mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2025-01-19 20:11:34 -05:00
Add more abbreviations (#1087)
Signed-off-by: Daniel Gray <dng@disroot.org>
This commit is contained in:
parent
c8bd1533d8
commit
fb8c62fc9c
@ -18,7 +18,7 @@ All these firewalls use the [Netfilter](https://en.wikipedia.org/wiki/Netfilter)
|
|||||||
|
|
||||||
If you are using Flatpak packages, you can revoke their network socket access using Flatseal and prevent those applications from accessing your network. This permission is not bypassable.
|
If you are using Flatpak packages, you can revoke their network socket access using Flatseal and prevent those applications from accessing your network. This permission is not bypassable.
|
||||||
|
|
||||||
If you are using non-classic [Snap](https://en.wikipedia.org/wiki/Snap_(package_manager)) packages on a system with proper snap confinement support (with both AppArmor and [CGroupsv1](https://en.wikipedia.org/wiki/Cgroups) present), you can use the Snap Store to revoke network permission as well. This is also not bypassable.
|
If you are using non-classic [Snap](https://en.wikipedia.org/wiki/Snap_(package_manager)) packages on a system with proper snap confinement support (with both AppArmor and [cgroups](https://en.wikipedia.org/wiki/Cgroups) v1 present), you can use the Snap Store to revoke network permission as well. This is also not bypassable.
|
||||||
|
|
||||||
## Kernel hardening
|
## Kernel hardening
|
||||||
|
|
||||||
@ -94,3 +94,5 @@ One of the problems with Secure Boot particularly on Linux is that only the [cha
|
|||||||
After setting up Secure Boot it is crucial that you set a “firmware password” (also called a “supervisor password, “BIOS password” or “UEFI password”), otherwise an adversary can simply disable Secure Boot.
|
After setting up Secure Boot it is crucial that you set a “firmware password” (also called a “supervisor password, “BIOS password” or “UEFI password”), otherwise an adversary can simply disable Secure Boot.
|
||||||
|
|
||||||
These recommendations can make you a little more resistant to [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, but they not good as a proper verified boot process such as that found on [Android](https://source.android.com/security/verifiedboot), [ChromeOS](https://support.google.com/chromebook/answer/3438631) or [Windows](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process).
|
These recommendations can make you a little more resistant to [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, but they not good as a proper verified boot process such as that found on [Android](https://source.android.com/security/verifiedboot), [ChromeOS](https://support.google.com/chromebook/answer/3438631) or [Windows](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process).
|
||||||
|
|
||||||
|
--8<-- "includes/abbreviations.en.md"
|
||||||
|
@ -74,3 +74,5 @@ For advanced users, we only recommend Arch Linux, not any of its derivatives. We
|
|||||||
## Linux-libre kernel and “Libre” distributions
|
## Linux-libre kernel and “Libre” distributions
|
||||||
|
|
||||||
We strongly recommend **against** using the Linux-libre kernel, since it [removes security mitigations](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) and [suppresses kernel warnings](https://news.ycombinator.com/item?id=29674846) about vulnerable microcode for ideological reasons.
|
We strongly recommend **against** using the Linux-libre kernel, since it [removes security mitigations](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) and [suppresses kernel warnings](https://news.ycombinator.com/item?id=29674846) about vulnerable microcode for ideological reasons.
|
||||||
|
|
||||||
|
--8<-- "includes/abbreviations.en.md"
|
||||||
|
@ -62,3 +62,5 @@ Red Hat develops [Podman](https://docs.podman.io/en/latest/) and secures it with
|
|||||||
Another option is [Kata containers](https://katacontainers.io/), where virtual machines masquerade as containers. Each Kata container has its own Linux kernel and is isolated from the host.
|
Another option is [Kata containers](https://katacontainers.io/), where virtual machines masquerade as containers. Each Kata container has its own Linux kernel and is isolated from the host.
|
||||||
|
|
||||||
These container technologies can be useful even for enthusiastic home users who may want to run certain web app software on their local area network (LAN) such as [Vaultwarden](https://github.com/dani-garcia/vaultwarden) or images provided by [linuxserver.io](https://www.linuxserver.io) to increase privacy by decreasing dependence on various web services.
|
These container technologies can be useful even for enthusiastic home users who may want to run certain web app software on their local area network (LAN) such as [Vaultwarden](https://github.com/dani-garcia/vaultwarden) or images provided by [linuxserver.io](https://www.linuxserver.io) to increase privacy by decreasing dependence on various web services.
|
||||||
|
|
||||||
|
--8<-- "includes/abbreviations.en.md"
|
||||||
|
@ -36,7 +36,7 @@ These password managers store the password database locally.
|
|||||||
|
|
||||||
!!! warning
|
!!! warning
|
||||||
|
|
||||||
KeePassXC stores its export data as [comma-separated values (CSV)](https://en.wikipedia.org/wiki/Comma-separated_values). This may mean data loss if you import this file into another password manager. We advise you check each record manually.
|
KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-separated_values) files. This may mean data loss if you import this file into another password manager. We advise you check each record manually.
|
||||||
|
|
||||||
### KeePassDX
|
### KeePassDX
|
||||||
|
|
||||||
|
@ -1,49 +1,60 @@
|
|||||||
<!-- markdownlint-disable -->
|
<!-- markdownlint-disable -->
|
||||||
|
*[2FA]: 2-Factor Authentication
|
||||||
*[AOSP]: Android Open Source Project
|
*[AOSP]: Android Open Source Project
|
||||||
*[AVB]: Android Verified Boot
|
*[AVB]: Android Verified Boot
|
||||||
*[DNS]: Domain Name System
|
*[CLI]: Command Line Interface
|
||||||
|
*[CSV]: Comma-Separated Values
|
||||||
*[DNSSEC]: Domain Name System Security Extensions
|
*[DNSSEC]: Domain Name System Security Extensions
|
||||||
|
*[DNS]: Domain Name System
|
||||||
*[DoH]: DNS over HTTPS
|
*[DoH]: DNS over HTTPS
|
||||||
*[DoT]: DNS over TLS
|
*[DoT]: DNS over TLS
|
||||||
|
*[E2EE]: End-to-End Encryption/Encrypted
|
||||||
*[ECS]: EDNS Client Subnet
|
*[ECS]: EDNS Client Subnet
|
||||||
*[Exif]: Exchangeable image file format
|
*[Exif]: Exchangeable image file format
|
||||||
*[E2EE]: End-to-End Encryption/Encrypted
|
|
||||||
*[FDE]: Full Disk Encryption
|
*[FDE]: Full Disk Encryption
|
||||||
*[FIDO]: Fast IDentity Online
|
*[FIDO]: Fast IDentity Online
|
||||||
*[GnuPG]: GNU Privacy Guard (PGP implementation)
|
|
||||||
*[GPG]: GNU Privacy Guard (PGP implementation)
|
*[GPG]: GNU Privacy Guard (PGP implementation)
|
||||||
*[GPS]: Global Positioning System
|
*[GPS]: Global Positioning System
|
||||||
*[HTTP]: Hypertext Transfer Protocol
|
*[GUI]: Graphical User Interface
|
||||||
|
*[GnuPG]: GNU Privacy Guard (PGP implementation)
|
||||||
|
*[HOTP]: HMAC (Hash-based Message Authentication Code) based One-Time Password
|
||||||
*[HTTPS]: Hypertext Transfer Protocol Secure
|
*[HTTPS]: Hypertext Transfer Protocol Secure
|
||||||
|
*[HTTP]: Hypertext Transfer Protocol
|
||||||
|
*[I2P]: Invisible Internet Project
|
||||||
*[IMAP]: Internet Message Access Protocol
|
*[IMAP]: Internet Message Access Protocol
|
||||||
*[IP]: Internet Protocol
|
*[IP]: Internet Protocol
|
||||||
|
*[IPv4]: Internet Protocol version 4
|
||||||
|
*[IPv6]: Internet Protocol version 6
|
||||||
*[ISP]: Internet Service Provider
|
*[ISP]: Internet Service Provider
|
||||||
*[ISPs]: Internet Service Providers
|
*[ISPs]: Internet Service Providers
|
||||||
*[I2P]: Invisible Internet Project
|
|
||||||
*[LUKS]: Linux Unified Key Setup (Full-Disk Encryption)
|
*[LUKS]: Linux Unified Key Setup (Full-Disk Encryption)
|
||||||
|
*[MAC]: Media Access Control
|
||||||
*[MFA]: Multi-Factor Authentication
|
*[MFA]: Multi-Factor Authentication
|
||||||
*[OCSP]: Online Certificate Status Protocol
|
*[OCSP]: Online Certificate Status Protocol
|
||||||
*[OEM]: Original Equipment Manufacturer
|
*[OEM]: Original Equipment Manufacturer
|
||||||
*[OEMs]: Original Equipment Manufacturers
|
*[OEMs]: Original Equipment Manufacturers
|
||||||
*[OpenPGP]: Open-source implementation of Pretty Good Privacy (PGP)
|
|
||||||
*[OS]: Operating System
|
*[OS]: Operating System
|
||||||
*[OTP]: One-Time Password
|
*[OTP]: One-Time Password
|
||||||
*[OTPs]: One-Time Passwords
|
*[OTPs]: One-Time Passwords
|
||||||
*[PGP]: Pretty Good Privacy (see OpenPGP)
|
*[OpenPGP]: Open-source implementation of Pretty Good Privacy (PGP)
|
||||||
*[P2P]: Peer-to-Peer
|
*[P2P]: Peer-to-Peer
|
||||||
|
*[PGP]: Pretty Good Privacy (see OpenPGP)
|
||||||
*[QNAME]: Qualified Name
|
*[QNAME]: Qualified Name
|
||||||
*[SaaS]: Software as a Service (cloud software)
|
*[RSS]: Really Simple Syndication
|
||||||
*[SELinux]: Security-Enhanced Linux
|
*[SELinux]: Security-Enhanced Linux
|
||||||
*[SMS]: Short Message Service (standard text messaging)
|
*[SMS]: Short Message Service (standard text messaging)
|
||||||
*[SMTP]: Simple Mail Transfer Protocol
|
*[SMTP]: Simple Mail Transfer Protocol
|
||||||
*[SNI]: Server Name Indication
|
*[SNI]: Server Name Indication
|
||||||
|
*[SSH]: Secure Shell
|
||||||
|
*[SaaS]: Software as a Service (cloud software)
|
||||||
*[TCP]: Transmission Control Protocol
|
*[TCP]: Transmission Control Protocol
|
||||||
*[TEE]: Trusted Execution Environment
|
*[TEE]: Trusted Execution Environment
|
||||||
*[TLS]: Transport Layer Security
|
*[TLS]: Transport Layer Security
|
||||||
*[TOTP]: Time-based One-Time Password
|
*[TOTP]: Time-based One-Time Password
|
||||||
*[UDP]: User Datagram Protocol
|
|
||||||
*[U2F]: Universal 2nd Factor
|
*[U2F]: Universal 2nd Factor
|
||||||
*[VoIP]: Voice over IP (Internet Protocol)
|
*[UDP]: User Datagram Protocol
|
||||||
*[VPN]: Virtual Private Network
|
*[VPN]: Virtual Private Network
|
||||||
|
*[VoIP]: Voice over IP (Internet Protocol)
|
||||||
*[W3C]: World Wide Web Consortium
|
*[W3C]: World Wide Web Consortium
|
||||||
*[2FA]: 2-Factor Authentication
|
*[XMPP]: Extensible Messaging and Presence Protocol
|
||||||
|
*[cgroups]: Control Groups
|
||||||
|
Loading…
Reference in New Issue
Block a user