Merge branch 'master' of github.com:Lissy93/personal-security-checklist into gh-pages

4_Privacy_And_Security_Links.md

@@ -7,7 +7,7 @@
 
 - **Information and Guides**
   - [Getting Started Guides](#getting-started-guides)
-  - [How-To Guides](#how-to-guides)
+  - [Specific How-To Guides](#how-to-guides)
   - [Notable Articles](#notable-articles)
   - [Blogs](#blogs)
 - **Media**
@@ -22,7 +22,6 @@
 - **Organisations**
   - [Foundations](#foundations)
   - [Government Organisations](#government-organisations)
-  - [Cybercrime](#cybercrime)
 - **Research**
   - [Data and API's](#data-and-apis)
   - [Academic Journals](#academic-journals)
@@ -39,30 +38,44 @@
 - [PrismBreak](https://prism-break.org/en/all) - Secure app alternatives
 - [The VERGE guide to privacy](https://bit.ly/2ptl4Wm) - Guides for securing mobile, web and home tech
 - [Email Self-Defense](https://emailselfdefense.fsf.org) - Complete guide to secure email
-- [TwoFactorAuth.org](https://twofactorauth.org) - Check which websites support 2FA
 - [Security Planner](https://securityplanner.org) - Great advise for beginners
 - [My Shaddow](https://myshadow.org) - Resources and guides, to help you take controll of your data
-
+- [TwoFactorAuth.org](https://twofactorauth.org) - A direcory of websites, apps and services supporting 2FA
+- [Just Delete Me](https://justdeleteme.xyz) - A directory of direct links to delete your account from web services
 
 
 ## How-To Guides
 
-- Complete guide to configureing Firefox for Privacy + Speed: via [12bytes](https://12bytes.org/7750)
-- Overview of projects working on next-generation secure email: via [OpenTechFund](https://github.com/OpenTechFund/secure-email)
-- ISP and DNS privacy tips: via [bluz71](https://bluz71.github.io/2018/06/20/digital-privacy-tips.html)
-- Layers of Personal Tech Security: via [The Wire Cutter](https://thewirecutter.com/blog/internet-security-layers)
-- Improving security on iPhone: via [lifehacker](https://lifehacker.com/the-privacy-enthusiasts-guide-to-using-an-iphone-1792386831)
-- Protect against SIM-swap scam: via [wired](https://www.wired.com/story/sim-swap-attack-defend-phone)
-- Is your Anti-Virus spying on you: via [Restore Privacy](https://restoreprivacy.com/antivirus-privacy)
-- How to use Vera Crypt: via [howtogeek](https://www.howtogeek.com/108501/the-how-to-geek-guide-to-getting-started-with-truecrypt)
-- How to enable DNS over HTTPS: via [geekwire](https://geekwire.co.uk/privacy-and-security-focused-dns-resolver)
-- How to resolve DNS leak issue: via [DNSLeakTest](https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html) 
-- Windows data sending: via [The Hacker News](https://thehackernews.com/2016/02/microsoft-windows10-privacy.html)
-- How to spot a phishing attack: via [EFF](https://ssd.eff.org/en/module/how-avoid-phishing-attacks)
+- **Threat Protection**
+  - Protect against SIM-swap scam: via [wired](https://www.wired.com/story/sim-swap-attack-defend-phone)
+  - How to spot a phishing attack: via [EFF](https://ssd.eff.org/en/module/how-avoid-phishing-attacks)
+  - Protection from Identity Theft: via [Restore Privacy](https://restoreprivacy.com/identity-theft-fraud)
+- **Netowkring**
+  - How to enable DNS over HTTPS: via [geekwire](https://geekwire.co.uk/privacy-and-security-focused-dns-resolver)
+  - How to resolve DNS leak issue: via [DNSLeakTest](https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html) 
+  - Protect against WebRTC Leaks: via [Restore Privacy](https://restoreprivacy.com/webrtc-leaks)
+  - ISP and DNS privacy tips: via [bluz71](https://bluz71.github.io/2018/06/20/digital-privacy-tips.html)
+  - Complete guide to configureing Firefox for Privacy + Speed: via [12bytes](https://12bytes.org/7750)
+  - Beginners guide on getting started with Tor: via [ProPrivacy](https://proprivacy.com/privacy-service/guides/ultimate-tor-browser-guide)
+  - Beginners guide to I2P: via [The Tin Hat](https://thetinhat.com/tutorials/darknets/i2p.html)
+  - How to Use a VPN and Tor together: via [ProPrivacy](https://proprivacy.com/vpn/guides/using-vpn-tor-together)
+- **Communication**
+   - Configure your email client securly, from scratch - via [FSF](https://emailselfdefense.fsf.org)
+  - Overview of projects working on next-generation secure email: via [OpenTechFund](https://github.com/OpenTechFund/secure-email)
+- **Devices**
+  - Layers of Personal Tech Security: via [The Wire Cutter](https://thewirecutter.com/blog/internet-security-layers)
+  - Improving security on iPhone: via [lifehacker](https://lifehacker.com/the-privacy-enthusiasts-guide-to-using-an-iphone-1792386831)
+- **Software**
+  - How to use Vera Crypt: via [howtogeek](https://www.howtogeek.com/108501/the-how-to-geek-guide-to-getting-started-with-truecrypt)
 
 ## Notable Articles
 
-- Turns Out Police Stingray Spy Tools Can Indeed Record Calls: Article on [Wired](https://www.wired.com/2015/10/stingray-government-spy-tools-can-record-calls-new-documents-confirm)
+- Twelve Million Phones, One Dataset, Zero Privacy: via [NY Times](https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html)
+- Windows data sending: via [The Hacker News](https://thehackernews.com/2016/02/microsoft-windows10-privacy.html)
+- Is your Anti-Virus spying on you: via [Restore Privacy](https://restoreprivacy.com/antivirus-privacy)
+- What does your car know about you?: via [Washington Post](https://www.washingtonpost.com/technology/2019/12/17/what-does-your-car-know-about-you-we-hacked-chevy-find-out)
+- Turns Out Police Stingray Spy Tools Can Indeed Record Calls: via [Wired](https://www.wired.com/2015/10/stingray-government-spy-tools-can-record-calls-new-documents-confirm)
+- UK Police Accessing Private Phone Data Without Warrant: via [Restore Privacy](https://restoreprivacy.com/uk-police-accessing-phone-data)
 
 ## Blogs
 - [Spread Privacy](https://spreadprivacy.com) - Raising the standard of trust online, by DuckDuckGo
@@ -76,24 +89,52 @@
 - [OONI](https://ooni.org/post), Internet freedom and analysis on blocked sites
 - [Pixel Privacy](https://pixelprivacy.com/resources) - Online privacy guides
 - [The Privacy Project](https://www.nytimes.com/interactive/2019/opinion/internet-privacy-project.html) - Articles and reporting on Privacy, by the NYT
+- [The Tin Hat](https://thetinhat.com) - Tutorials and Articles for Online Privacy
+- [FOSS Bytes- Cyber Security](https://fossbytes.com/category/security) - News about the latest exploits and hacks
 
 
 
 ## Books
-- [Permanent Record](https://amzn.to/30wxxXi) (by Edward Snowden)
-- [Sandworm](https://amzn.to/2FVByeJ) (by Andy Greenberg)
+- [Permanent Record](https://amzn.to/30wxxXi) by Edward Snowden
+- [Sandworm](https://amzn.to/2FVByeJ) by Andy Greenberg
 
 
 ## Podcasts
-- [Darknet Diaries] (by Jack Rhysider): Stories from the dark sides of the internet. Listen on [Stitcher][da-stitch]
-- [CYBER] (by Motherboard, Vice): News and analysis about the latest cyber threats. Listen on [Stitcher][cy-stitch]
+- [Darknet Diaries] by Jack Rhysider: Stories from the dark sides of the internet. Listen on [Stitcher][da-stitch]
+  - Listen on [Stitcher][da-stitch], [iTunes][da-itunes], [Spotify][da-spotify], [PocketCasts][cy-pocketcasts]
+- [CYBER] by Motherboard: News and analysis about the latest cyber threats
+  - Listen on [Stitcher][cy-stitch], [SoundCloud][cy-soundcloud], [iTunes][cy-itunes], [Spotify][cy-spotify], [PocketCasts][cy-pocketcasts]
+- [The Privacy, Security, & OSINT Show] by Michael Bazzell: Comprehensive guides on Privacy and OSINT
+  - Listen on [Stitcher][tp-stitcher], [SoundCloud][tp-soundcloud], [iTunes][tp-itunes], [Spotify][tp-spofify], [PocketCasts][tp-pocketcasts]
+- [Smashing Security] by Graham Cluley and Carole Theriault: Casual, opinionated and humerous chat about current cybersecurity news
+  - Listen on [Stitcher][sm-stitcher], [iTunes][sm-itunes], [Spotify][sm-spofify], [PocketCasts][sm-pocketcasts]
+
 
 [Darknet Diaries]: https://darknetdiaries.com
 [da-stitch]: https://www.stitcher.com/podcast/darknet-diaries
+[da-itunes]: https://podcasts.apple.com/us/podcast/darknet-diaries/id1296350485
+[da-spotify]: https://open.spotify.com/show/4XPl3uEEL9hvqMkoZrzbx5
+[da-pocketcasts]: https://pca.st/darknetdiaries
 
 [CYBER]: https://www.vice.com/en_us/article/59vpnx/introducing-cyber-a-hacking-podcast-by-motherboard
 [cy-stitch]: https://www.stitcher.com/podcast/vice-2/cyber
+[cy-soundcloud]: https://soundcloud.com/motherboard
+[cy-itunes]: https://podcasts.apple.com/us/podcast/cyber/id1441708044
+[cy-spotify]: https://open.spotify.com/show/3smcGJaAF6F7sioqFDQjzn
+[cy-pocketcasts]: https://pca.st/z7m3
 
+[The Privacy, Security, & OSINT Show]: https://inteltechniques.com/podcast.html
+[tp-stitcher]: https://www.stitcher.com/podcast/michael-bazzell/the-complete-privacy-security-podcast
+[tp-soundcloud]: https://soundcloud.com/user-98066669
+[tp-itunes]: https://podcasts.apple.com/us/podcast/complete-privacy-security/id1165843330
+[tp-spofify]: https://open.spotify.com/show/6QPWpZJ6bRTdbkI7GgLHBM
+[tp-pocketcasts]: https://pca.st/zdIq
+
+[Smashing Security]: https://www.smashingsecurity.com
+[sm-stitcher]: https://www.stitcher.com/podcast/smashing-security
+[sm-itunes]: https://podcasts.apple.com/gb/podcast/smashing-security/id1195001633
+[sm-spofify]: https://open.spotify.com/show/3J7pBxEu43nCnRTSXaan8S
+[sm-pocketcasts]: https://pca.st/47UH
 
 ## Videos
 - **General**
@@ -101,12 +142,15 @@
   - [The Power of Privacy](https://youtu.be/KGX-c5BJNFk) by The Guardian
   - [Why Privacy matters, even if you have nothing to hide](https://youtu.be/Hjspu7QV7O0) by The Hated One
 - **TED Talks**
+  - [How Online Trackers Track You, and What To Do About It](https://youtu.be/jVeqAemtC6w) by Luke Crouch
   - [Why you should switch off your home WiFi](https://youtu.be/2GpNhYy2l08) by Bram Bonné
   - [Why Privacy Matters](https://www.ted.com/talks/glenn_greenwald_why_privacy_matters), by Glenn Greenwald
   - [Fighting viruses, defending the net](https://www.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net), by Mikko Hypponen
   - [The 1s and 0s behind cyber warfare](https://www.ted.com/talks/chris_domas_the_1s_and_0s_behind_cyber_warfare), by Chris Domas
   - [State Sanctioned Hacking - The Elephant in the Room](https://youtu.be/z-A2MxHmnU4) - Historic, economic and demographic overview of the growing threat to the U.S. from Chinese cyber invasions, by Frank Heidt
   - [How the IoT is Making Cybercrime Investigation Easier](https://youtu.be/9CemONO6vrY) - How our data is changing the nature of "evidence" in digital forensics, by Jonathan Rajewski
+  - [Online Privacy Doesn't Exist](https://youtu.be/LgWrD3EJ1Do) - The unexpected dangers our digital breadcrumbs can lead to, by Denelle Dixon
+  - [Data is the new gold, who are the new thieves?](https://youtu.be/XNF-rGiGb50) - Introduction and demonstration of the power of data, by Tijmen Schep
 - **Conferences**
   - [DEF CON 27](https://www.youtube.com/playlist?list=PL9fPq3eQfaaA4qJEQQyXDYtTIfxCNA0wB) - Collection of talks from DEF CON 2019, Vegas
   - [RSA Conference](https://www.youtube.com/user/RSAConference) - Collection of security talks from the RSA conferences
@@ -127,7 +171,7 @@ See also: [awesome-sec-talks](https://github.com/PaulSec/awesome-sec-talks) by @
 - [VirusTotal](https://www.virustotal.com) - Analyse a suspicious web resource for malware
 - [ScamAdviser](https://www.scamadviser.com) - Check if a website is a scam, before buying from it
 - [Deseat Me](https://www.deseat.me) - Clean up your online presence
-- [33Mail](http://33mail.com/Dg0gkEA) or [Anonaddy](https://anonaddy.com) Avoid revealing your real email address, by auto-generating aliases for each accound
+- [33Mail](http://33mail.com/Dg0gkEA) or [Anonaddy](https://anonaddy.com) or [SimpleLogin](https://simplelogin.io?slref=bridsqrgvrnavso) Protect your email address, by auto-generating unique permant aliases for each account, so all emails land in your primary inbox
 - [Panopticlick](https://panopticlick.eff.org) - Check if, and how your browser is tracking  you
 - [Disroot](https://disroot.org) - A suit of online tools, with online freedom in mind
 - [Blocked by ORG](https://www.blocked.org.uk) - Check if your website is blocked by certain ISPs
@@ -175,13 +219,72 @@ This section has moved to [here](https://github.com/Lissy93/personal-security-ch
 
 
 ## Government Organisations
-- [UK National Cyber Security Center](https://www.ncsc.gov.uk)
-- [US Cybersecurity - NIST](https://www.nist.gov/topics/cybersecurity)
 
-
-## Cybercrime
-- [Consumer Fraud Reporting](http://consumerfraudreporting.org) - US's Catalogue of online scams currently circulating, and a means to report cases
-- [Action Fraud](https://www.actionfraud.police.uk) - UK’s national reporting centre for fraud and cyber crime
+- **Citizen/ Small business Advice and Infrormation**
+  - [UK National Cyber Security Center](https://www.ncsc.gov.uk)
+  - [US Cybersecurity - NIST](https://www.nist.gov/topics/cybersecurity)
+  - [Stay Safe Online](https://staysafeonline.org) - US government-backed project, aimed to inform and educate individuals and small businesses about basic digital security
+- **Cybercrime**
+    - [Consumer Fraud Reporting](http://consumerfraudreporting.org) - US's Catalogue of online scams currently circulating, and a means to report cases
+    - [Action Fraud](https://www.actionfraud.police.uk) - UK’s national reporting centre for fraud and cyber crime
+- **CERT** - Your local jurisdiction will likely have a Computer emergency response team (historically known as CERT). Who is in charge of handline handles domestic and international computer security incidents.
+	- Australia - [auscert.org.au](https://www.auscert.org.au)
+	- Austria - [cert.at](https://www.cert.at)
+	- Bangladesh - [cirt.gov.bd](https://www.cirt.gov.bd)
+	- Bolivia - [cgii.gob.bo](https://cgii.gob.bo)
+	- Brazil - [cert.br](https://www.cert.br)
+	- Canada - [cyber.gc.ca](https://cyber.gc.ca/en/about-cyber-centre)
+	- China - [cert.org.cn](https://www.cert.org.cn)
+	- Columbia - [colcert.gov.co](http://www.colcert.gov.co)
+	- Croatia - [carnet.hr](https://www.carnet.hr)
+	- Czech Republic - [csirt.cz](https://csirt.cz)
+	- Denmark - [cert.dk](https://www.cert.dk)
+	- Ecuador - [ecucert.gob.ec](https://www.ecucert.gob.ec)
+	- Egypt - [egcert.eg](https://www.egcert.eg)
+	- Estonia - [ria.ee / CERT-EE](https://ria.ee/en/cyber-security/cert-ee.html)
+	- Finland - [kyberturvallisuuskeskus.fi](https://www.kyberturvallisuuskeskus.fi/en/homepage)
+	- France - [cert.ssi.gouv.fr](https://www.cert.ssi.gouv.fr) 
+	- Germany - [cert-bund.de](https://www.cert-bund.de)
+	- Ghana - [nca-cert.org.gh](https://nca-cert.org.gh)
+	- Hong Kong - [hkcert.org](https://www.hkcert.org)
+	- Iceland - [cert.is](https://www.cert.is)
+	- India - [CERT-IN](https://www.cert-in.org.in)
+	- Indonesia - [idsirtii.or.id](https://idsirtii.or.id)
+	- Iran - [cert.ir](https://cert.ir)
+	- Italy - [cert-pa.it](https://www.cert-pa.it)
+	- Japan - [JPCERT](https://www.jpcert.or.jp)
+	- Kyrgyzstan - [cert.gov.kg](http://cert.gov.kg)
+	- Luxembourg - [circl.lu](https://circl.lu)
+	- Macau - [mocert.org](www.mocert.org)
+	- Malaysia - [mycert.org.my](http://www.mycert.org.my)
+	- Morocco - [educert.ma](http://www.educert.ma)
+	- Netherlands - [ncsc.nl](https://www.ncsc.nl)
+	- New Zealand - [cert.govt.nz](https://www.cert.govt.nz)
+	- Nigeria - [cert.gov.ng](https://cert.gov.ng)
+	- Norway - [norcert](https://www.nsm.stat.no/norcert)
+	- Pakistan - [pakcert.org](http://www.pakcert.org)
+	- Papua New Guinea - [pngcert.org.pg](https://www.pngcert.org.pg)
+	- Philippines - [cspcert.ph](https://cspcert.ph)
+	- Poland - [cert.pl](https://www.cert.pl)
+	- Portugal - [cncs.gov.pt/certpt](https://www.cncs.gov.pt/certpt)
+	- Qatar - [qcert.org](https://qcert.org)
+	- Rep of Ireland - [ncsc.gov.ie](https://www.ncsc.gov.ie)
+	- Romania - [cert.ro](https://www.cert.ro)
+	- Russia - [gov-cert.ru](http://www.gov-cert.ru) / [cert.ru](https://www.cert.ru)
+	- Singapore - [csa.gov.sg/singcert](https://www.csa.gov.sg/singcert)
+	- Slovenia - [sk-cert.sk](https://www.sk-cert.sk)
+	- South Korea - [krcert.or.kr](https://www.krcert.or.kr)
+	- Spain - [incibe.es](https://www.incibe.es)
+	- Sri Lanka - [cert.gov.lk](https://www.cert.gov.lk)
+	- Sweden - [cert.se](https://www.cert.se)
+	- Switzerland - [govcert.ch](https://www.govcert.ch)
+	- Taiwan - [twcert.org.tw](https://www.twcert.org.tw)
+	- Thailand - [thaicert.or.th](https://www.thaicert.or.th)
+	- Tonga  [cert.to](https://www.cert.to)
+	- Ukraine - [cert.gov.ua](https://cert.gov.ua)
+	- UAE - [tra.gov.ae/aecert](https://www.tra.gov.ae/aecert)
+	- United Kingdom - [ncsc.gov.uk](https://www.ncsc.gov.uk)
+	- United States - [us-cert.gov](https://www.us-cert.gov)
 
 
 ## Data and API's
@@ -191,7 +294,7 @@ This section has moved to [here](https://github.com/Lissy93/personal-security-ch
 - [URLScan](https://urlscan.io) - Service scanning for malisious domains
 - [Dehashed](https://www.dehashed.com/breach) - Data Breaches and Credentials
 - [VirusTotal](https://developers.virustotal.com/v3.0/reference) - Detailed virus scans of software
-- Hosts to block: https://someonewhocares.org/hosts/ and https://github.com/StevenBlack/hosts
+- Hosts to block: [someonewhocares/ hosts](https://someonewhocares.org/hosts) and [StevenBlack/ hosts](https://github.com/StevenBlack/hosts)
 
 
 ## Academic Journals

5_Privacy_Respecting_Software.md

@@ -42,7 +42,7 @@ Be aware that no software is perfect- there will always be bugs and vulnerabilit
   - [Proxies](#proxies)
   - [DNS Providers](#dns)
   - [Firewalls](#firewalls)
-  - [Firewall Analysis](#firewall-analysis)
+  - [Network Analysis](#network-analysis)
   - [Cloud Hosting](#cloud-hosting)
   - [Domain Registrars](#domain-registrars)
 - **Productivity**
@@ -109,7 +109,11 @@ If you are using a deprecated PM, you should migrate to something actively maint
 
 *Check which websites support multi-factor authentication: [twofactorauth.org](https://twofactorauth.org)*
 
-**Note:** Don't use your password manager to also store your 2-FA tokens- use a separate application.
+#### Notable Mentions
+
+[WinAuth](https://winauth.github.io/winauth) *(Windows)*, [mattrubin - authenticator](https://mattrubin.me/authenticator) *(iOS)*, [Authenticator by World](https://gitlab.gnome.org/World/Authenticator) *(GNOME, Linux)*, [OTPClient](https://github.com/paolostivanin/OTPClient) *(Linux)*, [gauth](https://github.com/gbraad/gauth) *(Self-Hosted, Web-based)*
+
+For KeePass users, [TrayTop](https://keepass.info/plugins.html#traytotp) is a plugin for managing TOTP's-  offline and compatible with Windows, Mac and Linux.
 
 **See also** [2FA Security Checklist](/README.md#2-factor-authentication)
 
@@ -131,8 +135,9 @@ Without using a secure app for instant messaging, all your conversations, meta d
 | Provider | Description |
 | --- | --- |
 **[Signal](https://signal.org/)** | Probably one of the most popular, secure private messaging apps that combines strong encryption (see [Signal Protocol](https://en.wikipedia.org/wiki/Signal_Protocol)) with a simple UI and plenty of features. It's widely used across the world, and easy-to-use, functioning similar to WhatsApp - with instant messaging, read-receipts, support for media attachments and allows for high-quality voice and video calls. It's cross-platform, open-source and totally free. Signal is [recommended](https://twitter.com/Snowden/status/661313394906161152) by Edward Snowden, and is a perfect solution for most users
-**[KeyBase](keybase.io/inv/6d7deedbc1)** | KeyBase allows encrypted real-time chat, group chats, and public and private file sharing. It also lets you cryptographically sign messages, and prove your ownership to other social identities (Twitter, Reddit, GitHub, etc), and send or receive Stella or BitCoin to other users. It's slightly more complex to use than Signal, but has some great cryptography features, and is good for group chats
+**[Session](https://getsession.org)** | Session is a fork of Signal, however unlike Signal it does not require a mobile number (or any other personal data) to register, instead each user is identified by a public key. It is also decentralized, with servers being run by the community though [Loki Net](https://loki.network), messages are encrypted and routed through several of these nodes. All communications are E2E encrypted, and there is no meta data.
 **[Silence](https://silence.im/)** | If you're restricted to only sending SMS/MMS, then Silence makes it easy to encrypt messages between 2 devices. This is important since traditional text messaging is inherently insecure. It's easy-to-use, reliable and secure- but has fallen in popularity, now that internet-based messaging is often faster and more flexible
+**[KeyBase](keybase.io/inv/6d7deedbc1)** | KeyBase allows encrypted real-time chat, group chats, and public and private file sharing. It also lets you cryptographically sign messages, and prove your ownership to other social identities (Twitter, Reddit, GitHub, etc), and send or receive Stella or BitCoin to other users. It's slightly more complex to use than Signal, but it's features extend much further than just a messaging app. Keybase core is built upon some great cryptography features, and it is an excellant choice for managing public keys, signing messages and for group chats.
 **[OpenPGP](https://www.openpgp.org/)** |  Provides cryptographic privacy and authentication, PGP is used to encrypt messages sent over existing chat networks (such as email or message boards). Slightly harder to use (than IM apps), slower, but still widely used. Using [GnuPG](https://gnupg.org/download/index.html), encrypts messages following the OpenPGP standard, defined by the IETF, proposed in [RFC 4880](https://tools.ietf.org/html/rfc4880) (originally derived from the PGP software, created by Phil Zimmermann, now owned by [Symantec](https://www.symantec.com/products/encryption)). **Note**  there have been vulnerabilities found in the OpenPGP and S/MIME, defined in [EFAIL](https://efail.de/), so although it still considered secure for general purpose use, it may be better to use an encrypted messaging or email app instead- especially for sensitive communications.
 
 #### Other Notable Mentions
@@ -147,9 +152,9 @@ With [Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer) networks, there
 
 | Provider | Description |
 | --- | --- |
+**[Matrix](https://matrix.org)** + **[Riot](https://about.riot.im)** client | Matrix is a decentralized open network for secure communications, with E2E encryption with Olm and Megolm. Along with the Riot client, it supports VOIP + video calling and IM + group chats. Since Matrix has an open specification and Simple pragmatic RESTful HTTP/JSON API it makes it easy to integrates with existing 3rd party IDs to authenticate and discover users, as well as to build apps on top of it.
 **[Session](https://getsession.org)** + **[LokiNet](https://loki.network)** client | Loki is an open source set of tools that allow users to transact and communicate anonymously and privately, through a decentralised, encrypted, onion-based network. Session is a desktop and mobile app that uses these private routing protocols to secure messages, media and metadata.
 **[Briar](https://briarproject.org)** | Tor-based Android app for P2P encrypted messaging and forums. Where content is stored securely on your device (not in the cloud). It also allows you to connect directly with nearby contacts, without internet access (using Bluetooth or WiFi).
-**[Matrix](https://matrix.org)** + **[Riot](https://about.riot.im)** client | Matrix is a decentralized open network for secure communications, with E2E encryption with Olm and Megolm. Along with the Riot client, it supports VOIP + video calling and IM + group chats. Since Matrix has an open specification and Simple pragmatic RESTful HTTP/JSON API it makes it easy to integrates with existing 3rd party IDs to authenticate and discover users, as well as to build apps on top of it.
 **[Riochet](https://ricochet.im)** | Desktop instant messenger, that uses the Tor network to rendezvous with your contacts without revealing your identity, location/ IP or meta data. There are no servers to monitor, censor, or hack so Ricochet is secure, automatic and easy to use.
 **[Jami](https://jami.net)** | P2P encrypted chat network with cross-platform GNU client apps. Jami supports audio and video calls, screen sharing, conference hosting and instant messaging.
 **[Tox](https://tox.chat)** + **[qTox](https://qtox.github.io)** client | Open source, encrypted, distributed chat network, with clients for desktop and mobile- see [supported clients](https://tox.chat/clients.html). Clearly documented code and multiple language bindings make it easy for developers to integrate with Tox.
@@ -160,9 +165,9 @@ With [Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer) networks, there
 
 ## Encrypted Email
 
-Email, is not secure- your messages can be easily intercepted and read. Corporations scan the content of your mail, to build up a profile of you, either to show you targeted ads or to sell onto third-parties. Through the [Prism Program](https://en.wikipedia.org/wiki/PRISM_(surveillance_program)), the government also has full access to your emails not end-to-end encrypted. This applies to Gmail, Outlook Mail, Yahoo Mail, GMX, ZoHo, iCloud, AOL and more.
+Email is not secure- your messages can be easily intercepted and read. Corporations scan the content of your mail, to build up a profile of you, either to show you targeted ads or to sell onto third-parties. Through the [Prism Program](https://en.wikipedia.org/wiki/PRISM_(surveillance_program)), the government also has full access to your emails (if not end-to-end encrypted) - this applies to Gmail, Outlook Mail, Yahoo Mail, GMX, ZoHo, iCloud, AOL and more.
 
-The below email providers are private, end-to-end encrypted (E2EE) and safe.
+The below email providers are private, end-to-end encrypted (E2EE) and reasonably secure. This should be used in conjunction with [good email practices](/README.md#emails)
 
 | Provider | Description |
 | --- | --- |
@@ -176,20 +181,22 @@ See [OpenTechFund- Secure Email](https://github.com/OpenTechFund/secure-email) f
 #### Other Notable Mentions
 [HushMail](https://www.hushmail.com/tapfiliate/?tap_a=44784-d2adc0&tap_s=724845-260ce4&program=hushmail-for-small-business), [StartMail](https://www.startmail.com), [Kolab Now](https://kolabnow.com), [Posteo](https://posteo.de), and [Disroot](https://disroot.org/en)
 
-#### Alias Services
+### Alias Services
 Revealing your real email address online can put you at risk. Email aliasing allows messages to be sent to [anything]@my-domain.com and still land in your primary inbox. This protects your real email address from being revealed. Aliases are generated automatically, the first time they are used. This approach lets you identify which provider leaked your email address, and block an alias with 1-click.
 
 - **[Anonaddy](https://anonaddy.com)** - An open source anonymous email forwarding service, allowing you to create unlimited email aliases. Has a free plan.
 - **[33Mail](http://33mail.com/Dg0gkEA)** - A long-standing aliasing service. As well as receiving, 33Mail also lets you reply to forwarded addresses anonymously. Free plan, as well as Premium plan ($1/ month) if you'd like to use a custom domain 
-- **[ProtonMail](https://protonmail.com/pricing) Visionary** - If you already have ProtonMail's Visionary package, then an implementation of this feature is available. However not the most price-effective, and does not include dashboard
+- **[SimpleLogin](https://simplelogin.io?slref=bridsqrgvrnavso)** - Fully open source (view on [GitHub](https://github.com/simple-login)) allias service with many additional features. Can be self-hosted, or the managed version has a free plan, as well as hosted premium option ($2.99/ month) for using custom domains
+- **[ProtonMail](https://protonmail.com/pricing) Visionary** - If you already have ProtonMail's Visionary package, then an implementation of this feature is available. Very secure, however not the most price-effective (€30/month), and does not include dashboard
+- **[ForwardEmail](https://forwardemail.net)** - Simple open source catch-all email forwarding service. Easy to self-host (see on [GitHub](https://github.com/forwardemail/free-email-forwarding)), or the hosted version has a free plan as well as a ($3/month) premium plan
 
-Alternatively you could host your own service
+Alternatively you could host your own catch-all email service. [Mailu](https://github.com/Mailu/Mailu) can be configured to accept wildcards, or for Microsoft Exchange see [exchange-catchall](https://github.com/Pro/exchange-catchall)
 
 
-#### Self-Hosted Email
+### Self-Hosted Email
 If you do not want to trust an email provider with your messages, you can host your own mail server. Without experience, this can be notoriously hard to correctly configure, especially when it comes to security. You may also find that cost, performance and features make it a less attractive option. If you do decide to go down this route, [Mail-in-a-box](https://mailinabox.email/), is an easy to deploy, open source mail server. It aims to promote decentralization, innovation, and privacy on the web, as well as have automated, auditable, and idempotent system configuration. Other ready-to-go self-hosted mail options include [Mailu](https://mailu.io/1.7/) and [Mail Cow](https://mailcow.email/), both of which are docker containers.
 
-#### Mail Clients
+### Mail Clients
 Email clients are the programs used to interact with the mail server. For hosted email, then the web and mobile clients provided by your email service are usually adequate, and may be the most secure option. For self-hosted email, you will need to install and configure mail clients for web, desktop or mobile.
 
 - **Desktop** - [Mozilla Thunderbird](https://www.thunderbird.net) is an open source, highly customizable, secure and private desktop email client, for Windows, macOS, and Linux. If you are using ProtonMail, then you can use the [ProtonMail Bridge](https://protonmail.com/bridge/thunderbird), to sync your emails to either Thunderbird or Microsoft Outlook. In terms of security, the disadvantage, is that most desktop clients do not support 2FA, so it is important to keep your computer secured, however they are not vulnerable to the common browser attacks, that a web client would be. 
@@ -239,10 +246,15 @@ The following browser add-ons give you better control over what content is able
 **[uBlock Origin](https://github.com/gorhill/uBlock)** | Block ads, trackers and malware sites. **Download**: [Chrome][ublock-chrome] \ [Firefox][ublock-firefox]
 **[ScriptSafe](https://github.com/andryou/scriptsafe)** | Allows you yo block the execution of certain scripts. **Download**: [Chrome][script-safe-chrome] \ [Firefox][script-safe-firefox]
 **[WebRTC-Leak-Prevent](https://github.com/aghorler/WebRTC-Leak-Prevent)** | Provides user control over WebRTC privacy settings in Chromium, in order to prevent WebRTC leaks. **Download**: [Chrome][web-rtc-chrome]. For Firefox users, you can do this through [browser settings](https://www.privacytools.io/browsers/#webrtc). Test for WebRTC leaks, with [browserleaks.com/webrtc](https://browserleaks.com/webrtc)
+**[Decentraleyes](https://decentraleyes.org)** | Prevents requests for common scripts hosted on 3rd-party CDNs, by serving local versions instead. Protects privacy by evading tracking imposed by large delivery networks, and will also improve page load times. Works out-of-the-box and plays nicely with regular content blockers. **Download**: [Chrome][decentraleyes-chrome] \ [Firefox][decentraleyes-firefox] \ [Opera][decentraleyes-opera] \ [Pale Moon][decentraleyes-pale-moon] \ [Source][decentraleyes-source]
 **[Vanilla Cookie Manager](https://github.com/laktak/vanilla-chrome)** | A Whitelist Manager that helps protect your privacy, through automatically removing unwanted cookies. **Download**: [Chrome][vanilla-cookie-chrome]
 **[Privacy Essentials](https://duckduckgo.com/app)** | Simple extension by DuckDuckGo, which grades the security of each site. **Download**: [Chrome][privacy-essentials-chrome] \ [Firefox][privacy-essentials-firefox]
 **[Firefox Multi-Account Containers](https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/)** | Firefox Multi-Account Containers lets you keep parts of your online life separated into color-coded tabs that preserve your privacy. Cookies are separated by container, allowing you to use the web with multiple identities or accounts simultaneously. **Download**: [Firefox](https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/)
 **[Temporary Containers](https://github.com/stoically/temporary-containers)** | This Extension, combined with Firefox Multi-Account Containers, let's you isolate cookies and other private data for each web site. **Download**: [Firefox](https://github.com/stoically/temporary-containers)
+**[Self-Destructing Cookies](https://add0n.com/self-destructing-cookies.html)** | Prevents websites from tracking you by storing unique cookies (note Fingerprinting is often also used for tracking). It removes all related cookies whenever you end a session. **Download**: [Chrome][self-destructing-cookies-chrome] \ [Firefox][self-destructing-cookies-firefox] \ [Opera][self-destructing-cookies-opera] \ [Source][self-destructing-cookies-source]
+**[Lightbeam](https://github.com/mozilla/lightbeam-we)** | Visualize in detail the servers you are contacting when you are surfing on the Internet. Created by Gary Kovacs (former CEO of Mozilla), presented in his [TED Talk](https://www.ted.com/talks/gary_kovacs_tracking_our_online_trackers). **Download**: [Firefox][lightbeam-firefox] \ [Source][lightbeam-source]
+**[Track Me Not](http://trackmenot.io)** | Helps protect web searchers from surveillance and data-profiling, through creating meaningless noise and obfuscation, outlined in their [whitepaper][tmn-whitepaper]. **Download**: [Chrome][tmn-chrome] \ [Firefox][tmn-firefox] \ [Source][tmn-source]
+**[AmIUnique Timeline](https://amiunique.org/timeline)** | Enables you to better understand the evolution of browser fingerprints (which is what websites use to uniquely identify and track you). **Download**: [Chrome][amiunique-chrome] \ [Firefox][amiunique-firefox]
 
 #### Word of Warning
 *Be careful when installing unfamiliar browser add-ons, since some can compromise your security and privacy. The above list however are all open source, verified and safe extensions*
@@ -288,6 +300,7 @@ A selection of free online tools and utilities, to check, test and protect
 | --- | --- |
 **[';--have i been pwned?](https://haveibeenpwned.com)** | Checks if your credentials (Email address or Password) have been compromised in a data breach
 **[εxodus](https://reports.exodus-privacy.eu.org)** | Checks how many, and which trackers any Android app has. Useful to understand how data is being collected before you install a certain APK, it also shows which permissions the app asks for
+**[Am I Unique?](https://amiunique.org)** | Show how identifiable you are on the Internet by generating a fingerprint based on device information. This is how many websites track you (even without cookies enabled), so the aim is to not be unique
 **[Panopticlick](https://panopticlick.eff.org/)** | Check if your browser safe against tracking. Analyzes how well your browser and add-ons protect you against online tracking techniques, and if your system is uniquely configured—and thus identifiable
 **[Browser Leak Test](https://browserleaks.com)** | Shows which of personal identity data is being leaked through your browser, so you can better protect yourself against fingerprinting
 **[IP Leak Test](https://ipleak.net)** | Shows your IP address, and other associated details (location, ISP, WebRTC check, DNS, and lots more)
@@ -298,6 +311,7 @@ A selection of free online tools and utilities, to check, test and protect
 **[Is Legit?](https://www.islegitsite.com/)** | Checks if a website or business is a scam, before buying something from it
 **[Deseat Me](https://www.deseat.me)** | Tool to help you clean up your online presence- Instantly get a list of all your accounts, delete the ones you are not using
 **[10 Minute Mail](https://10minemail.com/)** | Generates temporary disposable email address, to avoid giving your real details
+**[MXToolBox Mail Headers](https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx)** | Tool for analyzing email headers, useful for checking the authenticity of messages, as well as knowing what info you are revealing in your outbound messages
 **[33Mail](http://33mail.com/Dg0gkEA)** | Automatically generates new email aliases, the first time you use them, to avoid revealing your real email address. Unlike 10 Minute Mail, these email addresses are permanent, and get forwarded to your real email inbox
 
 #### Word of Warning
@@ -915,6 +929,27 @@ This list is intended to aid you in auditing the security of your own systems, a
 - [Wireshark] - Popular, powerful feature-rich network protocol analyser. Lets you analyse everything that is going on in your network in great detail
 - [Zeek] - Powerful intrusion detection system and network security monitoring, that (rather than focusing on signatures) decodes protocols and looks for anomalies within the traffic
 
+## Bonus #7 - Raspberry Pi/ IoT Security Software
+
+- [OnionPi](https://github.com/breadtk/onion_pi) - Create an Anonymizing Tor Proxy using a Raspberry Pi
+- [CIRCLean](https://www.circl.lu/projects/CIRCLean) - A Pi-based USB Sanitizer, plug an untrusted USB in, and get clean files out
+- [Pi Hole](https://pi-hole.net) - A network-wide ad-block, that improves network performance as well as privacy
+- [Project Alias](https://github.com/bjoernkarmann/project_alias) - Gives you full-control, and better privacy of your Google Home or Alexa
+- [Raspiblitz](https://github.com/rootzoll/raspiblitz) - Build your own Bitcoin & Lightning Node on a Pi, see also [Trezor](https://github.com/trezor/trezor-firmware) wallet
+- [PiVPN](https://www.pivpn.io) - Simple low-cost yet secure VPN, for the Raspberry Pi (or set up manually, as outlined in [this guide](https://pimylifeup.com/raspberry-pi-vpn-server/))
+- [DeauthDetector](https://github.com/spacehuhn/DeauthDetector) - Detect deauthentication frames using an ESP8266, useful to be aware of ongoing wireless attacks
+- [IPFire](https://www.ipfire.org) - Hardened open source firewall to prevent common attacks on your network. Capable of running on a Pi
+- [SquidGuard](http://www.squidguard.org) - Fast and free URL redirector, which can work well as a home caching server
+- [E2guardian](http://e2guardian.org) - Comprehensive content filtering, with powerful configuration options
+
+
+USB-based projects include:
+- [DBAN](https://dban.org) - Bootable hard drive erasers for destroying data
+- [Syncthing](https://syncthing.net) - Create automated backups to an external medium
+- [KeePass Portable](https://keepass.info/download.html) - Portable password manager. For hardware-encrypted password manager, see [HardPass 2.0](https://hackaday.io/project/21227-hardpass02-hardware-passwd-manager-w-smart-card)
+- [VeraCrypt](https://www.veracrypt.fr) - Full drive encryption for USB devices
+
+See more [hardware-based security solutions](/6_Privacy_and-Security_Gadgets.md)
 
 [Amass]: https://github.com/OWASP/Amass
 [CloudFail]: https://github.com/m0rtem/CloudFail
@@ -1046,9 +1081,26 @@ http://www.linkedin.com/shareArticle?mini=true&url=https://git.io/Jv66u&title=Th
 [script-safe-chrome]: https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf?hl=en-GB
 [script-safe-firefox]: https://addons.mozilla.org/en-GB/firefox/addon/script-safe/
 [web-rtc-chrome]: https://chrome.google.com/webstore/detail/webrtc-leak-prevent/eiadekoaikejlgdbkbdfeijglgfdalml?hl=en-GB
+[decentraleyes-chrome]: https://chrome.google.com/webstore/detail/decentraleyes/ldpochfccmkkmhdbclfhpagapcfdljkj
+[decentraleyes-firefox]: https://addons.mozilla.org/en-US/firefox/addon/decentraleyes
+[decentraleyes-pale-moon]: https://addons.palemoon.org/addon/decentraleyes
+[decentraleyes-opera]: https://addons.opera.com/en/extensions/details/decentraleyes
+[decentraleyes-source]: https://git.synz.io/Synzvato/decentraleyes
 [vanilla-cookie-chrome]: https://chrome.google.com/webstore/detail/vanilla-cookie-manager/gieohaicffldbmiilohhggbidhephnjj?hl=en-GB
 [privacy-essentials-chrome]: https://chrome.google.com/webstore/detail/duckduckgo-privacy-essent/bkdgflcldnnnapblkhphbgpggdiikppg?hl=en-GB
 [privacy-essentials-firefox]: https://addons.mozilla.org/en-GB/firefox/addon/duckduckgo-for-firefox/
+[self-destructing-cookies-chrome]: https://chrome.google.com/webstore/detail/self-destructing-cookies/igdpjhaninpfanncfifdoogibpdidddf
+[self-destructing-cookies-firefox]: https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies-webex/
+[self-destructing-cookies-opera]: https://addons.opera.com/en/extensions/details/self-destructing-cookies/
+[self-destructing-cookies-source]: https://github.com/joue-quroi/self-destructing-cookies
+[lightbeam-firefox]: https://addons.mozilla.org/en-US/firefox/addon/lightbeam-3-0/
+[lightbeam-source]: https://github.com/mozilla/lightbeam-we
+[tmn-chrome]: https://chrome.google.com/webstore/detail/trackmenot/cgllkjmdafllcidaehjejjhpfkmanmka
+[tmn-firefox]: https://addons.mozilla.org/en-US/firefox/addon/trackmenot/
+[tmn-whitepaper]: http://trackmenot.io/resources/trackmenot2009.pdf
+[tmn-source]: https://github.com/vtoubiana/TrackMeNot
+[amiunique-chrome]: https://chrome.google.com/webstore/detail/amiunique/pigjfndpomdldkmoaiiigpbncemhjeca
+[amiunique-firefox]: https://addons.mozilla.org/en-US/firefox/addon/amiunique
 
 [//]: # (ANDROID APP LINKS)
 [Island]: https://play.google.com/store/apps/details?id=com.oasisfeng.island

6_Privacy_and-Security_Gadgets.md

@@ -47,6 +47,7 @@ A curated list of (DIY and pre-built) devices, to help preserve privacy and impr
 **Anonabox**<br>[![__](https://i.ibb.co/L177XDJ/24.jpg)](https://amzn.to/2UWtP8E) | Plug-and-play Tor router, that can be used with public WiFi while travelling, or at home. Anonabox provides easy access to the deep web and lets you bypass censorship, protect your location, deter data collection and more. It can also be used with a VPN, or for online hosting. Of course you could build a similar product your self using a Raspberry Pi and a WiFi range extender
 **Deauth Detector**<br>[![__](https://i.ibb.co/BqNGRCW/19.jpg)](https://amzn.to/2HtUy4B) | Most WiFi hacks begin by sending deauth packets, so that connected clients will briefly be disconnected to the network. This [ESP8266](https://en.wikipedia.org/wiki/ESP8266) comes pre-flashed with [@SpaceHuhn's](https://github.com/spacehuhn) deauth detector (which you can view [here, on GitHub](https://github.com/spacehuhn/DeauthDetector)). Once it detects [deauthentication or disassociation frames](https://mrncciew.com/2014/10/11/802-11-mgmt-deauth-disassociation-frames), it will activate a speaker to notify you
 **Librem 5**<br>[![__](https://i.ibb.co/3TNh5Vt/l5-v1-front-100x100.png)](https://shop.puri.sm/shop/librem-5/) | Security and Privacy focused smart phone by Purism. With hardware kill switches and specially designed software, this device runs Linux, and does not track you. It Separates CPU from Cellular Baseband, uses IP-Native Communication First and Decentralized Communication by Default. The source code is user-controlled, and has layered security protection. Purism also have [other security-focused products](https://puri.sm/products)
+**Slate Travel Router**<br>[![__](https://i.ibb.co/Nt7hmfW/ar750s-ext-1000x1000.jpg)](https://www.gl-inet.com/products/gl-ar750s/) | The GL-AR750S-Ext can serve as a Wi-Fi access point, a pfSense firewall or a portable router with always-on VPN connectivity. It's great for controlling your network (firewall, VPN, ad-block, web filtering, data limits and more) when traveling or away from home
 
 
 
@@ -76,6 +77,7 @@ If you are confident with electronics, then you could also make:
 - **USB Data Blocker** - By simple removing the data wires from a USB adapter, you can create a protector to keep you safe while charing your device in public spaces. See [this guide](https://www.instructables.com/id/Making-a-USB-Condom) for more info (note: fast charge will not work)
 - **Hardware Encrypted Password Manager** - Even better than a software-encrypted password manager, is the [hardpass0.2](https://bit.ly/3bg4Xi4) which is a very simple hardware-encrypted USB store, using [GnuPG Smart card](https://www.g10code.com/p-card.html), [GNU Password Standard](https://www.passwordstore.org/) and this [source code](https://github.com/girst/hardpass-passwordmanager) all running on a [Pi Zero](https://amzn.to/2Sz0vU4). See also the [Zamek Project](https://bit.ly/36ZJrec), using this [source code](https://github.com/jareklupinski/zamek) to achive a similar functioning hardware-password manager
 - **U2F USB Token** - Similar to the FIDO2 2-factor authentication USB keys, [U2f-Zero](https://github.com/conorpp/u2f-zero) by Conor Patrick, lets you turn a Pi Zero into a second-factor auth method. Note: project no longer activley maintained, see [NitroKey](https://github.com/nitrokey) instead
+- **True Random Number Generator- Standalone** - The [FST-01](https://www.gniibe.org/FST-01/fst-01.html) is an open source hardware RNG with good documentation, and see the [neug source code](https://salsa.debian.org/gnuk-team/gnuk/neug)
 - **PC auto-lock Flash Drive** - Turn a flash drive into a lock/ unlock key for your PC, allowing you to quickly lock your device when needed [deprecated]
 - **Headless Pi Zero SSH server** - Create an small test server, that you can SSH into for development, in order to not have to run risky or potentially dangerous code or software directly on your PC, see [this artticle](https://openpunk.com/post/5) for getting started
 
@@ -85,6 +87,7 @@ If you are confident with electronics, then you could also make:
 We can go even further, these products are far from essential and are maybe a little over-the-top. But fun to play around with, if you really want to avoid being tracked!
 
 - **Self-Destroying PC** - The ORWL PC will wipe all data if it is compromised, and has many other safeguards to ensure no one other than you can access anything from your drive. Comes with QubeOS, Windows or Linux, and requires both a password and fob to log in. See more: [orwl.org](https://orwl.org)
+- **True Random Number Generator** - FST-01SZ is a tiny stand alone USB 32-bit computer based on a free hardware design. (NeuG is an implementation of a TRNG for GD32F103 MCU). See More: [Free Software Foundation: Shop](https://shop.fsf.org/storage-devices/neug-usb-true-random-number-generator)
 - **Card Skimmer Detector** - Ensure an ATM or card reader does not have an integrated skimming device. See more at [Lab401](https://lab401.com/products/hunter-cat-card-skimmer-detector)
 - **Voice Changer** - Useful to disguise voice, while chatting online. See more: [UK](https://amzn.to/3bXqpsn) | [US](https://amzn.to/2PqUEyz)
 - **Ultra-Sonic Microphone Jammer** - Blocks phones, dictaphones, voice assistants and other recording devices. Uses built-in transducers to generate ultrasonic signals that can not be heard by humans, but cause indistinct noise, on redording devices, making it impossible to distinguish any details of the conversations. See more [UK](https://amzn.to/2Hnk63s) | [US](https://amzn.to/2v2fwVG)
@@ -97,6 +100,9 @@ We can go even further, these products are far from essential and are maybe a li
 - **Faraday Cases** - A Faraday cage or Faraday shield is an enclosure used to block electromagnetic fields. This can be really useful for electronics, since many devices are constantly transmitting and recieving, which is the worst when you are trying to avoid being tracked. Their have been numerous reportings that governments can apparently track phones, even when they are [powered off](https://slate.com/technology/2013/07/nsa-can-reportedly-track-cellphones-even-when-they-re-turned-off.html), and since smart phones often do not have removable batteries, the only option is often to shield them from any em waves. See [SilentPocket.com](https://silent-pocket.com/collections/all-products) | [Faraday Box](https://amzn.to/3cj9z7r) | [Faraday Phone Pouch](https://amzn.to/38faum5)
 - **Forensic bridge kit** - Allows for write blocking to prevent unauthorized writing to a device, and for crating images with out modifying data. See more: [Amazon](https://www.amazon.com/dp/B00Q76XG5W)
 - **Stand-alone Drive Eraser** - Allows you to erase drives, without connecting them to your PC. Availible in different modesls for different needs. See More: [Amazon](https://www.amazon.com/StarTech-com-Hard-Drive-Eraser-Standalone/dp/B073X3YZNL)
+- **Shredder** - It is important to safely dispose of any documents that contain personal information. This is a very affordable shredder - it cuts pieces into security level P-4 sizes (5/32" by 15/32"). It also shreds credit cards into the same size. [Amazon](https://www.amazon.com/AmazonBasics-6-Sheet-High-Security-Micro-Cut-Shredder/dp/B00Q3KFX8U)
+- **Device Timer** - This non-smart device can be used to turn various devices (such as lights or radio) on or off at certain times. It's useful to deter people when you are away. [Amazon](https://www.amazon.com/Century-Digital-Programmable-Packaging-Security/dp/B00MVF16JG)
+
 
 
 ## Network Security