diff --git a/docs/alternative-networks.md b/docs/alternative-networks.md index 0cf9a769..d15a984f 100644 --- a/docs/alternative-networks.md +++ b/docs/alternative-networks.md @@ -4,10 +4,15 @@ icon: material/vector-polygon description: These tools allow you to access networks other than the World Wide Web. cover: alternative-networks.webp --- +Protects against the following threat(s): + +- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } +- [:material-eye-outline: Mass Surveillance](basics/common-threats.md#mass-surveillance-programs){ .pg-blue } +- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown } ## Anonymizing Networks -When it comes to anonymizing networks, we want to specially note that [Tor](advanced/tor-overview.md) is our top choice. It is by far the most utilized, robustly studied, and actively developed anonymous network. Using other networks could be more likely to endanger your anonymity, unless you know what you're doing. +When it comes to anonymizing networks, we want to specially note that [Tor](advanced/tor-overview.md) is our top choice. It is by far the most utilized, robustly studied, and actively developed anonymous network. Using other networks could be more likely to endanger your [:material-incognito: Anonymity](basics/common-threats.md#anonymity-vs-privacy){ .pg-purple }, unless you know what you're doing. ### Tor @@ -15,7 +20,7 @@ When it comes to anonymizing networks, we want to specially note that [Tor](adva ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } -The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool. +The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray } circumvention tool. [:octicons-home-16:](https://torproject.org){ .card-link title=Homepage } [:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" } diff --git a/docs/android/distributions.md b/docs/android/distributions.md index 421cd8f3..38783363 100644 --- a/docs/android/distributions.md +++ b/docs/android/distributions.md @@ -31,6 +31,8 @@ schema: "@type": WebPage url: "./" --- +[:material-target-account:](../basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } [:material-bug-outline:](../basics/common-threats.md#security-and-privacy){ .pg-orange } + A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services. We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems. diff --git a/docs/android/general-apps.md b/docs/android/general-apps.md index 5858adac..7444196e 100644 --- a/docs/android/general-apps.md +++ b/docs/android/general-apps.md @@ -94,6 +94,11 @@ The image orientation metadata is not deleted. If you enable location (in Secure ### Secure PDF Viewer +Protects against the following threat(s): + +- [:material-target-account: Targeted Attacks](../basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } +- [:material-bug-outline: Passive Attacks](../basics/common-threats.md#security-and-privacy){ .pg-orange } +
Hardware Keys
diff --git a/docs/notebooks.md b/docs/notebooks.md index 28246a4d..9a7058b1 100644 --- a/docs/notebooks.md +++ b/docs/notebooks.md @@ -4,6 +4,9 @@ icon: material/notebook-edit-outline description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. cover: notebooks.webp --- +Protects against the following threat(s): + +- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } Keep track of your notes and journalings without giving them to a third-party. diff --git a/docs/os/ios-overview.md b/docs/os/ios-overview.md index 2fdef159..14fe987a 100644 --- a/docs/os/ios-overview.md +++ b/docs/os/ios-overview.md @@ -41,7 +41,7 @@ You can also protect your data by limiting what you sync to iCloud in the first A paid **iCloud+** subscription (with any iCloud storage plan) comes with some privacy-protecting functionality. While these may provide adequate service for current iCloud customers, we wouldn't recommend purchasing an iCloud+ plan over a [VPN](../vpn.md) and [standalone email aliasing service](../email-aliasing.md) just for these features alone. -**Private Relay** is a proxy service which relays your Safari traffic through two servers: one owned by Apple and one owned by a third-party provider (including Akamai, Cloudflare, and Fastly). In theory this should prevent any single provider in the chain—including Apple—from having full visibility into which websites you visit while connected. Unlike a full VPN, Private Relay does not protect traffic from your apps outside of Safari. +[**Private Relay**](https://apple.com/legal/privacy/data/en/icloud-relay) is a proxy service which relays all of your Safari traffic, your DNS queries, and unencrypted traffic on your device through two servers: one owned by Apple and one owned by a third-party provider (including Akamai, Cloudflare, and Fastly). In theory this should prevent any single provider in the chain—including Apple—from having full visibility into which websites you visit while connected. Unlike a VPN, Private Relay does not protect traffic that's already encrypted. **Hide My Email** is Apple's email aliasing service. You can create an email aliases for free when you *Sign In With Apple* on a website or app, or generate unlimited aliases on demand with a paid iCloud+ plan. Hide My Email has the advantage of using the `@icloud.com` domain for its aliases, which may be less likely to be blocked compared to other email aliasing services, but does not offer functionality offered by standalone services such as automatic PGP encryption or multiple mailbox support. diff --git a/docs/passwords.md b/docs/passwords.md index da619a1a..b33b1f48 100644 --- a/docs/passwords.md +++ b/docs/passwords.md @@ -131,6 +131,12 @@ schema: "@type": WebPage url: "./" --- +Protects against the following threat(s): + +- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } +- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange } +- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } + **Password managers** allow you to securely store and manage passwords and other credentials with the use of a master password. [Introduction to Passwords :material-arrow-right-drop-circle:](./basics/passwords-overview.md) diff --git a/docs/photo-management.md b/docs/photo-management.md index fc709dbb..542b28f2 100644 --- a/docs/photo-management.md +++ b/docs/photo-management.md @@ -4,6 +4,11 @@ icon: material/image description: Photo management tools to keep your personal photos safe from the prying eyes of cloud storage providers and other unauthorized access. cover: photo-management.webp --- +Protects against the following threat(s): + +- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange } +- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } + Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon Photos don't secure your photos against being accessed by the cloud storage provider themselves. These options keep your personal photos private, while allowing you to share them only with family and trusted people. ## Ente Photos diff --git a/docs/real-time-communication.md b/docs/real-time-communication.md index 4bd1f966..cac9a74b 100644 --- a/docs/real-time-communication.md +++ b/docs/real-time-communication.md @@ -5,6 +5,12 @@ icon: material/chat-processing description: Other instant messengers make all of your private conversations available to the company that runs them. cover: real-time-communication.webp --- +Protects against the following threat(s): + +- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange } +- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } +- [:material-eye-outline: Mass Surveillance](basics/common-threats.md#mass-surveillance-programs){ .pg-blue } +- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown } These are our recommendations for encrypted **real-time communication**. @@ -67,7 +73,7 @@ We have some additional tips on configuring and hardening your Signal installati ![Simplex logo](assets/img/messengers/simplex.svg){ align=right } -**SimpleX** Chat is an instant messenger that is decentralized and doesn't depend on any unique identifiers such as phone numbers or usernames. Users of SimpleX Chat can scan a QR code or click an invite link to participate in group conversations. +**SimpleX** Chat is an instant messenger that doesn't depend on any unique identifiers such as phone numbers or usernames. Its decentralized network makes SimpleX Chat an effective tool against [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }. Users of SimpleX Chat can scan a QR code or click an invite link to participate in group conversations. [:octicons-home-16: Homepage](https://simplex.chat){ .md-button .md-button--primary } [:octicons-eye-16:](https://github.com/simplex-chat/simplex-chat/blob/stable/PRIVACY.md){ .card-link title="Privacy Policy" } @@ -98,7 +104,7 @@ SimpleX Chat supports basic group chatting functionality, direct messaging, and ![Briar logo](assets/img/messengers/briar.svg){ align=right } -**Briar** is an encrypted instant messenger that [connects](https://briarproject.org/how-it-works) to other clients using the Tor Network. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briar’s local mesh mode can be useful when internet availability is a problem. +**Briar** is an encrypted instant messenger that [connects](https://briarproject.org/how-it-works) to other clients using the Tor Network, making it an effective tool at circumventing [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briar’s local mesh mode can be useful when internet availability is a problem. [:octicons-home-16: Homepage](https://briarproject.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://briarproject.org/privacy-policy){ .card-link title="Privacy Policy" } diff --git a/docs/security-keys.md b/docs/security-keys.md index df1761a0..9a55bb25 100644 --- a/docs/security-keys.md +++ b/docs/security-keys.md @@ -4,6 +4,11 @@ icon: 'material/key-chain' description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. cover: multi-factor-authentication.webp --- +Protects against the following threat(s): + +- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } +- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange } + A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication. ## Yubico Security Key diff --git a/docs/tools.md b/docs/tools.md index 673afaa2..151677d9 100644 --- a/docs/tools.md +++ b/docs/tools.md @@ -37,6 +37,15 @@ For more details about each project, why they were chosen, and additional tips oThreat Model Labels
+ +You may find any of the following icons on some of the recommendation pages: :material-incognito: :material-target-account: :material-package-variant-closed-remove: :material-bug-outline: :material-server-network: :material-eye-outline: :material-account-cash: :material-account-search: :material-close-outline: + +We are testing a new feature that allows readers to better identify and understand the kinds of threats that privacy tools best defend against. Let us know what you think about this feature by replying to this dedicated forum [thread](https://discuss.privacyguides.net/t/implement-threat-model-labels/18659)! + +