!!! recommendation
![VeraCrypt logo](/assets/img/encryption-software/veracrypt.svg#only-light){ align=right }
@ -29,6 +31,7 @@ The options listed here are multi-platform and great for creating encrypted back
- [:fontawesome-brands-git: Source](https://www.veracrypt.fr/code)
### GNU Privacy Guard
!!! recommendation
![GNU Privacy Guard logo](/assets/img/encryption-software/gnupg.svg){ align=right }
@ -54,6 +57,7 @@ The options listed here are multi-platform and great for creating encrypted back
- [:fontawesome-brands-git: Source](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git)
### Cryptomator
!!! recommendation
![Cryptomator logo](/assets/img/encryption-software/cryptomator.svg){ align=right }
@ -75,6 +79,7 @@ The options listed here are multi-platform and great for creating encrypted back
- [:fontawesome-brands-github: Source](https://github.com/cryptomator)
### Picocrypt
!!! recommendation
![Picocrypt logo](/assets/img/encryption-software/picocrypt.svg){ align=right }
@ -90,9 +95,11 @@ The options listed here are multi-platform and great for creating encrypted back
- [:fontawesome-brands-github: Source](https://github.com/HACKERALERT/Picocrypt)
## Operating system included Full Disk Encryption (FDE)
Modern operating systems include [disk encryption](https://en.wikipedia.org/wiki/Disk_encryption) and will utilize a [secure cryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor).
### BitLocker
!!! recommendation
![BitLocker logo](/assets/img/encryption-software/bitlocker.png){ align=right }
@ -137,6 +144,7 @@ Modern operating systems include [disk encryption](https://en.wikipedia.org/wiki
[Visit microsoft.com](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .md-button .md-button--primary }
### FileVault
!!! recommendation
![FileVault logo](/assets/img/encryption-software/filevault.png){ align=right }
@ -146,6 +154,7 @@ Modern operating systems include [disk encryption](https://en.wikipedia.org/wiki
[Visit support.apple.com](https://support.apple.com/en-us/HT204837){ .md-button .md-button--primary }
### Linux Unified Key Setup (LUKS)
!!! recommendation
![LUKS logo](/assets/img/encryption-software/luks.png){ align=right }
@ -175,9 +184,11 @@ Modern operating systems include [disk encryption](https://en.wikipedia.org/wiki
[Visit gitlab.com](https://gitlab.com/cryptsetup/cryptsetup){ .md-button .md-button--primary }
## Browser-based
Browser-based encryption can be useful when you need to encrypt a file but cannot install software or apps on your device.
### hat.sh
!!! recommendation
![hat.sh logo](/assets/img/encryption-software/hat-sh.png#only-light){ align=right }
@ -191,9 +202,11 @@ Browser-based encryption can be useful when you need to encrypt a file but canno
- [:fontawesome-brands-github: Source](https://github.com/sh-dv/hat.sh)
## Command-line
Tools with command-line interfaces are useful for intergrating [shell scripts](https://en.wikipedia.org/wiki/Shell_script).
### Kryptor
!!! recommendation
![Kryptor logo](/assets/img/encryption-software/kryptor.png){ align=right }
@ -209,6 +222,7 @@ Tools with command-line interfaces are useful for intergrating [shell scripts](h
- [:fontawesome-brands-github: Source](https://github.com/samuel-lucas6/Kryptor)
### Tomb
!!! recommendation
![Tomb logo](/assets/img/encryption-software/tomb.png){ align=right }

View File

@ -7,6 +7,7 @@ Discover how to privately share your files between your devices, with your frien
## File Sharing
### OnionShare
!!! recommendation
![OnionShare logo](/assets/img/file-sharing-sync/onionshare.svg){ align=right }
@ -22,6 +23,7 @@ Discover how to privately share your files between your devices, with your frien
- [:fontawesome-brands-github: Source](https://github.com/onionshare/onionshare)
### Magic Wormhole
!!! recommendation
![Magic Wormhole logo](/assets/img/file-sharing-sync/magic_wormhole.png){ align=right }
@ -36,8 +38,8 @@ Discover how to privately share your files between your devices, with your frien
- [:fontawesome-brands-linux: Linux](https://magic-wormhole.readthedocs.io/en/latest/welcome.html#installation)
- [:fontawesome-brands-github: Source](https://github.com/magic-wormhole/magic-wormhole)
### croc
!!! recommendation
![croc logo](/assets/img/file-sharing-sync/croc.jpg){ align=right }
@ -53,6 +55,7 @@ Discover how to privately share your files between your devices, with your frien
- [:fontawesome-brands-github: Source](https://github.com/schollz/croc)
## FreedomBox
!!! recommendation
![FreedomBox logo](/assets/img/file-sharing-sync/freedombox.svg){ align=right }
@ -67,6 +70,7 @@ Discover how to privately share your files between your devices, with your frien
## File Sync
### Syncthing
!!! recommendation
![Syncthing logo](/assets/img/file-sharing-sync/syncthing.svg){ align=right }
@ -82,6 +86,7 @@ Discover how to privately share your files between your devices, with your frien
- [:fontawesome-brands-github: Source](https://github.com/syncthing)
### git-annex
!!! recommendation
![git-annex logo](/assets/img/file-sharing-sync/gitannex.svg){ align=right }

View File

@ -4,7 +4,7 @@ hide:
- navigation
- toc
---
<!-- markdownlint-disable-next-line -->
<div style="max-width:50rem;margin:auto;" markdown>
<div style="max-width:38rem;" markdown>
## Why should I care?
@ -19,7 +19,7 @@ You shouldn't confuse privacy with secrecy. We know what happens in the bathroom
<div style="margin-left:auto;margin-right:0;text-align:right;max-width:38rem;" markdown>
## What should I do?
##### First, you need to make a plan.
##### First, you need to make a plan
Trying to protect all your data from everyone all the time is impractical, expensive, and exhausting. But don't worry! Security is a process, and by thinking ahead you can put together a plan that's right for you. Security isn't just about the tools you use or the software you download. Rather, it begins with understanding the unique threats you face, and how you can counter them.

View File

@ -1,7 +1,7 @@
---
title: Linux
icon: fontawesome/brands/linux
---
Linux distributions are commonly recommended for privacy protection and user freedom. Below are some suggestions with some general privacy and security improvements.
## Traditional Distributions
@ -80,13 +80,13 @@ As an alternative to Flatpaks, there is the option of [Toolbox](https://docs.fed
NixOSs package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
NixOS also provides atomic updates; first it downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation; you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also _test_ the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
NixOS also provides atomic updates; first it downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation; you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
Nix the package manager uses a purely functional language - which is also called Nix - to define packages.
[Nixpkgs](https://github.com/nixos/nixpkgs) (the main source of packages) are contained in a single Github repository. You can also define your own packages in the same language and then easily include them in your config.
Nix is a source-based package manager; if theres no pre-built available in the binary cache, Nix will just build the package from source using its definition. It builds each package in a sandboxed _pure_ environment, which is as independent of the host system as possible, thus making binaries reproducible.
Nix is a source-based package manager; if theres no pre-built available in the binary cache, Nix will just build the package from source using its definition. It builds each package in a sandboxed *pure* environment, which is as independent of the host system as possible, thus making binaries reproducible.
## Anonymity-Focused Distributions
@ -370,7 +370,7 @@ There is also further hardening to [PAM](https://en.wikipedia.org/wiki/Linux_PAM
On Red Hat distributions you can use [`authselect`](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_authentication_and_authorization_in_rhel/configuring-user-authentication-using-authselect_configuring-authentication-and-authorization-in-rhel) to configure this e.g.:
```
```bash
sudo authselect select <profile_id, default: sssd> with-faillock without-nullok with-pamaccess
```

View File

@ -7,6 +7,7 @@ When sharing files, be sure to remove associated metadata. Image files commonly
## Desktop
### MAT2
!!! recommendation
![MAT2 logo](/assets/img/metadata-removal/mat2.svg){ align=right }
@ -25,6 +26,7 @@ When sharing files, be sure to remove associated metadata. Image files commonly
- [:fontawesome-brands-gitlab: Source](https://0xacab.org/jvoisin/mat2)
### ExifCleaner
!!! recommendation
![ExifCleaner logo](/assets/img/metadata-removal/exifcleaner.svg){ align=right }
@ -42,6 +44,7 @@ When sharing files, be sure to remove associated metadata. Image files commonly
## Mobile
### Scrambled Exif
!!! recommendation
![Scrambled Exif logo](/assets/img/metadata-removal/scrambled-exif.svg){ align=right }
@ -56,6 +59,7 @@ When sharing files, be sure to remove associated metadata. Image files commonly
- [:fontawesome-brands-gitlab: Source](https://gitlab.com/juanitobananas/scrambled-exif)
### Imagepipe
!!! recommendation
![Imagepipe logo](/assets/img/metadata-removal/imagepipe.svg){ align=right }
@ -72,6 +76,7 @@ When sharing files, be sure to remove associated metadata. Image files commonly
- [:fontawesome-brands-git: Source](https://codeberg.org/Starfish/Imagepipe)
### Metapho
!!! recommendation
![Metapho logo](/assets/img/metadata-removal/metapho.jpg){ align=right }
@ -87,7 +92,9 @@ When sharing files, be sure to remove associated metadata. Image files commonly
- [:fontawesome-brands-app-store-ios: App Store](https://apps.apple.com/us/app/metapho/id914457352)
## Command-line
### Exiftool
!!! recommendation
![Exiftool logo](/assets/img/metadata-removal/exiftool.png){ align=right }

View File

@ -9,6 +9,7 @@ icon: 'material/two-factor-authentication'
The idea behind 2FA is that even if a hacker is able to figure out your password (something you *know*), they will still need a device you own like your phone (something you *have*) in order to generate the code needed to log in to your account. 2FA methods vary in security based on this premise: The more difficult it is for an attacker to gain access to your 2FA method, the better. 2FA methods include: Email or SMS codes, Push Notifications,Software (TOTP) Code-Generating Apps, Hardware Keys.
## MFA Method Comparison
==**SMS Codes** or Emailed Codes are better than nothing at all, but only marginally.== Getting a code over SMS or Email takes away from the "something you *have*" idea, because there are a variety of ways a hacker could take over your phone number or gain access to your emails without having physical access to any of your devices at all!
**Push Notifications** take the form of a message being sent to an app on your phone asking you to confirm new account logins. This is a lot better than SMS or Email, since an attacker typically wouldn't be able to get these push notifications without having an already logged-in device, thus requiring physical access to your device. However, they can be easy to click through and accept accidentally, and are typically sent to *all* your devices at once, widening the availability of the 2FA code if you have many devices. This solution is also generally a proprietary solution, so you are reliant on the company you have an account with to implement their custom solution securely rather than implementing an industry standard. Finally, it requires you to keep an app for every login you have on your mobile device, which may or may not be convenient to you.
@ -20,7 +21,9 @@ The ultimate form of multi-factor security are **hardware keys**. These are devi
Ultimately, the best form of two-factor security is the one you will use consistently on every account you have, that doesn't significantly interfere with your life. If you need to log in to an account often or on many devices, a hardware key may prove to be too much of a burden for example.
## Hardware Security Keys
### YubiKey
!!! recommendation
![YubiKeys](/assets/img/multi-factor-authentication/yubikey.png)
@ -32,6 +35,7 @@ Ultimately, the best form of two-factor security is the one you will use consist
[Visit yubico.com](https://www.yubico.com){ .md-button .md-button--primary } [Privacy Policy](https://www.yubico.com/support/terms-conditions/privacy-notice){ .md-button }
### NitroKey
!!! recommendation
![NitroKey](/assets/img/multi-factor-authentication/nitrokey.jpg){ align=right }
@ -45,11 +49,13 @@ Ultimately, the best form of two-factor security is the one you will use consist
[Visit nitrokey.com](https://www.nitrokey.com){ .md-button .md-button--primary } [Privacy Policy](https://www.nitrokey.com/data-privacy-policy){ .md-button }
## Authenticator Apps
==Generally speaking, TOTP software authenticator apps are going to be the best bet for most people.== They provide a significantly higher level of security than just SMS or Push Notifications, while remaining very convenient for most people who keep their phones with them at all times.
Authenticator Apps implement a security standard adopted by the Internet Engineering Task Force (IETF) called **Time-based One-time Passwords**, or **TOTP**. This is a method where websites share a secret with you which is used by your authenticator app to generate a six (usually) digit code based on the current time, which you enter while logging in for the website to check. Typically these codes are regenerated every 30 seconds, and once a new code is generated the old one becomes useless. Even if a hacker gets one six-digit code, there is no way for them to reverse that code to get the original secret, or otherwise be able to predict what any future codes might be.
### Aegis Authenticator
!!! recommendation
![Aegis logo](/assets/img/multi-factor-authentication/aegis.png){ align=right }
@ -64,6 +70,7 @@ Authenticator Apps implement a security standard adopted by the Internet Enginee
- [:fontawesome-brands-github: GitHub](https://github.com/beemdevelopment/Aegis)
### Raivo OTP
!!! recommendation
![Raivo OTP logo](/assets/img/multi-factor-authentication/raivo-otp.png){ align=right }

View File

@ -5,14 +5,17 @@ icon: material/form-textbox-password
Stay safe and secure online with an encrypted and open-source password manager.
## Password best practices
- Always use unique passwords. Don't make yourself a victim of "[credential stuffing](https://en.wikipedia.org/wiki/Credential_stuffing)".
- Store an exported backup of your passwords in an [encrypted container](/file-encryption) on another storage device. This can be useful if something happens to your device or the service you are using.
- If possible store [Time-based one-time password (TOTP)](https://en.wikipedia.org/wiki/Time-based_one-time_password) tokens in a separate [TOTP app](/multi-factor-authentication) and not your password manager. TOTP codes are generated from a "[shared secret](https://en.wikipedia.org/wiki/Time-based_one-time_password#Security)". If the secret is obtained by an adversary they can generate TOTP values. Typically, mobile platforms have better app isolation and more secure methods for storing sensitive credentials.
## Local Password Managers
These password managers store the password database locally.
### KeepassXC
!!! recommendation
![KeepassXC logo](/assets/img/password-management/keepassxc.svg){ align=right }
@ -34,6 +37,7 @@ These password managers store the password database locally.
- [:fontawesome-brands-github: Source](https://github.com/keepassxreboot/keepassxc)
### KeepassDX
!!! recommendation
![KeepassDX logo](/assets/img/password-management/keepassdx.svg){ align=right }
@ -50,9 +54,11 @@ These password managers store the password database locally.
- [:fontawesome-brands-github: Source](https://github.com/Kunzisoft/KeePassDX)
## Cloud syncing Password Managers
These password managers sync up to a cloud server that may be self-hostable.
### Bitwarden
!!! recommendation
![Bitwarden logo](/assets/img/password-management/bitwarden.svg){ align=right }
@ -75,6 +81,7 @@ These password managers sync up to a cloud server that may be self-hostable.
- [:fontawesome-brands-github: Source](https://github.com/bitwarden)
### Psono
!!! recommendation
![Psono logo](/assets/img/password-management/psono.svg){ align=right }
@ -92,9 +99,11 @@ These password managers sync up to a cloud server that may be self-hostable.
- [:fontawesome-brands-github: Source](https://gitlab.com/psono)
## Password management servers
These products are self-hostable synchronization for cloud based password managers.
### Vaultwarden
!!! recommendation
![Vaultwarden logo](/assets/img/password-management/vaultwarden.svg#only-light){ align=right }
@ -109,6 +118,7 @@ These products are self-hostable synchronization for cloud based password manage
- [:fontawesome-brands-github: Source](https://github.com/dani-garcia/vaultwarden)
### Psono Server
!!! recommendation
![Psono Server logo](/assets/img/password-management/psono.svg){ align=right }
@ -123,9 +133,11 @@ These products are self-hostable synchronization for cloud based password manage
- [:fontawesome-brands-gitlab: Source](https://gitlab.com/psono/psono-server)
## Minimal Password Managers
These products are minimal password managers that can be used within scripting applications.
### Pass
!!! recommendation
![Pass logo](/assets/img/password-management/pass.svg){ align=right }
@ -140,6 +152,7 @@ These products are minimal password managers that can be used within scripting a
- [:fontawesome-brands-git: Source](https://git.zx2c4.com/password-store)
### gopass
!!! recommendation
![gopass logo](/assets/img/password-management/gopass.svg){ align=right }

View File

@ -5,7 +5,9 @@ icon: material/file-sign
Get working and collaborating without sharing your documents with a middleman or trusting a cloud provider.
## Office Suites
### LibreOffice
!!! recommendation
![LibreOffice logo](/assets/img/productivity/libreoffice.svg){ align=right }
@ -27,6 +29,7 @@ Get working and collaborating without sharing your documents with a middleman or
- [:fontawesome-brands-git: Source](https://www.libreoffice.org/about-us/source-code)
### OnlyOffice
!!! recommendation
![OnlyOffice logo](/assets/img/productivity/onlyoffice.svg){ align=right }
@ -45,7 +48,9 @@ Get working and collaborating without sharing your documents with a middleman or
- [:fontawesome-brands-github: Source](https://github.com/ONLYOFFICE)
## Planning
### Framadate
!!! recommendation
![Framadate logo](/assets/img/productivity/framadate.svg){ align=right }
@ -58,7 +63,9 @@ Get working and collaborating without sharing your documents with a middleman or
- [:fontawesome-brands-gitlab: Source](https://framagit.org/framasoft/framadate)
## Paste services
### PrivateBin
!!! recommendation
![PrivateBin logo](/assets/img/productivity/privatebin.svg){ align=right }
@ -71,6 +78,7 @@ Get working and collaborating without sharing your documents with a middleman or
- [:fontawesome-brands-github: Source](https://github.com/PrivateBin/PrivateBin)
### CryptPad
!!! recommendation
![CryptPad logo](/assets/img/productivity/cryptpad.svg){ align=right }
@ -83,7 +91,9 @@ Get working and collaborating without sharing your documents with a middleman or
- [:fontawesome-brands-github: Source](https://github.com/xwiki-labs/cryptpad)
## Blogging
### Write.as
!!! recommendation
![Write.as logo](/assets/img/productivity/writeas.svg#only-light){ align=right }
@ -103,7 +113,9 @@ Get working and collaborating without sharing your documents with a middleman or
- [:fontawesome-brands-git: Source](https://code.as/writeas)
## Programming
### VSCodium
!!! recommendation
![VSCodium logo](/assets/img/productivity/vscodium.svg){ align=right }

View File

@ -5,6 +5,7 @@ icon: pg/qubes-os
Qubes OS is a distribution of Linux that uses [Xen](https://en.wikipedia.org/wiki/Xen) to provide app isolation.
### Qubes OS
!!! recommendation
![Qubes OS logo](/assets/img/qubes/qubes_os.svg){ align=right }

View File

@ -1,7 +1,9 @@
---
title: Real-Time Communication Tools
icon: material/chat-processing
---
## Encrypted Instant Messengers
### Signal
!!! recommendation
@ -31,6 +33,7 @@ Signal requires your phone number as a personal identifier.
The protocol was independently [audited](https://eprint.iacr.org/2016/1013.pdf) in 2016. The specification for the Signal protocol can be found in their [documentation](https://signal.org/docs/).
### Element
!!! recommendation
![Element logo](/assets/img/messengers/element.svg){ align=right }
@ -59,6 +62,7 @@ When using [element-web](https://github.com/vector-im/element-web), you must tru
The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last) in 2016. The specification for the Matrix protocol can be found in their [documentation](https://spec.matrix.org/latest/). The [Olm](https://matrix.org/docs/projects/other/olm) cryptographic ratchet used by Matrix is an implementation of Signals [Double Ratchet algorithm](https://signal.org/docs/specifications/doubleratchet/).
### Briar
!!! recommendation
![Briar logo](/assets/img/messengers/briar.svg){ align=right }
@ -81,6 +85,7 @@ Briar has a fully [published specification](https://code.briarproject.org/briar/
Briar supports perfect forward secrecy by using the Bramble [Handshake](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BHP.md) and [Transport](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md) protocol.
### Session
!!! recommendation
![Session logo](/assets/img/messengers/session.svg){ align=right }
@ -105,9 +110,11 @@ Session does [not](https://getsession.org/blog/session-protocol-technical-inform
Session was independently audited in 2020. The protocol is described in a whitepaper.
## Types of Communication Networks
There are several network architectures commonly used to relay messages between users. These networks can provide different different privacy guarantees, which is why it's worth considering your [threat model](https://en.wikipedia.org/wiki/Threat_model) when making a decision about which app to use.
### Centralized Networks
![Centralized networks diagram](/assets/img/layout/network-centralized.svg){ align=left }
Centralized messengers are those where all participants are on the same server or network of servers controlled by the same organization.
@ -129,8 +136,8 @@ Some self-hosted messengers allow you to set up your own server. Self-hosting ca
- The [ownership](https://web.archive.org/web/20210729191953/https://blog.privacytools.io/delisting-wire/), privacy policy, and operations of the service can change easily when a single entity controls it, potentially compromising the service later on.
- Self hosting requires effort and knowledge of how to set up a service.
### Federated Networks
![Federated networks diagram](/assets/img/layout/network-decentralized.svg){ align=left }
Federated messengers use multiple, independent, decentralized servers that are able to talk to each other (email is one example of a federated service). Federation allows system administrators to control their own server and still be a part of the larger communications network.
@ -153,6 +160,7 @@ When self-hosted, users of a federated server can discover and communicate with
- Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with users on those servers.
### Peer-to-Peer (P2P) Networks
![P2P diagram](/assets/img/layout/network-distributed.svg){ align=left }
[P2P](https://en.wikipedia.org/wiki/Peer-to-peer) messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recepient without a third-party server.
@ -176,8 +184,8 @@ P2P networks do not use servers, as users communicate directly between each othe
- Some common messenger features may not be implemented or incompletely, such as message deletion.
- Your [IP address](https://en.wikipedia.org/wiki/IP_address) and that of the contacts you're communicating with may be exposed if you do not use the software in conjunction with a [VPN](https://privacyguides.org/providers/vpn) or [self contained network](https://privacyguides.org/software/networks), such as [Tor](https://www.torproject.org) or [I2P](https://geti2p.net/). Many countries have some form of mass surveillance and/or metadata retention.
### Anonymous Routing
![Anonymous routing diagram](/assets/img/layout/network-anonymous-routing.svg){ align=left }
A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.

View File

@ -22,6 +22,7 @@ Below are a few alternative operating systems, that can be used on routers, Wi-F
- [:fontawesome-brands-git: Source](https://git.openwrt.org)
### pfSense
!!! recommendation
![pfSense logo](/assets/img/router/pfsense.svg#only-light){ align=right }

View File

@ -9,6 +9,7 @@ The recommendations here are based on the merits of each service's privacy polic
Consider using a [VPN](/providers/vpn) or [Tor](https://www.torproject.org/) if your threat model requires hiding your IP address from the search provider.
### DuckDuckGo
!!! recommendation
![DuckDuckGo logo](/assets/img/search-engines/duckduckgo.svg){ align=right }
@ -25,6 +26,7 @@ Consider using a [VPN](/providers/vpn) or [Tor](https://www.torproject.org/) if
The company is based in the 🇺🇸 US. Their [Privacy Policy](https://duckduckgo.com/privacy) states they do log your search query, but not your IP or any other identifying information.
### Startpage
!!! recommendation
![Startpage logo](/assets/img/search-engines/startpage.svg){ align=right }
@ -39,6 +41,7 @@ Consider using a [VPN](/providers/vpn) or [Tor](https://www.torproject.org/) if
Startpage's majority shareholder is System1 who is an adtech company. We don't think that is an issue as they have their own Privacy Policy. The Privacy Guides team reached out to Startpage [back in 2020](https://web.archive.org/web/20210118031008/https://blog.privacytools.io/relisting-startpage/) for clarification and was satisfied by the answers we received.
### Mojeek
!!! recommendation
![Mojeek logo](/assets/img/search-engines/mojeek.svg){ align=right }
@ -51,6 +54,7 @@ Consider using a [VPN](/providers/vpn) or [Tor](https://www.torproject.org/) if
The company is based in the 🇬🇧 UK. According to their [Privacy Policy](https://www.mojeek.com/about/privacy/), they log the originating country, time, page requested, and referral data of each query. IP addresses are not logged.
### Searx
!!! recommendation
![Searx logo](/assets/img/search-engines/searx.svg){ align=right }

View File

@ -5,7 +5,9 @@ icon: material/security-network
If you are currently browsing clearnet and want to access the dark web, this section is for you.
## Self-contained Networks
### Tor
!!! recommendation
![Tor logo](./assets/img/self-contained-networks/tor.svg){ align=right }
@ -27,6 +29,7 @@ If you are currently browsing clearnet and want to access the dark web, this sec
- [:fontawesome-brands-git: Source](https://gitweb.torproject.org/tor.git)
### I2P Anonymous Network
!!! recommendation
![I2P logo](./assets/img/self-contained-networks/i2p.svg){ align=right }
@ -48,6 +51,7 @@ If you are currently browsing clearnet and want to access the dark web, this sec
- [:fontawesome-brands-git: Source](https://geti2p.net/en/get-involved/guides/new-developers#getting-the-i2p-code)
### The Freenet Project
!!! recommendation
![Freenet logo](./assets/img/self-contained-networks/freenet.svg){ align=right }

View File

@ -5,7 +5,9 @@ icon: material/account-supervisor-circle-outline
Find a social network that doesnt pry into your data or monetize your profile.
## Decentralized Social Networks
### Mastodon (Twitter Alternative)
!!! recommendation
![Mastodon logo](/assets/img/social-networks/mastodon.svg){ align=right }
@ -20,6 +22,7 @@ Find a social network that doesnt pry into your data or monetize your profile
- [:fontawesome-brands-github: Source](https://github.com/mastodon)
### diaspora\* (Google+ Alternative)
!!! recommendation
![diaspora* logo](/assets/img/social-networks/diaspora.svg){ align=right }
@ -33,6 +36,7 @@ Find a social network that doesnt pry into your data or monetize your profile
- [:fontawesome-brands-github: Source](https://github.com/diaspora)
### Friendica (Facebook Alternative)
!!! recommendation
![Frendica logo](/assets/img/social-networks/friendica.svg){ align=right }
@ -46,6 +50,7 @@ Find a social network that doesnt pry into your data or monetize your profile
- [:fontawesome-brands-github: Source](https://github.com/friendica)
### PixelFed (Instagram Alternative)
!!! recommendation
![PixelFed logo](/assets/img/social-networks/pixelfed.svg){ align=right }
@ -58,6 +63,7 @@ Find a social network that doesnt pry into your data or monetize your profile
- [:fontawesome-brands-github: Source](https://github.com/pixelfed)
### Pleroma (Twitter Alternative)
!!! recommendation
![Pleroma logo](/assets/img/social-networks/pleroma.svg){ align=right }
@ -71,6 +77,7 @@ Find a social network that doesnt pry into your data or monetize your profile
- [:fontawesome-brands-gitlab: Source](https://git.pleroma.social/pleroma)
### Movim
!!! recommendation
![Movim logo](/assets/img/social-networks/movim.svg){ align=right }
@ -81,10 +88,12 @@ Find a social network that doesnt pry into your data or monetize your profile
- [:fontawesome-brands-github: Source](https://github.com/movim)
## Related Information
- [JustDeleteMe](https://justdeleteme.xyz) - A directory of direct links to delete your account from web services.
- [Forget](https://forget.codl.fr) - A service that automatically deletes your old posts on Twitter and Mastodon that everyone has forgotten about.
## Facebook Related
- [How do I permanently delete my Facebook account?](https://www.facebook.com/help/224562897555674)
- [Facebook Container by Mozilla](https://addons.mozilla.org/firefox/addon/facebook-container)
- [Stop using Facebook](https://web.archive.org/web/20190510075433/https://www.stopusingfacebook.co/) - A curated list of reasons to stop using Facebook and how to do it.

View File

@ -5,6 +5,7 @@ icon: material/newspaper-variant-outline
Stay up-to-date with privacy-respecting online bulletin boards.
### Tildes
!!! recommendation
![Tildes logo](/assets/img/social-media-aggregator/tildes.svg){ align=right }
@ -17,6 +18,7 @@ Stay up-to-date with privacy-respecting online bulletin boards.
- [:fontawesome-brands-gitlab: Source](hhttps://gitlab.com/tildes)
### Lemmy
!!! recommendation
![Lemmy logo](/assets/img/social-media-aggregator/lemmy.svg){ align=right }
@ -29,6 +31,7 @@ Stay up-to-date with privacy-respecting online bulletin boards.
- [:fontawesome-brands-github: Source](https://github.com/LemmyNet)
### Postmill
!!! recommendation
![Postmill logo](/assets/img/social-media-aggregator/postmill.png){ align=right }
@ -41,6 +44,7 @@ Stay up-to-date with privacy-respecting online bulletin boards.
- [:fontawesome-brands-gitlab: Source](https://gitlab.com/postmill)
### Freepost
!!! recommendation
![Freepost logo](/assets/img/social-media-aggregator/freepost.svg){ align=right }

View File

@ -6,7 +6,7 @@ icon: 'material/target-account'
Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, et cetera. Often people find that the problem with the tools they see recommended is they're just too hard to start using!
If you wanted to use the **most** secure tools available, you'd have to sacrifice _a lot_ of usability. And even then, <mark>nothing is ever fully secure.</mark> There's **high** security, but never **full** security. That's why threat models are important.
If you wanted to use the **most** secure tools available, you'd have to sacrifice *a lot* of usability. And even then, <mark>nothing is ever fully secure.</mark> There's **high** security, but never **full** security. That's why threat models are important.
**So, what are these threat models anyways?**
@ -14,15 +14,13 @@ If you wanted to use the **most** secure tools available, you'd have to sacrific
By focusing on the threats that matter to you, this narrows down your thinking about the protection you need, so you can choose the tools that are right for the job.
Examples of threat models
-------------------------
## Examples of threat models
* An investigative journalist's threat model might be <span class="text-muted">(protecting themselves against)</span> a foreign government.
* A company's manager's threat model might be <span class="text-muted">(protecting themselves against)</span> a hacker hired by competition to do corporate espionage.
* The average citizen's threat model might be <span class="text-muted">(hiding their data from)</span> large tech corporations.
Creating your threat model
--------------------------
## Creating your threat model
To identify what could happen to the things you value and determine from whom you need to protect them, you want to answer these five questions:
@ -32,22 +30,28 @@ To identify what could happen to the things you value and determine from whom yo
4. How bad are the consequences if I fail?
5. How much trouble am I willing to go through to try to prevent potential consequences?
#### Example: Protecting your belongings
### Example: Protecting your belongings
* To demonstrate how these questions work, let's build a plan to keep your house and possessions safe.
##### What do you want to protect? (Or, _what do you have that is worth protecting?_)
#### What do you want to protect? (Or, *what do you have that is worth protecting?*)
* Your assets might include jewelry, electronics, important documents, or photos.
##### Who do you want to protect it from?
#### Who do you want to protect it from?
* Your adversaries might include burglars, roommates, or guests.
##### How likely is it that you will need to protect it?
#### How likely is it that you will need to protect it?
* Does your neighborhood have a history of burglaries? How trustworthy are your roommates/guests? What are the capabilities of your adversaries? What are the risks you should consider?
##### How bad are the consequences if you fail?
#### How bad are the consequences if you fail?
* Do you have anything in your house that you cannot replace? Do you have the time or money to replace these things? Do you have insurance that covers goods stolen from your home?
##### How much trouble are you willing to go through to prevent these consequences?
#### How much trouble are you willing to go through to prevent these consequences?
* Are you willing to buy a safe for sensitive documents? Can you afford to buy a high-quality lock? Do you have time to open a security box at your local bank and keep your valuables there?
Only once you have asked yourself these questions will you be in a position to assess what measures to take. If your possessions are valuable, but the probability of a break-in is low, then you may not want to invest too much money in a lock. But, if the probability of a break-in is high, you'll want to get the best lock on the market, and consider adding a security system.
@ -57,41 +61,46 @@ Making a security plan will help you to understand the threats that are unique t
Now, let's take a closer look at the questions in our list:
### What do I want to protect?
An “asset” is something you value and want to protect. In the context of digital security, <mark>an asset is usually some kind of information.</mark> For example, your emails, contact lists, instant messages, location, and files are all possible assets. Your devices themselves may also be assets.
_Make a list of your assets: data that you keep, where it's kept, who has access to it, and what stops others from accessing it._
*Make a list of your assets: data that you keep, where it's kept, who has access to it, and what stops others from accessing it.*
### Who do I want to protect it from?
To answer this question, it's important to identify who might want to target you or your information. <mark>A person or entity that poses a threat to your assets is an “adversary.”</mark> Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
_Make a list of your adversaries, or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations._
*Make a list of your adversaries, or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.*
Depending on who your adversaries are, under some circumstances this list might be something you want to destroy after you're done security planning.
### How likely is it that I will need to protect it?
<mark>Risk is the likelihood that a particular threat against a particular asset will actually occur.</mark> It goes hand-in-hand with capability. While your mobile phone provider has the capability to access all of your data, the risk of them posting your private data online to harm your reputation is low.
It is important to distinguish between what might happen and the probability it may happen. For instance, there is a threat that your building might collapse, but the risk of this happening is far greater in San Francisco (where earthquakes are common) than in Stockholm (where they are not).
Assessing risks is both a personal and a subjective process. Many people find certain threats unacceptable no matter the likelihood they will occur because the mere presence of the threat at any likelihood is not worth the cost. In other cases, people disregard high risks because they don't view the threat as a problem.
_Write down which threats you are going to take seriously, and which may be too rare or too harmless (or too difficult to combat) to worry about._
*Write down which threats you are going to take seriously, and which may be too rare or too harmless (or too difficult to combat) to worry about.*
### How bad are the consequences if I fail?
There are many ways that an adversary could gain access to your data. For example, an adversary can read your private communications as they pass through the network, or they can delete or corrupt your data.
<mark>The motives of adversaries differ widely, as do their tactics.</mark> A government trying to prevent the spread of a video showing police violence may be content to simply delete or reduce the availability of that video. In contrast, a political opponent may wish to gain access to secret content and publish that content without you knowing.
Security planning involves understanding how bad the consequences could be if an adversary successfully gains access to one of your assets. To determine this, you should consider the capability of your adversary. For example, your mobile phone provider has access to all your phone records. A hacker on an open Wi-Fi network can access your unencrypted communications. Your government might have stronger capabilities.
_Write down what your adversary might want to do with your private data._
*Write down what your adversary might want to do with your private data.*
### How much trouble am I willing to go through to try to prevent potential consequences?
<mark>There is no perfect option for security.</mark> Not everyone has the same priorities, concerns, or access to resources. Your risk assessment will allow you to plan the right strategy for you, balancing convenience, cost, and privacy.
For example, an attorney representing a client in a national security case may be willing to go to greater lengths to protect communications about that case, such as using encrypted email, than a mother who regularly emails her daughter funny cat videos.
_Write down what options you have available to you to help mitigate your unique threats. Note if you have any financial constraints, technical constraints, or social constraints._
*Write down what options you have available to you to help mitigate your unique threats. Note if you have any financial constraints, technical constraints, or social constraints.*
<div class="row">
<div class="col-12 col-lg-6">

View File

@ -1,4 +1,5 @@
---
title: Privacy Tools
icon: material/tools
hide:
- navigation

View File

@ -5,6 +5,7 @@ icon: material/video-wireless
The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](/providers/vpn/) or [Tor](https://www.torproject.org/) to make it harder to profile your usage.
## Clients
### FreeTube
!!! recommendation
@ -28,6 +29,7 @@ The primary threat when using a video streaming platform is that your streaming
- [:fontawesome-brands-github: Source](https://github.com/FreeTubeApp/FreeTube/)
### LBRY
!!! recommendation
![LBRY logo](/assets/img/video-streaming/lbry.svg){ align=right }
@ -57,6 +59,7 @@ The primary threat when using a video streaming platform is that your streaming
- [:fontawesome-brands-github: Source](https://github.com/lbryio)
### NewPipe
!!! recommendation
![Newpipe logo](/assets/img//video-streaming/newpipe.svg){ align=right }
@ -74,6 +77,7 @@ The primary threat when using a video streaming platform is that your streaming
- [:fontawesome-brands-github: Source](https://github.com/TeamNewPipe/NewPipe)
### NewPipe x SponsorBlock
!!! recommendation
![NewPipe x SponsorBlock logo](/assets/img/video-streaming/newpipe.svg){ align=right }
@ -91,7 +95,9 @@ The primary threat when using a video streaming platform is that your streaming
- [:fontawesome-brands-github: Source](https://github.com/polymorphicshade/NewPipe)
## Web-based Frontends
### Invidious
!!! recommendation
![Invidious logo](/assets/img/video-streaming/invidious.svg#only-light){ align=right }
@ -118,6 +124,7 @@ The primary threat when using a video streaming platform is that your streaming
- [:fontawesome-brands-github: Source](https://github.com/iv-org/invidious)
### Piped
!!! recommendation
![Piped logo](/assets/img/video-streaming/piped.svg){ align=right }

View File

@ -321,7 +321,7 @@ A common reason to recommend encrypted DNS is that it helps against DNS spoofing
Needless to say, **you shouldn't use encrypted DNS with Tor**. This would direct all of your DNS requests through a single circuit, and would allow the encrypted DNS provider to deanonymize you.
### Should I use Tor _and_ a VPN?
### Should I use Tor *and* a VPN?
By using a VPN with Tor, you're creating essentially a permanent entry node, often with a money trail attached. This provides zero additional benefit to you, while increasing the attack surface of your connection dramatically. If you wish to hide your Tor usage from your ISP or your government, Tor has a built-in solution for that: Tor bridges. [Read more about Tor bridges and why using a VPN is not necessary](https://web.archive.org/web/20210116140725/https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-2-onion-recipes-vpn-not-required).
@ -343,7 +343,7 @@ A VPN may still be useful to you in a variety of scenarios, such as:
2. Hiding your downloads (such as torrents) from your ISP and anti-piracy organizations.
3. Hiding your IP from third party websites and services, preventing IP based tracking.
For use cases like these, or if you have another compelling reason, the VPN providers we listed above are who we think are the most trustworthy. However, using a VPN provider still means you're _trusting_ the provider. In pretty much any other scenario you should be using a secure**-by-design** tool such as Tor.
For use cases like these, or if you have another compelling reason, the VPN providers we listed above are who we think are the most trustworthy. However, using a VPN provider still means you're *trusting* the provider. In pretty much any other scenario you should be using a secure**-by-design** tool such as Tor.
### Sources and Further Reading
@ -365,7 +365,7 @@ For use cases like these, or if you have another compelling reason, the VPN prov
- [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/)
- [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/)
## VPN Related breaches - why external auditing is important!
## VPN Related breaches - why external auditing is important
- ["Zero logs" VPN exposes millions of logs including user passwords, claims data is anonymous](https://www.comparitech.com/blog/vpn-privacy/ufo-vpn-data-exposure/) July 2020
- [NordVPN HTTP POST bug exposed customer information, no authentication required](https://www.zdnet.com/article/nordvpn-http-post-bug-exposed-sensitive-customer-information/) March 2020