Alicia Sykes
parent
033f44a9ef
commit
d7f6f759e2
|
|
@ -0,0 +1,83 @@
|
|||
## Digital Privacy and Security- The Current Situation
|
||||
|
||||
Privacy is a fundamental right. It is being abused by governments (with mass-surveillance), corporations (making money out of selling our personal data) and cyber criminals (stealing our poorly-secured personal data and using it against us).
|
||||
|
||||
### Government Mass Surveillance
|
||||
Intelligence and law enforcement agencies need surveillance powers to tackle serious crime and terrorism. However, since the Snowden revelations, we now know that this surveillance is not targeted at those suspected of wrongdoing- but instead the entire population. All our digital interactions are being logged and tracked by our very own governments.
|
||||
|
||||
Mass surveillance is a means of control and suppression. When you know you are being watched, you subconsciously change your behavior, it has this chilling effect. A society of surveillance is just 1 step away from a society of submission.
|
||||
|
||||
### Cyber Crime
|
||||
Hackers and cybercriminals pose an ongoing and constantly evolving threat. With the ever-increasing amount of our personal data being collected and logged - we are more vulnerable to data breaches and identity fraud than ever before.
|
||||
|
||||
In the same way, criminals will go to great lengths to use your data against you: either through holding it ransom, impersonating you, stealing money or just building up a profile on you and selling it on, to another criminal entity.
|
||||
|
||||
### Corporations
|
||||
On the internet the value of data is high. Companies all want to know exactly who you are and what you are doing. They collect data, store it, use it and sometimes sell it on.
|
||||
|
||||
|
||||
Everything that each of us does online leaves a trail of data. If saved and used correctly, these traces make up a goldmine of information full of insights into people on a personal level as well as a valuable read on larger cultural, economic and political trends. Tech giants (such as Google, Facebook, Uber, Amazon, and Spotify) are leveraging this, building billion-dollar businesses out of the data that are interactions with digital devices create. We, as users have no gaurantees that what is being collected is being stored securly, we often have no way to know for sure that it is deleted when we request so, and we don't have access to what theit AI systems have refered from our data.
|
||||
|
||||
Our computers, phones, wearables, digital assistants and IoT have been turned into bugs that are plugged into a vast corporate-owned surveillance network. Where we go, what we do, what we talk about, who we talk to, and who we see – everything is recorded and, at some point, leveraged for value. They know us intimately, even the things that we hide from those closest to us. In our modern internet ecosystem, this kind of private surveillance is the norm.
|
||||
|
||||
---
|
||||
|
||||
|
||||
## What data is Collected about You
|
||||
Every interaction that you have an internet-connected device is logged. This includes all the data that you physically enter, as well as everything that is passively collected, such as your clicks/ scrolls amount of time spent looking at each part, etc, and finally data that is aggressively collected through background processes, GPS, gyroscope measurements, microphones and sometimes cameras. All this data is sent to servers, where you have no guarantee of how it is stored, what it will be used for, or if it will ever be sold. When you request for your information to be deleted- it often isn't- the data is almost ever-lasting.
|
||||
|
||||
|
||||
## What Happens to Data that is Collected about You
|
||||
- It can be sold. Data brokers pay a high price for peoples personal details and habits
|
||||
- It can be used to show you ads. You may see different search results than someone else because your search engine is subtly trying to sell things to you.
|
||||
- It can get into the wrong hands. Criminals use people's personal details to pull off scams, hold you to ransom, impersonate you to extract funds or further control over your digital life.
|
||||
- It can allow both local and foreign governments to profile, and track you.
|
||||
- It can be stored, indefinitely- and some of it can be potentially used against you in the future
|
||||
|
||||
---
|
||||
|
||||
## Got nothing to hide?
|
||||
|
||||
Privacy isn’t about hiding information; privacy is about protecting information, and surely you have information that you’d like to protect. Even with nothing to hide, you still put blinds on your window- and you wouldn't want your search history, bank statements, photos, notes or messages to be publicly available to the world.
|
||||
|
||||
Privacy is a fundamental right, and you shouldn't need to prove the necessity of fundamental right to anyone. As Edward Snowden said, "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say". There are many scenarios in which privacy is crucial and desirable like intimate conversations, medical procedures, and voting. When we know we are being watched, our behaviour changes, which in turn suppresses things like free speech.
|
||||
|
||||
You need privacy to avoid unfortunately common threats like identity theft, manipulation through ads, discrimination based on your personal information, harassment, the [filter bubble](https://spreadprivacy.com/filter-bubble/), and many other real harms that arise from invasions of privacy. An attack on our privacy, also hurts the privacy of those we communicate with.
|
||||
|
||||
In addition, what many people don’t realize is that several small pieces of your personal data can be put together to reveal much more about you than you would think is possible. When different pieces of your data is aggregated together, it can create a very complete picture of who you are, where you spend your time. Further to this, even things we don't think are worth hiding today, may later be used against us in unexpected ways.
|
||||
|
||||
|
||||
----
|
||||
|
||||
#### There's more to check out!
|
||||
- [Ultimate Personal Security Checklist](/README.md)
|
||||
- [Why Privacy & Security Matters](/0_Why_It_Matters.md)
|
||||
- [Privacy-Respecting Software](/5_Privacy_Respecting_Software.md)
|
||||
- [Privacy & Security Gadgets](/6_Privacy_and-Security_Gadgets.md)
|
||||
- [Further Links + More Awesome Stuff](/4_Privacy_And_Security_Links.md)
|
||||
|
||||
<a href="https://twitter.com/intent/follow?screen_name=Lissy_Sykes">
|
||||
<img src="https://img.shields.io/twitter/follow/Lissy_Sykes?style=social&logo=twitter" alt="Follow Alicia Sykes on Twitter">
|
||||
</a>
|
||||
|
||||
#### Notes
|
||||
|
||||
*Thanks for visiting, hope you found something useful here :) Contributions are welcome, and much appreciated - to propose an edit [raise an issue](https://github.com/Lissy93/personal-security-checklist/issues/new/choose), or [open a PR](https://github.com/Lissy93/personal-security-checklist/pull/new/master). See: [`CONTRIBUTING.md`](/.github/CONTRIBUTING.md).*
|
||||
|
||||
*I owe a lot of thanks others who've conducted research, written papers, developed software all in the interest of privacy and security. Full attributions and referenses found in [`ATTRIBUTIONS.md`](/ATTRIBUTIONS.md).*
|
||||
|
||||
#### License
|
||||
|
||||
*Licensed under [Creative Commons, CC BY 4.0](https://creativecommons.org/licenses/by/4.0/), © [Alicia Sykes](https://aliciasykes.com) 2020*
|
||||
|
||||
[](https://github.com/Lissy93/personal-security-checklist/blob/master/LICENSE.md)
|
||||
|
||||
----
|
||||
|
||||
Found this helpful? Consider sharing it with others, to help them also improvde their digital security 😇
|
||||
|
||||
[](http://twitter.com/share?text=Check%20out%20the%20Personal%20Cyber%20Security%20Checklist-%20an%20ultimate%20list%20of%20tips%20for%20protecting%20your%20digital%20security%20and%20privacy%20in%202020%2C%20with%20%40Lissy_Sykes%20%F0%9F%94%90%20%20%F0%9F%9A%80&url=https://github.com/Lissy93/personal-security-checklist)
|
||||
[](
|
||||
http://www.linkedin.com/shareArticle?mini=true&url=https://github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=https://github.com/Lissy93)
|
||||
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A//github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=)
|
||||
[](https://pinterest.com/pin/create/button/?url=https%3A//repository-images.githubusercontent.com/123631418/79c58980-3a13-11ea-97e8-e45591ef2d97&media=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&description=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020)
|
||||
|
|
@ -0,0 +1,245 @@
|
|||
# Personal Cyber Security | TLDR [](https://awesome.re) [](http://makeapullrequest.com) [](https://creativecommons.org/licenses/by/4.0/)[](/ATTRIBUTIONS.md#contributors-)
|
||||
|
||||
#### Contents
|
||||
- [Personal Security Checklist](#personal-security-checklist)
|
||||
- [Privacy-focused Software](#open-source-privacy-focused-software)
|
||||
- [Security Hardware](#security-hardware)
|
||||
|
||||
## PERSONAL SECURITY CHECKLIST
|
||||
|
||||
> This is the shortened version of [The Complete Personal Security Checklist](https://github.com/Lissy93/personal-security-checklist/blob/master/README.md).
|
||||
It lays out the 20 most essential security + privacy tips, that you should complete to protect your digital life.
|
||||
|
||||
|
||||
### Authentication
|
||||
- Use strong, unique passphrases for each of your accounts (12+ alpha-numeric upper and lower-case letters + symbols). Avoid predicitable patterns, dictionary words and names.
|
||||
- Use a password manager: It is going to be almost impossible to remember hundreds of unique passwords. A password manager will generate strong passwords, securly store and auto-fill them, with a browser extension and mobile app. All you will need to do, is remember 1 master password. [BitWarden](https://bitwarden.com) is a great option, as is [1Password](https://1password.com) (not open source). [KeePass XC](https://keepassxc.org) is more secure, but without any cloud-sync functionality.
|
||||
- Use 2-factor authentication for all secure accounts (email, cloud storage, financial accounts and social media). You can do this with [Authy](https://authy.com) (proprietary) which will also let you back up and sync your tokens across multiple devices. Or you can use [Aegis](https://getaegis.app) or [AndOTP](https://github.com/andOTP/andOTP) which are both open source.
|
||||
- Be cautious when logging into your accounts on someone elses device, as you cannot be sure that it is free of malware. If you do need to access one of your accounts, use incognito mode (Ctrl+Shift+N) so your credentials don't get cached.
|
||||
|
||||
|
||||
### Browsing
|
||||
- Don't enter any personal details on websites that are not HTTPS
|
||||
- Switch to [Firefox](https://www.mozilla.org/en-GB/firefox/new/) or [Brave Browser](https://brave.com/?ref=ali721), both of which have strong privacy and security configurations by default, and will also make loading websites faster. Consider using [Tor](https://www.torproject.org/) for the greatest privacy.
|
||||
- Consider using search engine that doesn't track you, such as [DuckDuckGo](https://duckduckgo.com/) or [StartPage](https://www.startpage.com/), which show unbiased results and don't keep logs.
|
||||
- Install [PrivacyBadger](https://www.eff.org/privacybadger) extension to block invisible trackers, and [HTTPS Everywhere](https://www.eff.org/https-everywhere) to force sites to load via HTTPS. You can use [Panopticlick](https://panopticlick.eff.org/) to quickly check if your browser is safe against tracking.
|
||||
|
||||
|
||||
### Phone
|
||||
- Have a strong pin/password on your mobile device.
|
||||
- Turn off WiFi when your not using it, and delete saved networks that you no longer need (Settings --> WiFi --> Saved Networks).
|
||||
- Don't grant apps permissions that they don't need. For Android, you can use [Exodus](https://exodus-privacy.eu.org/en/) to quickly see the permissions and trackers for each of your installed apps.
|
||||
|
||||
|
||||
### Email
|
||||
- It's important to protect your email account, as if a hacker gains access to it he/she will be able to reset the passwords for all your other accounts. Ensure you have a strong and unique password, and enable 2FA.
|
||||
- Emails are not encrypted by default, meaning they are able to be read by anyone who intercepts them as well as your email provider (Google, Microsoft, Apple, Yahoo etc all monitor emails). Consider switching to a secure mail provider using end-to-end encryption, such as [ProtonMail](https://protonmail.com/) or [Tutanota](https://tutanota.com/).
|
||||
|
||||
|
||||
### Networking
|
||||
- Use a reputable VPN to keep your IP protected and reduce the amount of browsing data your ISP can log. (Note: VPN's do not provide ultimate protection as advertisers commonly state). See [thatoneprivacysite.net](https://thatoneprivacysite.net/) for a detailed comparison chart. [ProtonVPN](https://protonvpn.com/) has a free starter plan, [Mullvad](https://mullvad.net/) is great for anonymity. Other good all-rounders include [IVPN](https://www.ivpn.net/), NordVPN, TorGuard and AirVPN.
|
||||
- Change your routers default password. Anyone connected to your WiFi is able to listen to network traffic, so in order to prevent people you don't know from connecting, use WPA2 and set a strong password.
|
||||
- Update your router settings to use a secure DNS, such as [Cloudflare's 1.1.1.1](https://1.1.1.1/dns/), this should also speed up your internet. If you cannot modify your roters settings, you can set the DNS on your phone (with the [1.1.1.1. app](https://1.1.1.1/)), or [Windows](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/windows/), [Mac](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/mac/) or [Linux](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/linux/). DNS is the system used to resolve URL's to their server addresses, many DNS providers collect data on your browsing habbits and use it to target you with ads or sell it on.
|
||||
|
||||
|
||||
### Devices
|
||||
- Keep software up-to-date. Security fixes and patches are released as updates, so it is important to install updates when prompted, for your phone, PC, router, IoT devices and all software/apps.
|
||||
|
||||
**📜 See More**: [The Complete Personal Security Checklist](https://github.com/Lissy93/personal-security-checklist/blob/master/README.md)
|
||||
|
||||
----
|
||||
|
||||
|
||||
## OPEN-SOURCE, PRIVACY-FOCUSED SOFTWARE
|
||||
Switch to alternative open-source, privacy-respecting apps and services, which won't collect your data, track you or show targetted ads.
|
||||
|
||||
#### Security
|
||||
- Password Managers: [BitWarden] | [1Password] *(proprietary)* | [KeePassXC] *(offline)* | [LessPass] *(stateless)*
|
||||
- 2-Factor Authentication: [Aegis] *(Android)* | [Authenticator] *(iOS)* | [AndOTP] *(Android)*
|
||||
- File Encryption: [VeraCrypt] | [Cryptomator] *(for cloud)*
|
||||
- Encrypted Messaging: [Signal] | [KeyBase] *(for groups/ communities)*
|
||||
- Encrypted Email: [ProtonMail] | [MailFence] | [Tutanota] | (+ also [33Mail] | [anonaddy] for aliasing)
|
||||
- Private Browsers: [Brave Browser] | [Firefox] *with [some tweaks](https://restoreprivacy.com/firefox-privacy/)* | [Tor]
|
||||
- Non-Tracking Search Engines: [DuckDuckGo] | [StartPage] | [SearX] *(self-hosted)* | [Quant]
|
||||
- VPN: [Mullvad] | [ProtonVPN] | [Windscribe] | [IVPN] *(better still, use [Tor])*
|
||||
- App Firewall: [NetGuard] (Android) | [Lockdown] (iOS) | [OpenSnitch] (Linux) | [LuLu] (MacOS)
|
||||
|
||||
#### Browser Extensions
|
||||
[Privacy Badger] - Blocks trackers. [HTTPS Everywhere] - Upgrates requests to HTTPS. [uBlock Origin] - Blocks ads, trackers and malwares. [ScriptSafe] - Block execution of certain scripts. [WebRTC Leak Prevent] - Prevents IP leaks. [Vanilla Cookie Manager] - Auto-removes unwanted cookies. [Privacy Essentials] - Shows which sites are insecure
|
||||
|
||||
#### Mobile Apps
|
||||
[Exodus] - Shows which trackers are on your device. [Orbot]- System-wide Tor Proxy. [Island] - Sand-box environment for apps. [NetGuard] - Controll which apps have network access. [Bouncer] - Grant temporary permissions. [Greenify] - Controll which apps can run in the background. [1.1.1.1] - Use CloudFlares DNS over HTTPS. [Fing App] - Monitor your home WiFi network for intruders
|
||||
|
||||
#### Online Tools
|
||||
[εxodus] - Shows which trackers an app has. [';--have i been pwned?] - Check if your details have been exposed in a breach. [EXIF Remover] - Removes meta data from image or file. [Redirect Detective] - Shows where link redirects to. [Virus Total] - Scans file or URL for malware. [Panopticlick], [Browser Leak Test] and [IP Leak Test] - Check for system and browser leaks
|
||||
|
||||
#### Productivity Tools
|
||||
File Storage: [NextCloud]. File Sync: [Syncthing]. File Drop: [Firefox Send]. Notes: [Standard Notes], [Cryptee], [Joplin]. Blogging: [Write Freely]. Calendar/ Contacts Sync: [ETE Sync]
|
||||
|
||||
📜 **See More**: [Complete List of Privacy-Respecing Sofware](/5_Privacy_Respecting_Software.md)
|
||||
|
||||
----
|
||||
|
||||
## SECURITY HARDWARE
|
||||
|
||||
There are also some gadgets that can help improve your physical and digital security.
|
||||
|
||||
- **Blockers & Shields**: [PortaPow] - USB Data Blocker | [Mic Block] - Physically disables microphone | [Silent-Pocket] - Signal-blocking faraday pouches | [Lindy] - Physical port blockers | [RFID Shields] | [Webcam Covers] | [Privacy Screen]
|
||||
- **Crypto Wallets**: [Trezor] - Hardware wallet | [CryptoSteel] - Indestructible steel crypto wallet
|
||||
- **FIDO U2F Keys**: [Solo Key] | [Nitro Key] | [Librem Key]
|
||||
- **Data Blockers**: [PortaPow] - Blocks data to protect against malware upload attacks, enables FastCharge.
|
||||
- **Hardware-encrypted storage**: [iStorage]- PIN-authenticated 256-bit hardware encrypted storage | [Encrypted Drive Enclosure]
|
||||
- **Networking**: [Anonabox] - Plug-and-play Tor router | [FingBox] - Easy home network automated security monitoring
|
||||
- **Paranoid Gadgets!** [Orwl]- Self-destroying PC | [Hunter-Cat]- Card-skim detector | [Adversarial Fashion]- Anti-facial-recognition clothing | [DSTIKE Deauth Detector] - Detect deauth attacks, from [Spacehuhn] | [Reflectacles]- Anti-surveillance glasses | [Armourcard]- Active RFID jamming | [Bug-Detector]- Check for RF-enabled eavesdropping equipment | [Ultrasonic Microphone Jammer] - Emits signals thats silent to humans, but interfere with recording equipment.
|
||||
|
||||
|
||||
There's no need to spend money- Most of these products can be made at home with open source software. Here's a list of [DIY Security Gadgets](/6_Privacy_and-Security_Gadgets.md#diy-security-products).
|
||||
|
||||
📜 **See More**: [Privacy and Security Gadgets](/6_Privacy_and-Security_Gadgets.md)
|
||||
|
||||
----
|
||||
|
||||
*Thanks for visiting, hope you found something useful here :) Contributions are welcome, and much appreciated - to propose an edit [raise an issue](https://github.com/Lissy93/personal-security-checklist/issues/new/choose), or [open a PR](https://github.com/Lissy93/personal-security-checklist/pull/new/master). See: [`CONTRIBUTING.md`](/.github/CONTRIBUTING.md).*
|
||||
|
||||
----
|
||||
|
||||
Found this helpful? Consider sharing, to help others improve their digital security 😇
|
||||
|
||||
[](http://twitter.com/share?text=Check%20out%20the%20Personal%20Cyber%20Security%20Checklist-%20an%20ultimate%20list%20of%20tips%20for%20protecting%20your%20digital%20security%20and%20privacy%20in%202020%2C%20with%20%40Lissy_Sykes%20%F0%9F%94%90%20%20%F0%9F%9A%80&url=https://github.com/Lissy93/personal-security-checklist)
|
||||
[](
|
||||
http://www.linkedin.com/shareArticle?mini=true&url=https://github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=https://github.com/Lissy93)
|
||||
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A//github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=)
|
||||
[](https://mastodon.social/web/statuses/new?text=Check%20out%20the%20Ultimate%20Personal%20Cyber%20Security%20Checklist%20by%20%40Lissy93%20on%20%23GitHub%20%20%F0%9F%94%90%20%E2%9C%A8)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
*Licensed under [Creative Commons, CC BY 4.0](https://creativecommons.org/licenses/by/4.0/), © [Alicia Sykes](https://aliciasykes.com) 2020*
|
||||
|
||||
<a href="https://twitter.com/intent/follow?screen_name=Lissy_Sykes">
|
||||
<img src="https://img.shields.io/twitter/follow/Lissy_Sykes?style=social&logo=twitter" alt="Follow Alicia Sykes on Twitter">
|
||||
</a>
|
||||
|
||||
|
||||
[//]: # (SECURITY SOFTWARE LINKS)
|
||||
[BitWarden]: https://bitwarden.com
|
||||
[1Password]: https://1password.com
|
||||
[KeePassXC]: https://keepassxc.org
|
||||
[LessPass]: https://lesspass.com
|
||||
[Aegis]: https://getaegis.app
|
||||
[AndOTP]: https://github.com/andOTP/andOTP
|
||||
[Authenticator]: https://mattrubin.me/authenticator
|
||||
[VeraCrypt]: https://www.veracrypt.fr
|
||||
[Cryptomator]: https://cryptomator.org
|
||||
[Tor]: https://www.torproject.org
|
||||
[Pi-Hole]: https://pi-hole.net
|
||||
[Mullvad]: https://mullvad.net
|
||||
[ProtonVPN]: https://protonvpn.com
|
||||
[Windscribe]: https://windscribe.com/?affid=6nh59z1r
|
||||
[IVPN]: https://www.ivpn.net
|
||||
[NetGuard]: https://www.netguard.me
|
||||
[Lockdown]: https://lockdownhq.com
|
||||
[OpenSnitch]: https://github.com/evilsocket/opensnitch
|
||||
[LuLu]: https://objective-see.com/products/lulu.html
|
||||
[SimpleWall]: https://github.com/henrypp/simplewall
|
||||
[33Mail]: http://33mail.com/Dg0gkEA
|
||||
[anonaddy]: https://anonaddy.com
|
||||
[Signal]: https://signal.org
|
||||
[KeyBase]: https://keybase.io
|
||||
[ProtonMail]: https://protonmail.com
|
||||
[MailFence]: https://mailfence.com
|
||||
[Tutanota]: https://tutanota.com
|
||||
[Brave Browser]: https://brave.com/?ref=ali721
|
||||
[Firefox]: https://www.mozilla.org/
|
||||
[DuckDuckGo]: https://duckduckgo.com
|
||||
[StartPage]: https://www.startpage.com
|
||||
[Quant]: https://www.qwant.com
|
||||
[SearX]: https://asciimoo.github.io/searx
|
||||
|
||||
[//]: # (PRODUCTIVITY SOFTWARE LINKS)
|
||||
[NextCloud]: https://nextcloud.com
|
||||
[Standard Notes]: https://standardnotes.org/?s=chelvq36
|
||||
[Cryptee]: https://crypt.ee
|
||||
[Joplin]: https://joplinapp.org
|
||||
[ETE Sync]: https://www.etesync.com/accounts/signup/?referrer=QK6g
|
||||
[Firefox Send]: https://send.firefox.com
|
||||
[Syncthing]: https://syncthing.net
|
||||
[Write Freely]: https://writefreely.org
|
||||
|
||||
[//]: # (BROWSER EXTENSION LINKS)
|
||||
[Privacy Badger]: https://www.eff.org/privacybadger
|
||||
[HTTPS Everywhere]: https://eff.org/https-everywhere
|
||||
[uBlock]: https://github.com/gorhill/uBlock
|
||||
[ScriptSafe]: https://github.com/andryou/scriptsafe
|
||||
[WebRTC Leak Prevent]: https://github.com/aghorler/WebRTC-Leak-Prevent
|
||||
[Vanilla Cookie Manager]: https://github.com/laktak/vanilla-chrome
|
||||
[Privacy Essentials]: https://duckduckgo.com/app
|
||||
|
||||
[//]: # (ONLINE SECURITY TOOLS)
|
||||
[';--have i been pwned?]: https://haveibeenpwned.com
|
||||
[εxodus]: https://reports.exodus-privacy.eu.org
|
||||
[Panopticlick]: https://panopticlick.eff.org
|
||||
[Browser Leak Test]: https://browserleaks.com
|
||||
[IP Leak Test]: https://ipleak.net
|
||||
[EXIF Remover]: https://www.exifremove.com
|
||||
[Redirect Detective]: https://redirectdetective.com
|
||||
[Virus Total]: https://www.virustotal.com
|
||||
|
||||
[//]: # (ANDROID APP LINKS)
|
||||
[Island]: https://play.google.com/store/apps/details?id=com.oasisfeng.island
|
||||
[Orbot]: https://play.google.com/store/apps/details?id=org.torproject.android
|
||||
[Orbot]: https://play.google.com/store/apps/details?id=org.torproject.android
|
||||
[Bouncer]: https://play.google.com/store/apps/details?id=com.samruston.permission
|
||||
[Crypto]: https://play.google.com/store/apps/details?id=com.kokoschka.michael.crypto
|
||||
[Cryptomator]: https://play.google.com/store/apps/details?id=org.cryptomator
|
||||
[Daedalus]: https://play.google.com/store/apps/details?id=org.itxtech.daedalus
|
||||
[Brevent]: https://play.google.com/store/apps/details?id=me.piebridge.brevent
|
||||
[Greenify]: https://play.google.com/store/apps/details?id=com.oasisfeng.greenify
|
||||
[Secure Task]: https://play.google.com/store/apps/details?id=com.balda.securetask
|
||||
[Tor Browser]: https://play.google.com/store/apps/details?id=org.torproject.torbrowser
|
||||
[PortDroid]: https://play.google.com/store/apps/details?id=com.stealthcopter.portdroid
|
||||
[Packet Capture]: https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
|
||||
[SysLog]: https://play.google.com/store/apps/details?id=com.tortel.syslog
|
||||
[Dexplorer]: https://play.google.com/store/apps/details?id=com.dexplorer
|
||||
[Check and Test]: https://play.google.com/store/apps/details?id=com.inpocketsoftware.andTest
|
||||
[Tasker]: https://play.google.com/store/apps/details?id=net.dinglisch.android.taskerm
|
||||
[Haven]: https://play.google.com/store/apps/details?id=org.havenapp.main
|
||||
[NetGaurd]: https://www.netguard.me/
|
||||
[Exodus]: https://exodus-privacy.eu.org/en/page/what/#android-app
|
||||
[XUMI Security]: https://xumi.ca/xumi-security/
|
||||
[Fing App]: https://www.fing.com/products/fing-app
|
||||
[FlutterHole]: https://github.com/sterrenburg/flutterhole
|
||||
[1.1.1.1]: https://1.1.1.1/
|
||||
[The Guardian Project]: https://play.google.com/store/apps/dev?id=6502754515281796553
|
||||
[The Tor Project]: https://play.google.com/store/apps/developer?id=The+Tor+Project
|
||||
[Oasis Feng]: https://play.google.com/store/apps/dev?id=7664242523989527886
|
||||
[Marcel Bokhorst]: https://play.google.com/store/apps/dev?id=8420080860664580239
|
||||
|
||||
[//]: # (SECURITY HARDWARE LINKS)
|
||||
[Encrypted Drive Enclosure]: https://www.startech.com/HDD/Enclosures/encrypted-sata-enclosure-2-5in-hdd-ssd-usb-3~S2510BU33PW
|
||||
[iStorage]: https://istorage-uk.com
|
||||
[PortaPow]: https://portablepowersupplies.co.uk/product/usb-data-blocker
|
||||
[Lindy]: https://lindy.com/en/technology/port-blockers
|
||||
[Mic Block]: https://www.aliexpress.com/item/4000542324471.html
|
||||
[RFID Shields]: https://www.aliexpress.com/item/32976382478.html
|
||||
[Webcam Covers]: https://www.aliexpress.com/item/4000393683866.html
|
||||
[Privacy Screen]: https://www.aliexpress.com/item/32906889317.html
|
||||
[Trezor]: https://trezor.io
|
||||
[CryptoSteel]: https://cryptosteel.com/product/cryptosteel/?v=79cba1185463
|
||||
[Solo Key]: https://solokeys.com
|
||||
[Nitro Key]: https://www.nitrokey.com
|
||||
[Librem Key]: https://puri.sm/products/librem-key
|
||||
[Anonabox]: https://www.anonabox.com
|
||||
[FingBox]: https://www.fing.com/products/fingbox
|
||||
[Orwl]: https://orwl.org
|
||||
[Hunter-Cat]: https://lab401.com/products/hunter-cat-card-skimmer-detector
|
||||
[DSTIKE Deauth Detector]: https://www.tindie.com/products/lspoplove/dstike-deauth-detector-pre-flashed-with-detector
|
||||
[Bug-Detector]: https://www.brickhousesecurity.com/counter-surveillance/multi-bug
|
||||
[Ultrasonic Microphone Jammer]: https://uspystore.com/silent-ultrasonic-microphone-defeater
|
||||
[Silent-Pocket]: https://silent-pocket.com
|
||||
[Armourcard]: https://armourcard.com
|
||||
[Adversarial Fashion]: https://adversarialfashion.com
|
||||
[Reflectacles]: https://www.reflectacles.com
|
||||
[Spacehuhn]: https://github.com/spacehuhn/DeauthDetector
|
||||
|
||||
|
|
@ -0,0 +1,256 @@
|
|||
# Awesome Privacy & Securty [](https://awesome.re) [](http://makeapullrequest.com) [](https://creativecommons.org/licenses/by/4.0/) [](https://github.com/Lissy93/personal-security-checklist/graphs/contributors)
|
||||
|
||||
> A curated list of useful tools and resources online, that help protect your privacy and keep you safe.
|
||||
|
||||
**See also**: [Personal Security Checklist](https://github.com/Lissy93/personal-security-checklist/blob/master/README.md) | [Privacy-Respecting Software](https://github.com/Lissy93/personal-security-checklist/blob/master/5_Privacy_Respecting_Software.md) 🔐
|
||||
|
||||
|
||||
- **Information and Guides**
|
||||
- [Getting Started Guides](#getting-started-guides)
|
||||
- [How-To Guides](#how-to-guides)
|
||||
- [Notable Articles](#notable-articles)
|
||||
- [Blogs](#blogs)
|
||||
- **Media**
|
||||
- [Books](#books)
|
||||
- [Podcasts](#podcasts)
|
||||
- [Videos](#videos)
|
||||
- **Websites & Services**
|
||||
- [Online Tools](#online-tools)
|
||||
- [Anonymous Services](#anonymous-services)
|
||||
- [Interesting Websites](#interesting-websites)
|
||||
- [Privacy-Respecting Software](#privacy-respecting-software)
|
||||
- **Organisations**
|
||||
- [Foundations](#foundations)
|
||||
- [Government Organisations](#government-organisations)
|
||||
- [Cybercrime](#cybercrime)
|
||||
- **Research**
|
||||
- [Data and API's](#data-and-apis)
|
||||
- [Academic Journals](#academic-journals)
|
||||
- [Implementations and Standards](#implementations-and-standards)
|
||||
- **More Lists**
|
||||
- [Mega Guides](#mega-guides)
|
||||
- [Other GitHub Security Lists](#unrelated-awesome-lists)
|
||||
|
||||
|
||||
## Getting Started Guides
|
||||
|
||||
- [EFF SSD](https://ssd.eff.org) - Tips for safer online communications
|
||||
- [PrivacyTools.io]( https://www.privacytools.io) - Tools to protect against mass surveillance
|
||||
- [PrismBreak](https://prism-break.org/en/all) - Secure app alternatives
|
||||
- [The VERGE guide to privacy](https://bit.ly/2ptl4Wm) - Guides for securing mobile, web and home tech
|
||||
- [Email Self-Defense](https://emailselfdefense.fsf.org) - Complete guide to secure email
|
||||
- [TwoFactorAuth.org](https://twofactorauth.org) - Check which websites support 2FA
|
||||
- [Security Planner](https://securityplanner.org) - Great advise for beginners
|
||||
- [My Shaddow](https://myshadow.org) - Resources and guides, to help you take controll of your data
|
||||
|
||||
|
||||
|
||||
## How-To Guides
|
||||
|
||||
- Complete guide to configureing Firefox for Privacy + Speed: via [12bytes](https://12bytes.org/7750)
|
||||
- Overview of projects working on next-generation secure email: via [OpenTechFund](https://github.com/OpenTechFund/secure-email)
|
||||
- ISP and DNS privacy tips: via [bluz71](https://bluz71.github.io/2018/06/20/digital-privacy-tips.html)
|
||||
- Layers of Personal Tech Security: via [The Wire Cutter](https://thewirecutter.com/blog/internet-security-layers)
|
||||
- Improving security on iPhone: via [lifehacker](https://lifehacker.com/the-privacy-enthusiasts-guide-to-using-an-iphone-1792386831)
|
||||
- Protect against SIM-swap scam: via [wired](https://www.wired.com/story/sim-swap-attack-defend-phone)
|
||||
- Is your Anti-Virus spying on you: via [Restore Privacy](https://restoreprivacy.com/antivirus-privacy)
|
||||
- How to use Vera Crypt: via [howtogeek](https://www.howtogeek.com/108501/the-how-to-geek-guide-to-getting-started-with-truecrypt)
|
||||
- How to enable DNS over HTTPS: via [geekwire](https://geekwire.co.uk/privacy-and-security-focused-dns-resolver)
|
||||
- How to resolve DNS leak issue: via [DNSLeakTest](https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html)
|
||||
- Windows data sending: via [The Hacker News](https://thehackernews.com/2016/02/microsoft-windows10-privacy.html)
|
||||
- How to spot a phishing attack: via [EFF](https://ssd.eff.org/en/module/how-avoid-phishing-attacks)
|
||||
|
||||
## Notable Articles
|
||||
|
||||
- Turns Out Police Stingray Spy Tools Can Indeed Record Calls: Article on [Wired](https://www.wired.com/2015/10/stingray-government-spy-tools-can-record-calls-new-documents-confirm)
|
||||
|
||||
## Blogs
|
||||
- [Spread Privacy](https://spreadprivacy.com) - Raising the standard of trust online, by DuckDuckGo
|
||||
- [Restore Privacy](https://restoreprivacy.com) - Tools and guides about privacy and security
|
||||
- [That One Privacy Site](https://thatoneprivacysite.net) - impartial comparisons and discussions
|
||||
- [The Hated One](https://www.youtube.com/channel/UCjr2bPAyPV7t35MvcgT3W8Q) - Privacy and security videos
|
||||
- [12Bytes](https://12bytes.org/articles/tech) - Opinion Articles about Tech, Privacy and more
|
||||
- [BringBackPrivacy](https://bringingprivacyback.com) - Easy-reading, sharable privacy articles
|
||||
- [Heimdal](https://heimdalsecurity.com/blog) - Cyber Security Blog
|
||||
- [Tech Crunch](https://techcrunch.com/tag/cybersecurity-101) - Cyber Security 101
|
||||
- [OONI](https://ooni.org/post), Internet freedom and analysis on blocked sites
|
||||
- [Pixel Privacy](https://pixelprivacy.com/resources) - Online privacy guides
|
||||
- [The Privacy Project](https://www.nytimes.com/interactive/2019/opinion/internet-privacy-project.html) - Articles and reporting on Privacy, by the NYT
|
||||
|
||||
|
||||
|
||||
## Books
|
||||
- [Permanent Record](https://amzn.to/30wxxXi) (by Edward Snowden)
|
||||
- [Sandworm](https://amzn.to/2FVByeJ) (by Andy Greenberg)
|
||||
|
||||
|
||||
## Podcasts
|
||||
- [Darknet Diaries] (by Jack Rhysider): Stories from the dark sides of the internet. Listen on [Stitcher][da-stitch]
|
||||
- [CYBER] (by Motherboard, Vice): News and analysis about the latest cyber threats. Listen on [Stitcher][cy-stitch]
|
||||
|
||||
[Darknet Diaries]: https://darknetdiaries.com
|
||||
[da-stitch]: https://www.stitcher.com/podcast/darknet-diaries
|
||||
|
||||
[CYBER]: https://www.vice.com/en_us/article/59vpnx/introducing-cyber-a-hacking-podcast-by-motherboard
|
||||
[cy-stitch]: https://www.stitcher.com/podcast/vice-2/cyber
|
||||
|
||||
|
||||
## Videos
|
||||
- **General**
|
||||
- [You are being watched](https://youtu.be/c8jDsg-M6qM) by The New York Times
|
||||
- [The Power of Privacy](https://youtu.be/KGX-c5BJNFk) by The Guardian
|
||||
- [Why Privacy matters, even if you have nothing to hide](https://youtu.be/Hjspu7QV7O0) by The Hated One
|
||||
- **TED Talks**
|
||||
- [Why you should switch off your home WiFi](https://youtu.be/2GpNhYy2l08) by Bram Bonné
|
||||
- [Why Privacy Matters](https://www.ted.com/talks/glenn_greenwald_why_privacy_matters), by Glenn Greenwald
|
||||
- [Fighting viruses, defending the net](https://www.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net), by Mikko Hypponen
|
||||
- [The 1s and 0s behind cyber warfare](https://www.ted.com/talks/chris_domas_the_1s_and_0s_behind_cyber_warfare), by Chris Domas
|
||||
- [State Sanctioned Hacking - The Elephant in the Room](https://youtu.be/z-A2MxHmnU4) - Historic, economic and demographic overview of the growing threat to the U.S. from Chinese cyber invasions, by Frank Heidt
|
||||
- [How the IoT is Making Cybercrime Investigation Easier](https://youtu.be/9CemONO6vrY) - How our data is changing the nature of "evidence" in digital forensics, by Jonathan Rajewski
|
||||
- **Conferences**
|
||||
- [DEF CON 27](https://www.youtube.com/playlist?list=PL9fPq3eQfaaA4qJEQQyXDYtTIfxCNA0wB) - Collection of talks from DEF CON 2019, Vegas
|
||||
- [RSA Conference](https://www.youtube.com/user/RSAConference) - Collection of security talks from the RSA conferences
|
||||
- [Administraitor.video](https://administraitor.video) - A regularly updated collection of new and interesting security confrence talks
|
||||
- **Misc**
|
||||
- [Through a PRISM, Darkly](https://youtu.be/e4woRYs0mM4) - Everything we know about NSA spying, by Kurt Opsahl
|
||||
|
||||
See also: [awesome-sec-talks](https://github.com/PaulSec/awesome-sec-talks) by @PaulSec
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## Online Tools
|
||||
- [Have I been Pwned](https://haveibeenpwned.com) and [Dehashed](https://www.dehashed.com) - Check if your details have been compromised
|
||||
- [Redirect Detective](https://redirectdetective.com) - Check where a suspicious URL redirects to
|
||||
- [εxodus](https://reports.exodus-privacy.eu.org) - Check which trackers any app on the Play Store has
|
||||
- [VirusTotal](https://www.virustotal.com) - Analyse a suspicious web resource for malware
|
||||
- [ScamAdviser](https://www.scamadviser.com) - Check if a website is a scam, before buying from it
|
||||
- [Deseat Me](https://www.deseat.me) - Clean up your online presence
|
||||
- [33Mail](http://33mail.com/Dg0gkEA) or [Anonaddy](https://anonaddy.com) Avoid revealing your real email address, by auto-generating aliases for each accound
|
||||
- [Panopticlick](https://panopticlick.eff.org) - Check if, and how your browser is tracking you
|
||||
- [Disroot](https://disroot.org) - A suit of online tools, with online freedom in mind
|
||||
- [Blocked by ORG](https://www.blocked.org.uk) - Check if your website is blocked by certain ISPs
|
||||
- [Data Rights Finder](https://www.datarightsfinder.org) - Find, understand and use information from privacy policies
|
||||
- [Browser Leaks](https://browserleaks.com) - Check which information is being leaked by your browser
|
||||
- [DNSLeakTest](https://www.dnsleaktest.com) - Check for and fix a DNS leak
|
||||
- [IP Leak](https://ipleak.net) - Shows your IP address, and other associated details
|
||||
- [ExifRemove](https://www.exifremove.com) - Remove Meta/ EXIF data online
|
||||
|
||||
## Anonymous Services
|
||||
- [NixNet](https://nixnet.services)
|
||||
- [Snopyta](https://snopyta.org)
|
||||
- [Disroot](https://disroot.org)
|
||||
|
||||
|
||||
## Interesting Websites
|
||||
- [The Intercept: Surveillance Catalogue](https://theintercept.com/surveillance-catalogue) - A database secret of government and military surveillance equpment, that was leaked in the Snowden files
|
||||
- See also: The source code for these projects, on WikiLeaks [Vault7](https://wikileaks.org/vault7) and [Vault8](https://wikileaks.org/vault8), and the accompanying [press release](https://wikileaks.org/ciav7p1)
|
||||
|
||||
## Privacy-Respecting Software
|
||||
|
||||
This section has moved to [here](https://github.com/Lissy93/personal-security-checklist/blob/master/5_Privacy_Respecting_Software.md)
|
||||
|
||||
|
||||
|
||||
## Foundations
|
||||
|
||||
- [Contract for the Web](https://contractfortheweb.org)
|
||||
- [Electronic Frountier Foundation](https://www.eff.org) - Defending digital privacy + more
|
||||
- [OWASP Foundation](https://www.owasp.org)
|
||||
- [Freedom House](https://freedomhouse.org) - Fighting for freedom on the net
|
||||
- [Privacy International](https://privacyinternational.org)
|
||||
- [Open Tech Fund](https://www.opentech.fund)
|
||||
- [Freedom of the Press Foundation](https://freedom.press)
|
||||
- [Open Rights Group](https://www.openrightsgroup.org)
|
||||
- [LEAP Encryption Access Project](https://leap.se)
|
||||
- [The Guardian Project](https://guardianproject.info)
|
||||
- [Foundation for Applied Privacy](https://applied-privacy.net)
|
||||
- [Safe + Secure](https://safeandsecure.film) - advise for journalists and film makers
|
||||
- [Citizen Lab](https://citizenlab.ca)
|
||||
- [Electronic Privacy Information Center](https://epic.org)
|
||||
- [American Civil Liberties Union](https://www.aclu.org/issues/privacy-technology)
|
||||
- [Free Software Foundation](https://www.fsf.org)
|
||||
- [Courage Foundation](https://www.couragefound.org) - Supports those who risk life / liberty to make significant contributions to the historical record
|
||||
|
||||
|
||||
## Government Organisations
|
||||
- [UK National Cyber Security Center](https://www.ncsc.gov.uk)
|
||||
- [US Cybersecurity - NIST](https://www.nist.gov/topics/cybersecurity)
|
||||
|
||||
|
||||
## Cybercrime
|
||||
- [Consumer Fraud Reporting](http://consumerfraudreporting.org) - US's Catalogue of online scams currently circulating, and a means to report cases
|
||||
- [Action Fraud](https://www.actionfraud.police.uk) - UK’s national reporting centre for fraud and cyber crime
|
||||
|
||||
|
||||
## Data and API's
|
||||
- [Exploit Database](https://www.exploit-db.com) - A database or Current software vulnerabilities
|
||||
- [That One Privacy Site](https://thatoneprivacysite.net/#detailed-vpn-comparison) - Detailed VPN Comparison Data
|
||||
- [Exodus](https://reports.exodus-privacy.eu.org/en/trackers/stats) - Trackers in Android Apps
|
||||
- [URLScan](https://urlscan.io) - Service scanning for malisious domains
|
||||
- [Dehashed](https://www.dehashed.com/breach) - Data Breaches and Credentials
|
||||
- [VirusTotal](https://developers.virustotal.com/v3.0/reference) - Detailed virus scans of software
|
||||
- Hosts to block: https://someonewhocares.org/hosts/ and https://github.com/StevenBlack/hosts
|
||||
|
||||
|
||||
## Academic Journals
|
||||
- [Crypto Paper](https://github.com/cryptoseb/cryptopaper) by Crypto Seb- Privacy, Security, and Anonymity For Every Internet User
|
||||
|
||||
|
||||
## Implementations and Standards
|
||||
- [The GNU Privacy Guard](https://www.gnupg.org)
|
||||
- [OpenPGP JavaScript Implementation](https://openpgpjs.org)
|
||||
- [WireGuard](https://www.wireguard.com/papers/wireguard.pdf)
|
||||
- [Nym](https://as93.link/nym-blog-post) - Next Generation of Privacy infrastructure
|
||||
|
||||
|
||||
## Mega Guides
|
||||
- by [Fried](https://fried.com/privacy)
|
||||
- by [ivpn](https://www.ivpn.net/privacy-guides)
|
||||
- by [ProPrivacy](https://proprivacy.com/guides/the-ultimate-privacy-guide)
|
||||
- by [Heimdal Security](https://heimdalsecurity.com/blog/cyber-security-mega-guide)
|
||||
- by [Wired](https://www.wired.com/2017/12/digital-security-guide)
|
||||
- by [Vice](https://www.vice.com/en_us/article/d3devm/motherboard-guide-to-not-getting-hacked-online-safety-guide)
|
||||
|
||||
## More Awesome GitHub Lists
|
||||
|
||||
- [privacy-respecting](https://github.com/nikitavoloboev/privacy-respecting) by @nikitavoloboev
|
||||
- [awesome-privacy](https://github.com/KevinColemanInc/awesome-privacy) by @KevinColemanInc
|
||||
- [Security_list](https://github.com/zbetcheckin/Security_list) by @zbetcheckin
|
||||
- [awesome-security](https://github.com/sbilly/awesome-security) by @sbilly
|
||||
- [awesome-sec-talks](https://github.com/PaulSec/awesome-sec-talks) by @PaulSec
|
||||
- [awesome-crypto-papers](https://github.com/pFarb/awesome-crypto-papers) by @pFarb
|
||||
- [awesome-threat-intelligence](https://github.com/hslatman/awesome-threat-intelligence) by @hslatman
|
||||
- [awesome-incident-response](https://github.com/meirwah/awesome-incident-response) by @meirwah
|
||||
- [awesome-anti-forensic](https://github.com/remiflavien1/awesome-anti-forensic) by @remiflavien1
|
||||
- [awesome-malware-analysis](https://github.com/rshipp/awesome-malware-analysis) by @rshipp
|
||||
- [awesome-honeypots](https://github.com/paralax/awesome-honeypots) by @paralax
|
||||
- [awesome-hacking](https://github.com/carpedm20/awesome-hacking) by @carpedm20
|
||||
- [awesome-pentest](https://github.com/enaqx/awesome-pentest) by @enaqx
|
||||
- [awesome-ctf](https://github.com/apsdehal/awesome-ctf) by @apsdehal
|
||||
|
||||
|
||||
## Unrelated Awesome Lists
|
||||
- [awesome]( https://github.com/sindresorhus/awesome) by @sindresorhus
|
||||
- [lists](https://github.com/jnv/lists) by @jnv
|
||||
|
||||
---
|
||||
|
||||
*Thanks for visiting, hope you found something useful here :) Contributions are welcome, and much appreciated - to propose an edit [raise an issue](https://github.com/Lissy93/personal-security-checklist/issues/new/choose), or [open a PR](https://github.com/Lissy93/personal-security-checklist/pull/new/master). See: [`CONTRIBUTING.md`](/.github/CONTRIBUTING.md).*
|
||||
|
||||
*Licensed under [Creative Commons, CC BY 4.0](https://creativecommons.org/licenses/by/4.0/), © [Alicia Sykes](https://aliciasykes.com) 2020*
|
||||
|
||||
[](https://github.com/Lissy93/personal-security-checklist/blob/master/LICENSE.md)
|
||||
|
||||
|
||||
----
|
||||
|
||||
Found this helpful? Consider sharing it with others, to help them also improve their digital security 😇
|
||||
|
||||
[](http://twitter.com/share?text=Check%20out%20the%20Personal%20Cyber%20Security%20Checklist-%20an%20ultimate%20list%20of%20tips%20for%20protecting%20your%20digital%20security%20and%20privacy%20in%202020%2C%20with%20%40Lissy_Sykes%20%F0%9F%94%90%20%20%F0%9F%9A%80&url=https://github.com/Lissy93/personal-security-checklist)
|
||||
[](
|
||||
http://www.linkedin.com/shareArticle?mini=true&url=https://github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=https://github.com/Lissy93)
|
||||
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A//github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=)
|
||||
[](https://mastodon.social/web/statuses/new?text=Check%20out%20the%20Ultimate%20Personal%20Cyber%20Security%20Checklist%20by%20%40Lissy93%20on%20%23GitHub%20%20%F0%9F%94%90%20%E2%9C%A8)
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
|
|
@ -0,0 +1,240 @@
|
|||
[](https://awesome.re)
|
||||
[](http://makeapullrequest.com)
|
||||
[](https://creativecommons.org/licenses/by/4.0/)
|
||||
|
||||
# Hardware for Protecting Privacy and Security
|
||||
A curated list of (DIY and pre-built) devices, to help preserve privacy and improve physical cyber security 🔐
|
||||
|
||||
**Too long? 🦒** See the [TLDR version](/2_TLDR_Short_List.md#security-hardware) instead.
|
||||
|
||||
---
|
||||
|
||||
#### Contents
|
||||
- [Basics](#basics)
|
||||
- [DIY Security Products](#diy-security-products)
|
||||
- [Paranoid Security Gadgets](#paranoid-security-gadgets)
|
||||
- [Network Security](#network-security)
|
||||
- [Secure Computing Devices](#secure-computing-devices)
|
||||
- [Hardware Encrypted Storage](#hardware-encrypted-storage)
|
||||
- [USB Data Blockers](#usb-data-blockers)
|
||||
- [FIDO U2F Keys](#fido-u2f-keys)
|
||||
- [Crypto Wallets](#crypto-wallets)
|
||||
|
||||
|
||||
## Basics
|
||||
|
||||
**Item** | **Description**
|
||||
--- | ---
|
||||
**USB Data Blocker**<br>[](https://amzn.to/2HDArRP) | There are many exploits that allow an attacker to infect your device with malware and/ or steal data, when you plug it in to what appears to be a USB power outlet. If you are charging your phone while travelling, a USB data blocker will prevent anything other than power from getting to your device, by removing the connection between the 2 data wires. The PortaPower brand, also comes with a fast charging chip, since without the data connection your device would otherwise charge at minimum speed
|
||||
**Microphone Blocker**<br>[](https://amzn.to/2uQ3r5L) | A microphone blocker is a device that prohibits audio hacking, in the form of a hardware accessory for a smartphones, laptops etc. It functions as a dummy mic jack, so the device thinks it has a microphone plugged in, and hence disables the internal one
|
||||
**Faraday Pouch**<br>[](https://amzn.to/3bIkfw4) | [Faraday Shield](https://en.wikipedia.org/wiki/Faraday_cage) is an enclosure that blocks electromagnetic fields. It is useful to keep any device which could be hacked through sending or receiving signals in such a case, such as car keys, or a smart phone. [Larger](https://amzn.to/2UTZOGM) versions are availible for tablets and latops.
|
||||
**RFID Blocking Cards**<br>[](https://amzn.to/38ycMxN) | If you are concerned about card skimming, you can use an RFID blocking sleeve to protect your contactless payment and identity cards. However there are proportionately very few RFID-skimmer crimes reported, and most credit cards have a low contactless limit
|
||||
**Web Cam Covers**<br>[](https://amzn.to/2uEz16H) | Web cam covers are quite self-exoplanetary, they physically conceal the lenses on your laptop or phone camera, to prevent a malicious actor (hacker, government, corporation etc) from watching you through the camera. It may sound paranoid, but unfortunately it happens, and it is a relatively simply process for someone to gain remote access to a webcam. Even Mark Zuckerberg [covers his webcam](https://www.geek.com/tech/mark-zuckerberg-tapes-up-his-webcam-and-snowden-says-you-should-too-1659083/)! Of course you could just use some tape, rather than buying a cover
|
||||
**Port Blockers**<br>[](https://amzn.to/327Yn9n) | There are many attacks that involve an attacker inserting a USB device (such as a BadUSB/ Rubber Ducky/ Malduino) to an open USB port. Adding a port blocker doesn't render you safe from this, since the attacker could take the time to try and remove it, but it could protect you for an opportunistic attack
|
||||
**Privacy Filter**<br>[](https://amzn.to/3bAa9xv) | Privacy filters are polarized sheets of plastic, that when placed over a computer screen prevent screen visibility from any angle other than straight on. They make it harder for anyone to look over your shoulder and see your data confidential
|
||||
**YubiKey**<br>[](https://amzn.to/38wcG9R) | The YubiKey is a small hardware device used to secure access on mobile devices, computers, and servers to all of your online accounts. It allows for second-factor authentication, hence protecting anyone other than you from logging in. It is said to be more convenient and more secure than using a mobile authenticator, but there are reasons for and against
|
||||
**Encrypted Kingston Data Traveler**<br>[](https://amzn.to/38xsnO5) | Good value, easy-to-use with no installation required. Built-in hardware encryption and high password protection. Also optionally allows for automatic cloud backup option to protect against data loss (which doesn't say much about their faith in this USB device, but jokes aside-) this is a very affordable and well rated little device
|
||||
**Hardware Encrypted USB 3.0 Drive**<br>[](https://amzn.to/2vD32Ug) | OS & Platform independent, with 100% hardware encryption, so it works perfectly with all operating systems. USB 3.0 with Read/Write Speeds of 116/43 MBps. GDPR complient and FIPS 140-2 Level 3, NLNCSA DEP-V & NATO Restricted Level Certified with real time military grade AES-XTS 256-bit hardware encryption
|
||||
**Hardware Encrypted External Hard Drive**<br>[](https://amzn.to/37pTmK8) | Similar to the iStorage hardware encrypted USB 3.1 drive, this external hard drive has high capacity and strong hardware encryption. Data is encrypted with FIPS PUB 197 Validated Encryption Algorithm, and against a 7 - 15 digit alpha-numeric pin, with erasing capabilities for multiple failed login attempts
|
||||
**Fingbox - Home Network Monitoring**<br>[](https://amzn.to/2V5gATx) | Fing Box is an optional companion to the [Fing App](https://www.fing.com/products/fing-app). It provides network monitoring and security capabilities, to protect your home/ work network. As well as the functionality of the app, the FingBox allows you to block intruders and notify you about unknown devices as well as analyse your network for vulnerabilities, such as open ports. You can also see which devises are near your home at what time (even if they're not connected to your WiFi), and improve network speed with scheduled analysis and bandwidth allocation. Best to try out the Fing app alone, before buying the FindBox, but both are great products for netowrk monitoring and security
|
||||
**Bootable Drive Eraser**<br>[](https://amzn.to/2SsL67Y) | Easy-to-use bootable USB will completely erase your hard drive with military grade destruction, making it near-impossible for any files or personal data to be recovered. This should be done before you sell, or dispose of any hard drive. Of course there are various .ISOs you can download and flash to a USB yourself if you do not want to spend money, but this USB supports all devices and is quick and easy to use, with excellent results
|
||||
**Mobile Privacy Screen**<br>[](https://amzn.to/2OZO3Lc) | Similar to the laptop/ monitor privacy filter, this screen protector will prevent anyone from seeing what is on your screen when reading from an angle
|
||||
**Kensington Lock**<br>[](https://amzn.to/38zu0e2) | Quite self-explanatory, this lock will make it harder for someone to steal your laptop, and get to your data. Of course it does require that your laptop has the [Kensington Security Slot](https://en.wikipedia.org/wiki/Kensington_Security_Slot), which many do
|
||||
**Anti-Surveillance Clothing**<br>[](https://adversarialfashion.com) | Facial recognition is being rolled out in most countries now, the patterns on these clothes, will confuse facial, object and number plate recognition, injecting junk data in to the systems, hence making it harder for automated systems to monitor and track you
|
||||
**Solo Key**<br>[](https://amzn.to/37CsOpj) | Another FIDO2 physical security key for 2-facto authentication and storing encryption keys. SoloKeys have both open source hardware and software, they are easy to use out of the box, but can also be used for developers and makers, since there is a well documented CLI
|
||||
**Nano Ledger**<br>[](https://amzn.to/37q1cn6) | If you are in possession of BitCoin or other crypto then one of the most secure ways to store, send and receive coins is with a hardware wallet. Ledger has a solid reputation when it comes to hardware encryption, and the main principle behind their wallets is to provide full isolation between the private keys and your easy-to-hack computer or smartphone
|
||||
**Cold Storage**<br>[](https://amzn.to/2HqVy9x) | If you are not planning on spending your crypto any time soon, and do not want to trust a tech-based solution, then consider this metal cold storage wallet. Unlike writing your private key down on paper, this will not fade, and cannot be destroyed by water, fire of other environmental circumstances. Of course you could just engrave your key on a small sheet of aluminium
|
||||
**Anonabox**<br>[](https://amzn.to/2UWtP8E) | Plug-and-play Tor router, that can be used with public WiFi while travelling, or at home. Anonabox provides easy access to the deep web and lets you bypass censorship, protect your location, deter data collection and more. It can also be used with a VPN, or for online hosting. Of course you could build a similar product your self using a Raspberry Pi and a WiFi range extender
|
||||
**Deauth Detector**<br>[](https://amzn.to/2HtUy4B) | Most WiFi hacks begin by sending deauth packets, so that connected clients will briefly be disconnected to the network. This [ESP8266](https://en.wikipedia.org/wiki/ESP8266) comes pre-flashed with [@SpaceHuhn's](https://github.com/spacehuhn) deauth detector (which you can view [here, on GitHub](https://github.com/spacehuhn/DeauthDetector)). Once it detects [deauthentication or disassociation frames](https://mrncciew.com/2014/10/11/802-11-mgmt-deauth-disassociation-frames), it will activate a speaker to notify you
|
||||
**Librem 5**<br>[](https://shop.puri.sm/shop/librem-5/) | Security and Privacy focused smart phone by Purism. With hardware kill switches and specially designed software, this device runs Linux, and does not track you. It Separates CPU from Cellular Baseband, uses IP-Native Communication First and Decentralized Communication by Default. The source code is user-controlled, and has layered security protection. Purism also have [other security-focused products](https://puri.sm/products)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## DIY Security Products
|
||||
|
||||
Don't want to spend money? Most of the products above, plus some that wearn't included can be built at home with some pretty simple hardware and open source software. The following list will point you in the right direction to start making!
|
||||
|
||||
See Also [DIY Networking Hardware](#diy-networking-hardware)
|
||||
|
||||
- **Network-wide add-block** - [Pi Hole](https://pi-hole.net) is a simple yet powerful app, that can be installed on a [Raspberry Pi](https://amzn.to/36GNpsm), and once you've updated your routers DNS servers to point to it, all resources on the blacklist will be blocked, at the point of origin. This makes it much more powerful than a browser add-on, and will also speed your internet up
|
||||
- **Encrypted USB** - You can use [VeraCrypt](https://www.veracrypt.fr/en/Home.html) to create an encrypted USB drive, using any off-the shelf [USB drive](https://amzn.to/2RykcLD)
|
||||
- **USB Sanitiser** - [CIRCLean](https://www.circl.lu/projects/CIRCLean) is a hardware solution to clean documents from untrusted (obtained) USB drives. It automatically converts untrusted documents into a readable but disarmed format and stores these clean files on a trusted (user owned) USB key/stick.
|
||||
- **Hardware Wallet** - Using the Trezor Shield or [Trezor Core](https://github.com/trezor/trezor-firmware) and a Raspberry Pi, you can create your own hardware wallet for safley storing your crypto currency private keys offline. See [this guide](https://github.com/Multibit-Legacy/multibit-hardware/wiki/Trezor-on-Raspberry-Pi-from-scratch) for building. If you enjoyed that, you can also run your own BitCoin and Lightning Node [Raspiblitz](https://github.com/rootzoll/raspiblitz)
|
||||
- **AI Assistant Mod** - [Project Alias](https://github.com/bjoernkarmann/project_alias) runs on a Pi, and gives you more control and increased privacy for both Google Home and Alexa, through intercepting voice commands, emitting noise interference + lots more. If your interested in voice assistants, then also check out [Mycroft](https://mycroft.ai)- an open source, Pi-based alternative to Google Home/ Alexa
|
||||
- **Home VPN** - [Pi_VPN](https://www.pivpn.io) lets you use [OpenVPN](https://openvpn.net) to connect to your home network from anywhere, through your [Pi](https://amzn.to/2uniPqa). See [this guide](https://pimylifeup.com/raspberry-pi-vpn-server) for set-up instructions. This will work particularly well in combination with Pi Hole.
|
||||
- **USB Password Manager** - Storing your passwords in the cloud may be convinient, but you cannot ever be certain they won't be breached. [KeePass](https://keepass.info/help/v2/setup.html) is an offline password manager, with a portable ddition that can run of a USB. There's also an [app](https://play.google.com/store/apps/details?id=com.korovan.kpass). See also [KeePassX](https://www.keepassx.org) and [KeePassXC](https://keepassxc.org) which are popular communnity forks with additional functionality
|
||||
- **Automated Backups** - [Syncthing](https://syncthing.net) is a privacy-focused continuous file synchronization program. You can use it to make on-site backups as well as encrypted and sync your data with your chosen cloud storage provider
|
||||
- **Bootable Drive Eraser** - You can flash the [DBAN](https://dban.org) or [KillDisk](https://www.killdisk.com/bootablecd.htm) ISO file onto a USB, boot from it and securly, fully wipe your hard drives. This is useful to do before selling or disposing of a PC.
|
||||
- **Deauth Detector** - Since most wireless attacked begin by sending out deauthentication packets, you can flash SpaceHuhns [DeatuhDetector](https://github.com/spacehuhn/DeauthDetector), onto a standard [ESP8266 NodeMCU](https://amzn.to/2v5grV0), plug it in, and wait to be notified of wireless deauth attacks
|
||||
- **Tor WiFi Network** - Using [OnionPi](https://github.com/breadtk/onion_pi), you can create a second wireless network, that routed traffic through Tor. This is very light-weight so can be done with just a [Pi Zero W](https://amzn.to/2Urc0hM). Here is a configuration [guide](https://www.sbprojects.net/projects/raspberrypi/tor.php)
|
||||
- **Faraday Case** - If you want to block signals for devices such as car keys, smart phone, laptop or even just RFID-enabled cards and passports, you can line a box or pouch with [Faraday Fabric](https://amzn.to/2ORKtTr)
|
||||
- **GPS Spoofer** - If you don't want to be tracked with GPS, then using a SDR you can send out spoof GPS signals, making near-by GPS-enabled devices think that they are in a totally different location. (Wouldn't recommend using this while on an airplane though!). You can use [gps-sdr-sim](https://github.com/osqzss/gps-sdr-sim) by [@osqzss](https://github.com/osqzss), and run it on a [Hacker RF](https://greatscottgadgets.com/hackrf) or similar SDR. Here's a [guide](https://www.rtl-sdr.com/tag/gps-spoofing) outlineing how to get started, you'll also need a [NooElec HackRF One](https://amzn.to/2Ta1s5J) or similar [SDR](https://amzn.to/39cLiOx). Check your local laws first, you may need a radio license.
|
||||
|
||||
If you are confident with electronics, then you could also make:
|
||||
- **USB Data Blocker** - By simple removing the data wires from a USB adapter, you can create a protector to keep you safe while charing your device in public spaces. See [this guide](https://www.instructables.com/id/Making-a-USB-Condom) for more info (note: fast charge will not work)
|
||||
- **Hardware Encrypted Password Manager** - Even better than a software-encrypted password manager, is the [hardpass0.2](https://bit.ly/3bg4Xi4) which is a very simple hardware-encrypted USB store, using [GnuPG Smart card](https://www.g10code.com/p-card.html), [GNU Password Standard](https://www.passwordstore.org/) and this [source code](https://github.com/girst/hardpass-passwordmanager) all running on a [Pi Zero](https://amzn.to/2Sz0vU4). See also the [Zamek Project](https://bit.ly/36ZJrec), using this [source code](https://github.com/jareklupinski/zamek) to achive a similar functioning hardware-password manager
|
||||
- **U2F USB Token** - Similar to the FIDO2 2-factor authentication USB keys, [U2f-Zero](https://github.com/conorpp/u2f-zero) by Conor Patrick, lets you turn a Pi Zero into a second-factor auth method. Note: project no longer activley maintained, see [NitroKey](https://github.com/nitrokey) instead
|
||||
- **PC auto-lock Flash Drive** - Turn a flash drive into a lock/ unlock key for your PC, allowing you to quickly lock your device when needed [deprecated]
|
||||
- **Headless Pi Zero SSH server** - Create an small test server, that you can SSH into for development, in order to not have to run risky or potentially dangerous code or software directly on your PC, see [this artticle](https://openpunk.com/post/5) for getting started
|
||||
|
||||
|
||||
## Paranoid Security Gadgets
|
||||
|
||||
We can go even further, these products are far from essential and are maybe a little over-the-top. But fun to play around with, if you really want to avoid being tracked!
|
||||
|
||||
- **Self-Destroying PC** - The ORWL PC will wipe all data if it is compromised, and has many other safeguards to ensure no one other than you can access anything from your drive. Comes with QubeOS, Windows or Linux, and requires both a password and fob to log in. See more: [orwl.org](https://orwl.org)
|
||||
- **Card Skimmer Detector** - Ensure an ATM or card reader does not have an integrated skimming device. See more at [Lab401](https://lab401.com/products/hunter-cat-card-skimmer-detector)
|
||||
- **Voice Changer** - Useful to disguise voice, while chatting online. See more: [UK](https://amzn.to/3bXqpsn) | [US](https://amzn.to/2PqUEyz)
|
||||
- **Ultra-Sonic Microphone Jammer** - Blocks phones, dictaphones, voice assistants and other recording devices. Uses built-in transducers to generate ultrasonic signals that can not be heard by humans, but cause indistinct noise, on redording devices, making it impossible to distinguish any details of the conversations. See more [UK](https://amzn.to/2Hnk63s) | [US](https://amzn.to/2v2fwVG)
|
||||
- **Reflective Glasses** - Blocks faces from most CCTV and camera footage, and stops facial recognition from being able to map your face. See more: [Reflectacles](https://www.reflectacles.com)
|
||||
- **Bug Detector** - Able to detect radio waves, magnetic fields, in order to find hidden wired or wireless recording or camera equipment and transmitting devices, Note: has limited accuracy. See more: [UK](https://amzn.to/2V8z8C1) | [US](https://amzn.to/2V9AnkI)
|
||||
- **Active RFID Jamming** - Armour Card is a slim credit-card shaped device, which when in contact with any readers creates an electronic force field, strong enough to "jam" and readings from being taken by emmiting arbitrary data. Aimed at protecting cred cards, identity documents, key cards and cell phones. [US](https://amzn.to/38bJxB9) | [ArmourCard Website](https://armourcard.com)
|
||||
- **Anti-Facial Recognition Clothing** - Carefully printed patterns that confuse common facial recognition algorithms. See more: [Amazon UK](https://amzn.to/32dnYgO) | [Redbubble](https://www.redbubble.com/people/naamiko/works/24714049-anti-surveillance-clothing?p=mens-graphic-t-shirt) | [Monoza](https://www.monoza.mobi/hyperface-anti-surveillance-shirt/?sku=1045-19321-423696-174028)
|
||||
- **Tor Travel-Router** - Plug-and-play travel router, providing WiFi with VPN or Tor for more private internet access, also has Wi-Fi uplink and range extender with a clear user interface. See more: [Anonabox.com](https://www.anonabox.com) | [Amazon](https://amzn.to/2HHV0fG)
|
||||
- **GPS Jammer** - In the DIY list, there was a link to how to build a GPS spoof device using an SDR. But you can also buy a GPS jammer, which may be useful if you fear that you are being tracked. They are aimed at preventing UAVs from operating in your area, but can also be used to confuse other tracking devices near by, there's a variety of models with varying power and range availible from $50 - $500. [AliExpress](https://www.aliexpress.com/item/4000214903055.html)
|
||||
- **Faraday Cases** - A Faraday cage or Faraday shield is an enclosure used to block electromagnetic fields. This can be really useful for electronics, since many devices are constantly transmitting and recieving, which is the worst when you are trying to avoid being tracked. Their have been numerous reportings that governments can apparently track phones, even when they are [powered off](https://slate.com/technology/2013/07/nsa-can-reportedly-track-cellphones-even-when-they-re-turned-off.html), and since smart phones often do not have removable batteries, the only option is often to shield them from any em waves. See [SilentPocket.com](https://silent-pocket.com/collections/all-products) | [Faraday Box](https://amzn.to/3cj9z7r) | [Faraday Phone Pouch](https://amzn.to/38faum5)
|
||||
- **Forensic bridge kit** - Allows for write blocking to prevent unauthorized writing to a device, and for crating images with out modifying data. See more: [Amazon](https://www.amazon.com/dp/B00Q76XG5W)
|
||||
- **Stand-alone Drive Eraser** - Allows you to erase drives, without connecting them to your PC. Availible in different modesls for different needs. See More: [Amazon](https://www.amazon.com/StarTech-com-Hard-Drive-Eraser-Standalone/dp/B073X3YZNL)
|
||||
|
||||
|
||||
## Network Security
|
||||
|
||||
Gadgets that help protect and anonamise your internet, detect & prevent intrusions and provide additional network controlls, both at home and while traveling. There are many products like this availible, some of them are over-priced for what they are, others provide some really essential network security features. It is possible to re-create some of these solutions yourself, to save money [above](#diy-security-products).
|
||||
|
||||
- **Anonabox** - Plug-and-play Tor router. Wi-Fi uplink and range extender with user interface, also has VPN options and USB ports for local file sharing. [Amazon](https://amzn.to/38bwZIA) | [Anonabox.com](anonabox.com)
|
||||
- **FingBox** - Network monitoring and security, for what it offers Fing is very affordable, and there is a free [app](https://www.fing.com/products/fing-app) that you can use before purchasing the hardware to get started. [Fing.com](https://www.fing.com/products/fingbox) | [US](https://amzn.to/2wlXfCT) | [UK](https://amzn.to/2I63hKP)
|
||||
- **BitdefenderBox** - Cybersecurity home firewall hub, for protecting IoT and other devices. Has other features such as parental controlls and is easy to set up. [US](https://amzn.to/2vrurZJ) | [UK](https://amzn.to/34Ul54w)
|
||||
- **Trend Micro Box** - Protect home networks from external and internal cyber attacks. Detects intrusions, vulnrabbilities, remote access, web threats and provides other security features. [US](https://amzn.to/2wk3Y0s) | [US](https://amzn.to/2uqX4Wv)
|
||||
- **AlwaysHome Duo** - USB VPN with accelerated virtual networking to your home or office network, crossing geo-blocking and firewall mechanisms. [US](https://amzn.to/2Ts6oSn) | [UK](https://amzn.to/3bi4cF0)
|
||||
- **Firewalla Red** - An intrusion detection and intrusion prevention system, with a web and mobile interface. Also has Ad-block, VPN, internet controll features and insights. [US](https://amzn.to/388BlAw) | [Firewalla.com](https://firewalla.com)
|
||||
- **LibertyShield** - Pre-configured, plug-and-play multi-country VPN router, note that after 1 year there is a monthly subscription. [US](https://amzn.to/2T89vzU) | [UK](https://amzn.to/2twJlwM)
|
||||
- **Gigabit Travel AC VPN Router** - A fully-featured dual-band travel router with VPN capabilities. [US](https://amzn.to/32HD1zU) | [UK](https://amzn.to/2SkUxFg)
|
||||
- **InvizBox** - Tor router, that provides speed, privacy and security for all devices connected to it. [Invizbox.com](https://www.invizbox.com) | [Amazon](https://amzn.to/2w4v7V3)
|
||||
- **InviziBox Go** - Portable VPN: https://amzn.to/386ikPT
|
||||
- **WatchGuard Firebox** - Business-grade network firewall. [US](https://amzn.to/2VF0MqR) | [UK](https://amzn.to/2VF12WR)
|
||||
|
||||
#### DIY Networking Hardware
|
||||
- **[Pi-Hole](https://pi-hole.net)** - Network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole. Pi-Hole can significantly speed up your internet, remove ads and block malware. It comes with a nice web interface and a mobile app with monitoring features, it's open source, easy to install and very widley used
|
||||
- **[IPFire](https://www.ipfire.org)** - A hardened, versatile, state-of-the-art open source firewall based on Linux. Its ease of use, high performance and extensibility make it usable for everyone
|
||||
- **[PiVPN](https://pivpn.io)** - A simple way to set up a home VPN on a any Debian server. Supports OpenVPN and WireGuard with elliptic curve encryption keys up to 512 bit. Supports multiple DNS providers and custom DNS provividers- works nicley along-side PiHole
|
||||
- **[E2guardian](http://e2guardian.org)** - Powerful open source web content filter
|
||||
- **[SquidGuard](http://www.squidguard.org)** - A URL redirector software, which can be used for content control of websites users can access. It is written as a plug-in for Squid and uses blacklists to define sites for which access is redirected
|
||||
- **[PF Sense](https://www.pfsense.org)** - Widley used, open source firewall/router
|
||||
- **[Zeek](https://www.zeek.org)** - Detect if you have a malware-infected computer on your network, and powerful network analysis framework and monitor
|
||||
|
||||
[See more](https://geekflare.com/best-open-source-firewall) open source firewall apps
|
||||
|
||||
For most projects, a Raspberry Pi 3 or 4 is more than enough. You could also build your own hardware, see [this guide](https://www.instructables.com/id/Build-your-own-gateway-firewall) on constructing a gateware firewall yourself.
|
||||
|
||||
|
||||
## Secure Computing Devices
|
||||
|
||||
- **ORWL PC** - A self-destroying PC, that will wipe all data if it is compromised, and has many other safeguards to ensure no one other than you can access anything from your drive. Comes with QubeOS, Windows or Linux, and requires both a password and fob to log in. See more: [orwl.org](https://orwl.org)
|
||||
- **Librem 5** - An open source security and privacy-focused phone, running PureOS, built by Prism. See More: [puri.sm/products/librem-5](https://puri.sm/products/librem-5)
|
||||
- **Armadillo Phones** - Encrypted phones, SIMs and Networks, provide zero-trust communications and pro-active defences. Their keychain software is open source, and they also provide encrypted SIMs, and servers.
|
||||
See More: [ArmadilloPhone.com](https://www.armadillophone.com/store#diamond)
|
||||
- **KryptAll** - Provides secure mobile networking, for encrypted celluar calling. However without being open source, these devices are harder to verify. See More: [KryptAll.com](https://www.kryptall.com)
|
||||
- **Ano-Phone** - Android devices loaded with additional security defences. Not open source.
|
||||
See More: [ano-phone.com](https://ano-phone.com)
|
||||
- **Secure Group** - Hardware-encrypted smart phones, for privacy and security. See more: [SecureGroup.com](https://securegroup.com/hardware)
|
||||
- **Librem Laptop** - The Librem 13, Librem 15 and Librem Mini are well-speced, open source hardware-encrypted computing devices by Purism. They have several hardware features, like physical connectivity switches, and tamper-proof hardware. See More [puri.sm](https://puri.sm/products)
|
||||
|
||||
|
||||
|
||||
## Hardware Encrypted Storage
|
||||
|
||||
Hardware-based encryption uses a device’s on-board security to perform encryption and decryption. It is self-contained and does not require the help of any additional software. Therefore, it is essentially free from the possibility of contamination, malicious code infection, or vulnerability, and able to be used on any platform.
|
||||
|
||||
If the device itself becomes compromised, your data will remain safe. Really useful backing up, transporting and sharing personal data safely. For maximum security, you can combine hardware encryption with software encryption.
|
||||
|
||||
Reliable options include:
|
||||
|
||||
- AES Hardware encrypted USB 3.0 external hard drive enclosure for HDD or SSD: [US]() | [UK](https://amzn.to/2GM3GkB)
|
||||
- Integral 256-bit AES USB 3.0 (Software required), 16GB, 32GB, 64GB. [US]() | [UK](https://amzn.to/37vpyNb)
|
||||
- iStorage 256-bit AES USB 3.0 Pro (Hardware Encrypted), with keypad, 8GB, 16GB, 32GB, 64GB. [US](https://amzn.to/2T9wTgo) | [UK](https://amzn.to/2O1OPXu)
|
||||
- IornKey Rugged Enterprise-grade encrypted USB Pen, 4GB, 8GB, 16GB, 32GB, 64GB, 128GB. [US](https://amzn.to/2wYWQH2) | [UK](https://amzn.to/3cjsnUi)
|
||||
- iStorage 256-bit AES USB 3.0 Personal (Hardware Encrypted), with keypad, 8GB, 16GB, 32GB, 64GB. [US](https://amzn.to/2I99c1G) | [UK](https://amzn.to/38GzHqo)
|
||||
- Lexar JumpDrive Fingerprint USB 3.0 (Software required), 32GB, 64GB, 128GB, 256GB. [US](https://amzn.to/38b0eeP) | [UK](https://amzn.to/2GtipRC)
|
||||
- iStorage 256-bit Hardware Encrypted external USB 3.1 SSD Drive. 128GB, 256GB, 512GB, 1TB. [UK](https://amzn.to/37wkhVA)
|
||||
- iStorage 256-bit Hardware Encrypted external USB 3.1 HDD Drive. 1TB, 2TB, 3TB, 4TB. [US](https://amzn.to/32DI4RA) | [UK](https://amzn.to/37vpFYN)
|
||||
|
||||
|
||||
*Alternatively, a cheaper option would be a software-encrypted USB. [VeraCrypt](https://www.veracrypt.fr/en/Home.html) is cross-platform open source encryption application. It's surprisingly simple (see [this how-to guide](https://www.howtogeek.com/108501/the-how-to-geek-guide-to-getting-started-with-truecrypt)), and very secure. Combine this with an ordinary USB drive, this [high-speed (300mb/s) 256GB flash drive](https://amzn.to/2RykcLD) is a great option*
|
||||
|
||||
*For encryption your boot drive, you can use [BitLocker](https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview) (Windows), [FileVault](https://support.apple.com/en-us/HT204837) (OSX), or any of these [options](https://www.tecmint.com/file-and-disk-encryption-tools-for-linux) for Linux.*
|
||||
|
||||
|
||||
|
||||
## USB Data Blockers
|
||||
|
||||
Small, low-cost but essential devise. It attaches inbetween your USB cable and the charging socket, and will physically block data transfer and syncing while charging. Totally mitigates the risk of being hacked via a USB exploit, and stops anything being uploaded to your device.
|
||||
|
||||
- PortaPow 3rd Gen, USB A, 2-Pack. [Red](https://amzn.to/39aStqE) | [White](https://amzn.to/2TqXl4i) | [Black](https://amzn.to/38imYd2)
|
||||
- PortaPow Dual USB Power Monitor with Data Blocker, usful for monitoring power consumption and managing which devices are allowed data connections. [US](https://amzn.to/2I7HT7J) | [UK](https://amzn.to/3chnWcJ)
|
||||
- Privise USB A Data Blocker. [US](https://amzn.to/3cig0rr) | [UK](https://amzn.to/2VAbX3K)
|
||||
- Data-only Micro-USB cable. Be sure that it is actually data-only, you can count the pins at each end. Again PortaPow make a legitimate safe-charge cable [US](https://amzn.to/2Tq09ys) | [UK](https://amzn.to/38chHDF)
|
||||
|
||||
|
||||
PortaPow (3rd gen) is one of the best options, since it has a SmartCharge chip (which isn't usually possible without the data wire).
|
||||
|
||||
You can also build your own very easily, [here is a schematic](https://www.electroschematics.com/diy-usb-condom-circuit).
|
||||
|
||||
Word of Warning: Sometimes the cable itself can be dangerous. See [O.M.G Cable](https://shop.hak5.org/products/o-mg-cable), it looks like a totally authentic phone cable, but is actually able to deploy advanced exploits often without you being able to identify. It is always best label your cables, to ensure you are using your own, safe wire.
|
||||
|
||||
|
||||
## FIDO U2F Keys
|
||||
|
||||
Using a physical 2-factor authentication key can greatly improve the security of your online accounts. See [twofactorauth.org](https://twofactorauth.org) for a list of websites that provide 2FA.
|
||||
|
||||
- **Yubico USB A + NFC Key** - classic key with solid reputation. [UK](https://amzn.to/38ddnUG) | [US]() | [Yubico](https://www.yubico.com/store)
|
||||
- **YubiKey 5 Mobile and Nano Keys** - [USB A Nano](https://amzn.to/2wkCmbe) | [USB C](https://amzn.to/2VGkClz) | [USB C Nano](https://amzn.to/39b2zYA)
|
||||
- **Thetis** - Durable. mobile-friendly USB-A FIDO U2F Key. [US](https://amzn.to/39f6Dqu) | [UK](https://amzn.to/3cm9xvK) | [Thetis.io](https://thetis.io)
|
||||
- **Solo Key** - An open source U2F and FIDO2 key, USB A + NFC. [US](https://amzn.to/39cJR2P) | [UK](https://amzn.to/3ajnBo0) | [SoloKeys.com](https://solokeys.com)
|
||||
- **OnlyKey** - A pin-protected hardware password manager with FIDO2/ U2F. It allows a user to log in without a password or typing out a 2FA code. [OnlyKey.com](onlykey.io/alicia) | [US](https://amzn.to/38blkd3) | [UK](https://amzn.to/3clwTli)
|
||||
- **Librem Key** - Makes encryption, key management, and tamper detection convenient and secure. Includes an integrated password manager, random number generator, tamper-resistant smart card plus more. [Puri.sm](https://puri.sm/products/librem-key)
|
||||
|
||||
|
||||
The Verge has a good [article](https://www.theverge.com/2019/2/22/18235173/the-best-hardware-security-keys-yubico-titan-key-u2f) comparing hardware keys.
|
||||
|
||||
If you are interested in reserarching how to build your own key, see [U2f-Zero](https://github.com/conorpp/u2f-zero) by Conor Patrick, lets you turn a Pi Zero into a second-factor auth method. Note: project no longer activley maintained, see [NitroKey](https://github.com/nitrokey) instead
|
||||
|
||||
|
||||
|
||||
## Crypto Wallets
|
||||
|
||||
The most secure medium to store your currency is cold (offline) wallets, since they cannot be hacked. Of course it is vital that you keep your private keys somewhere that they cannot be stolen, and cannot be lost or destroyed. Electronic devices can make it easy to securely store and spend crypto currency. Choose a wallet that is open source, and with a good reputation. Ensure you backup your seed, and keep it somewhere safe.
|
||||
|
||||
- Trezor is fully open source and implements a firmware-based security on top of known hardware. [Trezor.com](https://trezor.io)
|
||||
- Ledger takes a more black box approach, but their devices are very well tested and secure. They are also easy to use and durable, with good support for a range of crypto. [Ledger.com](https://shop.ledger.com/pages/hardware-wallets-comparison)
|
||||
- Indestructible Steel Wallet, for private key. [US](https://amzn.to/2Px0EFV) | [UK](https://amzn.to/2VLeVmr)
|
||||
|
||||
Always ensure the packaging has not been tampered with, buy direct from the manufacturer when possible.
|
||||
|
||||
|
||||
---
|
||||
|
||||
## See Also
|
||||
|
||||
- [Awesome Privacy-Respecting Software](/5_Privacy_Respecting_Software.md)
|
||||
- [Ultimate Personal Security Checklist](/README.md)
|
||||
- [Why Privacy and Security Matters](/0_Why_It_Matters.md)
|
||||
- [Further Links + More Awesome Stuff](/4_Privacy_And_Security_Links.md)
|
||||
|
||||
|
||||
Contributions welcome and appreciated - to propose an edit [raise an issue](https://github.com/Lissy93/personal-security-checklist/issues/new/choose) or [open a PR](https://github.com/Lissy93/personal-security-checklist/pull/new/master). See: [`CONTRIBUTING.md`](/.github/CONTRIBUTING.md)
|
||||
|
||||
*Licensed under [Creative Commons, CC BY 4.0](https://creativecommons.org/licenses/by/4.0/), © [Alicia Sykes](https://aliciasykes.com) 2020*
|
||||
|
||||
[](https://github.com/Lissy93/personal-security-checklist/blob/master/LICENSE.md)
|
||||
|
||||
---
|
||||
|
||||
Found this helpful? Consider sharing it with others, to help them also improve their digital security 😇
|
||||
|
||||
[](http://twitter.com/share?text=Check%20out%20the%20Personal%20Cyber%20Security%20Checklist-%20an%20ultimate%20list%20of%20tips%20for%20protecting%20your%20digital%20security%20and%20privacy%20in%202020%2C%20with%20%40Lissy_Sykes%20%F0%9F%94%90%20%20%F0%9F%9A%80&url=https://github.com/Lissy93/personal-security-checklist)
|
||||
[](
|
||||
http://www.linkedin.com/shareArticle?mini=true&url=https://github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=https://github.com/Lissy93)
|
||||
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A//github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=)
|
||||
[](https://mastodon.social/web/statuses/new?text=Check%20out%20the%20Ultimate%20Personal%20Cyber%20Security%20Checklist%20by%20%40Lissy93%20on%20%23GitHub%20%20%F0%9F%94%90%20%E2%9C%A8)
|
||||
|
|
@ -0,0 +1,48 @@
|
|||
|
||||
## Contributors 🙌
|
||||
|
||||
Thanks goes to these wonderful people
|
||||
|
||||
<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
|
||||
<!-- prettier-ignore-start -->
|
||||
<!-- markdownlint-disable -->
|
||||
<table>
|
||||
<tr>
|
||||
<td align="center"><a href="https://gitlab.com/W1nst0n"><img src="https://avatars3.githubusercontent.com/u/55300518?v=4" width="90px;" alt=""/><br /><sub><b>0x192</b></sub></a><br /><a href="#security-0x192" title="Security">🛡️</a></td>
|
||||
<td align="center"><a href="https://keybase.io/pipboy96"><img src="https://avatars1.githubusercontent.com/u/46632672?v=4" width="90px;" alt=""/><br /><sub><b>pipboy96</b></sub></a><br /><a href="#security-pipboy96" title="Security">🛡️</a></td>
|
||||
<td align="center"><a href="https://aliciasykes.com"><img src="https://avatars1.githubusercontent.com/u/1862727?v=4" width="90px;" alt=""/><br /><sub><b>Alicia Sykes</b></sub></a><br /><a href="#security-Lissy93" title="Security">🛡️</a></td>
|
||||
<td align="center"><a href="https://twitter.com/mwleeds"><img src="https://avatars2.githubusercontent.com/u/7833263?v=4" width="90px;" alt=""/><br /><sub><b>Matthew Leeds</b></sub></a><br /><a href="#security-mwleeds" title="Security">🛡️</a></td>
|
||||
<td align="center"><a href="http://jaiminpandya.com"><img src="https://avatars0.githubusercontent.com/u/20967911?v=4" width="90px;" alt=""/><br /><sub><b>Jaimin Pandya</b></sub></a><br /><a href="#security-pndyjack" title="Security">🛡️</a></td>
|
||||
<td align="center"><a href="https://twitter.com/ilesinge"><img src="https://avatars3.githubusercontent.com/u/501674?v=4" width="90px;" alt=""/><br /><sub><b>Alexandre G.-Raymond</b></sub></a><br /><a href="#security-ilesinge" title="Security">🛡️</a></td>
|
||||
<td align="center"><a href="https://github.com/guestx86"><img src="https://avatars2.githubusercontent.com/u/56132403?v=4" width="90px;" alt=""/><br /><sub><b>guestx86</b></sub></a><br /><a href="#security-guestx86" title="Security">🛡️</a></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="center"><a href="https://www.baturin.org"><img src="https://avatars0.githubusercontent.com/u/482212?v=4" width="90px;" alt=""/><br /><sub><b>Daniil Baturin</b></sub></a><br /><a href="#security-dmbaturin" title="Security">🛡️</a></td>
|
||||
<td align="center"><a href="https://transitiontech.ca"><img src="https://avatars2.githubusercontent.com/u/1264398?v=4" width="90px;" alt=""/><br /><sub><b>ansuz</b></sub></a><br /><a href="#security-ansuz" title="Security">🛡️</a></td>
|
||||
<td align="center"><a href="https://github.com/8264"><img src="https://avatars0.githubusercontent.com/u/23311938?v=4" width="90px;" alt=""/><br /><sub><b>8264</b></sub></a><br /><a href="#security-8264" title="Security">🛡️</a></td>
|
||||
<td align="center"><a href="https://github.com/101lols"><img src="https://avatars1.githubusercontent.com/u/29000894?v=4" width="90px;" alt=""/><br /><sub><b>101lols</b></sub></a><br /><a href="#security-101lols" title="Security">🛡️</a></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<!-- markdownlint-enable -->
|
||||
<!-- prettier-ignore-end -->
|
||||
<!-- ALL-CONTRIBUTORS-LIST:END -->
|
||||
|
||||
<!-- To add yourself to the table, copy the row above and replace with your details. Max 7 <td> (columns) per <tr> (row). -->
|
||||
|
||||
|
||||
This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification.
|
||||
Contributions of any kind welcome!
|
||||
|
||||
|
||||
|
||||
## References 📝
|
||||
|
||||
// Todo
|
||||
|
||||
## Stars 🌟
|
||||
|
||||
[](https://star-history.t9t.io/#Lissy93/personal-security-checklist)
|
||||
|
||||
Thank you [@caarlos0](https://github.com/caarlos0) for the above [Star Chart](https://github.com/caarlos0/starcharts) ☺️
|
||||
|
||||
|
|
@ -0,0 +1,348 @@
|
|||
# Creative Commons Attribution 4.0 International Public License ("CC BY 4.0")
|
||||
|
||||
> © [Alicia Sykes](http://aliciasykes.com/legal) 2020, Licensed under [Creative Commons Attribution 4.0](https://creativecommons.org/licenses/by/4.0/)
|
||||
|
||||
Creative Commons Corporation (“Creative Commons”) is not a law firm and does not
|
||||
provide legal services or legal advice. Distribution of Creative Commons public
|
||||
licenses does not create a lawyer-client or other relationship. Creative Commons
|
||||
makes its licenses and related information available on an “as-is” basis.
|
||||
Creative Commons gives no warranties regarding its licenses, any material
|
||||
licensed under their terms and conditions, or any related information. Creative
|
||||
Commons disclaims all liability for damages resulting from their use to the
|
||||
fullest extent possible.
|
||||
|
||||
## USING CREATIVE COMMONS PUBLIC LICENSES
|
||||
|
||||
Creative Commons public licenses provide a standard set of terms and conditions
|
||||
that creators and other rights holders may use to share original works of
|
||||
authorship and other material subject to copyright and certain other rights
|
||||
specified in the public license below. The following considerations are for
|
||||
informational purposes only, are not exhaustive, and do not form part of our
|
||||
licenses.
|
||||
|
||||
### Considerations for licensors:
|
||||
|
||||
Our public licenses are intended for use by those authorized to give the public
|
||||
permission to use material in ways otherwise restricted by copyright and certain
|
||||
other rights. Our licenses are irrevocable. Licensors should read and understand
|
||||
the terms and conditions of the license they choose before applying it.
|
||||
Licensors should also secure all rights necessary before applying our licenses
|
||||
so that the public can reuse the material as expected. Licensors should clearly
|
||||
mark any material not subject to the license. This includes other CC-licensed
|
||||
material, or material used under an exception or limitation to copyright.
|
||||
|
||||
### Considerations for the public:
|
||||
|
||||
By using one of our public licenses, a licensor grants the public permission to
|
||||
use the licensed material under specified terms and conditions. If the
|
||||
licensor’s permission is not necessary for any reason–for example, because of
|
||||
any applicable exception or limitation to copyright–then that use is not
|
||||
regulated by the license. Our licenses grant only permissions under copyright
|
||||
and certain other rights that a licensor has authority to grant. Use of the
|
||||
licensed material may still be restricted for other reasons, including because
|
||||
others have copyright or other rights in the material. A licensor may make
|
||||
special requests, such as asking that all changes be marked or described.
|
||||
Although not required by our licenses, you are encouraged to respect those
|
||||
requests where reasonable.
|
||||
|
||||
---
|
||||
|
||||
## Creative Commons Attribution 4.0 International Public License
|
||||
|
||||
By exercising the Licensed Rights (defined below), You accept and agree to be
|
||||
bound by the terms and conditions of this Creative Commons Attribution 4.0
|
||||
International Public License ("Public License"). To the extent this Public
|
||||
License may be interpreted as a contract, You are granted the Licensed Rights in
|
||||
consideration of Your acceptance of these terms and conditions, and the Licensor
|
||||
grants You such rights in consideration of benefits the Licensor receives from
|
||||
making the Licensed Material available under these terms and conditions.
|
||||
|
||||
### Section 1 – Definitions.
|
||||
|
||||
a. Adapted Material means material subject to Copyright and Similar Rights
|
||||
that is derived from or based upon the Licensed Material and in which the
|
||||
Licensed Material is translated, altered, arranged, transformed, or
|
||||
otherwise modified in a manner requiring permission under the Copyright
|
||||
and Similar Rights held by the Licensor. For purposes of this Public
|
||||
License, where the Licensed Material is a musical work, performance, or
|
||||
sound recording, Adapted Material is always produced where the Licensed
|
||||
Material is synched in timed relation with a moving image.
|
||||
|
||||
b. Adapter's License means the license You apply to Your Copyright and
|
||||
Similar Rights in Your contributions to Adapted Material in accordance
|
||||
with the terms and conditions of this Public License.
|
||||
|
||||
c. Copyright and Similar Rights means copyright and/or similar rights closely
|
||||
related to copyright including, without limitation, performance,
|
||||
broadcast, sound recording, and Sui Generis Database Rights, without
|
||||
regard to how the rights are labeled or categorized. For purposes of this
|
||||
Public License, the rights specified in Section 2(b)(1)-(2) are not
|
||||
Copyright and Similar Rights.
|
||||
|
||||
d. Effective Technological Measures means those measures that, in the absence
|
||||
of proper authority, may not be circumvented under laws fulfilling
|
||||
obligations under Article 11 of the WIPO Copyright Treaty adopted on
|
||||
December 20, 1996, and/or similar international agreements.
|
||||
|
||||
e. Exceptions and Limitations means fair use, fair dealing, and/or any other
|
||||
exception or limitation to Copyright and Similar Rights that applies to
|
||||
Your use of the Licensed Material.
|
||||
|
||||
f. Licensed Material means the artistic or literary work, database, or other
|
||||
material to which the Licensor applied this Public License.
|
||||
|
||||
g. Licensed Rights means the rights granted to You subject to the terms and
|
||||
conditions of this Public License, which are limited to all Copyright and
|
||||
Similar Rights that apply to Your use of the Licensed Material and that
|
||||
the Licensor has authority to license.
|
||||
|
||||
h. Licensor means the individual(s) or entity(ies) granting rights under this
|
||||
Public License.
|
||||
|
||||
i. Share means to provide material to the public by any means or process that
|
||||
requires permission under the Licensed Rights, such as reproduction,
|
||||
public display, public performance, distribution, dissemination,
|
||||
communication, or importation, and to make material available to the
|
||||
public including in ways that members of the public may access the
|
||||
material from a place and at a time individually chosen by them.
|
||||
|
||||
j. Sui Generis Database Rights means rights other than copyright resulting
|
||||
from Directive 96/9/EC of the European Parliament and of the Council of 11
|
||||
March 1996 on the legal protection of databases, as amended and/or
|
||||
succeeded, as well as other essentially equivalent rights anywhere in the
|
||||
world.
|
||||
|
||||
k. You means the individual or entity exercising the Licensed Rights under
|
||||
this Public License. Your has a corresponding meaning.
|
||||
|
||||
### Section 2 – Scope.
|
||||
|
||||
a. License grant
|
||||
|
||||
1. Subject to the terms and conditions of this Public License, the
|
||||
Licensor hereby grants You a worldwide, royalty-free,
|
||||
non-sublicensable, non-exclusive, irrevocable license to exercise the
|
||||
Licensed Rights in the Licensed Material to:
|
||||
|
||||
A. reproduce and Share the Licensed Material, in whole or in part; and
|
||||
|
||||
B. produce, reproduce, and Share Adapted Material.
|
||||
|
||||
2. Exceptions and Limitations. For the avoidance of doubt, where
|
||||
Exceptions and Limitations apply to Your use, this Public License does
|
||||
not apply, and You do not need to comply with its terms and conditions.
|
||||
|
||||
3. Term. The term of this Public License is specified in Section 6(a).
|
||||
|
||||
4. Media and formats; technical modifications allowed. The Licensor
|
||||
authorizes You to exercise the Licensed Rights in all media and formats
|
||||
whether now known or hereafter created, and to make technical
|
||||
modifications necessary to do so. The Licensor waives and/or agrees not
|
||||
to assert any right or authority to forbid You from making technical
|
||||
modifications necessary to exercise the Licensed Rights, including
|
||||
technical modifications necessary to circumvent Effective Technological
|
||||
Measures. For purposes of this Public License, simply making
|
||||
modifications authorized by this Section 2(a)(4) never produces Adapted
|
||||
Material.
|
||||
|
||||
5. Downstream recipients.
|
||||
|
||||
A. Offer from the Licensor – Licensed Material. Every recipient of the
|
||||
Licensed Material automatically receives an offer from the Licensor
|
||||
to exercise the Licensed Rights under the terms and conditions of
|
||||
this Public License.
|
||||
|
||||
B. No downstream restrictions. You may not offer or impose any
|
||||
additional or different terms or conditions on, or apply any
|
||||
Effective Technological Measures to, the Licensed Material if doing
|
||||
so restricts exercise of the Licensed Rights by any recipient of the
|
||||
Licensed Material.
|
||||
|
||||
6. No endorsement. Nothing in this Public License constitutes or may be
|
||||
construed as permission to assert or imply that You are, or that Your
|
||||
use of the Licensed Material is, connected with, or sponsored,
|
||||
endorsed, or granted official status by, the Licensor or others
|
||||
designated to receive attribution as provided in Section 3(a)(1)(A)(i).
|
||||
|
||||
b. Other rights
|
||||
|
||||
1. Moral rights, such as the right of integrity, are not licensed under
|
||||
this Public License, nor are publicity, privacy, and/or other similar
|
||||
personality rights; however, to the extent possible, the Licensor
|
||||
waives and/or agrees not to assert any such rights held by the Licensor
|
||||
to the limited extent necessary to allow You to exercise the Licensed
|
||||
Rights, but not otherwise.
|
||||
|
||||
2. Patent and trademark rights are not licensed under this Public License.
|
||||
|
||||
3. To the extent possible, the Licensor waives any right to collect
|
||||
royalties from You for the exercise of the Licensed Rights, whether
|
||||
directly or through a collecting society under any voluntary or
|
||||
waivable statutory or compulsory licensing scheme. In all other cases
|
||||
the Licensor expressly reserves any right to collect such royalties.
|
||||
|
||||
### Section 3 – License Conditions.
|
||||
|
||||
Your exercise of the Licensed Rights is expressly made subject to the following conditions.
|
||||
|
||||
a. Attribution
|
||||
|
||||
1. If You Share the Licensed Material (including in modified form), You
|
||||
must:
|
||||
|
||||
A. retain the following if it is supplied by the Licensor with the
|
||||
Licensed Material:
|
||||
|
||||
i. identification of the creator(s) of the Licensed Material and any
|
||||
others designated to receive attribution, in any reasonable
|
||||
manner requested by the Licensor (including by pseudonym if
|
||||
designated);
|
||||
|
||||
ii. a copyright notice;
|
||||
|
||||
iii. a notice that refers to this Public License;
|
||||
|
||||
iv. a notice that refers to the disclaimer of warranties;
|
||||
|
||||
v. a URI or hyperlink to the Licensed Material to the extent
|
||||
reasonably practicable;
|
||||
|
||||
B. indicate if You modified the Licensed Material and retain an
|
||||
indication of any previous modifications; and
|
||||
|
||||
C. indicate the Licensed Material is licensed under this Public
|
||||
License, and include the text of, or the URI or hyperlink to, this
|
||||
Public License.
|
||||
|
||||
2. You may satisfy the conditions in Section 3(a)(1) in any reasonable
|
||||
manner based on the medium, means, and context in which You Share the
|
||||
Licensed Material. For example, it may be reasonable to satisfy the
|
||||
conditions by providing a URI or hyperlink to a resource that includes
|
||||
the required information.
|
||||
|
||||
3. If requested by the Licensor, You must remove any of the information
|
||||
required by Section 3(a)(1)(A) to the extent reasonably practicable.
|
||||
|
||||
4. If You Share Adapted Material You produce, the Adapter's License You
|
||||
apply must not prevent recipients of the Adapted Material from
|
||||
complying with this Public License.
|
||||
|
||||
### Section 4 – Sui Generis Database Rights.
|
||||
|
||||
Where the Licensed Rights include Sui Generis Database Rights that apply to Your
|
||||
use of the Licensed Material:
|
||||
|
||||
a. for the avoidance of doubt, Section 2(a)(1) grants You the right to
|
||||
extract, reuse, reproduce, and Share all or a substantial portion of the
|
||||
contents of the database;
|
||||
|
||||
b. if You include all or a substantial portion of the database contents in a
|
||||
database in which You have Sui Generis Database Rights, then the database
|
||||
in which You have Sui Generis Database Rights (but not its individual
|
||||
contents) is Adapted Material; and
|
||||
|
||||
c. You must comply with the conditions in Section 3(a) if You Share all or a
|
||||
substantial portion of the contents of the database.
|
||||
|
||||
For the avoidance of doubt, this Section 4 supplements and does not replace Your
|
||||
obligations under this Public License where the Licensed Rights include other
|
||||
Copyright and Similar Rights.
|
||||
|
||||
### Section 5 – Disclaimer of Warranties and Limitation of Liability.
|
||||
|
||||
a. Unless otherwise separately undertaken by the Licensor, to the extent
|
||||
possible, the Licensor offers the Licensed Material as-is and
|
||||
as-available, and makes no representations or warranties of any kind
|
||||
concerning the Licensed Material, whether express, implied, statutory, or
|
||||
other. This includes, without limitation, warranties of title,
|
||||
merchantability, fitness for a particular purpose, non-infringement,
|
||||
absence of latent or other defects, accuracy, or the presence or absence
|
||||
of errors, whether or not known or discoverable. Where disclaimers of
|
||||
warranties are not allowed in full or in part, this disclaimer may not
|
||||
apply to You.
|
||||
|
||||
b. To the extent possible, in no event will the Licensor be liable to You on
|
||||
any legal theory (including, without limitation, negligence) or otherwise
|
||||
for any direct, special, indirect, incidental, consequential, punitive,
|
||||
exemplary, or other losses, costs, expenses, or damages arising out of
|
||||
this Public License or use of the Licensed Material, even if the Licensor
|
||||
has been advised of the possibility of such losses, costs, expenses, or
|
||||
damages. Where a limitation of liability is not allowed in full or in
|
||||
part, this limitation may not apply to You.
|
||||
|
||||
c. The disclaimer of warranties and limitation of liability provided above
|
||||
shall be interpreted in a manner that, to the extent possible, most
|
||||
closely approximates an absolute disclaimer and waiver of all liability.
|
||||
|
||||
### Section 6 – Term and Termination.
|
||||
|
||||
a. This Public License applies for the term of the Copyright and Similar
|
||||
Rights licensed here. However, if You fail to comply with this Public
|
||||
License, then Your rights under this Public License terminate
|
||||
automatically.
|
||||
|
||||
b. Where Your right to use the Licensed Material has terminated under
|
||||
Section 6(a), it reinstates:
|
||||
|
||||
1. automatically as of the date the violation is cured, provided it is
|
||||
cured within 30 days of Your discovery of the violation; or
|
||||
|
||||
2. upon express reinstatement by the Licensor.
|
||||
|
||||
For the avoidance of doubt, this Section 6(b) does not affect any right
|
||||
the Licensor may have to seek remedies for Your violations of this Public
|
||||
License.
|
||||
|
||||
c. For the avoidance of doubt, the Licensor may also offer the Licensed
|
||||
Material under separate terms or conditions or stop distributing the
|
||||
Licensed Material at any time; however, doing so will not terminate this
|
||||
Public License.
|
||||
|
||||
d. Sections 1, 5, 6, 7, and 8 survive termination of this Public License.
|
||||
|
||||
### Section 7 – Other Terms and Conditions.
|
||||
|
||||
a. The Licensor shall not be bound by any additional or different terms or
|
||||
conditions communicated by You unless expressly agreed.
|
||||
|
||||
b. Any arrangements, understandings, or agreements regarding the Licensed
|
||||
Material not stated herein are separate from and independent of the terms
|
||||
and conditions of this Public License.
|
||||
|
||||
### Section 8 – Interpretation.
|
||||
|
||||
a. For the avoidance of doubt, this Public License does not, and shall not be
|
||||
interpreted to, reduce, limit, restrict, or impose conditions on any use
|
||||
of the Licensed Material that could lawfully be made without permission
|
||||
under this Public License.
|
||||
|
||||
b. To the extent possible, if any provision of this Public License is deemed
|
||||
unenforceable, it shall be automatically reformed to the minimum extent
|
||||
necessary to make it enforceable. If the provision cannot be reformed, it
|
||||
shall be severed from this Public License without affecting the
|
||||
enforceability of the remaining terms and conditions.
|
||||
|
||||
c. No term or condition of this Public License will be waived and no failure
|
||||
to comply consented to unless expressly agreed to by the Licensor.
|
||||
|
||||
d. Nothing in this Public License constitutes or may be interpreted as a
|
||||
limitation upon, or waiver of, any privileges and immunities that apply to
|
||||
the Licensor or You, including from the legal processes of any
|
||||
jurisdiction or authority.
|
||||
|
||||
Creative Commons is not a party to its public licenses. Notwithstanding,
|
||||
Creative Commons may elect to apply one of its public licenses to material it
|
||||
publishes and in those instances will be considered the “Licensor.” The text of
|
||||
the Creative Commons public licenses is dedicated to the public domain under the
|
||||
CC0 Public Domain Dedication. Except for the limited purpose of indicating that
|
||||
material is shared under a Creative Commons public license or as otherwise
|
||||
permitted by the Creative Commons policies published at
|
||||
creativecommons.org/policies, Creative Commons does not authorize the use of the
|
||||
trademark “Creative Commons” or any other trademark or logo of Creative Commons
|
||||
without its prior written consent including, without limitation, in connection
|
||||
with any unauthorized modifications to any of its public licenses or any other
|
||||
arrangements, understandings, or agreements concerning use of licensed material.
|
||||
For the avoidance of doubt, this paragraph does not form part of the public
|
||||
licenses.
|
||||
|
||||
Creative Commons may be contacted at creativecommons.org.
|
||||
|
|
@ -0,0 +1,336 @@
|
|||
[](https://github.com/zbetcheckin/Security_list)
|
||||
[](http://makeapullrequest.com)
|
||||
[](https://creativecommons.org/licenses/by/4.0/)
|
||||
[](https://github.com/Lissy93/personal-security-checklist/graphs/contributors)
|
||||
|
||||
# Personal Security Checklist
|
||||
|
||||
> A curated checklist of tips to protect your dgital security and privacy
|
||||
|
||||
**Too long? 🦒** See the [TLDR version](/2_TLDR_Short_List.md) instead.
|
||||
|
||||
#### See Also
|
||||
- [Why Privacy & Security Matters](/0_Why_It_Matters.md)
|
||||
- [Privacy-Respecting Software](/5_Privacy_Respecting_Software.md)
|
||||
- [Privacy & Security Gadgets](/6_Privacy_and-Security_Gadgets.md)
|
||||
- [Further Links + More Awesome Stuff](/4_Privacy_And_Security_Links.md)
|
||||
|
||||
## Contents
|
||||
|
||||
[ Passwords](#passwords)<br>
|
||||
[ 2 Factor Authentication](#2-factor-authentication)<br>
|
||||
[ Browsing the Web](#browser-and-search)<br>
|
||||
[ Email](#emails)<br>
|
||||
[ Social Media](#social-media)<br>
|
||||
[ Networking](#networking)<br>
|
||||
[ Mobile Phones](#mobile-devices)<br>
|
||||
[ Personal Computers](#personal-computers)<br>
|
||||
[ Smart Home](#smart-home)<br>
|
||||
|
||||
## Passwords
|
||||
|
||||
Most reported data breaches are caused by the use of weak, default or stolen passwords (according to [this Verizon report](http://www.verizonenterprise.com/resources/reports/rp_dbir-2016-executive-summary_xg_en.pdf)). Massive amounts of private data have been, and will continue to be stolen because of this.
|
||||
|
||||
Use strong passwords, which can't be easily guessed or cracked. Length is more important than complexity (at least 12+ characters), although it's a good idea to get a variety of symbols. Ideally you should use a different and secure password to access each service you use. To securely manage all of these, a password manager is usually the best option. [This guide](https://heimdalsecurity.com/blog/password-security-guide/) gives a lot more detail about choosing and managing passwords.
|
||||
|
||||
**Security** | **Priority** | **Details and Hints**
|
||||
--- | --- | ---
|
||||
**Use a strong password** | Recommended | Try to get a good mixture of upper and lower-case letters, numbers and symbols. Avoid names, places and dictionary words where possible, and aim to get a decent length (a minimum of 12+ characters is ideal). Have a look at [HowSecureIsMyPassword.net](https://howsecureismypassword.net) and [How Long will it take to Crack my Password](https://www.betterbuys.com/estimating-password-cracking-times/) to get an idea of what a strong password is. See [this guide](https://securityinabox.org/en/guide/passwords/) for more information.
|
||||
**Don’t save your password in browsers** | Recommended | Most modern browsers offer to save your credentials when you log into a site. Don’t allow this! As they are not always encrypted, hence can allow someone to gain easy access into your accounts. Also do not store passwords in a .txt file or any other unencrypted means. Ideally use a reputable password manager.
|
||||
**Use different passwords for each account you have** | Recommended | If your credentials for one site get compromised, it can give hackers access to your other online accounts. So it is highly recommended not to reuse the same passwords. Again, the simplest way to manage having many different passwords, is to use a [password manager](https://en.wikipedia.org/wiki/Password_manager). Good options include [BitWarden](https://bitwarden.com), [1Password](https://1password.com), or for an offline app without sync [KeePass](https://keepass.info) / [KeePassXC](https://keepassxc.org).
|
||||
**Be cautious when logging in on someone else’s device** | Recommended | When using someone else's machine, ensure that you're in a private session (like Incognito mode, Ctrl+Shift+N) so that nothing gets saved. Ideally you should avoid logging into your accounts on other people's computer, since you can't be sure their system is clean. Be especially cautious of public machines, or when accessing any of your secure accounts (email, banking etc.).
|
||||
**Avoid password hints** | Optional | Some sites allow you to set password hints. Using this feature makes it easier for hackers.
|
||||
**Never answer online security questions truthfully** | Optional | If a site asks security questions (such as place of birth, mother's maiden name or first car etc), don't provide real answers. It is a trivial task for hackers to find out this information. Instead, create a password inside your password manager to store your fictitious answer.
|
||||
**Don’t use a 4-digit PIN to access your phone** | Optional | Don’t use a short PIN to access your smartphone or computer. Instead, use a text password. Pins or numeric passphrases are much easier crack, (A 4-digit pin has 10,000 combinations, compared to 7.4 million for a 4-character alpha-numeric code).
|
||||
**Use an offline password manager** | Advanced | Consider an offline password manager, encrypted by a strong password. If you work across two or more computers, this could be stored on an encrypted USB. [KeePass](http://keepass.info/) is a strong choice.
|
||||
**If possible, try to avoid biometric and hardware-based authentication** | Advanced | Fingerprint sensors, face detection and voice recognition are all hackable. Where possible replace these with traditional strong passwords.
|
||||
|
||||
**See also** [Recommended Password Managers](/5_Privacy_Respecting_Software.md#password-managers)
|
||||
|
||||
|
||||
## 2-Factor Authentication
|
||||
|
||||
This is a more secure method of logging in, where you supply not just your password, but also an additional code usually from a device that only you have access to.
|
||||
|
||||
Check which websites support multi-factor authentication: [twofactorauth.org](https://twofactorauth.org)
|
||||
|
||||
**2FA Apps**: [Authy](https://authy.com/) *(with encrypted sync- not open source)*, [Authenticator Plus](https://www.authenticatorplus.com), [Microsoft Authenticator](https://www.microsoft.com/en-us/account/authenticator) and [LastPassAuthenticator](https://lastpass.com/auth/) (synced with your LastPass). For open source Android-only apps, see [Aegis](https://getaegis.app), [FreeOTP](https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp) and [AndOTP](https://play.google.com/store/apps/details?id=org.shadowice.flocke.andotp). [See more](/5_Privacy_Respecting_Software.md#2-factor-authentication)
|
||||
|
||||
**Security** | **Priority** | **Details and Hints**
|
||||
--- | --- | ---
|
||||
**Enable 2FA on Security Critical Sites** | Recommended | In account settings, enable 2-factor authentication. Ideally do this for all your accounts, but at a minimum for all security-critical logins, (including your password manager, emails, finance and social sites).
|
||||
**Keep backup codes safe** | Recommended | When you enable 2FA, you'll be given a few one-time codes to download, in case you ever lose access to your authenticator app or key. It's important to keep these safe, either encrypt and store them on a USB, or print them on paper and store them somewhere secure like a locked safe. Delete them from your computer once you've made a backup, in case your PC is compromised.
|
||||
**Don't use SMS to receive OTPs** | Optional | Although SMS 2FA is certainly better than nothing, there are many weaknesses in this system, (such as SIM-swapping) ([read more](https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin)). Therefore avoid enabling SMS OTPs, even as backups.
|
||||
**Don't use your Password Manager to store 2FA tokens** | Optional | One of the quickest approaches is to use the same system that stores your passwords, to also generate and fill OTP tokens, both LastPass and 1Password have this functionality. However if a malicious actor is able to gain access to this, they will have both your passwords, and your 2FA tokens, for all your online accounts. Instead use a separate authenticator from your password manager.
|
||||
**Consider a hardware 2FA Key** | Optional | A physical 2FA key generates an OTP when inserted. Have a look at [NitroKey](https://www.nitrokey.com/) (open source), [YubiKey](https://www.yubico.com/) or [Solo Key](https://amzn.to/2Fe5Icw). You can also use it as a secondary method (in case your phone is lost or damaged). If this is your backup 2FA method, it should be kept somewhere secure, such as a locked safe, or if you use as physical key as your primary 2FA method, then keep it on you at all times.
|
||||
|
||||
**See also** [Recommended 2FA Apps](/5_Privacy_Respecting_Software.md#2-factor-authentication)
|
||||
|
||||
|
||||
## Browser and Search
|
||||
|
||||
Most modern web browsers support add-ons and extensions. These can access anything that you do online so avoid installing anything that may not be legitimate and check permissions first. Be aware that every website that you interact with, including search engines, will likely be keeping records of all your activity. Last year Kaspersky reported [over a million data exploits caused by malicious sites](https://securelist.com/it-threat-evolution-q1-2017-statistics/78475/).
|
||||
|
||||
For more browser security pointers, check out: [Here’s How To Get Solid Browser Security](https://heimdalsecurity.com/blog/ultimate-guide-secure-online-browsing/).
|
||||
|
||||
**Security** | **Priority** | **Details and Hints**
|
||||
--- | --- | ---
|
||||
**Deactivate ActiveX** | Recommended | [ActiveX](https://en.wikipedia.org/wiki/ActiveX) is a browser extension API that is only supported by Microsoft Internet Explorer. It's enabled by default but is barely used for legitimate plugins these days. However, it gives plugins so much control that ActiveX malware is still around and as dangerous as ever. See [this article](https://www.howtogeek.com/162282/what-activex-controls-are-and-why-theyre-dangerous/) for more details. Better yet, use a modern browser instead of Internet Explorer. Note that Microsoft Edge doesn't support ActiveX.
|
||||
**Disable Flash** | Recommended | Adobe Flash is infamous for its history of security vulnerabilities (a few of which you can [read about here](https://www.comparitech.com/blog/information-security/flash-vulnerabilities-security/)). See [this guide](https://www.howtogeek.com/222275/how-to-uninstall-and-disable-flash-in-every-web-browser/), on how to disable Flash player, or [this guide for more details on how dangerous it can be](https://www.tomsguide.com/us/disable-flash-how-to,news-21335.html). Adobe will end support for Flash Player in December 2020.
|
||||
**Block Trackers** | Recommended | Consider installing a browser extension, such as [Privacy Badger](https://www.eff.org/privacybadger), to stop advertisers from tracking you in the background.
|
||||
**Block scripts from bad origin** | Recommended | Use an extension such as [uBlock Origin](https://github.com/gorhill/uBlock), to block anything being loaded from an external or unverified origin.
|
||||
**Force HTTPS only traffic** | Recommended | Using an extension such as [HTTPS Everywhere](https://www.eff.org/https-everywhere), will force all sites to load securely.
|
||||
**Only use trusted browser add-ons and extensions** | Recommended | Both Firefox and Chrome web stores allow you to check what permissions/access rights an extension requires before you install it. Check the reviews. Only install extensions you really need, and removed those which you haven't used in a while. Extensions are able to see, log or modify anything you do in the browser, and some innocent looking browser apps, have malicious intentions.
|
||||
**Always keep your browser up-to-date** | Recommended | Browser vulnerabilities are constantly being discovered and patched, so it’s important to keep it up to date, to avoid a zero-day exploit. You can [see which browser version your using here](https://www.whatismybrowser.com/), or follow [this guide](https://www.whatismybrowser.com/guides/how-to-update-your-browser/) for instructions on how to update.
|
||||
**Use a private search engine** | Optional | Google tracks, logs and stores everything you do, but also displays biased results. Take a look at [DuckDuckGo](https://duckduckgo.com) or [StartPage](https://www.startpage.com). Neither store cookies nor cache anything. [Read more](https://hackernoon.com/data-privacy-concerns-with-google-b946f2b7afea) about Google Search Privacy.
|
||||
**Consider a privacy browser** | Optional | Google openly collects usage data on Chrome usage, as does Apple and Microsoft. Switching to a privacy-focused browser will minimize background data collection, cross-origin cookies and third-party scrips. A popular option is [Brave Browser](https://brave.com/?ref=ali721), or [Firefox](https://www.mozilla.org/en-GB/firefox/new/) with a [few tweeks](https://restoreprivacy.com/firefox-privacy). Others include [Bromite](https://www.bromite.org/), [Epic Browser](https://www.epicbrowser.com/index.html) or [Comodo](https://www.comodo.com/home/browsers-toolbars/browser.php), [see more](/5_Privacy_Respecting_Software.md#browsers). The most secure option is [Tor Browser](https://www.torproject.org/).
|
||||
**Use DNS-over-HTTPS** | Optional | Traditional DNS makes requests in plain text for everyone to see. It allows for eavesdropping and manipulation of DNS data through man-in-the-middle attacks. Whereas [DNS-over-HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) performs DNS resolution via the HTTPS protocol, meaning data between you and your DNS resolver is encrypted. You can follow [this guide to enable in Firefox](https://support.mozilla.org/en-US/kb/firefox-dns-over-https), for see [CoudFlares 1.1.1.1 Docs](https://1.1.1.1/help).
|
||||
**Disable WebRTC** | Optional | [WebRTC](https://webrtc.org/) allows high-quality audio/video communication and peer-to-peer file-sharing straight from the browser. However it can pose as a privacy leak, especially if you are not using a proxy or VPN. In FireFox WebRTC can be disabled, by searching for, and disabling `media.peerconnection.enabled` in about:config. For other browsers, the [WebRTC-Leak-Prevent](ttps://github.com/aghorler/WebRTC-Leak-Prevent) extension can be installed. [uBlockOrigin](https://github.com/gorhill/uBlock) also allows WebRTC to be disabled. To learn more, [check out this guide](https://buffered.com/privacy-security/how-to-disable-webrtc-in-various-browsers/).
|
||||
**Don't Connect to Open WiFi networks** | Optional | Browsing the internet while using public or open WiFi may leave you vulnerable to man-in-the-middle attacks, malware distribution and snooping. Some hotspots may also be unencrypted, or even malicious. If you do need to briefly use a public WiFi network, ensure you disable file sharing, only visit HTTPS websites and use a VPN. Also remove the network from your saved WiFi list after. See the [networking](#networking) section for more details.
|
||||
**Use Tor** | Advanced | [The Tor Project](https://www.torproject.org/) provides a browser that encrypts and routes your traffic through multiple nodes, keeping users safe from interception and tracking. The main drawbacks are speed and user experience, as well as the possibility of DNS leaks from other programs (see [potential drawbacks](https://github.com/Lissy93/personal-security-checklist/issues/19)) but generally Tor is one of the most secure browser options for anonymity on the web.
|
||||
|
||||
**Use different browsers, for different tasks** | Advanced | Compartmentalizing your activity can make it significantly harder for a malicious actor, company or government to get a clear picture of you through your browsing activity. This may include doing online shopping on 1 browser, using another browser, such as Tor for general browsing, and then a 3rd for, say social media.
|
||||
**Disable JavaScript** | Advanced | Many modern web apps are JavaScript based, so disabling it will greatly decrease your browsing experience. But if you really want to go all out, then it will really reduce your attack surface. Read more about the growing [risk of JavaScript malware](https://heimdalsecurity.com/blog/javascript-malware-explained/).
|
||||
**Route all desktop traffic via Tor** | Advanced | [Whonix](https://www.whonix.org/) allows for fail-safe, automatic, and desktop-wide use of the Tor network. It's based on Debian, and runs in a virtual machine. Straight-forward to install on Windows, OSX or Linux.
|
||||
|
||||
**Recommended Software**
|
||||
- [Privacy Browsers](/5_Privacy_Respecting_Software.md#browsers)
|
||||
- [Non-Tracking Search Engines](/5_Privacy_Respecting_Software.md#search-engines)
|
||||
- [Browser Extensions for Security](/5_Privacy_Respecting_Software.md#browser-extensions)
|
||||
|
||||
|
||||
## Emails
|
||||
|
||||
Nearly 50 years since the first email was sent, they’re still very much a big part of our day-to-day life, and will probably continue to be for the near future. So considering how much trust we put in them, it’s surprising how fundamentally insecure this infrastructure is. Email-related fraud [is on the up](https://www.csoonline.com/article/3247670/email/email-security-in-2018.html), and without taking basic measures you could be at risk.
|
||||
|
||||
If a hacker gets access to your emails, it provides a gateway for your other accounts to be compromised, therefore email security is paramount for your digital safety.
|
||||
|
||||
It's strongly advised not to use non end-to-end encrypted email, if you can't you should at least follow these guides for simple steps to improve security: [Yahoo](https://heimdalsecurity.com/blog/complete-guide-e-mail-security/#yahoo), [Gmail](https://heimdalsecurity.com/blog/complete-guide-e-mail-security/#gmail), [Outlook](https://heimdalsecurity.com/blog/complete-guide-e-mail-security/#outlook) and [AOL](https://heimdalsecurity.com/blog/complete-guide-e-mail-security/#aol). The easiest way to stay protected is to use a secure mail provider, such as [ProtonMail](https://protonmail.com/) or [Tutanota](https://tutanota.com/).
|
||||
|
||||
**Security** | **Priority** | **Details and Hints**
|
||||
--- | --- | ---
|
||||
**Have more than one email address** | Recommended | Keeping your important and safety-critical messages separate from trivial subscriptions such as newsletters is a very good idea. Be sure to use different passwords. This will also make recovering a compromised account after an email breach easier.
|
||||
**Keep security in mind when logging into emails** | Recommended | Your email account is one of the most important to protect with a secure password. Only sync your emails with your phone, if it is secured (encrypted with password). Don’t allow your browser to save your email password. Prevent man-in-the-middle attacks by only logging in on a secured browser.
|
||||
**Always be wary of phishing and scams** | Recommended | If you get an email from someone you don’t recognize, don’t reply, don’t click on any links, and absolutely don’t download an attachment. Keep an eye out for senders pretending to be someone else, such as your bank, email provider or utility company. Check the domain, read it, ensure it’s addressed directly to you, and still don’t give them any personal details. Check out [this guide, on how to spot phishing emails](https://heimdalsecurity.com/blog/abcs-detecting-preventing-phishing/).
|
||||
**Disable automatic loading of remote content in emails** | Recommended | Sometimes advertisers send emails which make reference to remote images, fonts, etc. If these remote resources are loaded automatically, they indicate to the sender that this specific email was received by you.
|
||||
**Don’t share sensitive information over email** | Optional | Emails are very very easily intercepted. Also you can’t know how secure your recipient's environment is. Don’t share anything personal, such as bank details, passwords, and confidential information over email. Ideally, don’t use email as a primary method of communication.
|
||||
**Don’t connect third-party apps to your email account** | Optional | If you give a third-party app (like Unroll.me) full access to your inbox, this makes you vulnerable to cyber attacks. The app can be compromised and, as a consequence, cyber criminals would gain unhindered access to all your emails and their contents.
|
||||
**Consider switching to a more secure email provider** | Optional | Email providers such as [ProtonMail](https://protonmail.com), [CounterMail](https://countermail.com), [HushMail](https://www.hushmail.com/tapfiliate/?tap_a=44784-d2adc0&tap_s=724845-260ce4&program=hushmail-for-small-business) (for business users) or [MailFence](https://mailfence.com?src=digitald) allow for end-to-end encryption, full privacy as well as more security-focused features. See [this guide](https://github.com/OpenTechFund/secure-email) for details of the inner workings of these services.
|
||||
**Use Aliasing / Anonymous Forwarding** | Advanced | Email aliasing allows messages to be sent to [anything]@my-domain.com and still land in your primary inbox. Effectively allowing you to use a different, unique email address for each service you sign up for. This means if you start receiving spam, you can block that alias and determine which company leaked your email address. <br>[Anonaddy](https://anonaddy.com) is an open source anonymous email forwarding service allowing you to create unlimited email aliases, with a free plan. As is [33Mail](http://33mail.com/Dg0gkEA), and this feature is also included with [ProtonMail](https://protonmail.com/pricing)'s Visionary package.
|
||||
|
||||
**See also** [Recommended Encrypted Email Providers](/5_Privacy_Respecting_Software.md#encrypted-email)
|
||||
|
||||
## Social Media
|
||||
|
||||
**Security** | **Priority** | **Details and Hints**
|
||||
--- | --- | ---
|
||||
**Check your privacy settings** | Recommended | Most social networks allow you to control your privacy settings. Ensure that your profile can only be viewed by people who are in your friends list, and you know personally.
|
||||
**Only put info on social media that you wouldn’t mind being public** | Recommended | Even with tightened security settings, don’t put anything online that you wouldn’t want to be seen by anyone other than your friends. Don’t rely solely on social networks security.
|
||||
**Don’t give social networking apps permissions they don’t need** | Recommended | By default many of the popular social networking apps will ask for permission to access your contacts, your call log, your location, your messaging history etc.. If they don’t need this access, don’t grant it.
|
||||
**Revoke access for apps your no longer using** | Recommended | Instructions: [Facebook](https://www.facebook.com/settings?tab=applications), [Twitter](https://twitter.com/settings/applications), [LinkedIn](https://www.linkedin.com/psettings/third-party-applications), [Instagram](https://www.instagram.com/accounts/manage_access/).
|
||||
**Use a secure email provider** | Optional | Most email providers completely invade your privacy intercepting both messages sent and received. [ProtonMail](https://protonmail.com) is a secure email provider, that is open source and offers end-to-end encryption. There are alternative secure mail providers (such as [CounterMail](https://countermail.com), [HushMail](https://www.hushmail.com) and [MailFence](https://mailfence.com))- but [ProtonMail](https://protonmail.com) has both a clear interface and strong security record.
|
||||
**Remove metadata before uploading media** | Optional | Most smartphones and some cameras automatically attach a comprehensive set of additional data to each photograph. This usually includes things like time, date, location, camera model, user etc. Remove this data before uploading. See [this guide](https://www.makeuseof.com/tag/3-ways-to-remove-exif-metadata-from-photos-and-why-you-might-want-to/) for more info.
|
||||
**Don’t have any social media accounts** | Advanced | It may seem a bit extreme, but if you're serious about data privacy and security, stay away from entering information on any social media platform.
|
||||
|
||||
**Recommended Software**
|
||||
- [Alternative Social Media](/5_Privacy_Respecting_Software.md#social-networks)
|
||||
- [Alternative Video Platforms](/5_Privacy_Respecting_Software.md#video-platforms)
|
||||
- [Alternative Blogging Platforms](/5_Privacy_Respecting_Software.md#blogging-platforms)
|
||||
- [News Readers and Aggregation](/5_Privacy_Respecting_Software.md#news-readers-and-aggregation)
|
||||
|
||||
## Networking
|
||||
|
||||
This section covers how you connect your devices to the internet, including configuring your router and setting up a VPN.
|
||||
|
||||
A Virtual Private Network (VPN) protects your IP, and allows you to more securely connect to the internet. Use it when connecting to public WiFi or to restrict your ISP from seeing all sites you've visited. Note: VPNs are not a perfect solution and it is important to select a reputable provider, to entrust your data with. Tor provides greater anonymity.
|
||||
|
||||
**Security** | **Priority** | **Details and Hints**
|
||||
--- | --- | ---
|
||||
**Use a VPN** | Recommended | Use a reputable, paid-for VPN. Choose one which does not keep logs and preferably is not based under a [5-eyes](https://en.wikipedia.org/wiki/Five_Eyes) jurisdiction. See [That One Privacy Site](https://thatoneprivacysite.net/) for a detailed comparison. As of 2020, [NordVPN](https://nordvpn.com/) and [SurfShark](https://surfshark.com/) are both good all-rounders (for speed, simplicity and security), and [Mullvad](https://mullvad.net/), [OVPN](https://www.ovpn.com/en) and [DoubleHop](https://www.doublehop.me/) are excellent for security.
|
||||
**Don’t use a default router password** | Recommended | Change your router password- [here is a guide as to how](https://www.lifewire.com/how-to-change-your-wireless-routers-admin-password-2487652).
|
||||
**Use WPA2** | Recommended | WPA and WEP make it very easy for a hacker to gain access to your router. Use a [WPA2](https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access) password instead. Ensure it is strong: 12+ alpha-numeric characters, avoiding dictionary words.
|
||||
**Keep router firmware up-to-date** | Recommended | Manufacturers release firmware updates that fix security vulnerabilities, implement new standards and sometimes add features/ improve the performance your router. It's important to have the latest firmware installed, to avoid a malicious actor exploiting an un-patched vulnerability. You can usually update your router by navigating to [192.168.0.1](192.168.0.1) or [192.168.1.1](192.168.1.1) in your browser, entering the credentials on the sticker on the back of you of your router (not your WiFi password!), and following the on-screen instructions. Or follow a guide from your routers manufacturer: [Asus](https://www.asus.com/support/FAQ/1005484/), [D-Link](https://eu.dlink.com/uk/en/support/faq/routers/mydlink-routers/dir-810l/how-do-i-upgrade-the-firmware-on-my-router), [Linksys (older models)](https://www.linksys.com/us/support-article?articleNum=140365), [NetGear](https://kb.netgear.com/23442/How-do-I-update-my-NETGEAR-router-s-firmware-using-the-Check-button-in-the-router-web-interface) and [TP-Link](https://www.tp-link.com/us/support/faq/688/). Newer Linksys and Netgear routers update automatically, as does Google's router.
|
||||
**Configure your router to use VPN** | Optional | If you set your VPN up on your router, then data from all devices on your home network is encrypted as it leaves the LAN. Again, it's important to select a secure VPN provider, as they will see what your ISP previously had been logging. Follow a guide from your router manufacturer or VPN provider, or see [this article](https://www.howtogeek.com/221889/connect-your-home-router-to-a-vpn-to-bypass-censorship-filtering-and-more/) to get started. Note that depending on your internet connection, and VPN provider, this could slow down your internet.
|
||||
**Protect against DNS leaks** | Optional | When using a VPN, it is extremely important to exclusively use the DNS server of your VPN provider. For OpenVPN, you can add: `block-outside-dns` to your config file (which will have the extension `.ovn` or `.conf`). If you are unable to do this, then see [this article](https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html) for further instructions. You can check for leaks, using a [DNS Leak Test](https://www.dnsleaktest.com/)
|
||||
**Use a secure VPN Protocol** | Optional | [OpenVPN](https://en.wikipedia.org/wiki/OpenVPN) is widely used, and currently considered as a secure [tunneling protocol](https://en.wikipedia.org/wiki/Tunneling_protocol), it's also open source, lightweight and efficient. [L2TP](https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol) can be good, but only when configured correctly, whereas it's much harder to go wrong with OpenVPN. Don't use [PPTP](https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol), which is now legacy, and not considered secure, and avoid [SSTP](https://en.wikipedia.org/wiki/Secure_Socket_Tunneling_Protocol) (proprietary, owned by Microsoft and due to lack of transparency, could be vulnerable to exploits). [IKEv2](https://en.wikipedia.org/wiki/Internet_Key_Exchange) and the new [WireGuard](https://www.wireguard.com/) protocol *(experimental)* are also good options.
|
||||
**Avoid the free router from your ISP** | Optional | Typically they’re manufactured cheaply in bulk in China, and firmware updates which fix crucial security flaws aren’t released regularly. Consider an open source based router, such as [Turris MOX](https://www.turris.cz/en/mox/overview/)
|
||||
**Ideally hide your SSID** | Optional | An SSID (or Service Set Identifier) is simply your network name. If it is not visible, it is much less likely to be targeted. You can usually hide it after logging into your router admin panel, [see here for more details](https://www.lifewire.com/hide-your-wireless-network-from-your-internet-leeching-neighbors-2487655).
|
||||
**Whitelist MAC Addresses** | Optional | As well as a strong password, and hidden SSID, you can whitelist MAC addresses in your router settings, disallowing any unknown devices to immediately connect to your network, even if they know your credentials. A malicious actor can bypass this, by cloning their address to appear the same as one of your trusted devices, but it will add an extra step for them.
|
||||
**Secure DNS** | Advanced | Use [DNS-over-HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) which performs DNS resolution via the HTTPS protocol, encrypting data between you and your DNS resolver. See [CoudFlares 1.1.1.1 Docs](https://1.1.1.1/help) for more details. Don't use Google DNS or other services which collect a lot of data.
|
||||
**Use the Tor Network** | Advanced | VPNs have their weaknesses, since the provider knows your real details, whereas Tor is anonymous. For optimum security, route all your internet traffic through the Tor network. On Linux you can use [TorSocks](https://gitweb.torproject.org/torsocks.git) and [Privoxy](https://www.privoxy.org/), for Windows you can use [Whonix](https://www.whonix.org/), and on OSX [follow thsese instructions](https://maymay.net/blog/2013/02/20/howto-use-tor-for-all-network-traffic-by-default-on-mac-os-x/). Finally, you can use [OnionPi](https://learn.adafruit.com/onion-pi/overview) to use Tor for all your connected devices, by [configuring a Raspberry Pi to be a Tor Hotspot](https://lifehacker.com/how-to-anonymize-your-browsing-with-a-tor-powered-raspb-1793869805)
|
||||
**Change your Router's Default IP** | Advanced | Modifying your router admin panels default IP address will makes it more difficult for malicious scripts in your web browser targeting local IP addresses, as well as adding an extra step for local network hackers
|
||||
**Kill unused processes and services on your router** | Advanced | Services like Telnet and SSH (Secure Shell) that provide command-line access to devices should never be exposed to the internet and should also be disabled on the local network unless they're actually needed. In general, [any service that’s not used should be disabled](https://www.securityevaluators.com/knowledge/case_studies/routers/soho_service_hacks.php) to reduce attack surface.
|
||||
**Disable WiFi on all Devices** | Advanced | Connecting to even a secure WiFi network increases your attack surface. Disabling your home WiFi and connect each device via Ethernet, and turning off WiFi on your phone and using a USB-C/ Lightening to Ethernet cable will protect against WiFi exploits, as Edward Snowden [says here](https://twitter.com/snowden/status/1175431946958233600?lang=en).
|
||||
|
||||
**Recommended Software**
|
||||
- [Virtual Private Networks](/5_Privacy_Respecting_Software.md#virtual-private-networks)
|
||||
- [Mix Networks](/5_Privacy_Respecting_Software.md#mix-networks)
|
||||
- [Open Source Proxies](/5_Privacy_Respecting_Software.md#proxies)
|
||||
- [DNS Providers](/5_Privacy_Respecting_Software.md#dns)
|
||||
- [Firewalls](/5_Privacy_Respecting_Software.md#firewalls)
|
||||
- [Network Analysis Tools](/5_Privacy_Respecting_Software.md#network-analysis)
|
||||
|
||||
|
||||
## Mobile Devices
|
||||
|
||||
Most smartphone apps run in the background, collecting and logging data, making network requests and ultimately creating a clear picture of who you are, just from your data. This is a big problem from both a security and privacy perspective.
|
||||
|
||||
Even non-smart phones, (and even when the screen is off) are constantly connecting to the nearest cell phone towers, (it does this by broadcasting its IMEI and MEID number). The towers then relay this information, along with any communications, to your mobile carrier, who will store these records indefinitely. The movements of your phone are the movements of you as a person, so all phone proximity and data records can always be linked directly back to you. So whenever your phone is on, there is a record of your presence at that place, being created and maintained by companies.
|
||||
|
||||
SMS texting and traditional phone calls are not secure, so it's important to avoid using that to send or receive anything secure (such as log in codes, OTPs or any personal details). Instead use encrypted messaging, like Signal whenever you can. Be wary of who you share your phone number with.
|
||||
|
||||
**Security** | **Priority** | **Details and Hints**
|
||||
--- | --- | ---
|
||||
**Turn off connectivity features that aren’t being used** | Recommended | When you're not using WiFi, Bluetooth, NFC or anything else, turn those features off. These are commonly used to easily hack individuals.
|
||||
**Keep app count to a minimum** | Recommended | Uninstall apps that you don’t need or use regularly. As apps often run in the background, slowing your device down, but also collecting data.
|
||||
**Don’t grant apps permissions that they don’t need** | Recommended | If an app doesn’t need access to your camera, don’t grant it access. Same with any features of your phone, be wary about what each app has access to.
|
||||
**Only install Apps from official source** | Recommended | Applications on Apple App Store and Google Play Store are scanned and cryptographically signed, making them less likely to be malicious. Avoid downloading .apk or .ipa files from unverified source. Also check the reviews before downloading a new application.
|
||||
**Only Charge your Device from a Trusted Source** | Recommended | When you charge your device via USB in a public space, it is possible for malicious actors to gain full access to your device, via [AT Commands](https://en.wikipedia.org/wiki/Hayes_command_set). You can read more about this at https://atcommands.org/ or from [this seminar](https://www.usenix.org/node/217625). To protect yourself, either only charge your phone from trusted sources, or use a [USB Data Blocker](https://amzn.to/30amhja). A Data blocker allows your phone to charge, while blocking the data transfer wires, blocking this exploit or any file transfers to run. ([PortaPow](https://portablepowersupplies.co.uk/) is recommended, since it still allows for fast-charge.) Available in both [USB-A](https://amzn.to/309kPh3) and [USB-C](https://amzn.to/39Wh5nJ).
|
||||
**Set up a mobile carrier PIN** | Recommended | [SIM hijacking](https://securelist.com/large-scale-sim-swap-fraud/90353/) is when a hacker is able to get your mobile number transferred to their sim (often through social engineering your mobile carrier). This then allows them to receive 2FA SMS codes (enabling them to access your secure accounts, such as banking), or to pose as you. The easiest way to protect against this is to set up a PIN through your mobile provider, thus disallowing anyone without this PIN to make any changes to your account. The PIN should not be easily guessable, and it is important that you remember it, or store is somewhere secure. Using a non-SMS based 2FA method will reduce the damage that can be done if someone is able to take control of your SIM. [Read more](https://us.norton.com/internetsecurity-mobile-sim-swap-fraud.html) about the sim swap scam.
|
||||
**Opt-out of personal ads** | Optional | In order for ads to be personalized, Google collects data about you, you can slightly reduce the amount they collect by opting-out of seeing personalized ads. See [this guide](https://www.androidguys.com/tips-tools/how-to-disable-personalized-ads-on-android/), for Android instructions.
|
||||
**Erase after too many login attempts** | Optional | To protect against an attacker brute forcing your pin, if you lose your phone, set your device to erase after too many failed login attempts. See [this iPhone guide](https://www.howtogeek.com/264369/how-to-erase-your-ios-device-after-too-many-failed-passcode-attempts/). You can also do this via Find my Phone, but this increased security comes at a cost of decreased privacy.
|
||||
**Monitor Trackers** | Optional | A tracker is a piece of software meant to collect data about you or your usages. [εxodus](https://reports.exodus-privacy.eu.org/en/) is a great service which lets you search for any app, by its name, and see which trackers are embedded in it. They also have [an app](https://play.google.com/store/apps/details?id=org.eu.exodus_privacy.exodusprivacy) which shows trackers and permissions for all your installed apps.
|
||||
**Install a Firewall** | Optional | To prevent applications from leaking privacy-sensitive data, you can install a firewall app. This will make it easier to see and control which apps are making network requests in the background, and allow you to block specific apps from roaming when the screen is turned off. For Android, check out [NetGuard](https://www.netguard.me/), and for iOS there is [LockDown](https://apps.apple.com/us/app/lockdown-apps/id1469783711), both of which are open source. Alternatively there is [NoRootFirewall](https://play.google.com/store/apps/details?id=app.greyshirts.firewall) *Android*, [XPrivacy](https://github.com/M66B/XPrivacy) *Android (root required)*, [Fyde](https://apps.apple.com/us/app/fyde-mobile-security-access/) *iOS* and [Guardian Firewall](https://guardianapp.com/) *iOS*.
|
||||
**Use secure, privacy-respecting apps** | Optional | Mainstream apps have a reputation for not respecting the privacy of their users, and they're usually closed-source meaning vulnerabilities can be hidden. [Prism-Break](https://prism-break.org) maintains a list of better alternatives, see [Android](https://prism-break.org/en/categories/android/) and [iOS](https://prism-break.org/en/categories/ios/).
|
||||
**Use Signal, instead of SMS** | Optional | SMS may be convenient, but it's [not secure](https://www.fortherecordmag.com/archives/0315p25.shtml). [Signal](https://signal.org) is both the most secure and private option. [Silence](https://silence.im/) (encrypted SMS), [Threema](https://threema.ch), [Wire](https://wire.com/en/)(enterprise) and [Riot](https://about.riot.im/) are also encrypted.[iMessage](https://techcrunch.com/2014/02/27/apple-explains-exactly-how-secure-imessage-really-is/) and [WhatsApp](https://www.whatsapp.com) do claim to be [end-to-end-encrypted](https://signal.org/blog/whatsapp-complete/), but since they are not open source, verifying this is harder, and the private companies which own them (Apple and Facebook), have a questionable reputation when it comes to protecting users privacy. Keep in mind that although the transmission may be secured, messages can still be read if your or your recipients' devices have been compromised.
|
||||
**Avoid using your real phone number when signing up for an account or service** | Optional | Where possible, avoid giving out your real phone number while creating accounts online. You can create phone numbers using services such as [Google Voice](https://voice.google.com) or [Skype](https://www.skype.com/en/features/online-number/). For temporary usage you can use a service like [iNumbr](https://www.inumbr.com) that generates a phone number that forwards messages and calls to your main number.
|
||||
**Watch out for Stalkerware** | Optional | This is a malware that is installed directly onto your device by someone you know (partner, parent, boss etc.). It allows them to see your location, messages and other app data remotely. The app likely won't show up in your app draw, (but may visible in Settings --> Applications --> View All). Sometimes they can be disguised as a non-conspicuous app (such as a game, flashlight or calculator) which initially don't appear suspicious at all. Look out for unusual battery usage, network requests or high device temperature. If you suspect that stalkerware is on your device, the best way to get rid of it is through a factory reset. See [this guide](https://blog.malwarebytes.com/stalkerware/2019/10/how-to-protect-against-stalkerware-a-murky-but-dangerous-mobile-threat/) for more details.
|
||||
**Sandbox Mobile Apps** | Advanced | Prevent permission-hungry apps from accessing your private data with [Island](https://play.google.com/store/apps/details?id=com.oasisfeng.island). It is a sandbox environment to clone selected apps and isolate them from accessing your personal data outside the sandbox (including call logs, contacts, photos and etc.) even if related permissions are granted.
|
||||
**Consider Orbot** | Advanced | [Orbot](https://guardianproject.info/apps/orbot/) provides a system-wide [Tor](https://www.torproject.org/) connection. Although more secure than a VPN, it will be slower- see [Networking](#networking) section for more details.
|
||||
**Consider running a custom ROM if you have an Android device** | Advanced | Your default OS tracks information about your usage, and app data, constantly. Consider a privacy-focused custom ROM, such as [Lineage](https://lineageos.org) or [CopperheadOS](https://copperhead.co/android/).
|
||||
|
||||
**Recommended Software**
|
||||
- [Mobile Apps, for Security + Privacy](/5_Privacy_Respecting_Software.md#mobile-apps)
|
||||
- [Encrypted Messaging](/5_Privacy_Respecting_Software.md#encrypted-messaging)
|
||||
- [Mobile Operation Systems](/5_Privacy_Respecting_Software.md#mobile-operating-systems)
|
||||
|
||||
## Personal Computers
|
||||
|
||||
Although Windows and OS X are easy to use and convenient, they both are far from secure. Your OS provides the interface between hardware and your applications, so if compromised can have detrimental effects.
|
||||
|
||||
**Security** | **Priority** | **Details and Hints**
|
||||
--- | --- | ---
|
||||
**Keep your OS up-to-date** | Recommended | Microsoft, Apple and Google release regular OS updates, which fix security flaws. Always keep your device updated.
|
||||
**Enable Firewall** | Recommended | A firewall is a program which monitors the incoming and outgoing traffic on your network, and blocks requests based on rules set during its configuration. Properly configured, a firewall can protect against some (but not all) attempts to remotely access your computer. <br>Follow these instructions to enable your firewall in [Windows](https://support.microsoft.com/en-us/help/4028544/windows-10-turn-windows-defender-firewall-on-or-off), [Mac OS](https://support.apple.com/en-us/HT201642), [Ubuntu](https://wiki.ubuntu.com/UncomplicatedFirewall) and other [Linux ditros](https://www.tecmint.com/start-stop-disable-enable-firewalld-iptables-firewall)
|
||||
**Attach only known and trusted external hardware** | Recommended | Over the years there have been a variety of vulnerabilities in each major operating system relating to connecting untrusted hardware. In some cases the hardware talks to the host computer in a way the host computer does not expect, exploiting a vulnerability and directly infecting the host
|
||||
**Don't charge unknown mobile devices from your PC** | Optional | If friends or colleagues want to charge their devices via USB, do not do this through your computers ports (unless you have a data blocker). By default the phone will want to sync to the host computer, but there is also specially crafted malware which takes advantage of the face that computers naturally trust connected USB devices. The owner of the phone may not even realize their device is infected
|
||||
**Encrypt and Backup Important Files** | Optional | Backing up your phone can help keep your important data safe, if your device is lost, stolen or broken. But if you put your backup encrypted in the cloud, cloud providers will have access to it (if you don't pay for the service, then you are the product!). <br>[Cryptomator](https://cryptomator.org/) is an open source tool that makes this easy. It also works alongside [MountainDuck](https://mountainduck.io/) for mounting your remote drives on Windows and Mac. Other non-open-source options are [BoxCrypter](https://www.boxcryptor.com/), [Encrypto](https://macpaw.com/encrypto) and [odrive](https://www.odrive.com/).
|
||||
**Uninstall Adobe Acrobat** | Optional | Adobe Acrobat was designed in a different age, before the Internet. Acrobat has had vulnerabilities that allowed specially crafted PDFs to load malware onto your system for the last two decades. Undoubtedly more vulnerabilities remain. You can use your browser to view PDFs, and browser-based software for editing
|
||||
**Consider Switching to Linux** | Optional | Linux is considerably [more secure](https://www.pcworld.com/article/202452/why_linux_is_more_secure_than_windows.html) than both OSX and Windows. Some distros are still more secure than others, so it’s worth choosing the right one to get a balance between security and convenience.
|
||||
**Avoid PC Apps that are not secure** | Optional | Mainstream apps have a reputation for not respecting the privacy of their users, and they're usually closed-source meaning vulnerabilities can be hidden. See here for compiled list of secure PC apps for [Windows](https://prism-break.org/en/categories/windows/), [OSX](https://prism-break.org/en/categories/macos/) and [Linux](https://prism-break.org/en/categories/gnu-linux/).
|
||||
**Use a Security-Focused Distro** | Advanced | [QubeOS](https://www.qubes-os.org/) is based on “security by compartmentalization”, where each app is sandboxed. [Whonix](https://www.whonix.org/) is based on Tor, so 100% of your traffic will go through the onion router. [Tails](https://tails.boum.org/) is specifically designed to be run on a USB key and is ideal if you don’t want to leave a trace on the device your booting from. [Subgraph](https://subgraph.com/) is an “adversary resistant computing platform”, but also surprisingly easy to use
|
||||
**Password protect your BIOS and drives** | Advanced | A BIOS or UEFI password helps to make an inexperienced hacker's life a little bit harder if they get a hold of your PC or hard drive, [here is a guide on how to do it](https://www.howtogeek.com/186235/how-to-secure-your-computer-with-a-bios-or-uefi-password/).
|
||||
**Canary Tokens** | Advanced | Network breaches happen, but the longer it takes for you to find out about it, the more damage is done. A canary token is like a hacker honeypot, something that looks appealing to them once they've gained access to your system. When they open the file, unknowingly to them, a script is run which will not only alert you of the breach, but also grab some of the hackers system details. <br>[CanaryTokens.org](https://canarytokens.org/generate) and [BlueCloudDrive](https://blueclouddrive.com/generate) are excellent sites, that you can use to generate your tokens. Then just leave them somewhere prominent on your system. [Learn more](https://blog.thinkst.com/p/canarytokensorg-quick-free-detection.html) about canary tokens, or see [this guide](https://resources.infosecinstitute.com/how-to-protect-files-with-canary-tokens/) for details on how to create them yourself.
|
||||
|
||||
**Recommended Software**
|
||||
- [File Encryption](/5_Privacy_Respecting_Software.md#file-encryption)
|
||||
- [AV and Malware Prevention](/5_Privacy_Respecting_Software.md#anti-virus-and-malware-prevention)
|
||||
- [Operating Systems](/5_Privacy_Respecting_Software.md#operating-systems)
|
||||
|
||||
## Smart Home
|
||||
|
||||
Home assistants (such as Google Home, Alexa and Siri) and other internet connected devices collect large amounts of personal data (including voice samples, location data, home details and logs of all interactions). Since you have limited control on what is being collected, how it's stored, and what it will be used for, this makes it hard to recommend any consumer smart-home products to anyone who cares about privacy and security.
|
||||
|
||||
Security vs Privacy: There are many smart devices on the market that claim to increase the security of your home while being easy and convenient to use (Such as [Cave Burglar Alarm](https://amzn.to/2Rx83Fb), [Blink Cam](https://amzn.to/30ylzg9), [Yale Lock](https://amzn.to/2tnQzDv) and [Ring Doorbell](https://amzn.to/2ufQ1zi) to name a few). These devices may appear to make security easier, but there is a trade-off in terms of privacy: as they collect large amounts of personal data, and leave you without control over how this is stored or used. The security of these devices is also questionable, since many of them can be (and are being) hacked, allowing an intruder to bypass detection with minimum effort.
|
||||
|
||||
The most privacy-respecting option, would be to not use "smart" internet-connected devices in your home, and not to rely on a security device that requires an internet connection. But if you do, it is important to fully understand the risks of any given product, before buying it. Then adjust settings to increase privacy and security. The following checklist will help mitigate the risks associated with internet-connected home devices.
|
||||
|
||||
**Security** | **Priority** | **Details and Hints**
|
||||
--- | --- | ---
|
||||
**Rename devices to not specify brand/model** | Recommended | If your device name shows what brand or model it is, it will make it easier for a malicious actor launch an attack targeting a specific device. For example avoid names like "Nest Cam", "Yale Lock YRD 256" or "Hive Thermostat". It's usually easy to change the device's default name.
|
||||
**Disable microphone and camera when not in use** | Recommended | Smart speakers and other voice controlled devices store sound clips on a server (and sometimes monitored by employees to improve the speech detection), any accidental recordings could disclose sensitive or personal data. A targeted attack could also allow someone to gain control of a microphone/ camera, so using the hardware switch to turn it off will help protect from that.
|
||||
**Understand what data is collected, stored and transmitted** | Recommended | Before purchasing any smart home device, do some research - and ensure that you understand, and are comfortable with what is being collected and how it is stored and used. Don't buy devices that share anything with third parties, and check the data [breach]([https://www.dehashed.com/breach](https://www.dehashed.com/breach)) database.
|
||||
**Set privacy settings, and opt out of sharing data with third parties** | Recommended | Once installed, go to settings in the app, and under privacy ensure the strictest options are selected. Usually by default, the most possible data is being collected.
|
||||
**Don't link your smart home devices to your real identity** | Recommended | Use a unique user name and password which does not identify you, your family, your location or any other personal details. When creating an account for a new smart home device, do not sign up/log in with Facebook, Google or any other third-party service.
|
||||
**Keep firmware up-to-date** | Recommended | Ensure firmware versions on smart devices are up-to-date and software patches have been applied. Most smart home apps will notify you when a new firmware version is available, so all you have to do it accept and install.
|
||||
**Protect your Network** | Recommended | On many smart home devices, anybody connected to your home WiFi is able to view the device content (such as camera footages, or motion statistics). So ensure that your WiFi and home networks are properly secured with a strong password and up-to-date firmware. (See the [Router Section](#your-router) for more details)
|
||||
**Be wary of wearables** | Optional | Wearable smart devices allow companies to log even more data than ever before; they can track your every move to know exactly where you are and what you are doing at any given time. Again, you as the consumer have no control over what is done with that data.
|
||||
**Don't connect your home's critical infrastructure to the Internet** | Optional | While a smart thermostat, burglar alarm, smoke detector and other appliances may seem convenient, they by design can be accessed remotely, meaning a hacker can gain control of your entire home, without even needing to be nearby. And by breaching multiple devices, the effects can be very serious.
|
||||
**Don't use Alexa/ Google Home** | Optional | It is a known fact that voice-activated assistants collect a lot of personal data. Consider switching to [MyCroft](https://mycroft.ai/) which is an open source alternative, with much better privacy.
|
||||
**Monitor your home network closely** | Optional | Check your local network for suspicious activity. One of the easier methods to do this is with [FingBox](https://amzn.to/38mdw8F), but you can also do it directly [through some routers](https://www.howtogeek.com/222740/how-to-the-monitor-the-bandwidth-and-data-usage-of-individual-devices-on-your-network/).
|
||||
**Deny Internet access where possible** | Advanced | If possible deny the device/ app internet access, and use it only on your local network. You can configure a firewall to block certain devices from sending or receiving from the internet.
|
||||
**Assess risks** | Advanced | Assess risks with your audience and data in mind: Be mindful of whose data is being collected, e.g. kids. Manage which devices can operate when (such as turning cameras off when you are at home, or disabling the internet for certain devices at specific times of day)
|
||||
|
||||
**Recommended Software**
|
||||
- [Home Automation](/5_Privacy_Respecting_Software.md#home-automation)
|
||||
- [AI Voice Assistants](/5_Privacy_Respecting_Software.md#ai-voice-assistants)
|
||||
|
||||
|
||||
## Sensible Computing
|
||||
|
||||
Many data breaches, hacks and attacks are caused by human error. The following list contains steps you should take, to reduce the risk of this happening to you. Many of them are common sense, but it's worth takin note of.
|
||||
|
||||
|
||||
**Security** | **Priority** | **Details and Hints**
|
||||
--- | --- | ---
|
||||
**If an email asks you to take a sensitive action, verify it first** | Recommended | Emails are easy for an attacker to spoof, and it is unfortunately common practice. So whenever an email asks you to take a sensitive action, call the company first, to verify it is authentic
|
||||
**Don’t Trust Your Popup Notifications** | Recommended | It is a trivial task for a malicious actor to deploy fake pop-ups, either on your PC, phone or browser. If you click a popup, ensure the URL is correct before entering any information
|
||||
**Never Leave Device Unattended** | Recommended | Even with a strong password, it's straight-forward to retrieve the data from your phone or computer (unless it is encrypted). If you lose your device, and have find my phone enabled, then remotely erase it
|
||||
**Prevent Camfecting** | Recommended | It is a good idea to invest in some webcam covers, and microphone blockers to protect against [*camfecting*](https://en.wikipedia.org/wiki/Camfecting), where a malicious actor, or app is able spy on you and your physical space, without your knowledge. See [this guide](https://blog.malwarebytes.com/hacking-2/2019/09/15000-webcams-vulnerable-how-to-protect-webcam-hacking/) for more tips. Mute home assistants, (Alexa, Google Home and Siri) when you are not using them, or at least when you are discussing anything sensitive or anything conversation involving personal details
|
||||
**Stay protected from shoulder surfers** | Recommended | Be sure to not let anyone 'shoulder surf' (read what is on your screen, when in public space). As they may be able to gather sensitive information about you. You could apply a privacy screen to your [laptop](https://amzn.to/2H7pOX7) and [mobile](https://amzn.to/39oHWrA), in order to restrict data being read from an angle
|
||||
**Educate yourself about phishing attacks** | Recommended | Phishing is an attempt to obtain sensitive information (like an account password) by disguising as a trustworthy person or company. In recent years phishing attacks have become increasingly sophisticated and hackers are learning to use data that people put on the web to create highly specific and targeted attacks. Check the URL before entering any information. Understand the context- were you expecting the email or message, does it feel normal? Employ general good security practices will also help: Use 2FA, don't reuse passwords, close accounts you no longer use and backup your data. See these guides on: [How to Protect against Common Phishing Attacks](https://www.tripwire.com/state-of-security/security-awareness/6-common-phishing-attacks-and-how-to-protect-against-them) and [The Anatomy of a Phishing Email](https://www.howtogeek.com/58642/online-security-breaking-down-the-anatomy-of-a-phishing-email/)
|
||||
**Watch out for Stalkerware** | Recommended | This is a malware that is installed directly onto your device by someone you know (partner, parent, boss etc). It allows them to see your location, messages and other app data remotely. The app likely won't show up in your app draw, (but may visible in Settings --> Applications --> View All). Sometimes they can be disguised as a non-conspicuous app (such as a game, flashlight or calculator) which initially don't appear suspicious at all. Look out for unusual battery usage, network requests or high device temperature. If you suspect that stalker ware is on your device, the best way to get rid of it is through a factory reset
|
||||
**Install Reputable Software from Trusted Sources** | Recommended | It may seem obvious, but so much of the malware many PC users encounter is often as a result of accidentally downloading and installing bad software. Also, some legitimate applications try to offer you slightly dodgy freeware (such as toolbars, anti-virus, and other utilities). Be sure to pay attention while completing the installation process. Only download software from legitimate sources (often this isn't the top result in Google) so it's important to double check before downloading. Before installing, check it in [Virus Total](https://www.virustotal.com), which scans installable files using multiple AV checkers
|
||||
**Store personal data securely** | Recommended | Backing up important data is important. But ensure that all information that is stored on your phone/laptop, USB or in a cloud is encrypted. That way, if it is accessed by a hacker (which unfortunately is all too common), it will be almost impossible for them to get to your personal files. For USB devices, see [VeraCrypt](https://www.veracrypt.fr/en/Home.html). For cloud backup, see [Cryptomator](https://cryptomator.org), and for your phone and laptop, see [this guide](https://www.howtogeek.com/260507/psa-encrypt-your-pc-phone-and-tablet-now.-youll-regret-it-later-if-you-dont)
|
||||
**Do not assume a site is secure, just because it is `HTTPS`** | Recommended | Unlike HTTP, data sent over HTTPS is encrypted. However that does not mean you should trust that website by default. HTTPS Certificates can be obtained by anybody, so a cloned or scam site may have a valid certificate (as denoted by the padlock icon). Always check the URL, and don't enter any personal details unless you are certain a website is legitimate. Avoid entering data on any site that is not HTTPS
|
||||
**Use Credit Cards, or Virtual Cards when paying online** | Optional | There are risks involved in entering your card details on any website. Credit cards have better consumer protection, compared to debit or bank cards, meaning you are more likely to be recompensated for fraudulent transactions. Better still, paying with a virtual, 1-time card will mean that even if those credentials are compromised a hacker will not be able to lift any of your money. [Privacy.com](https://privacy.com/join/VW7WC) offer virtual payment cards for that you can use anywhere on the internet, as does [Revolut Premium](revolut.ngih.net/Q9jdx)
|
||||
**Review application permissions** | Optional | Ensure that no app have unnecessary access to your photos, camera, location, contacts, microphone, call logs etc. See these guides for how to manage app permissions on [Android](https://www.howtogeek.com/230683/how-to-manage-app-permissions-on-android-6.0) and [iOS](https://www.howtogeek.com/211623/how-to-manage-app-permissions-on-your-iphone-or-ipad). On Android, there is a great app called [Exodus Privacy](https://play.google.com/store/apps/details?id=org.eu.exodus_privacy.exodusprivacy), that displays all permissions, and trackers for each of your installed apps
|
||||
**Opt-out of data sharing** | Optional | Many apps and services automatically opt you in for data collection and sharing. Often this data is sold onto third-parties, who buy customer logs from many companies, and are therefore able to combine them together and easily deduce your identity, and combine it with your habits, purchases, personal details, location etc. For instructions on how to opt-out, see [Simple Opt Out](https://simpleoptout.com)
|
||||
**Review and update social media privacy** | Optional | Companies regularly update their terms, and that often leads to you being opted back. Check you Facebook, Twitter, Google etc. activity and privacy settings. See also [re-consent](https://github.com/cliqz-oss/re-consent) and [Jumbo](https://www.jumboprivacy.com) which are tools aimed at making this clearer and easier
|
||||
**Compartmentalize** | Advanced | [Compartmentalization](https://en.wikipedia.org/wiki/Compartmentalization_(information_security)) is where to keep several categories of digital activity and files totally separate from each other. It means that if one area is breached, then an attacker will only have a proportion of your data, and the rest will still be safe. For example, store your work and personal files on separate devices, or use different web browsers for different types of activity, or even run certain tasks in a contained VM or on a separate device (such as having a work phone, and personal phone, or using a separate browser for social media/ chat rooms, or even running a VM for using specialist software)
|
||||
**Use anonymous payment methods** | Advanced | Paying online with credit or debit card involves entering personal details, including name and residential address. Paying with cryptocurrency will not require you to enter any identifiable information. Both [Monero](https://www.getmonero.org) and [Zcash](https://z.cash/) are totally anonymous, and so best for privacy. See also: [Anonymous Payment Methods](/5_Privacy_Respecting_Software.md#payment-methods)
|
||||
|
||||
**See also**: [Online Tools](/5_Privacy_Respecting_Software.md#online-tools)
|
||||
|
||||
----
|
||||
|
||||
#### There's more to check out!
|
||||
- [Why Privacy & Security Matters](/0_Why_It_Matters.md)
|
||||
- [Privacy-Respecting Software](/5_Privacy_Respecting_Software.md)
|
||||
- [Privacy & Security Gadgets](/6_Privacy_and-Security_Gadgets.md)
|
||||
- [Further Links + More Awesome Stuff](/4_Privacy_And_Security_Links.md)
|
||||
|
||||
#### Other Awesome Security Lists
|
||||
- @sbilly/[awesome-security](https://github.com/sbilly/awesome-security)
|
||||
- @0x4D31/[awesome-threat-detection](https://github.com/0x4D31/awesome-threat-detection)
|
||||
- @hslatman/[awesome-threat-intelligence](https://github.com/hslatman/awesome-threat-intelligence)
|
||||
- @PaulSec/[awesome-sec-talks](https://github.com/PaulSec/awesome-sec-talks)
|
||||
- @Zbetcheckin/[security_list](https://github.com/zbetcheckin/Security_list)
|
||||
|
||||
[See More](/4_Privacy_And_Security_Links.md#other-github-security-lists)
|
||||
|
||||
----
|
||||
|
||||
## Notes
|
||||
|
||||
*Thanks for visiting, hope you found something useful here :) Contributions are welcome, and much appreciated - to propose an edit [raise an issue](https://github.com/Lissy93/personal-security-checklist/issues/new/choose), or [open a PR](https://github.com/Lissy93/personal-security-checklist/pull/new/master). See: [`CONTRIBUTING.md`](/.github/CONTRIBUTING.md).*
|
||||
|
||||
*I owe a lot of thanks others who've conducted research, written papers, developed software all in the interest of privacy and security. Full attributions and references found in [`ATTRIBUTIONS.md`](/ATTRIBUTIONS.md).*
|
||||
|
||||
*Disclaimer: This is not an exhaustive list, and aims only to be taken as guide.*
|
||||
|
||||
*Licensed under [Creative Commons, CC BY 4.0](https://creativecommons.org/licenses/by/4.0/), © [Alicia Sykes](https://aliciasykes.com) 2020*
|
||||
|
||||
[](/LICENSE.md)
|
||||
|
||||
---
|
||||
|
||||
Get in touch 📬
|
||||
|
||||
[](https://twitter.com/Lissy_Sykes)
|
||||
[](https://github.com/Lissy93)
|
||||
[](https://mastodon.social/web/accounts/1032965)
|
||||
[](https://keybase.io/aliciasykes)
|
||||
[](https://keybase.io/aliciasykes/pgp_keys.asc)
|
||||
[](https://aliciasykes.com)
|
||||
|
||||
----
|
||||
|
||||
Found this helpful? Consider sharing it with others, to help them also improve their digital security 😇
|
||||
|
||||
[](http://twitter.com/share?text=Check%20out%20the%20Personal%20Cyber%20Security%20Checklist-%20an%20ultimate%20list%20of%20tips%20for%20protecting%20your%20digital%20security%20and%20privacy%20in%202020%2C%20with%20%40Lissy_Sykes%20%F0%9F%94%90%20%20%F0%9F%9A%80&url=https://github.com/Lissy93/personal-security-checklist)
|
||||
[](
|
||||
http://www.linkedin.com/shareArticle?mini=true&url=https://github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=https://github.com/Lissy93)
|
||||
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A//github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=)
|
||||
[](https://mastodon.social/web/statuses/new?text=Check%20out%20the%20Ultimate%20Personal%20Cyber%20Security%20Checklist%20by%20%40Lissy93%20on%20%23GitHub%20%20%F0%9F%94%90%20%E2%9C%A8)
|
||||
|
||||
|
|
@ -32,7 +32,6 @@
|
|||
themeColor: '#060b2b',
|
||||
notFoundPage: '_404.html',
|
||||
coverpage: '_coverpage.html',
|
||||
basePath: 'https://raw.githubusercontent.com/Lissy93/personal-security-checklist/master/',
|
||||
loadNavbar: true,
|
||||
onlyCover: true,
|
||||
executeScript: true,
|
||||
|
|
|
|||
Loading…
Reference in New Issue