From d7f6f759e2ceb44bd5ae30d7ef8113d628add03e Mon Sep 17 00:00:00 2001 From: Alicia Sykes Date: Thu, 23 Apr 2020 21:36:24 +0100 Subject: [PATCH] Revert "Now uses remote paths" This reverts commit 033f44a9ef69647d8a4e80fe8a1d9f13a14c5a10. --- 0_Why_It_Matters.md | 83 +++ 2_TLDR_Short_List.md | 245 +++++++ 4_Privacy_And_Security_Links.md | 256 +++++++ 5_Privacy_Respecting_Software.md | 1081 +++++++++++++++++++++++++++++ 6_Privacy_and-Security_Gadgets.md | 240 +++++++ ATTRIBUTIONS.md | 48 ++ LICENSE.md | 348 ++++++++++ README.md | 336 +++++++++ index.html | 1 - 9 files changed, 2637 insertions(+), 1 deletion(-) create mode 100644 0_Why_It_Matters.md create mode 100644 2_TLDR_Short_List.md create mode 100644 4_Privacy_And_Security_Links.md create mode 100644 5_Privacy_Respecting_Software.md create mode 100644 6_Privacy_and-Security_Gadgets.md create mode 100644 ATTRIBUTIONS.md create mode 100644 LICENSE.md create mode 100644 README.md diff --git a/0_Why_It_Matters.md b/0_Why_It_Matters.md new file mode 100644 index 0000000..ae9f536 --- /dev/null +++ b/0_Why_It_Matters.md @@ -0,0 +1,83 @@ +## Digital Privacy and Security- The Current Situation + +Privacy is a fundamental right. It is being abused by governments (with mass-surveillance), corporations (making money out of selling our personal data) and cyber criminals (stealing our poorly-secured personal data and using it against us). + +### Government Mass Surveillance +Intelligence and law enforcement agencies need surveillance powers to tackle serious crime and terrorism. However, since the Snowden revelations, we now know that this surveillance is not targeted at those suspected of wrongdoing- but instead the entire population. All our digital interactions are being logged and tracked by our very own governments. + +Mass surveillance is a means of control and suppression. When you know you are being watched, you subconsciously change your behavior, it has this chilling effect. A society of surveillance is just 1 step away from a society of submission. + +### Cyber Crime +Hackers and cybercriminals pose an ongoing and constantly evolving threat. With the ever-increasing amount of our personal data being collected and logged - we are more vulnerable to data breaches and identity fraud than ever before. + +In the same way, criminals will go to great lengths to use your data against you: either through holding it ransom, impersonating you, stealing money or just building up a profile on you and selling it on, to another criminal entity. + +### Corporations +On the internet the value of data is high. Companies all want to know exactly who you are and what you are doing. They collect data, store it, use it and sometimes sell it on. + + +Everything that each of us does online leaves a trail of data. If saved and used correctly, these traces make up a goldmine of information full of insights into people on a personal level as well as a valuable read on larger cultural, economic and political trends. Tech giants (such as Google, Facebook, Uber, Amazon, and Spotify) are leveraging this, building billion-dollar businesses out of the data that are interactions with digital devices create. We, as users have no gaurantees that what is being collected is being stored securly, we often have no way to know for sure that it is deleted when we request so, and we don't have access to what theit AI systems have refered from our data. + +Our computers, phones, wearables, digital assistants and IoT have been turned into bugs that are plugged into a vast corporate-owned surveillance network. Where we go, what we do, what we talk about, who we talk to, and who we see – everything is recorded and, at some point, leveraged for value. They know us intimately, even the things that we hide from those closest to us. In our modern internet ecosystem, this kind of private surveillance is the norm. + +--- + + +## What data is Collected about You +Every interaction that you have an internet-connected device is logged. This includes all the data that you physically enter, as well as everything that is passively collected, such as your clicks/ scrolls amount of time spent looking at each part, etc, and finally data that is aggressively collected through background processes, GPS, gyroscope measurements, microphones and sometimes cameras. All this data is sent to servers, where you have no guarantee of how it is stored, what it will be used for, or if it will ever be sold. When you request for your information to be deleted- it often isn't- the data is almost ever-lasting. + + +## What Happens to Data that is Collected about You +- It can be sold. Data brokers pay a high price for peoples personal details and habits +- It can be used to show you ads. You may see different search results than someone else because your search engine is subtly trying to sell things to you. +- It can get into the wrong hands. Criminals use people's personal details to pull off scams, hold you to ransom, impersonate you to extract funds or further control over your digital life. +- It can allow both local and foreign governments to profile, and track you. +- It can be stored, indefinitely- and some of it can be potentially used against you in the future + +--- + +## Got nothing to hide? + +Privacy isn’t about hiding information; privacy is about protecting information, and surely you have information that you’d like to protect. Even with nothing to hide, you still put blinds on your window- and you wouldn't want your search history, bank statements, photos, notes or messages to be publicly available to the world. + +Privacy is a fundamental right, and you shouldn't need to prove the necessity of fundamental right to anyone. As Edward Snowden said, "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say". There are many scenarios in which privacy is crucial and desirable like intimate conversations, medical procedures, and voting. When we know we are being watched, our behaviour changes, which in turn suppresses things like free speech. + +You need privacy to avoid unfortunately common threats like identity theft, manipulation through ads, discrimination based on your personal information, harassment, the [filter bubble](https://spreadprivacy.com/filter-bubble/), and many other real harms that arise from invasions of privacy. An attack on our privacy, also hurts the privacy of those we communicate with. + +In addition, what many people don’t realize is that several small pieces of your personal data can be put together to reveal much more about you than you would think is possible. When different pieces of your data is aggregated together, it can create a very complete picture of who you are, where you spend your time. Further to this, even things we don't think are worth hiding today, may later be used against us in unexpected ways. + + +---- + +#### There's more to check out! +- [Ultimate Personal Security Checklist](/README.md) +- [Why Privacy & Security Matters](/0_Why_It_Matters.md) +- [Privacy-Respecting Software](/5_Privacy_Respecting_Software.md) +- [Privacy & Security Gadgets](/6_Privacy_and-Security_Gadgets.md) +- [Further Links + More Awesome Stuff](/4_Privacy_And_Security_Links.md) + + + Follow Alicia Sykes on Twitter + + +#### Notes + +*Thanks for visiting, hope you found something useful here :) Contributions are welcome, and much appreciated - to propose an edit [raise an issue](https://github.com/Lissy93/personal-security-checklist/issues/new/choose), or [open a PR](https://github.com/Lissy93/personal-security-checklist/pull/new/master). See: [`CONTRIBUTING.md`](/.github/CONTRIBUTING.md).* + +*I owe a lot of thanks others who've conducted research, written papers, developed software all in the interest of privacy and security. Full attributions and referenses found in [`ATTRIBUTIONS.md`](/ATTRIBUTIONS.md).* + +#### License + +*Licensed under [Creative Commons, CC BY 4.0](https://creativecommons.org/licenses/by/4.0/), © [Alicia Sykes](https://aliciasykes.com) 2020* + +[![Attribution 4.0 International](https://licensebuttons.net/l/by/3.0/88x31.png)](https://github.com/Lissy93/personal-security-checklist/blob/master/LICENSE.md) + +---- + +Found this helpful? Consider sharing it with others, to help them also improvde their digital security 😇 + +[![Share on Twitter](https://i.ibb.co/2hqF59H/share-twitter.png)](http://twitter.com/share?text=Check%20out%20the%20Personal%20Cyber%20Security%20Checklist-%20an%20ultimate%20list%20of%20tips%20for%20protecting%20your%20digital%20security%20and%20privacy%20in%202020%2C%20with%20%40Lissy_Sykes%20%F0%9F%94%90%20%20%F0%9F%9A%80&url=https://github.com/Lissy93/personal-security-checklist) +[![Share on LinkedIn](https://i.ibb.co/9Ngh9jg/share-linkedin.png)]( +http://www.linkedin.com/shareArticle?mini=true&url=https://github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=https://github.com/Lissy93) +[![Share on Facebook](https://i.ibb.co/cc6tFVj/share-facebook.png)](https://www.linkedin.com/shareArticle?mini=true&url=https%3A//github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=) +[![Share on Pinterest](https://i.ibb.co/x8L70b0/share-pinterest.png)](https://pinterest.com/pin/create/button/?url=https%3A//repository-images.githubusercontent.com/123631418/79c58980-3a13-11ea-97e8-e45591ef2d97&media=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&description=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020) diff --git a/2_TLDR_Short_List.md b/2_TLDR_Short_List.md new file mode 100644 index 0000000..6a66ba0 --- /dev/null +++ b/2_TLDR_Short_List.md @@ -0,0 +1,245 @@ +# Personal Cyber Security | TLDR [![Awesome](https://awesome.re/badge-flat2.svg)](https://awesome.re) [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com) [![License](https://img.shields.io/badge/LICENSE-CC_BY_4.0-00a2ff?&style=flat-square)](https://creativecommons.org/licenses/by/4.0/)[![Contributors](https://img.shields.io/github/contributors/lissy93/personal-security-checklist?color=%23ffa900&style=flat-square)](/ATTRIBUTIONS.md#contributors-) + +#### Contents +- [Personal Security Checklist](#personal-security-checklist) +- [Privacy-focused Software](#open-source-privacy-focused-software) +- [Security Hardware](#security-hardware) + +## PERSONAL SECURITY CHECKLIST + +> This is the shortened version of [The Complete Personal Security Checklist](https://github.com/Lissy93/personal-security-checklist/blob/master/README.md). +It lays out the 20 most essential security + privacy tips, that you should complete to protect your digital life. + + +### Authentication +- Use strong, unique passphrases for each of your accounts (12+ alpha-numeric upper and lower-case letters + symbols). Avoid predicitable patterns, dictionary words and names. +- Use a password manager: It is going to be almost impossible to remember hundreds of unique passwords. A password manager will generate strong passwords, securly store and auto-fill them, with a browser extension and mobile app. All you will need to do, is remember 1 master password. [BitWarden](https://bitwarden.com) is a great option, as is [1Password](https://1password.com) (not open source). [KeePass XC](https://keepassxc.org) is more secure, but without any cloud-sync functionality. +- Use 2-factor authentication for all secure accounts (email, cloud storage, financial accounts and social media). You can do this with [Authy](https://authy.com) (proprietary) which will also let you back up and sync your tokens across multiple devices. Or you can use [Aegis](https://getaegis.app) or [AndOTP](https://github.com/andOTP/andOTP) which are both open source. +- Be cautious when logging into your accounts on someone elses device, as you cannot be sure that it is free of malware. If you do need to access one of your accounts, use incognito mode (Ctrl+Shift+N) so your credentials don't get cached. + + +### Browsing +- Don't enter any personal details on websites that are not HTTPS +- Switch to [Firefox](https://www.mozilla.org/en-GB/firefox/new/) or [Brave Browser](https://brave.com/?ref=ali721), both of which have strong privacy and security configurations by default, and will also make loading websites faster. Consider using [Tor](https://www.torproject.org/) for the greatest privacy. +- Consider using search engine that doesn't track you, such as [DuckDuckGo](https://duckduckgo.com/) or [StartPage](https://www.startpage.com/), which show unbiased results and don't keep logs. +- Install [PrivacyBadger](https://www.eff.org/privacybadger) extension to block invisible trackers, and [HTTPS Everywhere](https://www.eff.org/https-everywhere) to force sites to load via HTTPS. You can use [Panopticlick](https://panopticlick.eff.org/) to quickly check if your browser is safe against tracking. + + +### Phone +- Have a strong pin/password on your mobile device. +- Turn off WiFi when your not using it, and delete saved networks that you no longer need (Settings --> WiFi --> Saved Networks). +- Don't grant apps permissions that they don't need. For Android, you can use [Exodus](https://exodus-privacy.eu.org/en/) to quickly see the permissions and trackers for each of your installed apps. + + +### Email +- It's important to protect your email account, as if a hacker gains access to it he/she will be able to reset the passwords for all your other accounts. Ensure you have a strong and unique password, and enable 2FA. +- Emails are not encrypted by default, meaning they are able to be read by anyone who intercepts them as well as your email provider (Google, Microsoft, Apple, Yahoo etc all monitor emails). Consider switching to a secure mail provider using end-to-end encryption, such as [ProtonMail](https://protonmail.com/) or [Tutanota](https://tutanota.com/). + + +### Networking +- Use a reputable VPN to keep your IP protected and reduce the amount of browsing data your ISP can log. (Note: VPN's do not provide ultimate protection as advertisers commonly state). See [thatoneprivacysite.net](https://thatoneprivacysite.net/) for a detailed comparison chart. [ProtonVPN](https://protonvpn.com/) has a free starter plan, [Mullvad](https://mullvad.net/) is great for anonymity. Other good all-rounders include [IVPN](https://www.ivpn.net/), NordVPN, TorGuard and AirVPN. +- Change your routers default password. Anyone connected to your WiFi is able to listen to network traffic, so in order to prevent people you don't know from connecting, use WPA2 and set a strong password. +- Update your router settings to use a secure DNS, such as [Cloudflare's 1.1.1.1](https://1.1.1.1/dns/), this should also speed up your internet. If you cannot modify your roters settings, you can set the DNS on your phone (with the [1.1.1.1. app](https://1.1.1.1/)), or [Windows](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/windows/), [Mac](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/mac/) or [Linux](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/linux/). DNS is the system used to resolve URL's to their server addresses, many DNS providers collect data on your browsing habbits and use it to target you with ads or sell it on. + + +### Devices +- Keep software up-to-date. Security fixes and patches are released as updates, so it is important to install updates when prompted, for your phone, PC, router, IoT devices and all software/apps. + +**📜 See More**: [The Complete Personal Security Checklist](https://github.com/Lissy93/personal-security-checklist/blob/master/README.md) + +---- + + +## OPEN-SOURCE, PRIVACY-FOCUSED SOFTWARE +Switch to alternative open-source, privacy-respecting apps and services, which won't collect your data, track you or show targetted ads. + +#### Security +- Password Managers: [BitWarden] | [1Password] *(proprietary)* | [KeePassXC] *(offline)* | [LessPass] *(stateless)* +- 2-Factor Authentication: [Aegis] *(Android)* | [Authenticator] *(iOS)* | [AndOTP] *(Android)* +- File Encryption: [VeraCrypt] | [Cryptomator] *(for cloud)* +- Encrypted Messaging: [Signal] | [KeyBase] *(for groups/ communities)* +- Encrypted Email: [ProtonMail] | [MailFence] | [Tutanota] | (+ also [33Mail] | [anonaddy] for aliasing) +- Private Browsers: [Brave Browser] | [Firefox] *with [some tweaks](https://restoreprivacy.com/firefox-privacy/)* | [Tor] +- Non-Tracking Search Engines: [DuckDuckGo] | [StartPage] | [SearX] *(self-hosted)* | [Quant] +- VPN: [Mullvad] | [ProtonVPN] | [Windscribe] | [IVPN] *(better still, use [Tor])* +- App Firewall: [NetGuard] (Android) | [Lockdown] (iOS) | [OpenSnitch] (Linux) | [LuLu] (MacOS) + +#### Browser Extensions +[Privacy Badger] - Blocks trackers. [HTTPS Everywhere] - Upgrates requests to HTTPS. [uBlock Origin] - Blocks ads, trackers and malwares. [ScriptSafe] - Block execution of certain scripts. [WebRTC Leak Prevent] - Prevents IP leaks. [Vanilla Cookie Manager] - Auto-removes unwanted cookies. [Privacy Essentials] - Shows which sites are insecure + +#### Mobile Apps +[Exodus] - Shows which trackers are on your device. [Orbot]- System-wide Tor Proxy. [Island] - Sand-box environment for apps. [NetGuard] - Controll which apps have network access. [Bouncer] - Grant temporary permissions. [Greenify] - Controll which apps can run in the background. [1.1.1.1] - Use CloudFlares DNS over HTTPS. [Fing App] - Monitor your home WiFi network for intruders + +#### Online Tools +[εxodus] - Shows which trackers an app has. [';--have i been pwned?] - Check if your details have been exposed in a breach. [EXIF Remover] - Removes meta data from image or file. [Redirect Detective] - Shows where link redirects to. [Virus Total] - Scans file or URL for malware. [Panopticlick], [Browser Leak Test] and [IP Leak Test] - Check for system and browser leaks + +#### Productivity Tools +File Storage: [NextCloud]. File Sync: [Syncthing]. File Drop: [Firefox Send]. Notes: [Standard Notes], [Cryptee], [Joplin]. Blogging: [Write Freely]. Calendar/ Contacts Sync: [ETE Sync] + +📜 **See More**: [Complete List of Privacy-Respecing Sofware](/5_Privacy_Respecting_Software.md) + +---- + +## SECURITY HARDWARE + +There are also some gadgets that can help improve your physical and digital security. + +- **Blockers & Shields**: [PortaPow] - USB Data Blocker | [Mic Block] - Physically disables microphone | [Silent-Pocket] - Signal-blocking faraday pouches | [Lindy] - Physical port blockers | [RFID Shields] | [Webcam Covers] | [Privacy Screen] +- **Crypto Wallets**: [Trezor] - Hardware wallet | [CryptoSteel] - Indestructible steel crypto wallet +- **FIDO U2F Keys**: [Solo Key] | [Nitro Key] | [Librem Key] +- **Data Blockers**: [PortaPow] - Blocks data to protect against malware upload attacks, enables FastCharge. +- **Hardware-encrypted storage**: [iStorage]- PIN-authenticated 256-bit hardware encrypted storage | [Encrypted Drive Enclosure] +- **Networking**: [Anonabox] - Plug-and-play Tor router | [FingBox] - Easy home network automated security monitoring +- **Paranoid Gadgets!** [Orwl]- Self-destroying PC | [Hunter-Cat]- Card-skim detector | [Adversarial Fashion]- Anti-facial-recognition clothing | [DSTIKE Deauth Detector] - Detect deauth attacks, from [Spacehuhn] | [Reflectacles]- Anti-surveillance glasses | [Armourcard]- Active RFID jamming | [Bug-Detector]- Check for RF-enabled eavesdropping equipment | [Ultrasonic Microphone Jammer] - Emits signals thats silent to humans, but interfere with recording equipment. + + +There's no need to spend money- Most of these products can be made at home with open source software. Here's a list of [DIY Security Gadgets](/6_Privacy_and-Security_Gadgets.md#diy-security-products). + +📜 **See More**: [Privacy and Security Gadgets](/6_Privacy_and-Security_Gadgets.md) + +---- + +*Thanks for visiting, hope you found something useful here :) Contributions are welcome, and much appreciated - to propose an edit [raise an issue](https://github.com/Lissy93/personal-security-checklist/issues/new/choose), or [open a PR](https://github.com/Lissy93/personal-security-checklist/pull/new/master). See: [`CONTRIBUTING.md`](/.github/CONTRIBUTING.md).* + +---- + +Found this helpful? Consider sharing, to help others improve their digital security 😇 + +[![Share on Twitter](https://img.shields.io/badge/Share-Twitter-17a2f3?style=flat-square&logo=Twitter)](http://twitter.com/share?text=Check%20out%20the%20Personal%20Cyber%20Security%20Checklist-%20an%20ultimate%20list%20of%20tips%20for%20protecting%20your%20digital%20security%20and%20privacy%20in%202020%2C%20with%20%40Lissy_Sykes%20%F0%9F%94%90%20%20%F0%9F%9A%80&url=https://github.com/Lissy93/personal-security-checklist) +[![Share on LinkedIn](https://img.shields.io/badge/Share-LinkedIn-0077b5?style=flat-square&logo=LinkedIn)]( +http://www.linkedin.com/shareArticle?mini=true&url=https://github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=https://github.com/Lissy93) +[![Share on Facebook](https://img.shields.io/badge/Share-Facebook-4267b2?style=flat-square&logo=Facebook)](https://www.linkedin.com/shareArticle?mini=true&url=https%3A//github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=) +[![Share on Mastodon](https://img.shields.io/badge/Share-Mastodon-56a7e1?style=flat-square&logo=Mastodon)](https://mastodon.social/web/statuses/new?text=Check%20out%20the%20Ultimate%20Personal%20Cyber%20Security%20Checklist%20by%20%40Lissy93%20on%20%23GitHub%20%20%F0%9F%94%90%20%E2%9C%A8) + + + + + +*Licensed under [Creative Commons, CC BY 4.0](https://creativecommons.org/licenses/by/4.0/), © [Alicia Sykes](https://aliciasykes.com) 2020* + + + Follow Alicia Sykes on Twitter + + + +[//]: # (SECURITY SOFTWARE LINKS) +[BitWarden]: https://bitwarden.com +[1Password]: https://1password.com +[KeePassXC]: https://keepassxc.org +[LessPass]: https://lesspass.com +[Aegis]: https://getaegis.app +[AndOTP]: https://github.com/andOTP/andOTP +[Authenticator]: https://mattrubin.me/authenticator +[VeraCrypt]: https://www.veracrypt.fr +[Cryptomator]: https://cryptomator.org +[Tor]: https://www.torproject.org +[Pi-Hole]: https://pi-hole.net +[Mullvad]: https://mullvad.net +[ProtonVPN]: https://protonvpn.com +[Windscribe]: https://windscribe.com/?affid=6nh59z1r +[IVPN]: https://www.ivpn.net +[NetGuard]: https://www.netguard.me +[Lockdown]: https://lockdownhq.com +[OpenSnitch]: https://github.com/evilsocket/opensnitch +[LuLu]: https://objective-see.com/products/lulu.html +[SimpleWall]: https://github.com/henrypp/simplewall +[33Mail]: http://33mail.com/Dg0gkEA +[anonaddy]: https://anonaddy.com +[Signal]: https://signal.org +[KeyBase]: https://keybase.io +[ProtonMail]: https://protonmail.com +[MailFence]: https://mailfence.com +[Tutanota]: https://tutanota.com +[Brave Browser]: https://brave.com/?ref=ali721 +[Firefox]: https://www.mozilla.org/ +[DuckDuckGo]: https://duckduckgo.com +[StartPage]: https://www.startpage.com +[Quant]: https://www.qwant.com +[SearX]: https://asciimoo.github.io/searx + +[//]: # (PRODUCTIVITY SOFTWARE LINKS) +[NextCloud]: https://nextcloud.com +[Standard Notes]: https://standardnotes.org/?s=chelvq36 +[Cryptee]: https://crypt.ee +[Joplin]: https://joplinapp.org +[ETE Sync]: https://www.etesync.com/accounts/signup/?referrer=QK6g +[Firefox Send]: https://send.firefox.com +[Syncthing]: https://syncthing.net +[Write Freely]: https://writefreely.org + +[//]: # (BROWSER EXTENSION LINKS) +[Privacy Badger]: https://www.eff.org/privacybadger +[HTTPS Everywhere]: https://eff.org/https-everywhere +[uBlock]: https://github.com/gorhill/uBlock +[ScriptSafe]: https://github.com/andryou/scriptsafe +[WebRTC Leak Prevent]: https://github.com/aghorler/WebRTC-Leak-Prevent +[Vanilla Cookie Manager]: https://github.com/laktak/vanilla-chrome +[Privacy Essentials]: https://duckduckgo.com/app + +[//]: # (ONLINE SECURITY TOOLS) +[';--have i been pwned?]: https://haveibeenpwned.com +[εxodus]: https://reports.exodus-privacy.eu.org +[Panopticlick]: https://panopticlick.eff.org +[Browser Leak Test]: https://browserleaks.com +[IP Leak Test]: https://ipleak.net +[EXIF Remover]: https://www.exifremove.com +[Redirect Detective]: https://redirectdetective.com +[Virus Total]: https://www.virustotal.com + +[//]: # (ANDROID APP LINKS) +[Island]: https://play.google.com/store/apps/details?id=com.oasisfeng.island +[Orbot]: https://play.google.com/store/apps/details?id=org.torproject.android +[Orbot]: https://play.google.com/store/apps/details?id=org.torproject.android +[Bouncer]: https://play.google.com/store/apps/details?id=com.samruston.permission +[Crypto]: https://play.google.com/store/apps/details?id=com.kokoschka.michael.crypto +[Cryptomator]: https://play.google.com/store/apps/details?id=org.cryptomator +[Daedalus]: https://play.google.com/store/apps/details?id=org.itxtech.daedalus +[Brevent]: https://play.google.com/store/apps/details?id=me.piebridge.brevent +[Greenify]: https://play.google.com/store/apps/details?id=com.oasisfeng.greenify +[Secure Task]: https://play.google.com/store/apps/details?id=com.balda.securetask +[Tor Browser]: https://play.google.com/store/apps/details?id=org.torproject.torbrowser +[PortDroid]: https://play.google.com/store/apps/details?id=com.stealthcopter.portdroid +[Packet Capture]: https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture +[SysLog]: https://play.google.com/store/apps/details?id=com.tortel.syslog +[Dexplorer]: https://play.google.com/store/apps/details?id=com.dexplorer +[Check and Test]: https://play.google.com/store/apps/details?id=com.inpocketsoftware.andTest +[Tasker]: https://play.google.com/store/apps/details?id=net.dinglisch.android.taskerm +[Haven]: https://play.google.com/store/apps/details?id=org.havenapp.main +[NetGaurd]: https://www.netguard.me/ +[Exodus]: https://exodus-privacy.eu.org/en/page/what/#android-app +[XUMI Security]: https://xumi.ca/xumi-security/ +[Fing App]: https://www.fing.com/products/fing-app +[FlutterHole]: https://github.com/sterrenburg/flutterhole +[1.1.1.1]: https://1.1.1.1/ +[The Guardian Project]: https://play.google.com/store/apps/dev?id=6502754515281796553 +[The Tor Project]: https://play.google.com/store/apps/developer?id=The+Tor+Project +[Oasis Feng]: https://play.google.com/store/apps/dev?id=7664242523989527886 +[Marcel Bokhorst]: https://play.google.com/store/apps/dev?id=8420080860664580239 + +[//]: # (SECURITY HARDWARE LINKS) +[Encrypted Drive Enclosure]: https://www.startech.com/HDD/Enclosures/encrypted-sata-enclosure-2-5in-hdd-ssd-usb-3~S2510BU33PW +[iStorage]: https://istorage-uk.com +[PortaPow]: https://portablepowersupplies.co.uk/product/usb-data-blocker +[Lindy]: https://lindy.com/en/technology/port-blockers +[Mic Block]: https://www.aliexpress.com/item/4000542324471.html +[RFID Shields]: https://www.aliexpress.com/item/32976382478.html +[Webcam Covers]: https://www.aliexpress.com/item/4000393683866.html +[Privacy Screen]: https://www.aliexpress.com/item/32906889317.html +[Trezor]: https://trezor.io +[CryptoSteel]: https://cryptosteel.com/product/cryptosteel/?v=79cba1185463 +[Solo Key]: https://solokeys.com +[Nitro Key]: https://www.nitrokey.com +[Librem Key]: https://puri.sm/products/librem-key +[Anonabox]: https://www.anonabox.com +[FingBox]: https://www.fing.com/products/fingbox +[Orwl]: https://orwl.org +[Hunter-Cat]: https://lab401.com/products/hunter-cat-card-skimmer-detector +[DSTIKE Deauth Detector]: https://www.tindie.com/products/lspoplove/dstike-deauth-detector-pre-flashed-with-detector +[Bug-Detector]: https://www.brickhousesecurity.com/counter-surveillance/multi-bug +[Ultrasonic Microphone Jammer]: https://uspystore.com/silent-ultrasonic-microphone-defeater +[Silent-Pocket]: https://silent-pocket.com +[Armourcard]: https://armourcard.com +[Adversarial Fashion]: https://adversarialfashion.com +[Reflectacles]: https://www.reflectacles.com +[Spacehuhn]: https://github.com/spacehuhn/DeauthDetector + diff --git a/4_Privacy_And_Security_Links.md b/4_Privacy_And_Security_Links.md new file mode 100644 index 0000000..7ae0aaf --- /dev/null +++ b/4_Privacy_And_Security_Links.md @@ -0,0 +1,256 @@ +# Awesome Privacy & Securty [![Awesome](https://awesome.re/badge-flat2.svg)](https://awesome.re) [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com) [![License](https://img.shields.io/badge/LICENSE-CC_BY_4.0-00a2ff?&style=flat-square)](https://creativecommons.org/licenses/by/4.0/) [![Contributors](https://img.shields.io/github/contributors/lissy93/personal-security-checklist?color=%23ffa900&style=flat-square)](https://github.com/Lissy93/personal-security-checklist/graphs/contributors) + +> A curated list of useful tools and resources online, that help protect your privacy and keep you safe. + +**See also**: [Personal Security Checklist](https://github.com/Lissy93/personal-security-checklist/blob/master/README.md) | [Privacy-Respecting Software](https://github.com/Lissy93/personal-security-checklist/blob/master/5_Privacy_Respecting_Software.md) 🔐 + + +- **Information and Guides** + - [Getting Started Guides](#getting-started-guides) + - [How-To Guides](#how-to-guides) + - [Notable Articles](#notable-articles) + - [Blogs](#blogs) +- **Media** + - [Books](#books) + - [Podcasts](#podcasts) + - [Videos](#videos) +- **Websites & Services** + - [Online Tools](#online-tools) + - [Anonymous Services](#anonymous-services) + - [Interesting Websites](#interesting-websites) + - [Privacy-Respecting Software](#privacy-respecting-software) +- **Organisations** + - [Foundations](#foundations) + - [Government Organisations](#government-organisations) + - [Cybercrime](#cybercrime) +- **Research** + - [Data and API's](#data-and-apis) + - [Academic Journals](#academic-journals) + - [Implementations and Standards](#implementations-and-standards) +- **More Lists** + - [Mega Guides](#mega-guides) + - [Other GitHub Security Lists](#unrelated-awesome-lists) + + +## Getting Started Guides + +- [EFF SSD](https://ssd.eff.org) - Tips for safer online communications +- [PrivacyTools.io]( https://www.privacytools.io) - Tools to protect against mass surveillance +- [PrismBreak](https://prism-break.org/en/all) - Secure app alternatives +- [The VERGE guide to privacy](https://bit.ly/2ptl4Wm) - Guides for securing mobile, web and home tech +- [Email Self-Defense](https://emailselfdefense.fsf.org) - Complete guide to secure email +- [TwoFactorAuth.org](https://twofactorauth.org) - Check which websites support 2FA +- [Security Planner](https://securityplanner.org) - Great advise for beginners +- [My Shaddow](https://myshadow.org) - Resources and guides, to help you take controll of your data + + + +## How-To Guides + +- Complete guide to configureing Firefox for Privacy + Speed: via [12bytes](https://12bytes.org/7750) +- Overview of projects working on next-generation secure email: via [OpenTechFund](https://github.com/OpenTechFund/secure-email) +- ISP and DNS privacy tips: via [bluz71](https://bluz71.github.io/2018/06/20/digital-privacy-tips.html) +- Layers of Personal Tech Security: via [The Wire Cutter](https://thewirecutter.com/blog/internet-security-layers) +- Improving security on iPhone: via [lifehacker](https://lifehacker.com/the-privacy-enthusiasts-guide-to-using-an-iphone-1792386831) +- Protect against SIM-swap scam: via [wired](https://www.wired.com/story/sim-swap-attack-defend-phone) +- Is your Anti-Virus spying on you: via [Restore Privacy](https://restoreprivacy.com/antivirus-privacy) +- How to use Vera Crypt: via [howtogeek](https://www.howtogeek.com/108501/the-how-to-geek-guide-to-getting-started-with-truecrypt) +- How to enable DNS over HTTPS: via [geekwire](https://geekwire.co.uk/privacy-and-security-focused-dns-resolver) +- How to resolve DNS leak issue: via [DNSLeakTest](https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html) +- Windows data sending: via [The Hacker News](https://thehackernews.com/2016/02/microsoft-windows10-privacy.html) +- How to spot a phishing attack: via [EFF](https://ssd.eff.org/en/module/how-avoid-phishing-attacks) + +## Notable Articles + +- Turns Out Police Stingray Spy Tools Can Indeed Record Calls: Article on [Wired](https://www.wired.com/2015/10/stingray-government-spy-tools-can-record-calls-new-documents-confirm) + +## Blogs +- [Spread Privacy](https://spreadprivacy.com) - Raising the standard of trust online, by DuckDuckGo +- [Restore Privacy](https://restoreprivacy.com) - Tools and guides about privacy and security +- [That One Privacy Site](https://thatoneprivacysite.net) - impartial comparisons and discussions +- [The Hated One](https://www.youtube.com/channel/UCjr2bPAyPV7t35MvcgT3W8Q) - Privacy and security videos +- [12Bytes](https://12bytes.org/articles/tech) - Opinion Articles about Tech, Privacy and more +- [BringBackPrivacy](https://bringingprivacyback.com) - Easy-reading, sharable privacy articles +- [Heimdal](https://heimdalsecurity.com/blog) - Cyber Security Blog +- [Tech Crunch](https://techcrunch.com/tag/cybersecurity-101) - Cyber Security 101 +- [OONI](https://ooni.org/post), Internet freedom and analysis on blocked sites +- [Pixel Privacy](https://pixelprivacy.com/resources) - Online privacy guides +- [The Privacy Project](https://www.nytimes.com/interactive/2019/opinion/internet-privacy-project.html) - Articles and reporting on Privacy, by the NYT + + + +## Books +- [Permanent Record](https://amzn.to/30wxxXi) (by Edward Snowden) +- [Sandworm](https://amzn.to/2FVByeJ) (by Andy Greenberg) + + +## Podcasts +- [Darknet Diaries] (by Jack Rhysider): Stories from the dark sides of the internet. Listen on [Stitcher][da-stitch] +- [CYBER] (by Motherboard, Vice): News and analysis about the latest cyber threats. Listen on [Stitcher][cy-stitch] + +[Darknet Diaries]: https://darknetdiaries.com +[da-stitch]: https://www.stitcher.com/podcast/darknet-diaries + +[CYBER]: https://www.vice.com/en_us/article/59vpnx/introducing-cyber-a-hacking-podcast-by-motherboard +[cy-stitch]: https://www.stitcher.com/podcast/vice-2/cyber + + +## Videos +- **General** + - [You are being watched](https://youtu.be/c8jDsg-M6qM) by The New York Times + - [The Power of Privacy](https://youtu.be/KGX-c5BJNFk) by The Guardian + - [Why Privacy matters, even if you have nothing to hide](https://youtu.be/Hjspu7QV7O0) by The Hated One +- **TED Talks** + - [Why you should switch off your home WiFi](https://youtu.be/2GpNhYy2l08) by Bram Bonné + - [Why Privacy Matters](https://www.ted.com/talks/glenn_greenwald_why_privacy_matters), by Glenn Greenwald + - [Fighting viruses, defending the net](https://www.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net), by Mikko Hypponen + - [The 1s and 0s behind cyber warfare](https://www.ted.com/talks/chris_domas_the_1s_and_0s_behind_cyber_warfare), by Chris Domas + - [State Sanctioned Hacking - The Elephant in the Room](https://youtu.be/z-A2MxHmnU4) - Historic, economic and demographic overview of the growing threat to the U.S. from Chinese cyber invasions, by Frank Heidt + - [How the IoT is Making Cybercrime Investigation Easier](https://youtu.be/9CemONO6vrY) - How our data is changing the nature of "evidence" in digital forensics, by Jonathan Rajewski +- **Conferences** + - [DEF CON 27](https://www.youtube.com/playlist?list=PL9fPq3eQfaaA4qJEQQyXDYtTIfxCNA0wB) - Collection of talks from DEF CON 2019, Vegas + - [RSA Conference](https://www.youtube.com/user/RSAConference) - Collection of security talks from the RSA conferences + - [Administraitor.video](https://administraitor.video) - A regularly updated collection of new and interesting security confrence talks +- **Misc** + - [Through a PRISM, Darkly](https://youtu.be/e4woRYs0mM4) - Everything we know about NSA spying, by Kurt Opsahl + +See also: [awesome-sec-talks](https://github.com/PaulSec/awesome-sec-talks) by @PaulSec + + + + + +## Online Tools +- [Have I been Pwned](https://haveibeenpwned.com) and [Dehashed](https://www.dehashed.com) - Check if your details have been compromised +- [Redirect Detective](https://redirectdetective.com) - Check where a suspicious URL redirects to +- [εxodus](https://reports.exodus-privacy.eu.org) - Check which trackers any app on the Play Store has +- [VirusTotal](https://www.virustotal.com) - Analyse a suspicious web resource for malware +- [ScamAdviser](https://www.scamadviser.com) - Check if a website is a scam, before buying from it +- [Deseat Me](https://www.deseat.me) - Clean up your online presence +- [33Mail](http://33mail.com/Dg0gkEA) or [Anonaddy](https://anonaddy.com) Avoid revealing your real email address, by auto-generating aliases for each accound +- [Panopticlick](https://panopticlick.eff.org) - Check if, and how your browser is tracking you +- [Disroot](https://disroot.org) - A suit of online tools, with online freedom in mind +- [Blocked by ORG](https://www.blocked.org.uk) - Check if your website is blocked by certain ISPs +- [Data Rights Finder](https://www.datarightsfinder.org) - Find, understand and use information from privacy policies +- [Browser Leaks](https://browserleaks.com) - Check which information is being leaked by your browser +- [DNSLeakTest](https://www.dnsleaktest.com) - Check for and fix a DNS leak +- [IP Leak](https://ipleak.net) - Shows your IP address, and other associated details +- [ExifRemove](https://www.exifremove.com) - Remove Meta/ EXIF data online + +## Anonymous Services +- [NixNet](https://nixnet.services) +- [Snopyta](https://snopyta.org) +- [Disroot](https://disroot.org) + + +## Interesting Websites +- [The Intercept: Surveillance Catalogue](https://theintercept.com/surveillance-catalogue) - A database secret of government and military surveillance equpment, that was leaked in the Snowden files + - See also: The source code for these projects, on WikiLeaks [Vault7](https://wikileaks.org/vault7) and [Vault8](https://wikileaks.org/vault8), and the accompanying [press release](https://wikileaks.org/ciav7p1) + +## Privacy-Respecting Software + +This section has moved to [here](https://github.com/Lissy93/personal-security-checklist/blob/master/5_Privacy_Respecting_Software.md) + + + +## Foundations + +- [Contract for the Web](https://contractfortheweb.org) +- [Electronic Frountier Foundation](https://www.eff.org) - Defending digital privacy + more +- [OWASP Foundation](https://www.owasp.org) +- [Freedom House](https://freedomhouse.org) - Fighting for freedom on the net +- [Privacy International](https://privacyinternational.org) +- [Open Tech Fund](https://www.opentech.fund) +- [Freedom of the Press Foundation](https://freedom.press) +- [Open Rights Group](https://www.openrightsgroup.org) +- [LEAP Encryption Access Project](https://leap.se) +- [The Guardian Project](https://guardianproject.info) +- [Foundation for Applied Privacy](https://applied-privacy.net) +- [Safe + Secure](https://safeandsecure.film) - advise for journalists and film makers +- [Citizen Lab](https://citizenlab.ca) +- [Electronic Privacy Information Center](https://epic.org) +- [American Civil Liberties Union](https://www.aclu.org/issues/privacy-technology) +- [Free Software Foundation](https://www.fsf.org) +- [Courage Foundation](https://www.couragefound.org) - Supports those who risk life / liberty to make significant contributions to the historical record + + +## Government Organisations +- [UK National Cyber Security Center](https://www.ncsc.gov.uk) +- [US Cybersecurity - NIST](https://www.nist.gov/topics/cybersecurity) + + +## Cybercrime +- [Consumer Fraud Reporting](http://consumerfraudreporting.org) - US's Catalogue of online scams currently circulating, and a means to report cases +- [Action Fraud](https://www.actionfraud.police.uk) - UK’s national reporting centre for fraud and cyber crime + + +## Data and API's +- [Exploit Database](https://www.exploit-db.com) - A database or Current software vulnerabilities +- [That One Privacy Site](https://thatoneprivacysite.net/#detailed-vpn-comparison) - Detailed VPN Comparison Data +- [Exodus](https://reports.exodus-privacy.eu.org/en/trackers/stats) - Trackers in Android Apps +- [URLScan](https://urlscan.io) - Service scanning for malisious domains +- [Dehashed](https://www.dehashed.com/breach) - Data Breaches and Credentials +- [VirusTotal](https://developers.virustotal.com/v3.0/reference) - Detailed virus scans of software +- Hosts to block: https://someonewhocares.org/hosts/ and https://github.com/StevenBlack/hosts + + +## Academic Journals +- [Crypto Paper](https://github.com/cryptoseb/cryptopaper) by Crypto Seb- Privacy, Security, and Anonymity For Every Internet User + + +## Implementations and Standards +- [The GNU Privacy Guard](https://www.gnupg.org) +- [OpenPGP JavaScript Implementation](https://openpgpjs.org) +- [WireGuard](https://www.wireguard.com/papers/wireguard.pdf) +- [Nym](https://as93.link/nym-blog-post) - Next Generation of Privacy infrastructure + + +## Mega Guides +- by [Fried](https://fried.com/privacy) +- by [ivpn](https://www.ivpn.net/privacy-guides) +- by [ProPrivacy](https://proprivacy.com/guides/the-ultimate-privacy-guide) +- by [Heimdal Security](https://heimdalsecurity.com/blog/cyber-security-mega-guide) +- by [Wired](https://www.wired.com/2017/12/digital-security-guide) +- by [Vice](https://www.vice.com/en_us/article/d3devm/motherboard-guide-to-not-getting-hacked-online-safety-guide) + +## More Awesome GitHub Lists + +- [privacy-respecting](https://github.com/nikitavoloboev/privacy-respecting) by @nikitavoloboev +- [awesome-privacy](https://github.com/KevinColemanInc/awesome-privacy) by @KevinColemanInc +- [Security_list](https://github.com/zbetcheckin/Security_list) by @zbetcheckin +- [awesome-security](https://github.com/sbilly/awesome-security) by @sbilly +- [awesome-sec-talks](https://github.com/PaulSec/awesome-sec-talks) by @PaulSec +- [awesome-crypto-papers](https://github.com/pFarb/awesome-crypto-papers) by @pFarb +- [awesome-threat-intelligence](https://github.com/hslatman/awesome-threat-intelligence) by @hslatman +- [awesome-incident-response](https://github.com/meirwah/awesome-incident-response) by @meirwah +- [awesome-anti-forensic](https://github.com/remiflavien1/awesome-anti-forensic) by @remiflavien1 +- [awesome-malware-analysis](https://github.com/rshipp/awesome-malware-analysis) by @rshipp +- [awesome-honeypots](https://github.com/paralax/awesome-honeypots) by @paralax +- [awesome-hacking](https://github.com/carpedm20/awesome-hacking) by @carpedm20 +- [awesome-pentest](https://github.com/enaqx/awesome-pentest) by @enaqx +- [awesome-ctf](https://github.com/apsdehal/awesome-ctf) by @apsdehal + + +## Unrelated Awesome Lists + - [awesome]( https://github.com/sindresorhus/awesome) by @sindresorhus + - [lists](https://github.com/jnv/lists) by @jnv + +--- + +*Thanks for visiting, hope you found something useful here :) Contributions are welcome, and much appreciated - to propose an edit [raise an issue](https://github.com/Lissy93/personal-security-checklist/issues/new/choose), or [open a PR](https://github.com/Lissy93/personal-security-checklist/pull/new/master). See: [`CONTRIBUTING.md`](/.github/CONTRIBUTING.md).* + +*Licensed under [Creative Commons, CC BY 4.0](https://creativecommons.org/licenses/by/4.0/), © [Alicia Sykes](https://aliciasykes.com) 2020* + +[![Attribution 4.0 International](https://licensebuttons.net/l/by/3.0/88x31.png)](https://github.com/Lissy93/personal-security-checklist/blob/master/LICENSE.md) + + +---- + +Found this helpful? Consider sharing it with others, to help them also improve their digital security 😇 + +[![Share on Twitter](https://img.shields.io/badge/Share-Twitter-17a2f3?style=for-the-badge&logo=Twitter)](http://twitter.com/share?text=Check%20out%20the%20Personal%20Cyber%20Security%20Checklist-%20an%20ultimate%20list%20of%20tips%20for%20protecting%20your%20digital%20security%20and%20privacy%20in%202020%2C%20with%20%40Lissy_Sykes%20%F0%9F%94%90%20%20%F0%9F%9A%80&url=https://github.com/Lissy93/personal-security-checklist) +[![Share on LinkedIn](https://img.shields.io/badge/Share-LinkedIn-0077b5?style=for-the-badge&logo=LinkedIn)]( +http://www.linkedin.com/shareArticle?mini=true&url=https://github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=https://github.com/Lissy93) +[![Share on Facebook](https://img.shields.io/badge/Share-Facebook-4267b2?style=for-the-badge&logo=Facebook)](https://www.linkedin.com/shareArticle?mini=true&url=https%3A//github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=) +[![Share on Mastodon](https://img.shields.io/badge/Share-Mastodon-56a7e1?style=for-the-badge&logo=Mastodon)](https://mastodon.social/web/statuses/new?text=Check%20out%20the%20Ultimate%20Personal%20Cyber%20Security%20Checklist%20by%20%40Lissy93%20on%20%23GitHub%20%20%F0%9F%94%90%20%E2%9C%A8) + diff --git a/5_Privacy_Respecting_Software.md b/5_Privacy_Respecting_Software.md new file mode 100644 index 0000000..7a0f703 --- /dev/null +++ b/5_Privacy_Respecting_Software.md @@ -0,0 +1,1081 @@ +[![Awesome](https://awesome.re/badge-flat2.svg)](https://awesome.re) +[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com) +[![License](https://img.shields.io/badge/LICENSE-CC_BY_4.0-00a2ff?&style=flat-square)](https://creativecommons.org/licenses/by/4.0/) +[![Contributors](https://img.shields.io/github/contributors/lissy93/personal-security-checklist?color=%23ffa900&style=flat-square)](/ATTRIBUTIONS.md#contributors-) + +# Privacy & Security-Focused Software and Services +A curated list of privacy-respecting apps, software, and providers 🔐 + +**Too long? 🦒** See the [TLDR version](/2_TLDR_Short_List.md#open-source-privacy-focused-software) instead. + +[⏬ Skip to Content ⏬](#password-managers) + +--- + +## Intro + +Large data-hungry corporations dominate the digital world but with little, or no respect for your privacy. +Migrating to open-source applications with a strong emphasis on security will help stop +corporations, governments, and hackers from logging, storing or selling your personal data. + +Be aware that no software is perfect- there will always be bugs and vulnerabilities. Also, applications can only as secure as the system they are running on. You have to keep your system up-to-date and [follow good security practices](https://github.com/Lissy93/personal-security-checklist). + +### Categories + +- **Basics** + - [Password Managers](#password-managers) + - [2-Factor Authentication](#2-factor-authentication) + - [File Encryption](#file-encryption) + - [Encrypted Messaging](#encrypted-messaging) + - [P2P Messaging](#p2p-messaging) + - [Encrypted Email](#encrypted-email) + - [Private Browsers](#browsers) + - [Non-Tracking Search Engines](#search-engines) +- **Security** + - [Browser Extensions](#browser-extensions) + - [Mobile Apps](#mobile-apps) + - [Online Tools](#online-tools) +- **Networking** + - [Virtual Private Networks](#virtual-private-networks) + - [Self-Hosted Network Security](#self-hosted-network-security) + - [Mix Networks](#mix-networks) + - [Proxies](#proxies) + - [DNS Providers](#dns) + - [Firewalls](#firewalls) + - [Firewall Analysis](#firewall-analysis) + - [Cloud Hosting](#cloud-hosting) + - [Domain Registrars](#domain-registrars) +- **Productivity** + - [Digital Notes](#digital-notes) + - [Cloud Productivity Suits](#cloud-productivity-suits) + - [Backup and Sync](#backup-and-sync) + - [File Drop](#file-drop) +- **Social** + - [Social Networks](#social-networks) + - [Video Platforms](#video-platforms) + - [Blogging Platforms](#blogging-platforms) + - [News Readers](#news-readers-and-aggregation) +- **Operating Systems** + - [Mobile Operating Systems](#mobile-operating-systems) + - [PC Operating Systems](#pc-operating-systems) + - [Windows Defences](#windows-defences) + - [Mac OS Defences](#mac-os-defences) +- **Home/ IoT** + - [Home Automation](#home-automation) + - [Voice Assistants](#ai-voice-assistants) +- **Misc** + - [Payment Methods](#payment-methods) +- **Bonus** + - [Alternatives to Google](#bonus-1---alternatives-to-google) + - [Open Source Media Applications](#bonus-2---open-source-media-applications) + - [Self-Hosted Services](#bonus-3---self-hosted-services) + - [Self-Hosted Sys-Admin](#bonus-4---self-hosted-sysadmin) + - [Self-Hosted Dev Tools](#bonus-5---self-hosted-development-tools) + - [Security Testing Tools](#bonus-6---security-testing-tools) +- **See Also** + - [Personal Security Checklist](/README.md) + - [Gadgets for Privacy & Security](/6_Privacy_and-Security_Gadgets.md) + - [The Importance of Digital Security & Privacy](/0_Why_It_Matters.md) + - [Further Links: Privacy & Security](/4_Privacy_And_Security_Links.md) + + +## Password Managers + +| Provider | Description | +| --- | --- | +**[BitWarden](https://bitwarden.com)** | Fully-featured, open source password manager with cloud-sync. BitWarden is easy-to-use with a clean UI and client apps for desktop, web and mobile. +**[KeePass](https://keepass.info)** | Hardened open source, secure password manager, without cloud-sync capabilities. See also [KeePassXC](https://keepassxc.org), [KeePassX](https://www.keepassx.org) and [KeePass Web](https://keeweb.info) which are popular community forks of KeePass, with additional features and UI refinements +**[LessPass](https://lesspass.com)** *(Self-Hosted)* | LessPass is a little different, since it generates your passwords using a hash of the website name, your username and a single master-passphrase that you reuse. It omits the need for you to ever need to store or sync your passwords. They have apps for all the common platforms and a CLI, but you can also self-host it. + +#### Notable Mentions + +**[1Password](https://1password.com)** (proprietary) is a fully-featured cross-platform password manager with sync. Free for self-hosted data (or $3/ month hosted). Be aware that 1Password is not fully open source, but they do regularly publish results of their indepentand security [audits](https://support.1password.com/security-assessments), and they have a solid reputation for transparently disclosing and fixing vulnerabilities + +**Other Open Source PM**: [Passbolt](https://www.passbolt.com), [Buttercup](https://buttercup.pw), [Firefox Loxkwise](https://www.mozilla.org/en-US/firefox/lockwise), [Clipperz](https://clipperz.is), [Password Safe](https://pwsafe.org), [Pass](https://www.passwordstore.org), [Encryptr](https://spideroak.com/encryptr), [Padloc](https://padloc.app), [TeamPass](https://teampass.net), [PSONO](https://psono.com), [UPM](http://upm.sourceforge.net), [Gorilla](https://github.com/zdia/gorilla/wiki), [Pass](https://www.passwordstore.org) (UNIX), [Seahorse](https://gitlab.gnome.org/GNOME/seahorse) (for GNOME), [GNOME Keyring](https://wiki.gnome.org/Projects/GnomeKeyring), [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager). + +If you are using a deprecated PM, you should migrate to something actively maintained. This includes: [Mitro](https://www.mitro.co), [Rattic](https://spideroak.com/encryptr), [JPasswords](http://jpws.sourceforge.net/jpasswords.html), [Passopolis](https://passopolis.com), [KYPS](https://en.wikipedia.org/wiki/KYPS), [Factotum](http://man.9front.org/4/factotum). + + +**See also** [Password Management Checklist](/README.md#passwords) + + +## 2-Factor Authentication + +| Provider | Description | +| --- | --- | +**[Aegis](https://getaegis.app)** (Android) | Free, secure and open source authenticator app for Android. Has a backup/ restore feature and a customisable UI with dark mode +**[AndOTP](https://github.com/andOTP/andOTP)** (Android) | Another open source, secure authenticator app. AndOTP is well established with a strong user base +**[Tofu](https://www.tofuauth.com)** (iOS) | An easy-to-use, open-source two-factor authentication app designed specifically for iOS + +*Check which websites support multi-factor authentication: [twofactorauth.org](https://twofactorauth.org)* + +**Note:** Don't use your password manager to also store your 2-FA tokens- use a separate application. + +**See also** [2FA Security Checklist](/README.md#2-factor-authentication) + + +## File Encryption + +| Provider | Description | +| --- | --- | +**[VeraCrypt](https://www.veracrypt.fr)** | VeraCrypt is open source cross-platform disk encryption software. You can use it to either encrypt a specific file or directory, or an entire disk or partition. VeraCrypt is incredibly feature-rich, with comprehensive encryption options, yet the GUI makes it easy to use. It has a CLI version, and a portable edition. VeraCrypt is the successor of (the now deprecated) TrueCrypt. +**[Cryptomator](https://cryptomator.org)** | Open source client-side encryption for cloud files- Cryptomator is geared towards using alongside cloud-backup solutions, and hence preserves individual file structure, so that they can be uploaded. It too is easy to use, but has fewer technical customizations for how the data is encrypted, compared with VeraCrypt. Cryptomator works on Windows, Linux and Mac- but also has excellent mobile apps. + +If you need to create a compressed archive, prior to encrypting your files, then [PeaZip](https://www.peazip.org/) is a great little cross-platform open source file archiver utility. It allows you to create, open, and extract RAR TAR ZIP archives. + + +## Encrypted Messaging + +Without using a secure app for instant messaging, all your conversations, meta data and more are unprotected. Signal is one of the best options- it's easy, yet also highly secure and privacy-centric. + +| Provider | Description | +| --- | --- | +**[Signal](https://signal.org/)** | Probably one of the most popular, secure private messaging apps that combines strong encryption (see [Signal Protocol](https://en.wikipedia.org/wiki/Signal_Protocol)) with a simple UI and plenty of features. It's widely used across the world, and easy-to-use, functioning similar to WhatsApp - with instant messaging, read-receipts, support for media attachments and allows for high-quality voice and video calls. It's cross-platform, open-source and totally free. Signal is [recommended](https://twitter.com/Snowden/status/661313394906161152) by Edward Snowden, and is a perfect solution for most users +**[KeyBase](keybase.io/inv/6d7deedbc1)** | KeyBase allows encrypted real-time chat, group chats, and public and private file sharing. It also lets you cryptographically sign messages, and prove your ownership to other social identities (Twitter, Reddit, GitHub, etc), and send or receive Stella or BitCoin to other users. It's slightly more complex to use than Signal, but has some great cryptography features, and is good for group chats +**[Silence](https://silence.im/)** | If you're restricted to only sending SMS/MMS, then Silence makes it easy to encrypt messages between 2 devices. This is important since traditional text messaging is inherently insecure. It's easy-to-use, reliable and secure- but has fallen in popularity, now that internet-based messaging is often faster and more flexible +**[OpenPGP](https://www.openpgp.org/)** | Provides cryptographic privacy and authentication, PGP is used to encrypt messages sent over existing chat networks (such as email or message boards). Slightly harder to use (than IM apps), slower, but still widely used. Using [GnuPG](https://gnupg.org/download/index.html), encrypts messages following the OpenPGP standard, defined by the IETF, proposed in [RFC 4880](https://tools.ietf.org/html/rfc4880) (originally derived from the PGP software, created by Phil Zimmermann, now owned by [Symantec](https://www.symantec.com/products/encryption)). **Note** there have been vulnerabilities found in the OpenPGP and S/MIME, defined in [EFAIL](https://efail.de/), so although it still considered secure for general purpose use, it may be better to use an encrypted messaging or email app instead- especially for sensitive communications. + +#### Other Notable Mentions +[Chat Secure](https://chatsecure.org/) and [Status](https://status.im/), are private, encrypted, open source messenger apps. They are both still in early stages, so weren’t included in the main list. Note that [Tor Messenger](https://blog.torproject.org/category/tags/tor-messenger)s been removed from the list, since development has halted. + +#### Word of Warning: Proprietary Messaging Platforms +Many messaging apps claim to be secure, but if they are not open source, then this cannot be verified- and they **should not be trusted**. This applies to [Telegram](https://telegram.org), [Threema](https://threema.ch), [Cypher](https://www.goldenfrog.com/cyphr), [Wickr](https://wickr.com/), [Silent Phone](https://www.silentcircle.com/products-and-solutions/silent-phone/) and [Viber](https://www.viber.com/), to name a few- these apps should not be used to communicate any sensitive data. + +## P2P Messaging + +With [Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer) networks, there are no central server, so there is nothing that can be raided, shut-down or forced to turn over data. There are P2P networks available that are open source, E2E encrypted, routed through Tor services, totally anonymous and operate without the collection of metadata. + +| Provider | Description | +| --- | --- | +**[Session](https://getsession.org)** + **[LokiNet](https://loki.network)** client | Loki is an open source set of tools that allow users to transact and communicate anonymously and privately, through a decentralised, encrypted, onion-based network. Session is a desktop and mobile app that uses these private routing protocols to secure messages, media and metadata. +**[Briar](https://briarproject.org)** | Tor-based Android app for P2P encrypted messaging and forums. Where content is stored securely on your device (not in the cloud). It also allows you to connect directly with nearby contacts, without internet access (using Bluetooth or WiFi). +**[Matrix](https://matrix.org)** + **[Riot](https://about.riot.im)** client | Matrix is a decentralized open network for secure communications, with E2E encryption with Olm and Megolm. Along with the Riot client, it supports VOIP + video calling and IM + group chats. Since Matrix has an open specification and Simple pragmatic RESTful HTTP/JSON API it makes it easy to integrates with existing 3rd party IDs to authenticate and discover users, as well as to build apps on top of it. +**[Riochet](https://ricochet.im)** | Desktop instant messenger, that uses the Tor network to rendezvous with your contacts without revealing your identity, location/ IP or meta data. There are no servers to monitor, censor, or hack so Ricochet is secure, automatic and easy to use. +**[Jami](https://jami.net)** | P2P encrypted chat network with cross-platform GNU client apps. Jami supports audio and video calls, screen sharing, conference hosting and instant messaging. +**[Tox](https://tox.chat)** + **[qTox](https://qtox.github.io)** client | Open source, encrypted, distributed chat network, with clients for desktop and mobile- see [supported clients](https://tox.chat/clients.html). Clearly documented code and multiple language bindings make it easy for developers to integrate with Tox. + +#### Other Notable Mentions +[Cwtch](https://cwtch.im), [BitMessage](https://github.com/Bitmessage/PyBitmessage), [Tor Messenger](https://blog.torproject.org/sunsetting-tor-messenger) *(deprecated)*, [TorChat2](https://github.com/prof7bit/TorChat) *(deprecated)* + + +## Encrypted Email + +Email, is not secure- your messages can be easily intercepted and read. Corporations scan the content of your mail, to build up a profile of you, either to show you targeted ads or to sell onto third-parties. Through the [Prism Program](https://en.wikipedia.org/wiki/PRISM_(surveillance_program)), the government also has full access to your emails not end-to-end encrypted. This applies to Gmail, Outlook Mail, Yahoo Mail, GMX, ZoHo, iCloud, AOL and more. + +The below email providers are private, end-to-end encrypted (E2EE) and safe. + +| Provider | Description | +| --- | --- | +**[ProtonMail](https://protonmail.com/)** | An open-source, end-to-end encrypted anonymous email service. ProtonMail has a modern easy-to-use and customizable UI, as well as fast, secure native mobile apps. ProtonMail has all the features that you'd expect from a modern email service and is based on simplicity without sacrificing security. It has a free plan or a premium option for using custom domains. ProtonMail requires no personally identifiable information for signup, they have a [.onion](https://protonirockerxow.onion) server, for access via Tor, and they accept anonymous payment: BTC and cash (as well as the normal credit card and PayPal). +**[Tutanota](https://tutanota.com/)** | Free and open source email service based in Germany. It has a basic intuitive UI, secure native mobile apps, anonymous signup, and a .onion site. Tutonota has a full-featured free plan or a premium subscription for businesses allowing for custom domains ($12/ month). +**[Mailfence](https://mailfence.com?src=digitald)** | Mailfence supports OpenPGP so that you can manually exchange encryption keys independently from the Mailfence servers, putting you in full control. Mailfence has a simple UI, similar to that of Outlook, and it comes with bundled with calendar, address book, and files. All mail settings are highly customizable, yet still clear and easy to use. Sign up is not anonymous, since your name, and prior email address is required. There is a fully-featured free plan, or you can pay for premium, and use a custom domain ($2.50/ month, or $7.50/ month for 5 domains), where BitCoin, LiteCoin or credit card is accepted. + +See [OpenTechFund- Secure Email](https://github.com/OpenTechFund/secure-email) for more details. + + +#### Other Notable Mentions +[HushMail](https://www.hushmail.com/tapfiliate/?tap_a=44784-d2adc0&tap_s=724845-260ce4&program=hushmail-for-small-business), [StartMail](https://www.startmail.com), [Kolab Now](https://kolabnow.com), [Posteo](https://posteo.de), and [Disroot](https://disroot.org/en) + +#### Alias Services +Revealing your real email address online can put you at risk. Email aliasing allows messages to be sent to [anything]@my-domain.com and still land in your primary inbox. This protects your real email address from being revealed. Aliases are generated automatically, the first time they are used. This approach lets you identify which provider leaked your email address, and block an alias with 1-click. + +- **[Anonaddy](https://anonaddy.com)** - An open source anonymous email forwarding service, allowing you to create unlimited email aliases. Has a free plan. +- **[33Mail](http://33mail.com/Dg0gkEA)** - A long-standing aliasing service. As well as receiving, 33Mail also lets you reply to forwarded addresses anonymously. Free plan, as well as Premium plan ($1/ month) if you'd like to use a custom domain +- **[ProtonMail](https://protonmail.com/pricing) Visionary** - If you already have ProtonMail's Visionary package, then an implementation of this feature is available. However not the most price-effective, and does not include dashboard + +Alternatively you could host your own service + + +#### Self-Hosted Email +If you do not want to trust an email provider with your messages, you can host your own mail server. Without experience, this can be notoriously hard to correctly configure, especially when it comes to security. You may also find that cost, performance and features make it a less attractive option. If you do decide to go down this route, [Mail-in-a-box](https://mailinabox.email/), is an easy to deploy, open source mail server. It aims to promote decentralization, innovation, and privacy on the web, as well as have automated, auditable, and idempotent system configuration. Other ready-to-go self-hosted mail options include [Mailu](https://mailu.io/1.7/) and [Mail Cow](https://mailcow.email/), both of which are docker containers. + +#### Mail Clients +Email clients are the programs used to interact with the mail server. For hosted email, then the web and mobile clients provided by your email service are usually adequate, and may be the most secure option. For self-hosted email, you will need to install and configure mail clients for web, desktop or mobile. + +- **Desktop** - [Mozilla Thunderbird](https://www.thunderbird.net) is an open source, highly customizable, secure and private desktop email client, for Windows, macOS, and Linux. If you are using ProtonMail, then you can use the [ProtonMail Bridge](https://protonmail.com/bridge/thunderbird), to sync your emails to either Thunderbird or Microsoft Outlook. In terms of security, the disadvantage, is that most desktop clients do not support 2FA, so it is important to keep your computer secured, however they are not vulnerable to the common browser attacks, that a web client would be. +- **Web** - If you are self-hosting your mail server, you will probably want a web-based email client. [RainLoop](http://www.rainloop.net) and [RoundCube](https://roundcube.net) are both good open source options. +- **Mobile** - the most secure option is usually to use the app provided by your mail provider. If your mail server is self-hosted, then consider [FairMail](https://email.faircode.eu/) which is a fully featured, open source, privacy oriented email app for Android. There is also [pretty Easy privacy p≡p](https://play.google.com/store/apps/details?id=security.pEp), which has OpenPGP built in. [K-9 Mail](https://play.google.com/store/apps/details?id=com.fsck.k9), which has been around almost as long as Android, has a solid reputation for privacy and security features. + +**See also** [Email Security Checklist](/README.md#emails) + + +## Browsers + +| Provider | Description | +| --- | --- | +**[Brave Browser](https://brave.com/?ref=ali721)** | Brave Browser, currently one of the most popular private browsers- it provides speed, security, and privacy by blocking trackers with a clean, yet fully-featured UI. It also pays you in [BAT tokens](https://basicattentiontoken.org/) for using it. Brave also has Tor built-in, when you open up a private tab/ window. +**[FireFox](https://www.mozilla.org/firefox)** | Significantly more private, and offers some nifty privacy features than Chrome, Internet Explorer and Safari. After installing, there are a couple of small tweaks you will need to make, in order to secure Firefox. You can follow one of these guides by: [Restore Privacy](https://restoreprivacy.com/firefox-privacy/), [Security Gladiators](https://securitygladiators.com/firefox-privacy-tips/) or [12Bytes](https://12bytes.org/7750) +**[Bromite](https://www.bromite.org/)** | Bromite is Chromium (Chrome without Google) plus ad blocking and enhanced privacy. It provides a no-clutter browsing experience without privacy-invasive features- it's lightweight and minimal +**[Tor Browser](https://www.torproject.org/)** | Tor provides an extra layer of anonymity, by encrypting each of your requests, then routing it through several nodes, making it near-impossible for you to be tracked by your ISP/ provider. It does make every-day browsing a little slower, and some sites may not work correctly. As with everything there are [trade-offs](https://github.com/Lissy93/personal-security-checklist/issues/19) + +See also: [Recommended Browser Extensions](#browser-extensions) + +**See also** [Browser & Search Security Checklist](/README.md#browser-and-search) + + +## Search Engines + +Google frequently modifies and manipulates search, and is in pursuit of eliminating competition and promoting their own services above others. They also track, collect, use and sell detailed user search and meta data. + +| Provider | Description | +| --- | --- | +**[DuckDuckGo](https://duckduckgo.com/)** | DuckDuckGo is a very user-friendly, fast and secure search engine. It's totally private, with no trackers, cookies or ads. It's also highly customisable, with dark-mode, many languages and features. They even have a [.onion](https://3g2upl4pq6kufc4m.onion) URL, for use with Tor and a [no Javascript version](https://duckduckgo.com/html/) +**[Qwant](https://www.qwant.com/)** | French service that aggregates Bings results, with it's own results. Quant doesn't plant any cookies, nor have any trackers or third-party advertising. It returns non-biased search results, with no promotions. Quant has a unique, but nice UI. + +Another option would be to host your own- [Searx](https://asciimoo.github.io/searx/) is a good option for self-hosting, since it is easy to set-up, secure, private and is backed by a strong community. + +**See also** [Browser & Search Security Checklist](/README.md#browser-and-search) + + + +## Browser Extensions + +The following browser add-ons give you better control over what content is able to be loaded and executed while your browsing. + +| Provider | Description | +| --- | --- | +**[Privacy Badger](https://www.eff.org/privacybadger)** | Blocks invisible trackers, in order to stop advertisers and other third-parties from secretly tracking where you go and what pages you look at. **Download**: [Chrome][privacy-badger-chrome] \ [Firefox][privacy-badger-firefox] +**[HTTPS Everywhere](https://eff.org/https-everywhere)** | Forces sites to load in HTTPS, in order to encrypt your communications with websites, making your browsing more secure. **Download**: [Chrome][https-everywhere-chrome] \ [Firefox][https-everywhere-firefox] +**[uBlock Origin](https://github.com/gorhill/uBlock)** | Block ads, trackers and malware sites. **Download**: [Chrome][ublock-chrome] \ [Firefox][ublock-firefox] +**[ScriptSafe](https://github.com/andryou/scriptsafe)** | Allows you yo block the execution of certain scripts. **Download**: [Chrome][script-safe-chrome] \ [Firefox][script-safe-firefox] +**[WebRTC-Leak-Prevent](https://github.com/aghorler/WebRTC-Leak-Prevent)** | Provides user control over WebRTC privacy settings in Chromium, in order to prevent WebRTC leaks. **Download**: [Chrome][web-rtc-chrome]. For Firefox users, you can do this through [browser settings](https://www.privacytools.io/browsers/#webrtc). Test for WebRTC leaks, with [browserleaks.com/webrtc](https://browserleaks.com/webrtc) +**[Vanilla Cookie Manager](https://github.com/laktak/vanilla-chrome)** | A Whitelist Manager that helps protect your privacy, through automatically removing unwanted cookies. **Download**: [Chrome][vanilla-cookie-chrome] +**[Privacy Essentials](https://duckduckgo.com/app)** | Simple extension by DuckDuckGo, which grades the security of each site. **Download**: [Chrome][privacy-essentials-chrome] \ [Firefox][privacy-essentials-firefox] +**[Firefox Multi-Account Containers](https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/)** | Firefox Multi-Account Containers lets you keep parts of your online life separated into color-coded tabs that preserve your privacy. Cookies are separated by container, allowing you to use the web with multiple identities or accounts simultaneously. **Download**: [Firefox](https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/) +**[Temporary Containers](https://github.com/stoically/temporary-containers)** | This Extension, combined with Firefox Multi-Account Containers, let's you isolate cookies and other private data for each web site. **Download**: [Firefox](https://github.com/stoically/temporary-containers) + +#### Word of Warning +*Be careful when installing unfamiliar browser add-ons, since some can compromise your security and privacy. The above list however are all open source, verified and safe extensions* + +**See also** [Browser & Search Security Checklist](/README.md#browser-and-search) + + +## Mobile Apps + +| Provider | Description | +| --- | --- | +**[Orbot]** | System-wide Tor proxy, which encrypts your connection through multiple nodes. You can also use it alongside [Tor Browser] to access .onion sites. +**[NetGaurd]** | A firewall app for Android, which does not require root. NetGuard provides simple and advanced ways to block access to the internet, where applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection. +**[Island]** | A sandbox environment, allowing you to clone selected apps and run them in an isolated box, preventing it from accessing your personal data, or device information +**[Exodus]** | Shows which trackers, each of your installed apps is using, so that you can better understand how your data is being collected. Uses data from the Exodus database of scanned APKs. +**[Bouncer]** | Gives you the ability to grant permissions temporarily, so that you could for example use the camera to take a profile picture, but when you close the given app, those permissions will be revoked +**[Haven]** | Allows you to protect yourself, your personal space and your possessions- without compromising on security. Leveraging device sensors to monitor nearby space, Haven was developed by [The Guardian Project](https://guardianproject.info/), in partnership with [Edward Snowden](https://techcrunch.com/2017/12/24/edward-snowden-haven-app/) +**[XUMI Security]** | Checks for, and resolves known security vulnerabilities. Useful to ensure that certain apps, or device settings are not putting your security or privacy at risk +**[SuperFreezZ]** | Makes it possible to entirely freeze all background activities on a per-app basis. Intended purpose is to speed up your phone, and prolong battery life, but this app is also a great utility to stop certain apps from collecting data and tracking your actions while running in the background +**[Daedalus]** | No root required Android DNS modifier and hosts/DNSMasq resolver, works by creating a VPN tunnel to modify the DNS settings. Useful if you want to change your resolver to a more secure/ private provider, or use DNS over HTTPS +**[Secure Task]** | Triggers actions, when certain security conditions are met, such as multiple failed login attempts or monitor settings changed. It does require [Tasker], and needs to be set up with ADB, device does not need to be rooted +**[Cryptomator]** | Encrypts files and folders client-side, before uploading them to cloud storage (such as Google Drive, One Drive or Dropbox), meaning none of your personal documents leave your device in plain text +**[1.1.1.1]** | Lets you use CloudFlares fast and secure 1.1.1.1 DNS, with DNS over HTTPS, and also has the option to enable CloudFlares WARP+ VPN +**[Fing App]** | A network scanner to help you monitor and secure your WiFi network. The app is totally free, but to use the advanced controls, you will need a [Fing Box](https://amzn.to/2vFDF4n) +**[FlutterHole]** | Easy monitoring and controll over your [Pi Hole](https://pi-hole.net/) instance. Pi Hole is great for security, privacy and speed +**[DPI Tunnel](https://github.com/zhenyolka/DPITunnel)** | An application for Android that uses various techniques to bypass DPI (Deep Packet Inspection) systems, which are used to block some sites (not available on Play store) +**[Blokada](https://blokada.org/)** | This application blocks ads and trackers, doesn't require root and works for all the apps on your Android phone. Check out how it works [here](https://block.blokada.org/post/2018/06/17/how-does-blokada-work/). + +#### Other Notable Mentions +For more open source security & privacy apps, check out [The Guardian Project], [The Tor Project], [Oasis Feng], [Marcel Bokhorst] and [Simple Mobile Tools]- all of which are trusted developers or organisations, who've done amazing work. + +For offensive and defensive security, see The Kali [Nethunter Catalogue](https://store.nethunter.com/en/packages) of apps + +For *advanced* users, the following tools can be used to closely monitor your devise and networks, in order to detect any unusual activity. [PortDroid] for network analysis, [Packet Capture] to monitor network traffic, [SysLog] for viewing system logs, [Dexplorer] to read .dex or .apk files for your installed apps, and [Check and Test] to check status and details of devices hardware. + +**See also** [Mobile Security Checklist](/README.md#mobile-devices) + +## Online Tools + +A selection of free online tools and utilities, to check, test and protect + +| Provider | Description | +| --- | --- | +**[';--have i been pwned?](https://haveibeenpwned.com)** | Checks if your credentials (Email address or Password) have been compromised in a data breach +**[εxodus](https://reports.exodus-privacy.eu.org)** | Checks how many, and which trackers any Android app has. Useful to understand how data is being collected before you install a certain APK, it also shows which permissions the app asks for +**[Panopticlick](https://panopticlick.eff.org/)** | Check if your browser safe against tracking. Analyzes how well your browser and add-ons protect you against online tracking techniques, and if your system is uniquely configured—and thus identifiable +**[Browser Leak Test](https://browserleaks.com)** | Shows which of personal identity data is being leaked through your browser, so you can better protect yourself against fingerprinting +**[IP Leak Test](https://ipleak.net)** | Shows your IP address, and other associated details (location, ISP, WebRTC check, DNS, and lots more) +**[EXIF Remove](https://www.exifremove.com)** | Displays, and removes Meta and EXIF data from an uploaded photo or document +**[Redirect Detective](https://redirectdetective.com)** | Check where a suspicious URL redirects to (without having to click it). Lets you avoid being tracked by not being redirected via adware/tracking sites, or see if a shortened link actually resolves a legitimate site, or see if link is an affiliate ad +**[Blocked.org](https://www.blocked.org.uk)** | Checks if a given website is blocked by filters applied by your mobile and broadband Internet Service Providers (ISP) +**[Virus Total](https://www.virustotal.com)** | Analyses a potentially-suspicious web resources (by URL, IP, domain or file hash) to detect types of malware (*note: files are scanned publicly*) +**[Is Legit?](https://www.islegitsite.com/)** | Checks if a website or business is a scam, before buying something from it +**[Deseat Me](https://www.deseat.me)** | Tool to help you clean up your online presence- Instantly get a list of all your accounts, delete the ones you are not using +**[10 Minute Mail](https://10minemail.com/)** | Generates temporary disposable email address, to avoid giving your real details +**[33Mail](http://33mail.com/Dg0gkEA)** | Automatically generates new email aliases, the first time you use them, to avoid revealing your real email address. Unlike 10 Minute Mail, these email addresses are permanent, and get forwarded to your real email inbox + +#### Word of Warning +*Browsers are inherently insecure, be careful when uploading, or entering personal details.* + + +## Virtual Private Networks + +VPNs are good for getting round censorship, increasing protection on public WiFi, obscuring your IP address, and reducing what data your ISP can log. But for the best anonymity, you should use [Tor](https://www.torproject.org/). VPNs do not mean you are magically protected, or anonymous (see below). + +| Provider | Description | +| --- | --- | +**[Mullvad](http://mullvad.net/en/)** | Mullvad is one of the best for privacy, they have a totally anonymous sign up process, you don't need to provide any details at all, you can choose to pay anonymously too (with Monero, BTC or cash) +**[ProtonVPN](https://protonvpn.com/)** | From the creators of ProtonMail, ProtonVPN has a solid reputation. They have a full suit of user-friendly native mobile and desktop apps. ProtonVPN is one of the few "trustworthy" providers that also offer a free plan + + +#### Other VPN Options + +[AirVPN](https://airvpn.org) has advanced features and is highly customizable, [WindScribe](https://windscribe.com/?affid=6nh59z1r) also has a ton of features as well as anonymous sign up, yet is very easy to use for all audiences with excellent cross-platform apps. See also: +[Perfect Privacy](https://www.perfect-privacy.com/en/features?a_aid=securitychecklist) -- [TorGuard](https://torguard.net/aff.php?aff=6024) -- [IVPN](https://www.ivpn.net/) -- [PureVPN](https://www.anrdoezrs.net/click-9242873-13842740) -- [NordVPN](https://www.kqzyfj.com/l5115shqnhp4E797DC8467D69A6D) -- [SwitchVPN](https://secure.switchkonnect.com/aff.php?aff=1374) -- [Safer VPN](https://safervpn.com/?a_aid=1413) -- [VirtualShield](https://virtualshield.com/?rfsn=3739717.4cba76) -- [Private Internet Access](https://www.privateinternetaccess.com/pages/cafe/digidef) -- [VPN.ac](https://vpn.ac/aff.php?aff=2178) -- [VyperVPN](https://www.dpbolvw.net/click-9242873-13805759) + +**Full VPN Comparison**: [thatoneprivacysite.net](https://thatoneprivacysite.net/). + +#### Word of Warning +- *A VPN does not make you anonymous- it merely changes your public IP address to that of your VPN provider, instead of your ISP. Your browsing session can still be linked back to your real identity either through your system details (such as user agent, screen resolution even typing patterns), cookies/ session storage, or by the identifiable data that you enter. [Read more about fingerprinting](https://pixelprivacy.com/resources/browser-fingerprinting/)* +- *Logging- If you choose to use a VPN because you do not agree with your ISP logging your full browsing history, then it is important to keep in mind that your VPN provider can see (and mess with) all your traffic. Many VPNs claim not to keep logs, but you cannot be certain of this ([VPN leaks](https://vpnleaks.com/)). See [this article](https://gist.github.com/joepie91/5a9909939e6ce7d09e29) for more* +- *Many reviews are sponsored, and hence biased. Do your own research, or go with one of the above options* +- [Tor](https://www.torproject.org/) is the best option for private browsing + + +#### Considerations +*While choosing a VPN, consider the following: Logging policy (logs are bad), Jurisdiction (avoid 5-eyes), Number of servers, availability and average load. Payment method (anonymous methods such as BTC, Monero or cash are better), Leak protection (1st-party DNS servers = good, and check if IPv6 is supported), protocols (OpenVPN and WireGuard = good). Finally, usability of their apps, user reviews and download speeds.* + +#### Self-Hosted VPN +If you don't trust a VPN provider not to keep logs, then you could self-host your own VPN. This gives you you total control, but at the cost of anonymity (since your cloud provider, will require your billing info). See [Streisand](https://github.com/StreisandEffect/streisand), to learn more, and get started with running a VPN. +[Digital Ocean](https://m.do.co/c/3838338e7f79) provides flexible, secure and easy Linux VMs, (from $0.007/hour or $5/month), this guide explains how to set up VPN on: [CentOS 7](https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7) or [Ubuntu 18.4+](https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7). See more about configuring [OpenVPN](https://openvpn.net/vpn-server-resources/digital-ocean-quick-start-guide/) or [IKEv2](https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2). Alternatively, here is a [1-click install script](http://dovpn.carlfriess.com/)for on [Digital Ocean](https://m.do.co/c/3838338e7f79), by Carl Friess. + + +## Self-Hosted Network Security + +Fun little projects that you can run on a Raspberry Pi, or other low-powered computer. In order to help detect and prevent threats, monitor network and filter content + +| Provider | Description | +| --- | --- | +**[Pi-Hole](https://pi-hole.net)** | Network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole. Pi-Hole can significantly speed up your internet, remove ads and block malware. It comes with a nice web interface and a mobile app with monitoring features, it's open source, easy to install and very widely used +**[IPFire](https://www.ipfire.org)** | A hardened, versatile, state-of-the-art open source firewall based on Linux. Its ease of use, high performance and extensibility make it usable for everyone +**[PiVPN](https://pivpn.io)** | A simple way to set up a home VPN on a any Debian server. Supports OpenVPN and WireGuard with elliptic curve encryption keys up to 512 bit. Supports multiple DNS providers and custom DNS providers- works nicely along-side PiHole +**[E2guardian](http://e2guardian.org)** | Powerful open source web content filter +**[SquidGuard](http://www.squidguard.org)** | A URL redirector software, which can be used for content control of websites users can access. It is written as a plug-in for Squid and uses blacklists to define sites for which access is redirected +**[PF Sense](https://www.pfsense.org)** | Widley used, open source firewall/router +**[Zeek](https://www.zeek.org)** | Detect if you have a malware-infected computer on your network, and powerful network analysis framework and monitor + +Don't want to build? See also: [Pre-configured security boxes](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_and-Security_Gadgets.md#network-security) + + +## Mix Networks +[Mix networks](https://en.wikipedia.org/wiki/Mix_network) are routing protocols, that create hard-to-trace communications, by encrypting and routing traffic through a series of nodes. They help keep you anonymous online, and unlike VPNs -there are no logs + +| Provider | Description | +| --- | --- | +**[Tor](https://www.torproject.org)** | Tor provides robust anonymity, allowing you to defend against surveillance, circumvent censorship and reduce tracking. It blocks trackers, resists fingerprinting and implements multi-layered encryption by default, meaning you can browse freely. Tor also allows access to OnionLand: hidden services +**[I2P](https://geti2p.net)** | I2P offers great generic transports, it is well geared towards accessing hidden services, and has a couple of technical benefits over Tor: P2P friendly with unidirectional short-lived tunnels, it is packet-switched (instead of circuit-switched) with TCP and UDP, and continuously profiles peers, in order to select the best performing ones.
I2P is less mature, but fully-distributed and self-organising, it's smaller size means that it hasn't yet been blocked or DOSed much +**[Freenet]()** | Freenet is easy to setup, provides excellent friend To Friend Sharing vs I2P, and is great for publishing content anonymously. It's quite large in size, and very slow so not the best choice for casual browsing + +Tor, I2P and Freenet are all anonymity networks- but they work very differently and each is good for specific purposes. So a good and viable solution would be to use all of them, for different tasks. +*You can read more about how I2P compares to Tor, [here](https://blokt.com/guides/what-is-i2p-vs-tor-browser)* + +#### Notable Mentions +[Panoramix](https://panoramix-project.eu) is a European project, aiming to use mix-networks to provide anonymity. +[Nym](https://nymtech.neteu) uses Blockchain to reward node operators in order to keep the network sustainable. + +#### Word of Warning +To provide low-latency browsing, Tor does not mix packets or generate cover traffic. If an adversary is powerful enough, theoretically he could either observe the entire network, or just the victims entry and exit nodes. It's worth mentioning, that even though your ISP can not see what you are doing, they will be able determine that you are using a mix net, to hide this- a VPN could be used. If you are doing anything which could put you at risk, then good OpSec is essential, as the authorities have traced criminals through the Tor network before, and [made arrests](https://techcrunch.com/2019/05/03/how-german-and-us-authorities-took-down-the-owners-of-darknet-drug-emporium-wall-street-market). Don't let Tor provide a possible false sense of security- be aware of information leaks through DNS or other programs, and Tor-supported browsers may might lag behind their upstream forks, allowing for unpatched issues. See [#19](https://github.com/Lissy93/personal-security-checklist/issues/19) + +Note: The Tor network is run by the community. If you benefit from using it and would like to help sustain uncensored internet access for all, consider [running a Tor relay](https://trac.torproject.org/projects/tor/wiki/TorRelayGuide). + +## Proxies +A proxy acts as a gateway between you and the internet, it can be used to act as a firewall or web filter, improves privacy and can also be used to provide shared network connections and cache data to speed up common requests. Never use a [free](https://whatismyipaddress.com/free-proxies) proxy. + +| Provider | Description | +| --- | --- | +**[ShadowSocks](https://shadowsocks.org)** | Secure socks5 proxy, designed to protect your Internet traffic. Open source, superfast, cross-platform and easy to deploy, see [GitHub repo](https://github.com/shadowsocks) +**[Privoxy](https://www.privoxy.org)** | Non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk + +#### Notable Mentions +[V2ray-core](https://github.com/v2ray/v2ray-core) is a platform for building proxies to bypass network restrictions and protect your privacy. See [more](https://github.com/hugetiny/awesome-vpn) + +#### Word of Warning +[Malicious Proxies](https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-edward_zaborowski-doppelganger.pdf) are all too common. Always use open source software, host it yourself or pay for a reputable cloud service. Never use a free proxy; it can monitor your connection, steal cookies and contain malware. VPNs are a better option, better still- use the Tor network. + +## DNS +Without using a secure, privacy-centric DNS all your web requests can be seen in the clear. You should configure your DNS queries to be managed by a service that respects privacy and supports DNS-over-TLS, DNS-over-HTTPS or DNSCrypt. + +| Provider | Description | +| --- | --- | +**[CloudFlare](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1)** | One of the most performant options, Cloudflare's DNS supports DoH and DoT, and has a Tor implementation, providing world-class protection. They have native cross-platform apps, for easy set-up. +**[AdGuard](https://adguard.com/en/adguard-dns/overview.html)** | Open-source DNS provider, specialising in the blocking of ads, trackers and malicious domains. They have been independently audited and do not keep logs +**[SecureDNS](https://securedns.eu)** | An open source DNS provider, with built-in ad block and additional privacy features. Supports DoH, DoT and DNSCrypt. It is not as performant as some of the bigger players, but still a good option in terms of security +**[NextDNS](https://nextdns.io/)** | An ad-blocking, privacy-protecting, censorship-bypassing DNS. Also comes with analytics, and the ability to shield kids from adult content + +See also this [Full List of Public DoH Servers](https://github.com/curl/curl/wiki/DNS-over-HTTPS), you can then check the performance of your chosen server with [DNSPerf](https://www.dnsperf.com/). To read more about choosing secure DNS servers, see [this article](https://medium.com/@nykolas.z/dns-security-and-privacy-choosing-the-right-provider-61fc6d54b986), and [this article](https://geekwire.co.uk/privacy-and-security-focused-dns-resolver/). + +#### DNS Protocols +DNS-over-TLS was proposed in [RTC-7858](https://tools.ietf.org/html/rfc7858) by the IETF, then 2 years later, the DNS-over-HTTPS specification was outlined in [RFC8484](https://tools.ietf.org/html/rfc8484) in October '18. [DNSCrypt](https://dnscrypt.info/), is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing, through using cryptographic signatures to verify that responses originate from the chosen DNS resolver, and haven’t been tampered with. DNSCrypt is a well battle-tested protocol, that has been in use since 2013, and is still widely used. + +#### Notable Mentions +- [Quad9](https://www.quad9.net) is a well-funded, performant DNS with a strong focus on privacy and security and easy set-up, however questions have been raised about the motivation of some of the financial backers. +- [BlahDNS](https://blahdns.com) (Japan, Finland or Germany) is an excellent security-focused DNS +- [OpenNIC](https://www.opennic.org/), [NixNet DNS](https://nixnet.services/dns) and [UncensoredDNS](https://blog.uncensoreddns.org) are open source and democratic, privacy-focused DNS +- [Clean Browsing](https://cleanbrowsing.org/), is a good option for protecting kids, they offer comprehensive DNS-based Content Filtering + +#### Word of Warning +Using an encrypted DNS resolver will not make you anonymous, it just makes it harder for third-partied to discover your domain history. If you are using a VPN, take a [DNS leak test](https://www.dnsleaktest.com/), to ensure that some requests are not being exposed. + + +## Firewalls +A firewall is a program which monitors the incoming and outgoing traffic on your network, and blocks requests based on rules set during its configuration. Properly configured, a firewall can help protect against attempts to remotely access your computer, as well as control which applications can access which IPs. + + +| Provider | Description | +| --- | --- | +**[NetGuard](https://play.google.com/store/apps/details?id=eu.faircode.netguard)**
(Android) | Provides simple and advanced ways to block access to the internet. Applications and addresses can individually be allowed or denied access to Wi-Fi and/or mobile connection +**[NoRoot Firewall](https://play.google.com/store/apps/details?id=app.greyshirts.firewall)**
(Android) | Notifies you when an app is trying to access the Internet, so all you need to do is just Allow or Deny. Allows you to create filter rules based on IP address, host name or domain name, and you can allow or deny only specific connections of an app +**[Lockdown](https://apps.apple.com/in/app/lockdown-apps/id1469783711)**
(iOS) | Firewall app for iPhone, allowing you to block any connection to any domain +**[SimpleWall](https://github.com/henrypp/simplewall)**
(Windows) | Tool to control Windows Filtering Platform (WFP), in order to configure detailed network activity on your PC +**[OpenSnitch](https://github.com/evilsocket/opensnitch)**
(Linux) | Makes internet connections from all apps visible, allowing you to block or manage traffic on a per-app basis. GNU/Linux port of the Little Snitch application firewall +**[LuLu](https://objective-see.com/products/lulu.html)**
(Mac OS) | Free, open source macOS firewall. It aims to block unknown outgoing connections, unless explicitly approved by the user +**[Little Snitch](https://obdev.at/products/littlesnitch/index.html)**
(Mac OS) | A very polished application firewall, allowing you to easily manage internet connections on a per-app basis +**[IPFire](https://www.ipfire.org)**
(hardware) | IPFire is a hardened, versatile, state-of-the-art Open Source firewall based on Linux. Easy to install on a raspberry Pi, since it is lightweight and heavily customizable +**[Shorewall](https://shorewall.org)**
(hardware) | An open source firewall tool for Linux that builds upon the [Netfilter](https://www.netfilter.org) system built into the Linux kernel, making it easier to manage more complex configuration schemes with [iptables](https://linux.die.net/man/8/iptables) +**[OpenSense](https://opnsense.org)**
(hardware) | Enterprise firewall and router for protecting networks, built on the FreeBSD system + + +#### Word of Warning +There are different [types](https://www.networkstraining.com/different-types-of-firewalls) of firewalls, that are used in different circumstances. This does not omit the need to configure your operating systems defences. Follow these instructions to enable your firewall in [Windows](https://support.microsoft.com/en-us/help/4028544/windows-10-turn-windows-defender-firewall-on-or-off), [Mac OS](https://support.apple.com/en-us/HT201642), [Ubuntu](https://wiki.ubuntu.com/UncomplicatedFirewall) and other [Linux ditros](https://www.tecmint.com/start-stop-disable-enable-firewalld-iptables-firewall). +Even when properly configured, having a firewall enabled does not guarantee bad network traffic can not get through and especially during boot if you don't have root privileges. + +## Network Analysis + +Weather you live in a country behind a firewall, or accessing the internet through a proxy- these tools will help you better understand the extent of blocking, deep packet inspection and what data is being analysed + + +| Provider | Description | +| --- | --- | +**[OONI](https://ooni.org)** | Open Observatory of Network Interference- A free tool and global observation network, for detecting censorship, surveillance and traffic manipulation on the internet. Developed by The Tor Project, and available for [Android](https://play.google.com/store/apps/details?id=org.openobservatory.ooniprobe), [iOS](https://apps.apple.com/us/app/id1199566366) and [Linux](https://ooni.org/install/ooniprobe) +**[Mongol](https://github.com/mothran/mongol)** | A Python script, to pinpoint the IP address of machines working for the The Great Firewall of China. See also [gfwlist](https://github.com/gfwlist/gfwlist) which is the Chinese ban list, and [gfw_whitelist](https://github.com/n0wa11/gfw_whitelist). For a list of Russian government IP addresses, see [antizapret](https://github.com/AntiZapret/antizapret) +**[Goodbye DPI](https://github.com/ValdikSS/GoodbyeDPI)** | Passive Deep Packet Inspection blocker and Active DPI circumvention utility, for Windows +**[DPITunnel](https://github.com/zhenyolka/DPITunnel)** | An Android app to bypass deep packet inspection +**[Proxy Checker](https://ping.eu/proxy/)** | You can quickly check if a given IP is using a proxy, this can also be done through the [command line](https://superuser.com/questions/346372/how-do-i-know-what-proxy-server-im-using) + + +## Cloud Hosting + +Weather you are hosting a website and want to keep your users data safe, or if you are hosting your own file backup, cloud productivity suit or VPN- then choosing a provider that respects your privacy and allows you to sign up anonymously, and will keep your files and data safe is be important. + +| Provider | Description | +| --- | --- | +**[Njalla](https://njal.la)** | Njalla is a privacy and security-focused domain registrar and VPN hosting provider. They own and manage all their own servers, which are based in Sweden. They accept crypto, for anonymous payments, and allow you to sign up with OTR XMPP if you do not want to provide an email address. Both VPS and domain name pricing is reasonable, with packages starting at $15/ month +**[Vindo](https://www.vindohosting.com)** | Provides anonymous shared hosting, semi-managed virtual private servers and domain registration +**[Private Layer](https://www.privatelayer.com)** | Offers enterprise-grade, high-speed offshore dedicated servers, they own their own data centres, have a solid privacy policy and accept anonymous payment + +#### Notable Mentions +See also: [1984](https://www.1984.is) based in Iceland. [Shinjiru](http://shinjiru.com?a_aid=5e401db24a3a4), which offers off-shore dedicated servers. [Orange Website](https://www.orangewebsite.com) specialises in protecting online privacy and free speech, hosted in Iceland. [RackBone](https://rackbone.ch) (previously [DataCell](https://datacell.is)) provides secure and ethical hosting, based in Switzerland. And [Bahnhof](https://www.bahnhof.net) offers high-security and ethical hosting, with their data centres locates in Sweden. Finally [Simafri](https://www.simafri.com/anonymous) has a range of packages, that support Tor out of the box + + +#### Word of Warning +The country that your data is hosted in, will be subject to local laws and regulations. It is therefore important to avoid a jurisdiction that is part of the [5 eyes](https://en.wikipedia.org/wiki/Five_Eyes) (Australia, Canada, New Zealand, US and UK) and [other international cooperatives](https://en.wikipedia.org/wiki/Five_Eyes#Other_international_cooperatives) who have legal right to view your data. + +## Domain Registrars + +| Provider | Description | +| --- | --- | +**[Njal.la](https://njal.la)** | Privacy-aware domain service with anonymous sign-up and accepts crypto currency +**[Orange Website](https://www.orangewebsite.com/domain-registration.php)** | Anonymous domain registration, with low online censorship since they are based outside the 14-eyes jurisdiction (in Iceland) + + +## Digital Notes + +| Provider | Description | +| --- | --- | +**[Cryptee](https://crypt.ee/)** | Private & encrypted rich-text documents. Cryptee has encryption and anonymity at it's core, it also has a beautiful and minimalistic UI. You can use Cryptee from the browser, or download native Windows, Mac OS, Linux, Android and iOS apps. Comes with many additional features, such as support for photo albums and file storage. The disadvantage is that only the frontend is open source. Pricing is free for starter plan, $3/ month for 10GB, additional plans go up-to 2TB +**[Standard Notes](https://standardnotes.org/?s=chelvq36)** | S.Notes is a free, open-source, and completely encrypted private notes app. It has a simple UI, yet packs in a lot of features, thanks to the [Extensions Store](https://standardnotes.org/extensions), allowing for: To-Do lists, Spreadsheets, Rich Text, Markdown, Math Editor, Code Editor and many more. You can choose between a number of themes (yay, dark mode!), and it features built-in secure file store, tags/ folders, fast search and more. There is a web app as well as native Windows, Mac OS, Linux, Android and iOS apps. Standard Notes is actively developed, and fully open-source, so you can host it yourself, or use their hosted version: free without using plug-ins or $3/ month for access to all features +**[Turtle](https://turtlapp.com/)** | A secure, collaborative notebook. Self-host it yourself (see [repo](https://github.com/turtl)), or use their hosted plan (free edition or $3/ month for premium) +**[Joplin](https://joplinapp.org)** | Cross-platform desktop and mobile note-taking and todo app. Easy organisation into notebooks and sections, revision history and a simple UI. Allows for easy import and export of notes to or from other services. Supports syncronisation with cloud services, implemented with E2EE- however it is only the backed up data that is encrypted +**[Notable](https://notable.md)** | Markdown-based note editior for desktop, with a simple, yet feature-rich UI. All notes are saved individually as .md files, making them easy to manage. No mobile app, or built-in cloud-sync or encryption + +#### Notable Mentions +If you are already tied into Evernote, One Note etc, then [SafeRoom](https://www.getsaferoom.com) is a utility that encrypts your entire notebook, before it is uploaded to the cloud. [Org Mode](https://orgmode.org) is a very comprehensive CLI tool for keeping notes, maintaining todo lists, planning projects, and authoring documents -based on a fast and effective plain-text system, from the command line. For a simple plain text note taking app, with strong encryption, see [Protected Text](https://www.protectedtext.com), which works well with the [Safe Notes](https://play.google.com/store/apps/details?id=com.protectedtext.android) Android app + + +## Cloud Productivity Suits + +| Provider | Description | +| --- | --- | +**[CryptPad](https://cryptpad.fr)** | A zero knowledge cloud productivity suit. Provides Rich Text, Presentations, Spreadsheets, Kanban, Paint a code editor and file drive. All notes and user content, are encrypted by default, and can only be accessed with specific URL. The main disadvantage, is a lack of Android, iOS and desktop apps- CryptPad is entirely web-based. You can use their web service, or you can host your own instance (see [CryptPad GitHub](https://github.com/xwiki-labs/cryptpad) repo). Price for hosted: free for 50mb or $5/ month for premium +**[NextCloud](https://nextcloud.com/)** | A complete self-hosted productivity platform, with a strong community and growing [app store](https://apps.nextcloud.com). NextCloud is similar to (but arguably more complete than) Google Drive, Office 365 and Dropbox, origionally it was a fork from [OwnCloud](https://owncloud.org/), but since have diverged. Clear UI and stable native apps across all platforms, and also supports file sync. Supports encrypted files, but you need to configure this yourself. Fully open source, so you can self-host it yourself (or use a hosted solution, starting from $5/ month) +**[Disroot](https://disroot.org)** | A platform providing online services based on principles of freedom, privacy, federation and decentralization. It is an implementation of NextCloud, with strong encryption configured- it is widely used by journalists, activists and whistle-blowers. It is fre to use, but there have been reported reliability issues of the cloud services +**[Sandstorm](https://sandstorm.io/)** | An open source platform for self-hosting web apps. Once you've set it up, you can install items from the Sandstorm [App Market](https://apps.sandstorm.io/) with -click, similar to NextCloud in terms of flexibility + + + +## Backup and Sync + +| Provider | Description | +| --- | --- | +**[SeaFile](https://www.seafile.com)** | An open source cloud storage and sync solution. Files are grouped into Libraries, which can be individually encrypted, shared of synced. Docker image available for easy deployment, and native clients for Windows, Mac, Linux, Android and iOS +**[Syncthing](https://syncthing.net)** | Continuous file synchronization between 2 or more clients. It is simple, yet powerful, and fully-encrypted and private. Syncthing can be deployed with Docker, and there are native clients for Windows, Mac, Linux, BSD and Android +**[NextCloud](https://nextcloud.com)** | Feature-rich productivity platform, that can be used to backup and selectively sync encrypted files and folders between 1 or more clients. See [setting up sync](https://docs.nextcloud.com/desktop/2.3/installing.html). A key benifit the wide range of plug-ins in the [NextCloud App Store](https://apps.nextcloud.com), maintained by the community. NextCloud was a hard fork off [OwnCloud](https://owncloud.org). + + +#### Notable Mentions +Alternatively, consider a headless utility such as [Duplicacy](https://duplicacy.com) or [Duplicity](http://duplicity.nongnu.org). Both of offer an encrypted and efficient sync between 2 or more locations, using the [rsync](https://linux.die.net/man/1/rsync) algorithm. + +[SpiderOak](https://spideroak.com), [Tresorit](https://tresorit.com) and [Resilio](https://www.resilio.com/individuals) are good enterprise solutions, all with solid encryption baked-in + +[FileRun](https://filerun.com) and [Pydio](https://pydio.com) are self-hosted file explorers, with cross-platform sync capabilities. + +#### Word of Warning +You should always ensure that any data stored in the cloud is encrypted. If you are hosting your own server, then take the necessary precautions to [secure the server](https://med.stanford.edu/irt/security/servers.html). For hosted solutions- use a strong password, keep your credentials safe and enable 2FA. + + +## File Drop + +| Provider | Description | +| --- | --- | +**[Firefox Send](https://send.firefox.com)** | Simple, private file sharing. Files are encrypted, client-side, stored on Mozilla servers, can be password-protected, and are deleted either after a specified time frame or specific number of downloads. Can also be self-hosted, [repo](https://github.com/mozilla/send) +**[FilePizza](https://file.pizza)** | Peer-to-peer based file transfer from the browser, using [Web Torrent](https://webtorrent.io/). It's quick and easy to use, and doesn't require any software to be installed. Can also be self-hosted: [repo](https://github.com/kern/filepizza) +**[FileSend](https://filesend.standardnotes.org)** | Simple, encrypted file sharing, with a 500mb limit and 5-day retention. Files are secured with client-side AES-256 encryption and no IP address or device info is logged. Files are permanently deleted after download or after specified duration. Developed by [StandardNotes](https://standardnotes.org/?s=chelvq36), and has built-in integration with the SN app. +**[OnionShare](https://onionshare.org/)** | An open source tool that lets you securely and anonymously share a file of any size, via Tor servers. OnionShare does require installing (compatible with Windows, Mac OS and Linux), but the benefit is that your files are transferred directly to the recipient, without needing to be hosted on an interim server. The host needs to remain connected for the duration of the transfer, but once it is complete, the process will be terminated. Source code: [repo](https://github.com/micahflee/onionshare) + +#### Notable Suggestions +[Instant.io](https://github.com/webtorrent/instant.io), is another peer-to-peer based solution, using [Web Torrent](https://webtorrent.io). For specifically transferring images, [Up1](https://github.com/Upload/Up1) is a good self-hosted option, with client-side encryption. Finally [PsiTransfer](https://github.com/psi-4ward/psitransfer) is a feature-rich, self-hosted file drop, using streams. + + +## Social Networks + +Over the past decade, social networks have revolutionized the way we communicate and bought the world closer together- but it came at the [cost of our privacy](https://en.wikipedia.org/wiki/Privacy_concerns_with_social_networking_services). Social networks are built on the principle of sharing- but you, the user should be able to choose with whom you share what, and that is what the following sites aim to do. + +| Provider | Description | +| --- | --- | +**[Aether](https://getaether.net)** | Self-governing communities with auditable moderation- a similar concept to Reddit, but more privacy-sensitive, democratic and transparent. Aether is open source and peer-to-peer, it runs on Windows, Mac and Linux +**[Discourse](https://www.discourse.org/)** | A 100% open source and self-hostable discussion platform you can use as a mailing list, discussion forum or long-form chat room. +**[Mastodon](https://mastodon.social/invite/A5JwL72F)** | A shameless Twitter clone, but open-source, distributed across independent servers, and with no algorithms that mess with users timelines +**[Minds](https://www.minds.com/register?referrer=as93)** | A social media site, which aims to bring people together and support open conversations. Get paid for creating content +**[Vero](https://vero.co/)** | (closed-source) A mobile-based social network, whose USP is that they have "No Ads. No Data Mining. No Algorithms." Since Vero is not open source, it is not possible to verify the validity of these claims + +#### Other Notable Mentions +- [diaspora\*](https://diasporafoundation.org), [Pleroma](https://pleroma.social) and [Friendica](https://friendi.ca) - distributed, decentralized social networks, built on open protocols +- [Tildes](https://tildes.net), [Lemmy](https://dev.lemmy.ml) and [notabug.io](https://notabug.io) - bulletin boards and news aggregators (similar to Reddit) +- [Pixelfed](https://pixelfed.org) - A free, ethical, federated photo sharing platform (FOSS alternative to Instagram) + +#### Main-stream networks +The content on many of these smaller sites tends to be more *niche*. To continue using Twitter, there are a couple of [tweaks](https://www.offensiveprivacy.com/blog/twitter-privacy), that will improve security. For Reddit, use a privacy-respecting client- such as [Reditr](http://reditr.com/). Other main-stream social networking sites do not respect your privacy, so should be avoided, but if you choose to keep using them see [this guide](https://proprivacy.com/guides/social-media-privacy-guide) for tips on protecting your privacy + + +## Video Platforms + +| Provider | Description | +| --- | --- | +**[PeerTube](https://joinpeertube.org)** | Free and open-source federated video platform that uses peer-to-peer technology to reduce load on individual servers when viewing videos. You can [self-host](https://docs.joinpeertube.org/#/install-any-os), or [find an instance](https://joinpeertube.org/instances#instances-list), and then watch videos from any PeerTube server +**[DTube](https://d.tube)** | A decentralized and ad-free video platform with little to no moderation that uses cryptocurrency and blockchain technology to pay its users. +**[BitTube](https://bittube.tv)** | A peer-to-peer, decentralized, censorship-free, ad-free video sharing and live streaming platform based on IPFS and blockchain technology +**[BitChute](https://www.bitchute.com/)** | A video hosting platform, that was founded in 2017 to allow uploaders to avoid content rules enforced on other platforms, such as YouTube + +#### Word of Warning +Without moderation, some of these platforms accommodate video creators, who content may not be appropriate for all audiences + +#### YouTube Proxies +The content on many of the smaller video sites, often just doesn't compare to YouTube. So another alternative, is to access YouTube through a proxy client, which reduces what Google can track). +- Good options are: [Invidio](https://invidio.us/) (web), [FreeTube](https://freetubeapp.io/) (Windows, Mac OS, Linux), [NewPipe](https://newpipe.schabi.org/) (Android), [YouTube++](https://iosninja.io/ipa-library/download-youtube-plus-ipa-ios) (iOS) +- Or download videos with [youtube-dl](https://ytdl-org.github.io/youtube-dl/) (cli) or [youtube-dl-gui](https://github.com/MrS0m30n3/youtube-dl-gui) (gui). For just audio, there is [PodSync](https://podsync.net/) + + +## Blogging Platforms + +| Provider | Description | +| --- | --- | +**[Write Freely](https://writefreely.org)** | Free and open source software with a clean UI, for creating a minimalist, federated blog. For premium or enterprise hosted plans, see [Write.as](https://write.as), or to host your own, check out the [repo on GitHub](https://github.com/writeas/writefreely) +**[Telegraph](https://telegra.ph)** | Created by [Telegram](https://www.theverge.com/2016/11/23/13728726/telegram-anonymous-blogging-platform-telegraph), Telegraph is fast, anonymous and simple + +#### Notable Mentions + +If you use [Standard Notes](https://standardnotes.org/?s=chelvq36), then [Listed.to](https://listed.to) is a public blogging platform with strong privacy features. It lets you publish posts directly through the Standard Notes app or web interface. Other minimalistic platforms include [Notepin.co](https://notepin.co) and [Pen.io](http://pen.io). + +Want to write a simple text post and promote it yourself? Check out [telegra.ph](https://telegra.ph), [txt.fyi](https://txt.fyi) and [NotePin](https://notepin.co). For seriously anonymous platforms, aimed at activists, see [noblogs](https://noblogs.org/) and [autistici](https://www.autistici.org). It is also possible to host a normal [WordPress](https://wordpress.com) site, without it being linked to your real identity, although WP does not have the best reputation when it comes to privacy. + +Of course you could also host your blog on your own server, using a standard open source blog platform, such as [Ghost](https://ghost.org) and configure it to disable all trackers, ads and analytics. + + +## News Readers and Aggregation + +| Provider | Description | +| --- | --- | +**[Tiny RSS](https://tt-rss.org)** | A free and open source web-based news feed (RSS/Atom) reader and aggregator +**[RSSOwl](http://www.rssowl.org)** | A desktop-based RSS reader, with powerful organisation features +**[Feedly](https://feedly.com)** | A more premium option. Feedly displays news from your selected sources in an easy-to-digest clean and modern interface. It works with more than just RSS feeds, since it is well integrated with many major news outlets. It does not manipulate the stories you see, and is mostly open source + +#### Notable Mentions +For iPhone users in the US, [Tonic](https://canopy.cr/tonic) is a great little app that provides you with a selection of personalized new stories and articles daily. It is possible to us [Reddit](https://www.reddit.com) anonymously too- you can use throwaway accounts for posting. + +#### Word of Warning +News reader apps don't have a good [reputation](https://vpnoverview.com/privacy/apps/privacy-risks-news-apps) when it comes to protecting users privacy, and often display biased content. Many have revenue models based on making recommendations, with the aim of trying to get you to click on sponsored articles- and for that a lot of data needs to have been collected about you, your habits, interests and routines. + + +## Payment Methods + +Paying for goods and services is a good example of where privacy and security conflict; the most secure option would be to pay with credit card, since most providers include fraud protection, whereas the most private option would be to pay using crypto currency or cash, since neither can be easily tied back to your identity. + +| Provider | Description | +| --- | --- | +**[Monero](https://www.getmonero.org)** | One of the most private cryptocurrencies, since no meta data is available (not even the transaction amount). It uses complex on-chain cryptographic methods such as Ring signatures, RingCT, Kovri, and Stealth addresses all of which help protect the privacy of users +**[ZCash](https://z.cash)** | Uses zero-knowledge proofs to protect privacy cryptographic technique, that allows two users to transact without ever revealing their true identity or address. The Zcash blockchain doesn't record any send or receive addresses + + +#### Notable Mentions +Actual physical cash is still the most private option, with no chance of leaving any transactional records. See also [PIVX](https://pivx.org), [Bitcoin Private](https://btcprivate.org) and [Verge](https://vergecurrency.com). + + +#### Word of Warning +Not all cryptocurrencies are anonymous, and without using a privacy-focused coin, a record of your transaction will live on a publicly available distributed ledger, forever. If you send of receive multiple payments, ensure you switch up addresses or use a mixer, to make it harder for anyone trying to trace your transactions. Store private keys somewhere safe, but offline and preferably cold. + +Note: Cryptocurrency prices can go down. Storing any wealth in crypto may result in losses. If you are new to digital currencies- do your research first, don't invest more than you can afford, and be very weary of scams and cryptocurrency-related malware. + + +## Anti-Virus and Malware Prevention + +| Provider | Description | +| --- | --- | +**[CalmAV](https://www.clamav.net)** | An open source cross-platform antivirus engine for detecting viruses, malware & other malicious threats. It is versatile, performant and very effective +**[Windows Spy Blocker](https://github.com/crazy-max/WindowsSpyBlocker)** | Capture and interprets network traffic based on a set of rules, and depending on the interactions certain assignments are blocked. Open source, written in Go and delivered as a single executable +**[Cylance](https://www.cylance.com)** | Takes more of an application whitelisting approach, where it generates the list of trusted software through machine learning. So instead of identifying bad software to block, it identifies good software instead, and blocks the rest by default + +#### Notable Mentions +Your operating system's built-in protection is probably adequate for detecting 99% of threats. Installing additional software can introduce more vulnerabilities, so downloading AV may actually increase your attack surface. + +Windows, by default is not very private. There are several packages that can be used to quickly tweak privacy settings. Such as [Simple Wall](https://github.com/henrypp/simplewall), [priv10](https://github.com/DavidXanatos/priv10), [Fix-Windows-Privacy](https://modzero.github.io/fix-windows-privacy/) and [W10 Privacy](https://www.w10privacy.de/english-home) (see [Video Tutorial](https://www.youtube.com/watch?v=qttbd2Ouxmc)). Use at your own risk, disabling some OS features can cause unintended consequences. See also, this [Windows 10 Privacy Guide](https://github.com/adolfintel/Windows10-Privacy) for manual steps. + +For 1-off malware scans, [MalwareBytes](https://www.malwarebytes.com) is very effective- thorough in identifying threats, with minimum data collection. However it is [not open source](https://forums.malwarebytes.com/topic/5495-open-source). + + +#### Word of Warning +Many anti virus products have a history of introducing vulnerabilities themselves, and several of them seriously degrade the performance of your computer, as well as decrease your privacy. Never use a free anti-virus, and never trust the companies that offer free solutions, even if you pay for the premium package. This includes (but not limited to) Avast, AVG, McAfee and Kasperky. For AV to be effective, it needs intermate access to all areas of your PC, so it is important to go with a trusted vendor, and monitor it's activity closley. Read more about why you shouldn't use [Anti-Spy Tools, on Windows](https://as93.link/gjlj4). + + +## Mobile Operating Systems + +If you are an Android user, your device has Google built-in at it's core. [Google tracks you](https://digitalcontentnext.org/blog/2018/08/21/google-data-collection-research/), +collecting a wealth of information, and logging your every move. A [custom ROM](https://www.xda-developers.com/what-is-custom-rom-android/), is an open source, usually Google-free mobile OS that can be [flashed](https://www.xda-developers.com/how-to-install-custom-rom-android/) to your device. + + +| Provider | Description | +| --- | --- | +**[LineageOS](https://www.lineageos.org/)** | A free and open-source operating system for various devices, based on the Android mobile platform- Lineage is light-weight, well maintained, supports a wide range of devices, and comes bundled with [Privacy Guard](https://en.wikipedia.org/wiki/Android_Privacy_Guard) +**[GrapheneOS](https://grapheneos.org/)** | GrapheneOS is an open source privacy and security focused mobile OS with Android app compatibility. Developed by the team behind [CoperheadOS](https://copperhead.co/android/). Graphene is a young project, and currently only supports Pixel devices, partially due to their strong hardware security + +#### Other Notable Mentions +[Replicant OS](https://www.replicant.us/) is a fully-featured distro, with an emphasis on freedom, privacy and security. [MmniRom](https://www.omnirom.org/), [Recursion Remix](https://forum.xda-developers.com/remix), and [Paranoid Android](http://paranoidandroid.co/) are also popular options. Alternativley, [Ubuntu Touch](https://ubports.com/) is a Linux (Ubuntu)- based OS. It is secure by design and runs on almost any device, - but it does fall short when it comes to the app store. + +To install apps on the Play Store without using the Play Store app see [Aurora Store](https://gitlab.com/AuroraOSS/AuroraStore). For Google Play Service see [MicroG](https://microg.org/) + + +#### Word of Warning +It is not recommended to root, or flash your device with a custom ROM if you are not an advanced user. There are risks involved +- Although the above ROMs omit Google, they do open up other security issues: Without DM-verity on the system partition, the file system *could* be tampered with, and no verified boot stack, the kernel/initramfs also *could* be edited. You should understand the risks, before proceeding to flash a custom ROM to your device +- You will need to rely on updates from the community, which could be slower to be released- this may be an issue for a time-urgent, security-critical patch +- It is also possible to brick your device, through interrupted install or bad software +- Finally, rooting and flashing your device, will void your warranty + + +## PC Operating Systems + +Windows 10 has many features that violate your privacy. Microsoft and Apple are able to collect all your data (including, but not limited to: keystrokes, searches and mic input, calendar data, music, photos, credit card information and purchases, identity, passwords, contacts, conversations and location data). Microsoft Windows is also more susceptible to malware and viruses, than alternative systems. + +| Provider | Description | +| --- | --- | +**[Qubes OS](https://www.qubes-os.org/)** (containerized apps) | Open-source security-oriented operating system for single-user desktop computing. It uses virtualisation, to run each application in it's own compartment to avoid data being leaked. It features [Split GPG](https://www.qubes-os.org/doc/split-gpg/), [U2F Proxy](https://www.qubes-os.org/doc/u2f-proxy/), and [Whonix integration](https://www.qubes-os.org/doc/whonix/). Qubes makes is easy to create [disposable VMs](https://www.qubes-os.org/doc/disposablevm/) which are spawned quickly and destroyed when closed. Qubes is [recommended](https://twitter.com/Snowden/status/781493632293605376) by Edward Snowden +**[Whonix](https://www.whonix.org/)** (VM) | Whonix is an anonymous operating system, which can run in a VM, inside your current OS. It is the best way to use Tor, and provides very strong protection for your IP address. It comes bundled with other features too: Keystroke Anonymization, Time Attack Defences, Stream Isolation, Kernel Self Protection Settings and an Advanced Firewall. Open source, well audited, and with a strong community- Whonix is based on Debian, [KickSecure](https://www.whonix.org/wiki/Kicksecure) and [Tor](https://www.whonix.org/wiki/Whonix_and_Tor) +**[Tails](https://tails.boum.org/)** (live) | Tails is a live operating system (so you boot into it from a USB, instead of installing). It preserves your privacy and anonymity through having no persistent memory/ leaving no trace on the computer. Tails has Tor built-in system-wide, and uses state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging. Open source, and built on top of Debian +**[Parrot](https://parrotlinux.org/)** (security)| Parrot Linux, is a full Debian-based operating system, that is geared towards security, privacy and development. It is fully-featured yet light-weight, very open. There are 3 edditions: General Purpose, Security and Forensic. The Secure distribution includes its own sandbox system obtained with the combination of [Firejail](https://firejail.wordpress.com/) and [AppArmor](https://en.wikipedia.org/wiki/AppArmor) with custom security profiles. While the Forensics Edition is bundled with a comprehensive suit of security/ pen-testing tools, similar to Kali and Black Arch +**[Discreete Linux](https://www.privacy-cd.org/)** (offline)| Aimed at journalists, activists and whistle-blowers, Discreete Linux is similar to Tails, in that it is booted live from external media, and leaves no/ minimal trace on the system. The aim of the project, was to provide all required cryptographic tools offline, to protect against Trojan-based surveillance + + +#### General Purpose Linux Distros +If you do not want to use a specalist security-based distro, or you are new to Unix- then just switching to any well-maintained Linux distro, is going to be significantly more secure and private than Windows or Mac OS. +Since it is open source, major distros are constantly being audited by members of the community. Linux does not give users admin rights by default- this makes is much less likley that your system could become infected with malware. And of course, there is no proprietary Microsoft or Apple software constantly monitoring everything you do. + +Some good distros to consider would be: **[Fedora](https://getfedora.org/)**, **[Debian](https://www.debian.org/)**, or **[Arch](https://www.archlinux.org/)**- all of which have a large community behind them. **[Manjaro](https://manjaro.org/)** (based of Arch) is a good option, with a simple install process, used by new comers, and expers alike. See [comparison](https://en.wikipedia.org/wiki/Comparison_of_Linux_distributions). + +BSD systems arguably have far superior network stacks. **[OpenBSD](https://www.openbsd.org)** is designed for maximum security — not just with its features, but with its implementation practices. It’s a commonly used OS by banks and critical systems. **[FreeBSD](https://www.freebsd.org)** is more popular, and aims for high performance and ease of use. + + +#### Improve the Security and Privacy of your current OS + +If you have chosen to stick with your current OS, there are a couple of things you can do to improve security, see: [Windows 10 security guide](https://heimdalsecurity.com/en/windows-10-security-guide/privacy), [Mac OS security guide](https://spreadprivacy.com/mac-privacy-tips/) or [Linux security guide](https://spreadprivacy.com/linux-privacy-tips/). + + +## Windows Defences + +| Provider | Description | +| --- | --- | +**[HardenTools]** | A utility that disables a number of risky Windows features. These "features" are exposed by the OS and primary consumer applications, and very commonly abused by attackers, to execute malicious code on a victim's computer. So this tool just reduces the attack surface by disabling the low-hanging fruit +**[Sticky-Keys-Slayer]** | Scans for accessibility tools backdoors via RDP +**[SigCheck]** | Audit a Windows host's root certificate store against Microsoft's Certificate Trust List (CTL) +**[Windows Secure Baseline]** | Group Policy objects, compliance checks, and configuration tools that provide an automated and flexible approach for securely deploying and maintaining the latest releases of Windows 10 +**[IIS Crypto]** | A utility for configuring encryption protocols, cyphers, hashing methods, and key exchanges for Windows components +**[NetLimiter]** | Internet traffic control and monitoring tool + +**See Also**: +- [github.com/Awesome-Windows/Awesome#security] +- [github.com/PaulSec/awesome-windows-domain-hardening] +- [github.com/meitar/awesome-cybersecurity-blueteam#windows-based-defenses] + +[HardenTools]: https://github.com/securitywithoutborders/hardentools +[Sticky-Keys-Slayer]: https://github.com/linuz/Sticky-Keys-Slayer +[SigCheck]: https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck +[Windows Secure Baseline]: https://github.com/nsacyber/Windows-Secure-Host-Baseline +[IIS Crypto]: https://www.nartac.com/Products/IISCrypto +[NetLimiter]: https://www.netlimiter.com +[github.com/Awesome-Windows/Awesome#security]: https://github.com/Awesome-Windows/Awesome#security +[github.com/PaulSec/awesome-windows-domain-hardening]: https://github.com/PaulSec/awesome-windows-domain-hardening +[github.com/meitar/awesome-cybersecurity-blueteam#windows-based-defenses]: https://github.com/meitar/awesome-cybersecurity-blueteam#windows-based-defenses + + +## Mac OS Defences + +| Provider | Description | +| --- | --- | +**[LuLu]** | Free, open source macOS firewall. It aims to block unknown outgoing connections, unless explicitly approved by the user +**[Stronghold]** | Easily configure macOS security settings from the terminal +**[Fortress]** | Kernel-level, OS-level, and client-level security for macOS. With a Firewall, Blackhole, and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers; with On-Demand and On-Access Anti-Virus Scanning + + +[LuLu]: https://objective-see.com/products/lulu.html +[Stronghold]: https://github.com/alichtman/stronghold +[Fortress]: https://github.com/essandess/macOS-Fortress + + + +## Home Automation + +If you have smart devices within your home, you should consider running the automation locally, rather than using a cloud service. This will reduce the amount of exploits you could potentially be vulnerable to. It is also important to have network monitoring and firewalls enabled, to ensure suspicious activity is flagged or blocked. The following projects will make controlling and monitoring IoT devices within your home easier, safer and more private. + +| Provider | Description | +| --- | --- | +**[Home Assistant](https://www.home-assistant.io)** | Open source home automation that puts local control and privacy first- 1500+ integrations. Runs well on a Raspberry Pi, accessible though a web interface and CLI, as well as several controller apps (such as [HassKit](https://play.google.com/store/apps/details?id=com.thhkstudio.hasskit) and the official [Home Assistant App](https://play.google.com/store/apps/details?id=io.homeassistant.companion.android)) +**[OpenHAB](https://www.openhab.org)** | A vendor and technology agnostic open source automation software for your home, with 2000+ supported devices and addons. Works well on a Raspberry Pi, or low-powerd home server, and again there are some great apps for, such as the official [OpenHabb App](https://play.google.com/store/apps/details?id=org.openhab.habdroid) and the [HomeHabit](https://play.google.com/store/apps/details?id=app.homehabit.view) wall dashboard +**[Domoticz](https://www.domoticz.com)** | Another home automation system, Domoticz is more geared towards connecting and monitoring sensors within your space. Allows you to monitor your environment without anyone but you having access to the data +**[Node-RED](https://nodered.org)** | Node-RED is a programming tool for wiring together hardware devices, APIs and online services, it provides a browser-based editor that makes it easy to build flows with a wide range of supported nodes, and it is easy to deploy locally in your network + +#### Notable Mentions +For creating dashboard from IoT devices, see [ThingsBoard](https://thingsboard.io). Another home automation tool is [FHEM](https://fhem.de/fhem.html), which has been around for a while and needs a bit more work to get up and running, but is still a popular option. + +#### Word of Warning +IoT smart home devices can open you up to many security risks and exploits. It is really important that you configure them correctly, setting strong unique passwords, turn off data sharing, and if possible restrict internet access so devices can only communicate within your local network. See [Smart Home Security Checklist](https://github.com/Lissy93/personal-security-checklist#smart-home) for more tips. + + +## AI Voice Assistants + +Google Assistant, Alexa and Siri don't have the best [reputation](https://srlabs.de/bites/smart-spies) when it comes to protecting consumers privacy, there have been [many recent breaches](https://www.theverge.com/2019/10/21/20924886/alexa-google-home-security-vulnerability-srlabs-phishing-eavesdropping). For that reason it is recommended not to have these devices in your house. The following are open source AI voice assistants, that aim to provide a human voice interface while also protecting your privacy and security + +| Provider | Description | +| --- | --- | +**[Mycroft](https://mycroft.ai)** | An open source privacy-respecting AI platform, that runs on many platforms (Raspberry Pi, desktop, or dedicated Mycroft device). It is in active development, with thorough documentation and a broad range of available skills, but also Mycroft makes it really easy to develop new skills +**[Kalliope](https://kalliope-project.github.io)** | An open source, modular always-on voice controlled personal assistant designed for home automation. It runs well on Raspberry Pi, Debian or Ubuntu and is easy to program with simple YAML-based skills, but does not have a wide library of pre-built add-ons + +#### Notable Mentions +If you choose to continue using Google Home/ Alexa, then check out **[Project Alias](https://github.com/bjoernkarmann/project_alias)**. It's a small app that runs on a Pi, and gives you more control over your smart assistants, for both customisation and privacy. + +For a desktop-based assistant, see [Dragonfire](https://github.com/DragonComputer/Dragonfire) for Ubuntu, and [Jarvis](https://github.com/sukeesh/Jarvis) for MacOS. [LinTO](https://linto.ai), [Jovo](https://www.jovo.tech) and [Snips](https://snips.ai) are private-by-design voice assistant frameworks that can be built on by developers, or used by enterprises. [Jasper](https://jasperproject.github.io), [Stephanie](https://github.com/SlapBot/stephanie-va) and [Hey Athena](https://github.com/rcbyron/hey-athena-client) are Python-based voice assistant, but neither is under active development anymore. See also [OpenAssistant](https://openassistant.org). + +#### Word of Warning +If you are building your own assistant, you may want to consider a hardware-switch for disabling the microphone. Keep tabs on issues and check the code, to ensure you are happy with how it works, from a privacy perspective. + + +## Bonus #1 - Alternatives to Google +Moving away from Google, and using multiple alternative apps will mean there is no single source of tracking. Open source and privacy-focused software is best + +- Academic: [RefSeek](https://www.refseek.com), [Microsoft Academic](https://academic.microsoft.com), [More Academic Search Engines](https://en.wikipedia.org/wiki/List_of_academic_databases_and_search_engines) +- Analytics: [Matomo](https://matomo.org), [Privalytics](https://www.privalytics.io) +- Assistant: [Mycroft](https://mycroft.ai), [Kalliope](https://kalliope-project.github.io), [Project-Alias](https://github.com/bjoernkarmann/project_alias) (for Google Home/ Alexa) +- Authenticator: [Aegis](https://getaegis.app), [AndOTP](https://github.com/andOTP/andOTP), [FreeOTP](https://freeotp.github.io), [Authenticator (ios)](https://github.com/mattrubin/authenticator) +- Blogging: [Write Freely](https://writefreely.org), [Telegraph](https://telegra.ph), [Ghost](https://ghost.org) +- Browsers: [Brave](https://brave.com/?ref=ali721), [Firefox](https://www.mozilla.org/firefox) (with some [tweaks](https://restoreprivacy.com/firefox-privacy/)), [Vivaldi](https://vivaldi.com/) +- Calendar: [EteSync](https://www.etesync.com/accounts/signup/?referrer=QK6g), [ProtonCalendar](https://protonmail.com/blog/protoncalendar-beta-announcement) +- Cloud: [Njalla](https://njal.la), [Vindo](https://www.vindohosting.com), [Private Layer](https://www.privatelayer.com) +- DNS: [Cloudflare](https://blog.cloudflare.com/announcing-1111), [Quad9](https://www.quad9.net) +- Docs: [NextCloud](https://nextcloud.com), [CryptPad](https://cryptpad.fr) +- Finance: [Wallmine](https://wallmine.com), [MarketWatch](https://www.marketwatch.com/tools/quotes/lookup.asp), [Nasdaq Lookup](https://www.nasdaq.com/market-activity/stocks) +- Flights: [SkyScanner](https://www.skyscanner.net), [Kayak](https://www.kayak.co.uk) (Note: Beware of tracking, use Tor) +- Location Tracker: [Private Kit](https://play.google.com/store/apps/details?id=edu.mit.privatekit) +- Mail: [ProtonMail](https://protonmail.com), [MailFence](https://mailfence.com?src=digitald), [HushMail](https://www.hushmail.com/tapfiliate/?tap_a=44784-d2adc0&tap_s=724845-260ce4&program=hushmail-for-small-business), [33Mail](http://33mail.com/Dg0gkEA) +- Maps: [OpenStreetMaps](https://www.openstreetmap.org) +- Messaging: [Signal](https://signal.org), [KeyBase](https://keybase.io) +- Mobile OS: [LineageOS](https://www.lineageos.org), [GrapheneOS](https://grapheneos.org), [Ubuntu Touch](https://ubports.com) +- Notes: [Cryptee](https://crypt.ee), [Joplin](https://joplinapp.org), [Standard Notes](https://standardnotes.org/?s=chelvq36), [Joplin](https://joplinapp.org) +- Passwords: [BitWarden](https://bitwarden.com), [1Password](https://1password.com), [KeePassXC](https://keepassxc.org), [LessPass](https://lesspass.com) +- Pay: [Privacy.com](https://privacy.com/join/VW7WC), [Revolut](https://revolut.ngih.net/Q9jdx) (disposable virtual credit cards) +- Play Store: [F-Droid](https://f-droid.org), [APK Mirror](https://www.apkmirror.com) +- Search: [DuckDuckGo](https://duckduckgo.com), [Start Page](https://www.startpage.com), [Qwant](https://www.qwant.com) +- Sync: [SeaFile](https://www.seafile.com), [Syncthing](https://syncthing.net), [NextCloud](https://nextcloud.com), [Duplicacy](https://duplicacy.com) +- Translate: [Apertium](https://www.apertium.org) +- Weather: [Open Weather Map](https://openweathermap.org) +- Youtube: [PeerTube](https://joinpeertube.org), [BitChute](https://www.bitchute.com) (Caution: Not moderated) + + + +## Bonus #2 - Open Source Media Applications + +Community-maintained media software can help you migrate away from providers that may not respect privacy. The following creative software packages are open source, cross-platform and free. + +- Graphics: [GIMP](https://www.gimp.org), [Scribus](https://www.scribus.net), [SwatchBooker](http://www.selapa.net/swatchbooker), [InkScape](https://inkscape.org), [Kirta](https://krita.org) +- Audio: [Audacity](https://www.audacityteam.org), [Mixxx](https://mixxx.org), [MusicBrainz](https://picard.musicbrainz.org), [Qtractor](https://qtractor.sourceforge.io) +- Video: [Shortcut](https://www.shotcutapp.com), [OpenShot](https://www.openshot.org), [kdenlive](https://kdenlive.org) +- Media Players: [VLC Player](https://www.videolan.org) +- Media Servers: [Kodi](https://kodi.tv), [Plex](https://www.plex.tv), [Subsonic](http://www.subsonic.org), [Madsonic](https://beta.madsonic.org), [Emby](https://emby.media), [Gerbera](https://gerbera.io), [OpenELEC](https://openelec.tv), [OpenFlixr 2](https://www.openflixr.com), [OCMC](https://osmc.tv) +- 3D Rendering: [Blender](https://www.blender.org) +- Game Engines: [GoDot](https://godotengine.org) + + +## Bonus #3 - Self-Hosted Services + +- Analytics: [Matomo](https://matomo.org), [Fathom](https://github.com/usefathom/fathom), [GoatCounter](https://www.goatcounter.com), [Rudder](https://github.com/rudderlabs) +- Blogging: [Hexo](https://hexo.io), [Noddity](http://noddity.com), [Plume](https://joinplu.me), [Ghost](https://github.com/TryGhost/Ghost), [Write.as](https://github.com/writeas) +- Bookmarks: [Shiori](https://github.com/go-shiori/shiori), [Geek Marks](https://geekmarks.dmitryfrank.com), [Ymarks](https://bitbucket.org/ymarks), [xBrowserSync](https://www.xbrowsersync.org), [reminiscence](https://github.com/kanishka-linux/reminiscence), [unmark](https://github.com/cdevroe/unmark) +- Chat Networks: [Gotify](https://gotify.net), [GNU:net](https://gnunet.org), [Centrifugo](https://github.com/centrifugal/centrifugo), [Mumble](https://www.mumble.info), [Tox](https://tox.chat), [Matrix](https://matrix.org) + [Riot](https://riot.im), [Retroshare](https://retroshare.cc) +- CMS: [Strapi](https://strapi.io) (headless), [ApostropheCMS](https://github.com/apostrophecms/apostrophe), [Plone](https://github.com/plone), [Publify](https://publify.github.io), [Pico](http://picocms.org) +- Conference: [BigBlueButton](https://github.com/bigbluebutton/bigbluebutton), [Osem](https://github.com/openSUSE/osem), [Dialogs](https://github.com/dialogs), [Spectrum](https://github.com/withspectrum/spectrum), [Mattermost](https://github.com/mattermost), [OpenMeetings](https://openmeetings.apache.org), [Jitsu](https://github.com/jitsi) +- Document Management: [Paperless](https://github.com/the-paperless-project/paperless) +- E-Commerce: [Qor](https://getqor.com), [Magento](https://github.com/magento), [Grandnode](https://github.com/grandnode/grandnode) +- Email Clients: [Rainloop](http://www.rainloop.net), [RoundCube](https://roundcube.net) +- Email Setup: [Mailu](https://mailu.io), [MailCow](https://mailcow.email), [Mail-in-a-Box](https://mailinabox.email) +- File Drop: [PsiTransfer](https://github.com/psi-4ward/psitransfer), [Up1](https://github.com/Upload/Up1), [FilePizza](https://file.pizza) +- File Explorer: [FileRun](https://filerun.com), [Pydio](https://pydio.com) +- Groupware: [SoGo](https://github.com/inverse-inc/sogo), [SuitCRM](https://github.com/salesagility/SuiteCRM) +- News Letters: [LewsNetter](https://github.com/bborn/lewsnetter), [PHP List](https://www.phplist.com), [Dada Mail](https://github.com/justingit/dada-mail) +- Office Suits: [CryptPad](https://cryptpad.fr), [LibreOffice](https://www.libreoffice.org), [onlyoffice](https://github.com/ONLYOFFICE), [NextCloud](https://nextcloud.com) +- Paste Bins: [Snibox](https://snibox.github.io), [PrivateBin](https://github.com/PrivateBin/PrivateBin), [0bin](https://github.com/sametmax/0bin), [Stikked](https://github.com/claudehohl/Stikked) +- Search Engine: [Searx](https://asciimoo.github.io/searx) +- Social Networks: [Mastodon](https://mastodon.social), [Pixelfed](https://pixelfed.org), [diaspora](https://diasporafoundation.org) +- Ticketing: [Zammad](https://github.com/zammad/zammad), [osTicket](https://github.com/osTicket/osTicket), [Helpy](https://github.com/helpyio/helpy) +- URL Shortners: [Shlink](https://shlink.io), [Polr](https://polrproject.org), [Istu](https://github.com/ldidry/lstu), [Linkr](https://github.com/LINKIWI/linkr) +- WiKi/ Knowledge Sharing: [Gollum](https://github.com/gollum/gollum), [Outline](https://github.com/outline/outline), [Wiki JS](https://github.com/Requarks/wiki), [Gitit](https://github.com/jgm/gitit), [TidyWiki5](https://github.com/Jermolene/TiddlyWiki5), [Cowyo](https://github.com/schollz/cowyo) +- XMP: Server: [ejabberd](https://github.com/processone/ejabberd), [MongooseIM](https://github.com/esl/MongooseIM), [OpenFire](https://github.com/igniterealtime/Openfire). Clients: [Candy](https://github.com/candy-chat/candy), [Converse](https://github.com/conversejs/converse.js) + + +## Bonus #4 - Self-Hosted Sysadmin + +- Ad-Block (network-wide): [PiHole](https://pi-hole.net) +- Content Filter: [E2Guardian](http://e2guardian.org), [Squid Guard](http://www.squidguard.org) +- Cron Jobs: [HealthChecks](https://healthchecks.io) +- Dashboards: [Homer](https://github.com/bastienwirtz/homer), [Heimdall](https://heimdall.site), [SWMP](https://swmp.ml), [Uchiwa](https://uchiwa.io) (for Sensu), [Linux Dash](https://github.com/afaqurk/linux-dash) +- DNS: [CoreDNS](https://coredns.io), [KnotDNS](https://www.knot-dns.cz), [Bind 9](https://www.isc.org/bind), [PowerDNS](https://www.powerdns.com) +- Domain Control: [DomainMod](https://domainmod.org), [OctoDNS](https://github.com/github/octodns), [DNSControl](https://stackexchange.github.io/dnscontrol) +- Firewall: [IPFire](https://www.ipfire.org), [PFSense](https://www.pfsense.org), [OpenSense](https://opnsense.org), [ShoreWall](https://shorewall.org) +- Log Management: [GoAccess](https://goaccess.io) +- Monitoring: [Alerta](https://github.com/alerta/alerta), [Cabot](https://github.com/arachnys/cabot), [Cadvisor](https://github.com/google/cadvisor), [CheckMK](https://checkmk.com), [Linux Dash](https://github.com/afaqurk/linux-dash). [NetData](https://www.netdata.cloud), [PS Dash](https://github.com/Jahaja/psdash) +- Proxy: [ShaddowSocks](https://shadowsocks.org), [Privoxy](https://www.privoxy.org) +- Server Status: [Statup](https://github.com/hunterlong/statping), [BotoX / ServerStatus](https://github.com/BotoX/ServerStatus), [Mojeda / ServerStatus](https://github.com/mojeda/ServerStatus), [Statusfy](https://statusfy.co), [Cachet](https://cachethq.io) +- SSH Tools: [RTop](https://github.com/rapidloop/rtop) (sts stats), [Fiche](https://github.com/solusipse/fiche) (cli pastepin) +- Storage DB: [OpenTSBD](http://opentsdb.net), [KairosDB](https://github.com/kairosdb/kairosdb), [InfluxData](https://www.influxdata.com) +- VPN: [OpenVPN](https://community.openvpn.net), [Pritunl](https://pritunl.com) +- Web Servers: [NGINX](https://nginx.org), [Caddy](https://caddyserver.com), [Light TPD](https://www.lighttpd.net) + +## Bonus #5 - Self-Hosted Development Tools + +- API Management: [Kong](https://github.com/Kong/kong), [Krakend](https://github.com/devopsfaith/krakend), [tyk](https://github.com/TykTechnologies/tyk), [Hasura](https://hasura.io) +- Browser-based IDE: [Code Server](https://github.com/cdr/code-server) (VS Code), [Che](https://github.com/eclipse/che) (Eclipse), [ICEcoder](https://github.com/icecoder/ICEcoder), [ml-workspace](https://github.com/ml-tooling/ml-workspace) (for Data science and ML), [r-studio](https://github.com/rstudio/rstudio) (for R programming) +- Code Reviews: [Phabricator](https://github.com/phacility/phabricator). See also: Git Servers, most of which have CR features +- Containers: [Docker](https://github.com/docker), [LXC](https://github.com/lxc/lxc), [OpenVZ](https://github.com/OpenVZ) +- Continuous Integration: [Drone](https://github.com/drone/drone), [Concourse](https://github.com/concourse/concourse), [BuildBot](https://github.com/buildbot/buildbot), [Strider](https://github.com/Strider-CD/strider), [Jenkins](https://github.com/jenkinsci/jenkins) +- Deployment Automation: [Capustrano](https://github.com/capistrano/capistrano), [Fabric](https://github.com/fabric/fabric), [Mina](https://github.com/mina-deploy/mina), [Munki](https://github.com/munki/munki), [Rocketeer](https://github.com/rocketeers/rocketeer), [Sup](https://github.com/pressly/sup) +- Doc Generators: [FlatDoc](https://github.com/rstacruz/flatdoc), [Docsify](https://github.com/docsifyjs/docsify), [Sphinx](https://github.com/sphinx-doc/sphinx), [ReadTheDocs](https://github.com/readthedocs/readthedocs.org), [Docusarus](https://github.com/facebook/docusaurus), [mkdocs](https://github.com/mkdocs/mkdocs) +- Git Server: [GitBucket](https://gitbucket.github.io), [GitTea](https://gitea.io), [GitLab](https://gitlab.com/gitlab-org/gitlab-foss), [Gogs](https://gogs.io) +- Localization: [Weblate](https://github.com/WeblateOrg/weblate), [Translate/ Pootle](https://github.com/translate/pootle), [Accent](https://github.com/mirego/accent) +- Serverless: [OpenFaas](https://www.openfaas.com), [IronFunctions](https://github.com/iron-io/functions), [LocalStack](https://github.com/localstack/localstack), [fx](https://github.com/metrue/fx) +- Static Site Gen: See [StaticGen.com](https://www.staticgen.com) +- UI Testing: [Selenoid](https://github.com/aerokube/selenoid), [Zalenium](https://github.com/zalando/zalenium), [Selenium](https://github.com/SeleniumHQ/selenium) +- More Tools: + - [Request Bin](https://github.com/Runscope/requestbin) - Inspect HTTP requests and Debug webhooks + - [Regexr](https://github.com/gskinner/regexr) - Web tool for for creating, testing, and learning about Regular Expressions + - [JS Bin](https://github.com/jsbin/jsbin) - Collaborative JavaScript Debugging App, create, test, run and send web code snippets + - [Koding](https://github.com/koding/koding) - A development platform to orchestrates your project-specific dev environment + - [Judge0](https://github.com/judge0) - A web compiler accessed through either an API of web-IDE, for executing trusted or untrusted code + - [SourceGraph](https://github.com/sourcegraph/sourcegraph) - Self-hosted universal code search and navigation engine + + +## Bonus #6 - Security Testing Tools + +This list is intended to aid you in auditing the security of your own systems, and help detect and eliminate vulnerabilities. It is intended for advanced users and sysadmins. For penetration testing, see [enaqx/awesome-pentest](https://github.com/enaqx/awesome-pentest) GitHub list instead + +- [Amass] - In-depth Attack Surface Mapping and Asset Discovery, to help you identify issues and secure your network +- [CloudFail] - Ensure there are no misconfigured DNS and old database records, accessible by bypassing CloudFlare network +- [CrackMapExec] - A CLI tool for pen testing all areas of your local and remote networks, to ensure their integrity +- [DNSdumpster] - A domain research tool that can discover hosts related to a domain. It can be used to test and ensure there are no visible hosts that a hacker could exploit +- [DNSTracer] - Scan your domain, to show which records are publicly visible and need to be obfuscated +- [dnstwist] - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage, to protect those on your network +- [GRR] - incident response framework focused on remote live forensics +- [Impacket] - A collection of Python classes for working with network protocols, focused on providing low-level programmatic access to the packets and for the protocol implementation themselves +- [Kali Linux] - A Debian-based distro for security testing, bundled with 1000's of powerful packages and scripts. Saves a lot of time configuring sys-admin tools and drivers +- [Lynis] - A security tool that performs an extensive health scan of your systems to support system hardening and compliance testing +- [Masscan] - TCP port scanner, that checks packets asynchronously, configure it to check only your IP ranges and it completes in milliseconds +- [Metasploit] - Popular and powerful penetration testing framework, for exploitation and vulnerability validation- bundled with a full suit of tools, it makes it easy to divide your penetration testing workflow into manageable sections. Very useful for testing your entire network E2E +- [Moloch] - Full packet capture, indexing, and database system. The elastic search backend makes searching through pcaps fast, and the frontend displays captured data clearly with good support for protocol decoding +- [Nikto2] - Well-established web server testing tool, useful for firing at your web server to find known vulnerable scripts, configuration mistakes and related security problems +- [Nmap] - Powerful utility for network discovery and security auditing. Useful for your network inventory, managing service upgrade schedules, and monitoring host or service uptime +- [OpenAudit] - An application to tell you exactly what is on your network, how it is configured and when it changes +- [OpenVAS] - Fully-featured security vulnerability management system, with web-based dashboards. Useful for fast and easy scans of your network +- [OSQuery] - SQL powered operating system instrumentation, monitoring, and analytics. Very performant cross-platform tool, useful for monitoring a host for changes and providing endpoint visibility +- [OSSEC HIDS] - A host based intrusion detection system that is easy to setup and configure, which performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response +- [Otseca] - Search and dump your system configuration + generate HTML reports +- [RouterSploit]: An exploitation framework for checking the security of local embedded devices, to ensure they are safe +- [Security Onion] - Linux distro for intrusion detection, enterprise security monitoring, and log management. It includes a suit of security testing tools. Useful for collecting, storing and managing a variety of system data, for use on your networks +- [Snort] - Intrusion detection system aimed at real time traffic analysis and packet logging tool +- [SPARTA] - GUI tool that makes pen testing your network infrastructure easier +- [Wireshark] - Popular, powerful feature-rich network protocol analyser. Lets you analyse everything that is going on in your network in great detail +- [Zeek] - Powerful intrusion detection system and network security monitoring, that (rather than focusing on signatures) decodes protocols and looks for anomalies within the traffic + + +[Amass]: https://github.com/OWASP/Amass +[CloudFail]: https://github.com/m0rtem/CloudFail +[CrackMapExec]: https://github.com/byt3bl33d3r/CrackMapExec +[DNSdumpster]: https://dnsdumpster.com/ +[DNSTracer]: http://www.mavetju.org/unix/dnstracer.php +[dnstwist]: https://github.com/elceef/dnstwist +[GRR]: https://github.com/google/grr +[Impacket]: https://github.com/SecureAuthCorp/impacket +[Kali Linux]: https://www.kali.org +[Kali Linux_source]: https://gitlab.com/kalilinux +[Lynis]: https://cisofy.com/lynis +[Masscan]: https://github.com/robertdavidgraham/masscan +[Metasploit]: https://www.metasploit.com +[Metasploit_source]: https://github.com/rapid7/metasploit-framework +[Moloch]: https://molo.ch +[Moloch_source]: https://github.com/aol/moloch +[Nikto2]: https://cirt.net/nikto2 +[Nikto2_source]: https://github.com/sullo/nikto +[Nmap]: https://nmap.org +[Nmap_source]: https://github.com/nmap/nmap +[OpenAudit]: https://www.open-audit.org +[OpenVAS]: https://openvas.org +[OpenVAS_source]: https://github.com/greenbone/openvas +[OSQuery]: https://osquery.io +[OSQuery_source]: https://github.com/osquery/osquery +[OSSEC HIDS]: https://www.ossec.net +[OSSEC HIDS_source]: https://github.com/ossec/ossec-hids +[Otseca]: https://github.com/trimstray/otseca +[RouterSploit]: https://github.com/threat9/routersploit +[Security Onion]: https://securityonion.net +[Security Onion_source]: https://github.com/Security-Onion-Solutions/security-onion +[Snort]: https://snort.org +[SPARTA]: https://sparta.secforce.com +[SPARTA_source]: https://github.com/SECFORCE/sparta +[Wireshark]: https://www.wireshark.org +[Wireshark_source]: https://code.wireshark.org/review/#/admin/projects/wireshark +[Zeek]: https://zeek.org +[Zeek_source]: https://github.com/zeek/zeek + + + + +## Final Notes + + +### Conclusion + +Many coporations put profit before people, collecting data and exploiting privacy. Many claim to be secure but without being open source it can't be verified and it is always too late once there has been a breach. Switching to privacy-respecting open source software will drastically help improving your security, privacy and anonymity online. + +However, that's not all you need to do. It is also important to : use strong and unique passwords, 2-factor authentication, +adopt good networking practices and be mindful of data that are collected when browsing the web. You can see the full +**[personal security checklist](https://github.com/Lissy93/personal-security-checklist/blob/master/README.md)** for more tips to stay safe. + +### See Also + +- [Personal Security Checklist](/README.md) +- [Gadgets for Privacy & Security](/6_Privacy_and-Security_Gadgets.md) +- [Further Links: Privacy & Security](/4_Privacy_And_Security_Links.md) +- [The Importance of Digital Security & Privacy](/0_Why_It_Matters.md) + +This page is just one in this repository of open source privacy & security resources. +So while your here, why not also check out the files linked to above 😉 + +### Disclaimer + +No piece of software is truly secure or private. + +Software is only as secure as the system it is running on. You need to keep your devices up-to-date and follow good security practices. + +It is a good idea to keep your trusted software base small, to reduce potential attack surface. At the same time trusting a single application for too many tasks could be a weakness in your system. So you will need to judge the situation according to your threat model, and carefully plan which software and applications you trust with each segment of your data. + +There is often a trade-off between convenience and security. Construct a threat model, and choose a balance that is right for you. In a similar way in some situations there is privacy and security conflict (e.g. Find My Phone is great for security, but terrible for privacy, and anonymous payments may be good for privacy but less secure than insured fiat currency). Again it is about assessing your situation, understanding the risks and making an informed decision. + +Open source software has long had a reputation of being more secure than its closed source counterparts. Since bugs are raised transparently, fixed quickly, the code can be checked by experts in the community and there is usually little or no data collection or analytics. That being said, there is no piece of software that it totally bug free, and hence never truly secure or private. Being open source, is in no way a guarantee that something is safe. There is no shortage of poorly-written, obsolete or sometimes plain malicious open source projects on the internet. + +When using a hosted or property solution- always check the privacy policy, research the reputation of the organisation, and be weary about which data you trust them with. Where possible choose open source software for security-critical situations. + +This list contains packages that range from entry-level to advanced, a lot of the software here will not be appropriate for all audiences. + +It is in no way a definitive list of secure applications, and aims only to be a guide, a collection of software and services that myself and others have used, and would recommend. There will always be new vulnerabilities discovered or introduced, bugs and poorly configured systems. It is up to you to do your research, and decide where and how your data are managed. + + +### Contributing + +*Thanks for visiting! If you have suggestions, then you [open an issue](https://github.com/Lissy93/personal-security-checklist/issues/new/choose), or [submit a PR](https://github.com/Lissy93/personal-security-checklist/pull/new/master), see: [`CONTRIBUTING.md`](/.github/CONTRIBUTING.md). Contributions are welcome, and much appreciated* ☺️ + + +### License + +[![Attribution 4.0 International](https://licensebuttons.net/l/by/3.0/88x31.png)](https://github.com/Lissy93/personal-security-checklist/blob/master/LICENSE.md) + +*Licensed under [Creative Commons, CC BY 4.0](https://creativecommons.org/licenses/by/4.0/), © [Alicia Sykes](https://aliciasykes.com) 2020* + + +### Thank you + +Thank you for checking out this project- I hope you found it somewhat useful 😊 + +This list was started by myself- Alicia, with a lot of help + contributions from the community. You can get in contact with me below: + +[![Alicia Sykes on Twitter](https://img.shields.io/twitter/follow/Lissy_Sykes?style=social&logo=twitter)](https://twitter.com/Lissy_Sykes) +[![Alicia Sykes on GitHub](https://img.shields.io/github/followers/lissy93?label=Lissy93&style=social)](https://github.com/Lissy93) +[![Alicia Sykes on Mastodon](https://img.shields.io/mastodon/follow/1032965?domain=https%3A%2F%2Fmastodon.social)](https://mastodon.social/web/accounts/1032965) +[![Alicia Sykes on Keybase](https://img.shields.io/badge/aliciasykes--lightgrey?style=social&logo=Keybase)](https://keybase.io/aliciasykes) +[![Alicia Sykes's PGP](https://img.shields.io/badge/PGP--lightgrey?style=social&logo=Let%E2%80%99s%20Encrypt)](https://keybase.io/aliciasykes/pgp_keys.asc) +[![Alicia Sykes's Website](https://img.shields.io/badge/aliciasykes.com--lightgrey?style=social&logo=Tencent%20QQ)](https://aliciasykes.com) + +--- + +Found this helpful? Consider sharing it with others, to help them also improve their digital security 😇 + +[![Share on Twitter](https://img.shields.io/badge/Share-Twitter-17a2f3?style=for-the-badge&logo=Twitter)](http://twitter.com/share?text=Improve%20your%20personal%20cyber%20security%2C%20check%20out%20this%20ultimate%20list%20of%20privacy-respecting%20software%20on%20GitHub%0Ahttps%3A%2F%2Fgit.io%2FJv66u%20%F0%9F%94%90%20%E2%9C%A8%20%40Lissy_Sykes) +[![Share on LinkedIn](https://img.shields.io/badge/Share-LinkedIn-0077b5?style=for-the-badge&logo=LinkedIn)]( +http://www.linkedin.com/shareArticle?mini=true&url=https://git.io/Jv66u&title=The%20Ultimate%20List%20of%20Privacy-Respecting%20Software&summary=Improve%20your%20personal%20cyber%20security%2C%20check%20out%20this%20ultimate%20list%20of%20privacy-respecting%20software%20on%20GitHub%0Ahttps%3A%2F%2Fgit.io%2FJv66u%20%F0%9F%94%90%20%E2%9C%A8&source=https://github.com/Lissy93) +[![Share on Facebook](https://img.shields.io/badge/Share-Facebook-4267b2?style=for-the-badge&logo=Facebook)](https://www.linkedin.com/shareArticle?mini=true&url=https%3A//github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=) +[![Share on Mastodon](https://img.shields.io/badge/Share-Mastodon-56a7e1?style=for-the-badge&logo=Mastodon)](https://mastodon.social/web/statuses/new?text=Improve%20your%20personal%20cyber%20security%2C%20check%20out%20this%20ultimate%20list%20of%20privacy-respecting%20software%20on%20GitHub%0Ahttps%3A%2F%2Fgit.io%2FJv66u%20by%20%40lissy93%20%20%F0%9F%94%90%20%E2%9C%A8) + + + + +[//]: # (BROWSER EXTENSION LINKS) +[privacy-badger-chrome]: https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp +[privacy-badger-firefox]: https://addons.mozilla.org/en-GB/firefox/addon/privacy-badger17/ +[https-everywhere-chrome]: https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp?hl=en +[https-everywhere-firefox]: https://addons.mozilla.org/en-GB/firefox/addon/https-everywhere/ +[ublock-chrome]: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en-GB +[ublock-firefox]: https://addons.mozilla.org/en-GB/firefox/addon/ublock-origin/ +[script-safe-chrome]: https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf?hl=en-GB +[script-safe-firefox]: https://addons.mozilla.org/en-GB/firefox/addon/script-safe/ +[web-rtc-chrome]: https://chrome.google.com/webstore/detail/webrtc-leak-prevent/eiadekoaikejlgdbkbdfeijglgfdalml?hl=en-GB +[vanilla-cookie-chrome]: https://chrome.google.com/webstore/detail/vanilla-cookie-manager/gieohaicffldbmiilohhggbidhephnjj?hl=en-GB +[privacy-essentials-chrome]: https://chrome.google.com/webstore/detail/duckduckgo-privacy-essent/bkdgflcldnnnapblkhphbgpggdiikppg?hl=en-GB +[privacy-essentials-firefox]: https://addons.mozilla.org/en-GB/firefox/addon/duckduckgo-for-firefox/ + +[//]: # (ANDROID APP LINKS) +[Island]: https://play.google.com/store/apps/details?id=com.oasisfeng.island +[Orbot]: https://play.google.com/store/apps/details?id=org.torproject.android +[Bouncer]: https://play.google.com/store/apps/details?id=com.samruston.permission +[Crypto]: https://play.google.com/store/apps/details?id=com.kokoschka.michael.crypto +[Cryptomator]: https://play.google.com/store/apps/details?id=org.cryptomator +[Daedalus]: https://play.google.com/store/apps/details?id=org.itxtech.daedalus +[Brevent]: https://play.google.com/store/apps/details?id=me.piebridge.brevent +[SuperFreezZ]: https://f-droid.org/en/packages/superfreeze.tool.android +[Secure Task]: https://play.google.com/store/apps/details?id=com.balda.securetask +[Tor Browser]: https://play.google.com/store/apps/details?id=org.torproject.torbrowser +[PortDroid]: https://play.google.com/store/apps/details?id=com.stealthcopter.portdroid +[Packet Capture]: https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture +[SysLog]: https://play.google.com/store/apps/details?id=com.tortel.syslog +[Dexplorer]: https://play.google.com/store/apps/details?id=com.dexplorer +[Check and Test]: https://play.google.com/store/apps/details?id=com.inpocketsoftware.andTest +[Tasker]: https://play.google.com/store/apps/details?id=net.dinglisch.android.taskerm +[Haven]: https://play.google.com/store/apps/details?id=org.havenapp.main +[NetGaurd]: https://www.netguard.me/ +[Exodus]: https://exodus-privacy.eu.org/en/page/what/#android-app +[XUMI Security]: https://xumi.ca/xumi-security/ +[Fing App]: https://www.fing.com/products/fing-app +[FlutterHole]: https://github.com/sterrenburg/flutterhole +[1.1.1.1]: https://1.1.1.1/ +[The Guardian Project]: https://play.google.com/store/apps/dev?id=6502754515281796553 +[The Tor Project]: https://play.google.com/store/apps/developer?id=The+Tor+Project +[Oasis Feng]: https://play.google.com/store/apps/dev?id=7664242523989527886 +[Marcel Bokhorst]: https://play.google.com/store/apps/dev?id=8420080860664580239 +[Simple Mobile Tools]: https://play.google.com/store/apps/dev?id=9070296388022589266 diff --git a/6_Privacy_and-Security_Gadgets.md b/6_Privacy_and-Security_Gadgets.md new file mode 100644 index 0000000..6348ff1 --- /dev/null +++ b/6_Privacy_and-Security_Gadgets.md @@ -0,0 +1,240 @@ +[![Awesome](https://awesome.re/badge-flat2.svg)](https://awesome.re) +[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com) +[![License](https://img.shields.io/badge/LICENSE-CC_BY_4.0-00a2ff?&style=flat-square)](https://creativecommons.org/licenses/by/4.0/) + +# Hardware for Protecting Privacy and Security +A curated list of (DIY and pre-built) devices, to help preserve privacy and improve physical cyber security 🔐 + +**Too long? 🦒** See the [TLDR version](/2_TLDR_Short_List.md#security-hardware) instead. + +--- + +#### Contents +- [Basics](#basics) +- [DIY Security Products](#diy-security-products) +- [Paranoid Security Gadgets](#paranoid-security-gadgets) +- [Network Security](#network-security) +- [Secure Computing Devices](#secure-computing-devices) +- [Hardware Encrypted Storage](#hardware-encrypted-storage) +- [USB Data Blockers](#usb-data-blockers) +- [FIDO U2F Keys](#fido-u2f-keys) +- [Crypto Wallets](#crypto-wallets) + + +## Basics + +**Item** | **Description** +--- | --- +**USB Data Blocker**
[![Data Blocker](https://i.ibb.co/jG3dpGW/1.jpg)](https://amzn.to/2HDArRP) | There are many exploits that allow an attacker to infect your device with malware and/ or steal data, when you plug it in to what appears to be a USB power outlet. If you are charging your phone while travelling, a USB data blocker will prevent anything other than power from getting to your device, by removing the connection between the 2 data wires. The PortaPower brand, also comes with a fast charging chip, since without the data connection your device would otherwise charge at minimum speed +**Microphone Blocker**
[![__](https://i.ibb.co/BKQTCbQ/2.jpg)](https://amzn.to/2uQ3r5L) | A microphone blocker is a device that prohibits audio hacking, in the form of a hardware accessory for a smartphones, laptops etc. It functions as a dummy mic jack, so the device thinks it has a microphone plugged in, and hence disables the internal one +**Faraday Pouch**
[![__](https://i.ibb.co/HBBG0QL/3.jpg)](https://amzn.to/3bIkfw4) | [Faraday Shield](https://en.wikipedia.org/wiki/Faraday_cage) is an enclosure that blocks electromagnetic fields. It is useful to keep any device which could be hacked through sending or receiving signals in such a case, such as car keys, or a smart phone. [Larger](https://amzn.to/2UTZOGM) versions are availible for tablets and latops. +**RFID Blocking Cards**
[![__](https://i.ibb.co/m4GtMdj/4.jpg)](https://amzn.to/38ycMxN) | If you are concerned about card skimming, you can use an RFID blocking sleeve to protect your contactless payment and identity cards. However there are proportionately very few RFID-skimmer crimes reported, and most credit cards have a low contactless limit +**Web Cam Covers**
[![__](https://i.ibb.co/X7B1WsH/5.jpg)](https://amzn.to/2uEz16H) | Web cam covers are quite self-exoplanetary, they physically conceal the lenses on your laptop or phone camera, to prevent a malicious actor (hacker, government, corporation etc) from watching you through the camera. It may sound paranoid, but unfortunately it happens, and it is a relatively simply process for someone to gain remote access to a webcam. Even Mark Zuckerberg [covers his webcam](https://www.geek.com/tech/mark-zuckerberg-tapes-up-his-webcam-and-snowden-says-you-should-too-1659083/)! Of course you could just use some tape, rather than buying a cover +**Port Blockers**
[![__](https://i.ibb.co/fYPVnK5/6.jpg)](https://amzn.to/327Yn9n) | There are many attacks that involve an attacker inserting a USB device (such as a BadUSB/ Rubber Ducky/ Malduino) to an open USB port. Adding a port blocker doesn't render you safe from this, since the attacker could take the time to try and remove it, but it could protect you for an opportunistic attack +**Privacy Filter**
[![__](https://i.ibb.co/KjkTbGN/7.jpg)](https://amzn.to/3bAa9xv) | Privacy filters are polarized sheets of plastic, that when placed over a computer screen prevent screen visibility from any angle other than straight on. They make it harder for anyone to look over your shoulder and see your data confidential +**YubiKey**
[![__](https://i.ibb.co/PGtbwxN/8.jpg)](https://amzn.to/38wcG9R) | The YubiKey is a small hardware device used to secure access on mobile devices, computers, and servers to all of your online accounts. It allows for second-factor authentication, hence protecting anyone other than you from logging in. It is said to be more convenient and more secure than using a mobile authenticator, but there are reasons for and against +**Encrypted Kingston Data Traveler**
[![__](https://i.ibb.co/ScRFhdt/9.jpg)](https://amzn.to/38xsnO5) | Good value, easy-to-use with no installation required. Built-in hardware encryption and high password protection. Also optionally allows for automatic cloud backup option to protect against data loss (which doesn't say much about their faith in this USB device, but jokes aside-) this is a very affordable and well rated little device +**Hardware Encrypted USB 3.0 Drive**
[![__](https://i.ibb.co/p3MzFHF/11.jpg)](https://amzn.to/2vD32Ug) | OS & Platform independent, with 100% hardware encryption, so it works perfectly with all operating systems. USB 3.0 with Read/Write Speeds of 116/43 MBps. GDPR complient and FIPS 140-2 Level 3, NLNCSA DEP-V & NATO Restricted Level Certified with real time military grade AES-XTS 256-bit hardware encryption +**Hardware Encrypted External Hard Drive**
[![__](https://i.ibb.co/BV5k29v/12.jpg)](https://amzn.to/37pTmK8) | Similar to the iStorage hardware encrypted USB 3.1 drive, this external hard drive has high capacity and strong hardware encryption. Data is encrypted with FIPS PUB 197 Validated Encryption Algorithm, and against a 7 - 15 digit alpha-numeric pin, with erasing capabilities for multiple failed login attempts +**Fingbox - Home Network Monitoring**
[![__](https://i.ibb.co/nkMxwz9/14.jpg)](https://amzn.to/2V5gATx) | Fing Box is an optional companion to the [Fing App](https://www.fing.com/products/fing-app). It provides network monitoring and security capabilities, to protect your home/ work network. As well as the functionality of the app, the FingBox allows you to block intruders and notify you about unknown devices as well as analyse your network for vulnerabilities, such as open ports. You can also see which devises are near your home at what time (even if they're not connected to your WiFi), and improve network speed with scheduled analysis and bandwidth allocation. Best to try out the Fing app alone, before buying the FindBox, but both are great products for netowrk monitoring and security +**Bootable Drive Eraser**
[![__](https://i.ibb.co/P11d0YH/15.jpg)](https://amzn.to/2SsL67Y) | Easy-to-use bootable USB will completely erase your hard drive with military grade destruction, making it near-impossible for any files or personal data to be recovered. This should be done before you sell, or dispose of any hard drive. Of course there are various .ISOs you can download and flash to a USB yourself if you do not want to spend money, but this USB supports all devices and is quick and easy to use, with excellent results +**Mobile Privacy Screen**
[![__](https://i.ibb.co/Zg9QG1j/17.jpg)](https://amzn.to/2OZO3Lc) | Similar to the laptop/ monitor privacy filter, this screen protector will prevent anyone from seeing what is on your screen when reading from an angle +**Kensington Lock**
[![__](https://i.ibb.co/TKHV5d3/20.jpg)](https://amzn.to/38zu0e2) | Quite self-explanatory, this lock will make it harder for someone to steal your laptop, and get to your data. Of course it does require that your laptop has the [Kensington Security Slot](https://en.wikipedia.org/wiki/Kensington_Security_Slot), which many do +**Anti-Surveillance Clothing**
[![__](https://i.ibb.co/Gk8jBBm/21.jpg)](https://adversarialfashion.com) | Facial recognition is being rolled out in most countries now, the patterns on these clothes, will confuse facial, object and number plate recognition, injecting junk data in to the systems, hence making it harder for automated systems to monitor and track you +**Solo Key**
[![__](https://i.ibb.co/8PFQRDy/26.jpg)](https://amzn.to/37CsOpj) | Another FIDO2 physical security key for 2-facto authentication and storing encryption keys. SoloKeys have both open source hardware and software, they are easy to use out of the box, but can also be used for developers and makers, since there is a well documented CLI +**Nano Ledger**
[![__](https://i.ibb.co/HdVyPzb/22.jpg)](https://amzn.to/37q1cn6) | If you are in possession of BitCoin or other crypto then one of the most secure ways to store, send and receive coins is with a hardware wallet. Ledger has a solid reputation when it comes to hardware encryption, and the main principle behind their wallets is to provide full isolation between the private keys and your easy-to-hack computer or smartphone +**Cold Storage**
[![__](https://i.ibb.co/nj6xyv1/23.jpg)](https://amzn.to/2HqVy9x) | If you are not planning on spending your crypto any time soon, and do not want to trust a tech-based solution, then consider this metal cold storage wallet. Unlike writing your private key down on paper, this will not fade, and cannot be destroyed by water, fire of other environmental circumstances. Of course you could just engrave your key on a small sheet of aluminium +**Anonabox**
[![__](https://i.ibb.co/L177XDJ/24.jpg)](https://amzn.to/2UWtP8E) | Plug-and-play Tor router, that can be used with public WiFi while travelling, or at home. Anonabox provides easy access to the deep web and lets you bypass censorship, protect your location, deter data collection and more. It can also be used with a VPN, or for online hosting. Of course you could build a similar product your self using a Raspberry Pi and a WiFi range extender +**Deauth Detector**
[![__](https://i.ibb.co/BqNGRCW/19.jpg)](https://amzn.to/2HtUy4B) | Most WiFi hacks begin by sending deauth packets, so that connected clients will briefly be disconnected to the network. This [ESP8266](https://en.wikipedia.org/wiki/ESP8266) comes pre-flashed with [@SpaceHuhn's](https://github.com/spacehuhn) deauth detector (which you can view [here, on GitHub](https://github.com/spacehuhn/DeauthDetector)). Once it detects [deauthentication or disassociation frames](https://mrncciew.com/2014/10/11/802-11-mgmt-deauth-disassociation-frames), it will activate a speaker to notify you +**Librem 5**
[![__](https://i.ibb.co/3TNh5Vt/l5-v1-front-100x100.png)](https://shop.puri.sm/shop/librem-5/) | Security and Privacy focused smart phone by Purism. With hardware kill switches and specially designed software, this device runs Linux, and does not track you. It Separates CPU from Cellular Baseband, uses IP-Native Communication First and Decentralized Communication by Default. The source code is user-controlled, and has layered security protection. Purism also have [other security-focused products](https://puri.sm/products) + + + + + +## DIY Security Products + +Don't want to spend money? Most of the products above, plus some that wearn't included can be built at home with some pretty simple hardware and open source software. The following list will point you in the right direction to start making! + +See Also [DIY Networking Hardware](#diy-networking-hardware) + +- **Network-wide add-block** - [Pi Hole](https://pi-hole.net) is a simple yet powerful app, that can be installed on a [Raspberry Pi](https://amzn.to/36GNpsm), and once you've updated your routers DNS servers to point to it, all resources on the blacklist will be blocked, at the point of origin. This makes it much more powerful than a browser add-on, and will also speed your internet up +- **Encrypted USB** - You can use [VeraCrypt](https://www.veracrypt.fr/en/Home.html) to create an encrypted USB drive, using any off-the shelf [USB drive](https://amzn.to/2RykcLD) +- **USB Sanitiser** - [CIRCLean](https://www.circl.lu/projects/CIRCLean) is a hardware solution to clean documents from untrusted (obtained) USB drives. It automatically converts untrusted documents into a readable but disarmed format and stores these clean files on a trusted (user owned) USB key/stick. +- **Hardware Wallet** - Using the Trezor Shield or [Trezor Core](https://github.com/trezor/trezor-firmware) and a Raspberry Pi, you can create your own hardware wallet for safley storing your crypto currency private keys offline. See [this guide](https://github.com/Multibit-Legacy/multibit-hardware/wiki/Trezor-on-Raspberry-Pi-from-scratch) for building. If you enjoyed that, you can also run your own BitCoin and Lightning Node [Raspiblitz](https://github.com/rootzoll/raspiblitz) +- **AI Assistant Mod** - [Project Alias](https://github.com/bjoernkarmann/project_alias) runs on a Pi, and gives you more control and increased privacy for both Google Home and Alexa, through intercepting voice commands, emitting noise interference + lots more. If your interested in voice assistants, then also check out [Mycroft](https://mycroft.ai)- an open source, Pi-based alternative to Google Home/ Alexa +- **Home VPN** - [Pi_VPN](https://www.pivpn.io) lets you use [OpenVPN](https://openvpn.net) to connect to your home network from anywhere, through your [Pi](https://amzn.to/2uniPqa). See [this guide](https://pimylifeup.com/raspberry-pi-vpn-server) for set-up instructions. This will work particularly well in combination with Pi Hole. +- **USB Password Manager** - Storing your passwords in the cloud may be convinient, but you cannot ever be certain they won't be breached. [KeePass](https://keepass.info/help/v2/setup.html) is an offline password manager, with a portable ddition that can run of a USB. There's also an [app](https://play.google.com/store/apps/details?id=com.korovan.kpass). See also [KeePassX](https://www.keepassx.org) and [KeePassXC](https://keepassxc.org) which are popular communnity forks with additional functionality +- **Automated Backups** - [Syncthing](https://syncthing.net) is a privacy-focused continuous file synchronization program. You can use it to make on-site backups as well as encrypted and sync your data with your chosen cloud storage provider +- **Bootable Drive Eraser** - You can flash the [DBAN](https://dban.org) or [KillDisk](https://www.killdisk.com/bootablecd.htm) ISO file onto a USB, boot from it and securly, fully wipe your hard drives. This is useful to do before selling or disposing of a PC. +- **Deauth Detector** - Since most wireless attacked begin by sending out deauthentication packets, you can flash SpaceHuhns [DeatuhDetector](https://github.com/spacehuhn/DeauthDetector), onto a standard [ESP8266 NodeMCU](https://amzn.to/2v5grV0), plug it in, and wait to be notified of wireless deauth attacks +- **Tor WiFi Network** - Using [OnionPi](https://github.com/breadtk/onion_pi), you can create a second wireless network, that routed traffic through Tor. This is very light-weight so can be done with just a [Pi Zero W](https://amzn.to/2Urc0hM). Here is a configuration [guide](https://www.sbprojects.net/projects/raspberrypi/tor.php) +- **Faraday Case** - If you want to block signals for devices such as car keys, smart phone, laptop or even just RFID-enabled cards and passports, you can line a box or pouch with [Faraday Fabric](https://amzn.to/2ORKtTr) +- **GPS Spoofer** - If you don't want to be tracked with GPS, then using a SDR you can send out spoof GPS signals, making near-by GPS-enabled devices think that they are in a totally different location. (Wouldn't recommend using this while on an airplane though!). You can use [gps-sdr-sim](https://github.com/osqzss/gps-sdr-sim) by [@osqzss](https://github.com/osqzss), and run it on a [Hacker RF](https://greatscottgadgets.com/hackrf) or similar SDR. Here's a [guide](https://www.rtl-sdr.com/tag/gps-spoofing) outlineing how to get started, you'll also need a [NooElec HackRF One](https://amzn.to/2Ta1s5J) or similar [SDR](https://amzn.to/39cLiOx). Check your local laws first, you may need a radio license. + +If you are confident with electronics, then you could also make: +- **USB Data Blocker** - By simple removing the data wires from a USB adapter, you can create a protector to keep you safe while charing your device in public spaces. See [this guide](https://www.instructables.com/id/Making-a-USB-Condom) for more info (note: fast charge will not work) +- **Hardware Encrypted Password Manager** - Even better than a software-encrypted password manager, is the [hardpass0.2](https://bit.ly/3bg4Xi4) which is a very simple hardware-encrypted USB store, using [GnuPG Smart card](https://www.g10code.com/p-card.html), [GNU Password Standard](https://www.passwordstore.org/) and this [source code](https://github.com/girst/hardpass-passwordmanager) all running on a [Pi Zero](https://amzn.to/2Sz0vU4). See also the [Zamek Project](https://bit.ly/36ZJrec), using this [source code](https://github.com/jareklupinski/zamek) to achive a similar functioning hardware-password manager +- **U2F USB Token** - Similar to the FIDO2 2-factor authentication USB keys, [U2f-Zero](https://github.com/conorpp/u2f-zero) by Conor Patrick, lets you turn a Pi Zero into a second-factor auth method. Note: project no longer activley maintained, see [NitroKey](https://github.com/nitrokey) instead +- **PC auto-lock Flash Drive** - Turn a flash drive into a lock/ unlock key for your PC, allowing you to quickly lock your device when needed [deprecated] +- **Headless Pi Zero SSH server** - Create an small test server, that you can SSH into for development, in order to not have to run risky or potentially dangerous code or software directly on your PC, see [this artticle](https://openpunk.com/post/5) for getting started + + +## Paranoid Security Gadgets + +We can go even further, these products are far from essential and are maybe a little over-the-top. But fun to play around with, if you really want to avoid being tracked! + +- **Self-Destroying PC** - The ORWL PC will wipe all data if it is compromised, and has many other safeguards to ensure no one other than you can access anything from your drive. Comes with QubeOS, Windows or Linux, and requires both a password and fob to log in. See more: [orwl.org](https://orwl.org) +- **Card Skimmer Detector** - Ensure an ATM or card reader does not have an integrated skimming device. See more at [Lab401](https://lab401.com/products/hunter-cat-card-skimmer-detector) +- **Voice Changer** - Useful to disguise voice, while chatting online. See more: [UK](https://amzn.to/3bXqpsn) | [US](https://amzn.to/2PqUEyz) +- **Ultra-Sonic Microphone Jammer** - Blocks phones, dictaphones, voice assistants and other recording devices. Uses built-in transducers to generate ultrasonic signals that can not be heard by humans, but cause indistinct noise, on redording devices, making it impossible to distinguish any details of the conversations. See more [UK](https://amzn.to/2Hnk63s) | [US](https://amzn.to/2v2fwVG) +- **Reflective Glasses** - Blocks faces from most CCTV and camera footage, and stops facial recognition from being able to map your face. See more: [Reflectacles](https://www.reflectacles.com) +- **Bug Detector** - Able to detect radio waves, magnetic fields, in order to find hidden wired or wireless recording or camera equipment and transmitting devices, Note: has limited accuracy. See more: [UK](https://amzn.to/2V8z8C1) | [US](https://amzn.to/2V9AnkI) +- **Active RFID Jamming** - Armour Card is a slim credit-card shaped device, which when in contact with any readers creates an electronic force field, strong enough to "jam" and readings from being taken by emmiting arbitrary data. Aimed at protecting cred cards, identity documents, key cards and cell phones. [US](https://amzn.to/38bJxB9) | [ArmourCard Website](https://armourcard.com) +- **Anti-Facial Recognition Clothing** - Carefully printed patterns that confuse common facial recognition algorithms. See more: [Amazon UK](https://amzn.to/32dnYgO) | [Redbubble](https://www.redbubble.com/people/naamiko/works/24714049-anti-surveillance-clothing?p=mens-graphic-t-shirt) | [Monoza](https://www.monoza.mobi/hyperface-anti-surveillance-shirt/?sku=1045-19321-423696-174028) +- **Tor Travel-Router** - Plug-and-play travel router, providing WiFi with VPN or Tor for more private internet access, also has Wi-Fi uplink and range extender with a clear user interface. See more: [Anonabox.com](https://www.anonabox.com) | [Amazon](https://amzn.to/2HHV0fG) +- **GPS Jammer** - In the DIY list, there was a link to how to build a GPS spoof device using an SDR. But you can also buy a GPS jammer, which may be useful if you fear that you are being tracked. They are aimed at preventing UAVs from operating in your area, but can also be used to confuse other tracking devices near by, there's a variety of models with varying power and range availible from $50 - $500. [AliExpress](https://www.aliexpress.com/item/4000214903055.html) +- **Faraday Cases** - A Faraday cage or Faraday shield is an enclosure used to block electromagnetic fields. This can be really useful for electronics, since many devices are constantly transmitting and recieving, which is the worst when you are trying to avoid being tracked. Their have been numerous reportings that governments can apparently track phones, even when they are [powered off](https://slate.com/technology/2013/07/nsa-can-reportedly-track-cellphones-even-when-they-re-turned-off.html), and since smart phones often do not have removable batteries, the only option is often to shield them from any em waves. See [SilentPocket.com](https://silent-pocket.com/collections/all-products) | [Faraday Box](https://amzn.to/3cj9z7r) | [Faraday Phone Pouch](https://amzn.to/38faum5) +- **Forensic bridge kit** - Allows for write blocking to prevent unauthorized writing to a device, and for crating images with out modifying data. See more: [Amazon](https://www.amazon.com/dp/B00Q76XG5W) +- **Stand-alone Drive Eraser** - Allows you to erase drives, without connecting them to your PC. Availible in different modesls for different needs. See More: [Amazon](https://www.amazon.com/StarTech-com-Hard-Drive-Eraser-Standalone/dp/B073X3YZNL) + + +## Network Security + +Gadgets that help protect and anonamise your internet, detect & prevent intrusions and provide additional network controlls, both at home and while traveling. There are many products like this availible, some of them are over-priced for what they are, others provide some really essential network security features. It is possible to re-create some of these solutions yourself, to save money [above](#diy-security-products). + +- **Anonabox** - Plug-and-play Tor router. Wi-Fi uplink and range extender with user interface, also has VPN options and USB ports for local file sharing. [Amazon](https://amzn.to/38bwZIA) | [Anonabox.com](anonabox.com) +- **FingBox** - Network monitoring and security, for what it offers Fing is very affordable, and there is a free [app](https://www.fing.com/products/fing-app) that you can use before purchasing the hardware to get started. [Fing.com](https://www.fing.com/products/fingbox) | [US](https://amzn.to/2wlXfCT) | [UK](https://amzn.to/2I63hKP) +- **BitdefenderBox** - Cybersecurity home firewall hub, for protecting IoT and other devices. Has other features such as parental controlls and is easy to set up. [US](https://amzn.to/2vrurZJ) | [UK](https://amzn.to/34Ul54w) +- **Trend Micro Box** - Protect home networks from external and internal cyber attacks. Detects intrusions, vulnrabbilities, remote access, web threats and provides other security features. [US](https://amzn.to/2wk3Y0s) | [US](https://amzn.to/2uqX4Wv) +- **AlwaysHome Duo** - USB VPN with accelerated virtual networking to your home or office network, crossing geo-blocking and firewall mechanisms. [US](https://amzn.to/2Ts6oSn) | [UK](https://amzn.to/3bi4cF0) +- **Firewalla Red** - An intrusion detection and intrusion prevention system, with a web and mobile interface. Also has Ad-block, VPN, internet controll features and insights. [US](https://amzn.to/388BlAw) | [Firewalla.com](https://firewalla.com) +- **LibertyShield** - Pre-configured, plug-and-play multi-country VPN router, note that after 1 year there is a monthly subscription. [US](https://amzn.to/2T89vzU) | [UK](https://amzn.to/2twJlwM) +- **Gigabit Travel AC VPN Router** - A fully-featured dual-band travel router with VPN capabilities. [US](https://amzn.to/32HD1zU) | [UK](https://amzn.to/2SkUxFg) +- **InvizBox** - Tor router, that provides speed, privacy and security for all devices connected to it. [Invizbox.com](https://www.invizbox.com) | [Amazon](https://amzn.to/2w4v7V3) +- **InviziBox Go** - Portable VPN: https://amzn.to/386ikPT +- **WatchGuard Firebox** - Business-grade network firewall. [US](https://amzn.to/2VF0MqR) | [UK](https://amzn.to/2VF12WR) + +#### DIY Networking Hardware +- **[Pi-Hole](https://pi-hole.net)** - Network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole. Pi-Hole can significantly speed up your internet, remove ads and block malware. It comes with a nice web interface and a mobile app with monitoring features, it's open source, easy to install and very widley used +- **[IPFire](https://www.ipfire.org)** - A hardened, versatile, state-of-the-art open source firewall based on Linux. Its ease of use, high performance and extensibility make it usable for everyone +- **[PiVPN](https://pivpn.io)** - A simple way to set up a home VPN on a any Debian server. Supports OpenVPN and WireGuard with elliptic curve encryption keys up to 512 bit. Supports multiple DNS providers and custom DNS provividers- works nicley along-side PiHole +- **[E2guardian](http://e2guardian.org)** - Powerful open source web content filter +- **[SquidGuard](http://www.squidguard.org)** - A URL redirector software, which can be used for content control of websites users can access. It is written as a plug-in for Squid and uses blacklists to define sites for which access is redirected +- **[PF Sense](https://www.pfsense.org)** - Widley used, open source firewall/router +- **[Zeek](https://www.zeek.org)** - Detect if you have a malware-infected computer on your network, and powerful network analysis framework and monitor + +[See more](https://geekflare.com/best-open-source-firewall) open source firewall apps + +For most projects, a Raspberry Pi 3 or 4 is more than enough. You could also build your own hardware, see [this guide](https://www.instructables.com/id/Build-your-own-gateway-firewall) on constructing a gateware firewall yourself. + + +## Secure Computing Devices + +- **ORWL PC** - A self-destroying PC, that will wipe all data if it is compromised, and has many other safeguards to ensure no one other than you can access anything from your drive. Comes with QubeOS, Windows or Linux, and requires both a password and fob to log in. See more: [orwl.org](https://orwl.org) +- **Librem 5** - An open source security and privacy-focused phone, running PureOS, built by Prism. See More: [puri.sm/products/librem-5](https://puri.sm/products/librem-5) +- **Armadillo Phones** - Encrypted phones, SIMs and Networks, provide zero-trust communications and pro-active defences. Their keychain software is open source, and they also provide encrypted SIMs, and servers. +See More: [ArmadilloPhone.com](https://www.armadillophone.com/store#diamond) +- **KryptAll** - Provides secure mobile networking, for encrypted celluar calling. However without being open source, these devices are harder to verify. See More: [KryptAll.com](https://www.kryptall.com) +- **Ano-Phone** - Android devices loaded with additional security defences. Not open source. +See More: [ano-phone.com](https://ano-phone.com) +- **Secure Group** - Hardware-encrypted smart phones, for privacy and security. See more: [SecureGroup.com](https://securegroup.com/hardware) +- **Librem Laptop** - The Librem 13, Librem 15 and Librem Mini are well-speced, open source hardware-encrypted computing devices by Purism. They have several hardware features, like physical connectivity switches, and tamper-proof hardware. See More [puri.sm](https://puri.sm/products) + + + +## Hardware Encrypted Storage + +Hardware-based encryption uses a device’s on-board security to perform encryption and decryption. It is self-contained and does not require the help of any additional software. Therefore, it is essentially free from the possibility of contamination, malicious code infection, or vulnerability, and able to be used on any platform. + +If the device itself becomes compromised, your data will remain safe. Really useful backing up, transporting and sharing personal data safely. For maximum security, you can combine hardware encryption with software encryption. + +Reliable options include: + +- AES Hardware encrypted USB 3.0 external hard drive enclosure for HDD or SSD: [US]() | [UK](https://amzn.to/2GM3GkB) +- Integral 256-bit AES USB 3.0 (Software required), 16GB, 32GB, 64GB. [US]() | [UK](https://amzn.to/37vpyNb) +- iStorage 256-bit AES USB 3.0 Pro (Hardware Encrypted), with keypad, 8GB, 16GB, 32GB, 64GB. [US](https://amzn.to/2T9wTgo) | [UK](https://amzn.to/2O1OPXu) +- IornKey Rugged Enterprise-grade encrypted USB Pen, 4GB, 8GB, 16GB, 32GB, 64GB, 128GB. [US](https://amzn.to/2wYWQH2) | [UK](https://amzn.to/3cjsnUi) +- iStorage 256-bit AES USB 3.0 Personal (Hardware Encrypted), with keypad, 8GB, 16GB, 32GB, 64GB. [US](https://amzn.to/2I99c1G) | [UK](https://amzn.to/38GzHqo) +- Lexar JumpDrive Fingerprint USB 3.0 (Software required), 32GB, 64GB, 128GB, 256GB. [US](https://amzn.to/38b0eeP) | [UK](https://amzn.to/2GtipRC) +- iStorage 256-bit Hardware Encrypted external USB 3.1 SSD Drive. 128GB, 256GB, 512GB, 1TB. [UK](https://amzn.to/37wkhVA) +- iStorage 256-bit Hardware Encrypted external USB 3.1 HDD Drive. 1TB, 2TB, 3TB, 4TB. [US](https://amzn.to/32DI4RA) | [UK](https://amzn.to/37vpFYN) + + +*Alternatively, a cheaper option would be a software-encrypted USB. [VeraCrypt](https://www.veracrypt.fr/en/Home.html) is cross-platform open source encryption application. It's surprisingly simple (see [this how-to guide](https://www.howtogeek.com/108501/the-how-to-geek-guide-to-getting-started-with-truecrypt)), and very secure. Combine this with an ordinary USB drive, this [high-speed (300mb/s) 256GB flash drive](https://amzn.to/2RykcLD) is a great option* + +*For encryption your boot drive, you can use [BitLocker](https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview) (Windows), [FileVault](https://support.apple.com/en-us/HT204837) (OSX), or any of these [options](https://www.tecmint.com/file-and-disk-encryption-tools-for-linux) for Linux.* + + + +## USB Data Blockers + +Small, low-cost but essential devise. It attaches inbetween your USB cable and the charging socket, and will physically block data transfer and syncing while charging. Totally mitigates the risk of being hacked via a USB exploit, and stops anything being uploaded to your device. + +- PortaPow 3rd Gen, USB A, 2-Pack. [Red](https://amzn.to/39aStqE) | [White](https://amzn.to/2TqXl4i) | [Black](https://amzn.to/38imYd2) +- PortaPow Dual USB Power Monitor with Data Blocker, usful for monitoring power consumption and managing which devices are allowed data connections. [US](https://amzn.to/2I7HT7J) | [UK](https://amzn.to/3chnWcJ) +- Privise USB A Data Blocker. [US](https://amzn.to/3cig0rr) | [UK](https://amzn.to/2VAbX3K) +- Data-only Micro-USB cable. Be sure that it is actually data-only, you can count the pins at each end. Again PortaPow make a legitimate safe-charge cable [US](https://amzn.to/2Tq09ys) | [UK](https://amzn.to/38chHDF) + + +PortaPow (3rd gen) is one of the best options, since it has a SmartCharge chip (which isn't usually possible without the data wire). + +You can also build your own very easily, [here is a schematic](https://www.electroschematics.com/diy-usb-condom-circuit). + +Word of Warning: Sometimes the cable itself can be dangerous. See [O.M.G Cable](https://shop.hak5.org/products/o-mg-cable), it looks like a totally authentic phone cable, but is actually able to deploy advanced exploits often without you being able to identify. It is always best label your cables, to ensure you are using your own, safe wire. + + +## FIDO U2F Keys + +Using a physical 2-factor authentication key can greatly improve the security of your online accounts. See [twofactorauth.org](https://twofactorauth.org) for a list of websites that provide 2FA. + +- **Yubico USB A + NFC Key** - classic key with solid reputation. [UK](https://amzn.to/38ddnUG) | [US]() | [Yubico](https://www.yubico.com/store) +- **YubiKey 5 Mobile and Nano Keys** - [USB A Nano](https://amzn.to/2wkCmbe) | [USB C](https://amzn.to/2VGkClz) | [USB C Nano](https://amzn.to/39b2zYA) +- **Thetis** - Durable. mobile-friendly USB-A FIDO U2F Key. [US](https://amzn.to/39f6Dqu) | [UK](https://amzn.to/3cm9xvK) | [Thetis.io](https://thetis.io) +- **Solo Key** - An open source U2F and FIDO2 key, USB A + NFC. [US](https://amzn.to/39cJR2P) | [UK](https://amzn.to/3ajnBo0) | [SoloKeys.com](https://solokeys.com) +- **OnlyKey** - A pin-protected hardware password manager with FIDO2/ U2F. It allows a user to log in without a password or typing out a 2FA code. [OnlyKey.com](onlykey.io/alicia) | [US](https://amzn.to/38blkd3) | [UK](https://amzn.to/3clwTli) +- **Librem Key** - Makes encryption, key management, and tamper detection convenient and secure. Includes an integrated password manager, random number generator, tamper-resistant smart card plus more. [Puri.sm](https://puri.sm/products/librem-key) + + +The Verge has a good [article](https://www.theverge.com/2019/2/22/18235173/the-best-hardware-security-keys-yubico-titan-key-u2f) comparing hardware keys. + +If you are interested in reserarching how to build your own key, see [U2f-Zero](https://github.com/conorpp/u2f-zero) by Conor Patrick, lets you turn a Pi Zero into a second-factor auth method. Note: project no longer activley maintained, see [NitroKey](https://github.com/nitrokey) instead + + + +## Crypto Wallets + +The most secure medium to store your currency is cold (offline) wallets, since they cannot be hacked. Of course it is vital that you keep your private keys somewhere that they cannot be stolen, and cannot be lost or destroyed. Electronic devices can make it easy to securely store and spend crypto currency. Choose a wallet that is open source, and with a good reputation. Ensure you backup your seed, and keep it somewhere safe. + +- Trezor is fully open source and implements a firmware-based security on top of known hardware. [Trezor.com](https://trezor.io) +- Ledger takes a more black box approach, but their devices are very well tested and secure. They are also easy to use and durable, with good support for a range of crypto. [Ledger.com](https://shop.ledger.com/pages/hardware-wallets-comparison) +- Indestructible Steel Wallet, for private key. [US](https://amzn.to/2Px0EFV) | [UK](https://amzn.to/2VLeVmr) + +Always ensure the packaging has not been tampered with, buy direct from the manufacturer when possible. + + +--- + +## See Also + +- [Awesome Privacy-Respecting Software](/5_Privacy_Respecting_Software.md) +- [Ultimate Personal Security Checklist](/README.md) +- [Why Privacy and Security Matters](/0_Why_It_Matters.md) +- [Further Links + More Awesome Stuff](/4_Privacy_And_Security_Links.md) + + +Contributions welcome and appreciated - to propose an edit [raise an issue](https://github.com/Lissy93/personal-security-checklist/issues/new/choose) or [open a PR](https://github.com/Lissy93/personal-security-checklist/pull/new/master). See: [`CONTRIBUTING.md`](/.github/CONTRIBUTING.md) + +*Licensed under [Creative Commons, CC BY 4.0](https://creativecommons.org/licenses/by/4.0/), © [Alicia Sykes](https://aliciasykes.com) 2020* + +[![Attribution 4.0 International](https://licensebuttons.net/l/by/3.0/88x31.png)](https://github.com/Lissy93/personal-security-checklist/blob/master/LICENSE.md) + +--- + +Found this helpful? Consider sharing it with others, to help them also improve their digital security 😇 + +[![Share on Twitter](https://img.shields.io/badge/Share-Twitter-17a2f3?style=for-the-badge&logo=Twitter)](http://twitter.com/share?text=Check%20out%20the%20Personal%20Cyber%20Security%20Checklist-%20an%20ultimate%20list%20of%20tips%20for%20protecting%20your%20digital%20security%20and%20privacy%20in%202020%2C%20with%20%40Lissy_Sykes%20%F0%9F%94%90%20%20%F0%9F%9A%80&url=https://github.com/Lissy93/personal-security-checklist) +[![Share on LinkedIn](https://img.shields.io/badge/Share-LinkedIn-0077b5?style=for-the-badge&logo=LinkedIn)]( +http://www.linkedin.com/shareArticle?mini=true&url=https://github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=https://github.com/Lissy93) +[![Share on Facebook](https://img.shields.io/badge/Share-Facebook-4267b2?style=for-the-badge&logo=Facebook)](https://www.linkedin.com/shareArticle?mini=true&url=https%3A//github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=) +[![Share on Mastodon](https://img.shields.io/badge/Share-Mastodon-56a7e1?style=for-the-badge&logo=Mastodon)](https://mastodon.social/web/statuses/new?text=Check%20out%20the%20Ultimate%20Personal%20Cyber%20Security%20Checklist%20by%20%40Lissy93%20on%20%23GitHub%20%20%F0%9F%94%90%20%E2%9C%A8) diff --git a/ATTRIBUTIONS.md b/ATTRIBUTIONS.md new file mode 100644 index 0000000..bc699e0 --- /dev/null +++ b/ATTRIBUTIONS.md @@ -0,0 +1,48 @@ + +## Contributors 🙌 + +Thanks goes to these wonderful people + + + + + + + + + + + + + + + + + + + + +

0x192
🛡️
pipboy96
🛡️
Alicia Sykes
🛡️
Matthew Leeds
🛡️
Jaimin Pandya
🛡️
Alexandre G.-Raymond
🛡️
guestx86
🛡️

Daniil Baturin
🛡️
ansuz
🛡️
8264
🛡️
101lols
🛡️
+ + + + + + + + +This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. +Contributions of any kind welcome! + + + +## References 📝 + + // Todo + +## Stars 🌟 + +[![Stargazers over time](https://starchart.cc/Lissy93/personal-security-checklist.svg)](https://star-history.t9t.io/#Lissy93/personal-security-checklist) + +Thank you [@caarlos0](https://github.com/caarlos0) for the above [Star Chart](https://github.com/caarlos0/starcharts) ☺️ + diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 0000000..54b9497 --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,348 @@ +# Creative Commons Attribution 4.0 International Public License ("CC BY 4.0") + +> © [Alicia Sykes](http://aliciasykes.com/legal) 2020, Licensed under [Creative Commons Attribution 4.0](https://creativecommons.org/licenses/by/4.0/) + +Creative Commons Corporation (“Creative Commons”) is not a law firm and does not +provide legal services or legal advice. Distribution of Creative Commons public +licenses does not create a lawyer-client or other relationship. Creative Commons +makes its licenses and related information available on an “as-is” basis. +Creative Commons gives no warranties regarding its licenses, any material +licensed under their terms and conditions, or any related information. Creative +Commons disclaims all liability for damages resulting from their use to the +fullest extent possible. + +## USING CREATIVE COMMONS PUBLIC LICENSES + +Creative Commons public licenses provide a standard set of terms and conditions +that creators and other rights holders may use to share original works of +authorship and other material subject to copyright and certain other rights +specified in the public license below. The following considerations are for +informational purposes only, are not exhaustive, and do not form part of our +licenses. + +### Considerations for licensors: + +Our public licenses are intended for use by those authorized to give the public +permission to use material in ways otherwise restricted by copyright and certain +other rights. Our licenses are irrevocable. Licensors should read and understand +the terms and conditions of the license they choose before applying it. +Licensors should also secure all rights necessary before applying our licenses +so that the public can reuse the material as expected. Licensors should clearly +mark any material not subject to the license. This includes other CC-licensed +material, or material used under an exception or limitation to copyright. + +### Considerations for the public: + +By using one of our public licenses, a licensor grants the public permission to +use the licensed material under specified terms and conditions. If the +licensor’s permission is not necessary for any reason–for example, because of +any applicable exception or limitation to copyright–then that use is not +regulated by the license. Our licenses grant only permissions under copyright +and certain other rights that a licensor has authority to grant. Use of the +licensed material may still be restricted for other reasons, including because +others have copyright or other rights in the material. A licensor may make +special requests, such as asking that all changes be marked or described. +Although not required by our licenses, you are encouraged to respect those +requests where reasonable. + +--- + +## Creative Commons Attribution 4.0 International Public License + +By exercising the Licensed Rights (defined below), You accept and agree to be +bound by the terms and conditions of this Creative Commons Attribution 4.0 +International Public License ("Public License"). To the extent this Public +License may be interpreted as a contract, You are granted the Licensed Rights in +consideration of Your acceptance of these terms and conditions, and the Licensor +grants You such rights in consideration of benefits the Licensor receives from +making the Licensed Material available under these terms and conditions. + +### Section 1 – Definitions. + + a. Adapted Material means material subject to Copyright and Similar Rights + that is derived from or based upon the Licensed Material and in which the + Licensed Material is translated, altered, arranged, transformed, or + otherwise modified in a manner requiring permission under the Copyright + and Similar Rights held by the Licensor. For purposes of this Public + License, where the Licensed Material is a musical work, performance, or + sound recording, Adapted Material is always produced where the Licensed + Material is synched in timed relation with a moving image. + + b. Adapter's License means the license You apply to Your Copyright and + Similar Rights in Your contributions to Adapted Material in accordance + with the terms and conditions of this Public License. + + c. Copyright and Similar Rights means copyright and/or similar rights closely + related to copyright including, without limitation, performance, + broadcast, sound recording, and Sui Generis Database Rights, without + regard to how the rights are labeled or categorized. For purposes of this + Public License, the rights specified in Section 2(b)(1)-(2) are not + Copyright and Similar Rights. + + d. Effective Technological Measures means those measures that, in the absence + of proper authority, may not be circumvented under laws fulfilling + obligations under Article 11 of the WIPO Copyright Treaty adopted on + December 20, 1996, and/or similar international agreements. + + e. Exceptions and Limitations means fair use, fair dealing, and/or any other + exception or limitation to Copyright and Similar Rights that applies to + Your use of the Licensed Material. + + f. Licensed Material means the artistic or literary work, database, or other + material to which the Licensor applied this Public License. + + g. Licensed Rights means the rights granted to You subject to the terms and + conditions of this Public License, which are limited to all Copyright and + Similar Rights that apply to Your use of the Licensed Material and that + the Licensor has authority to license. + + h. Licensor means the individual(s) or entity(ies) granting rights under this + Public License. + + i. Share means to provide material to the public by any means or process that + requires permission under the Licensed Rights, such as reproduction, + public display, public performance, distribution, dissemination, + communication, or importation, and to make material available to the + public including in ways that members of the public may access the + material from a place and at a time individually chosen by them. + + j. Sui Generis Database Rights means rights other than copyright resulting + from Directive 96/9/EC of the European Parliament and of the Council of 11 + March 1996 on the legal protection of databases, as amended and/or + succeeded, as well as other essentially equivalent rights anywhere in the + world. + + k. You means the individual or entity exercising the Licensed Rights under + this Public License. Your has a corresponding meaning. + +### Section 2 – Scope. + +a. License grant + + 1. Subject to the terms and conditions of this Public License, the + Licensor hereby grants You a worldwide, royalty-free, + non-sublicensable, non-exclusive, irrevocable license to exercise the + Licensed Rights in the Licensed Material to: + + A. reproduce and Share the Licensed Material, in whole or in part; and + + B. produce, reproduce, and Share Adapted Material. + + 2. Exceptions and Limitations. For the avoidance of doubt, where + Exceptions and Limitations apply to Your use, this Public License does + not apply, and You do not need to comply with its terms and conditions. + + 3. Term. The term of this Public License is specified in Section 6(a). + + 4. Media and formats; technical modifications allowed. The Licensor + authorizes You to exercise the Licensed Rights in all media and formats + whether now known or hereafter created, and to make technical + modifications necessary to do so. The Licensor waives and/or agrees not + to assert any right or authority to forbid You from making technical + modifications necessary to exercise the Licensed Rights, including + technical modifications necessary to circumvent Effective Technological + Measures. For purposes of this Public License, simply making + modifications authorized by this Section 2(a)(4) never produces Adapted + Material. + + 5. Downstream recipients. + + A. Offer from the Licensor – Licensed Material. Every recipient of the + Licensed Material automatically receives an offer from the Licensor + to exercise the Licensed Rights under the terms and conditions of + this Public License. + + B. No downstream restrictions. You may not offer or impose any + additional or different terms or conditions on, or apply any + Effective Technological Measures to, the Licensed Material if doing + so restricts exercise of the Licensed Rights by any recipient of the + Licensed Material. + + 6. No endorsement. Nothing in this Public License constitutes or may be + construed as permission to assert or imply that You are, or that Your + use of the Licensed Material is, connected with, or sponsored, + endorsed, or granted official status by, the Licensor or others + designated to receive attribution as provided in Section 3(a)(1)(A)(i). + +b. Other rights + + 1. Moral rights, such as the right of integrity, are not licensed under + this Public License, nor are publicity, privacy, and/or other similar + personality rights; however, to the extent possible, the Licensor + waives and/or agrees not to assert any such rights held by the Licensor + to the limited extent necessary to allow You to exercise the Licensed + Rights, but not otherwise. + + 2. Patent and trademark rights are not licensed under this Public License. + + 3. To the extent possible, the Licensor waives any right to collect + royalties from You for the exercise of the Licensed Rights, whether + directly or through a collecting society under any voluntary or + waivable statutory or compulsory licensing scheme. In all other cases + the Licensor expressly reserves any right to collect such royalties. + +### Section 3 – License Conditions. + +Your exercise of the Licensed Rights is expressly made subject to the following conditions. + +a. Attribution + + 1. If You Share the Licensed Material (including in modified form), You + must: + + A. retain the following if it is supplied by the Licensor with the + Licensed Material: + + i. identification of the creator(s) of the Licensed Material and any + others designated to receive attribution, in any reasonable + manner requested by the Licensor (including by pseudonym if + designated); + + ii. a copyright notice; + + iii. a notice that refers to this Public License; + + iv. a notice that refers to the disclaimer of warranties; + + v. a URI or hyperlink to the Licensed Material to the extent + reasonably practicable; + + B. indicate if You modified the Licensed Material and retain an + indication of any previous modifications; and + + C. indicate the Licensed Material is licensed under this Public + License, and include the text of, or the URI or hyperlink to, this + Public License. + + 2. You may satisfy the conditions in Section 3(a)(1) in any reasonable + manner based on the medium, means, and context in which You Share the + Licensed Material. For example, it may be reasonable to satisfy the + conditions by providing a URI or hyperlink to a resource that includes + the required information. + + 3. If requested by the Licensor, You must remove any of the information + required by Section 3(a)(1)(A) to the extent reasonably practicable. + + 4. If You Share Adapted Material You produce, the Adapter's License You + apply must not prevent recipients of the Adapted Material from + complying with this Public License. + +### Section 4 – Sui Generis Database Rights. + +Where the Licensed Rights include Sui Generis Database Rights that apply to Your +use of the Licensed Material: + + a. for the avoidance of doubt, Section 2(a)(1) grants You the right to + extract, reuse, reproduce, and Share all or a substantial portion of the + contents of the database; + + b. if You include all or a substantial portion of the database contents in a + database in which You have Sui Generis Database Rights, then the database + in which You have Sui Generis Database Rights (but not its individual + contents) is Adapted Material; and + + c. You must comply with the conditions in Section 3(a) if You Share all or a + substantial portion of the contents of the database. + +For the avoidance of doubt, this Section 4 supplements and does not replace Your +obligations under this Public License where the Licensed Rights include other +Copyright and Similar Rights. + +### Section 5 – Disclaimer of Warranties and Limitation of Liability. + + a. Unless otherwise separately undertaken by the Licensor, to the extent + possible, the Licensor offers the Licensed Material as-is and + as-available, and makes no representations or warranties of any kind + concerning the Licensed Material, whether express, implied, statutory, or + other. This includes, without limitation, warranties of title, + merchantability, fitness for a particular purpose, non-infringement, + absence of latent or other defects, accuracy, or the presence or absence + of errors, whether or not known or discoverable. Where disclaimers of + warranties are not allowed in full or in part, this disclaimer may not + apply to You. + + b. To the extent possible, in no event will the Licensor be liable to You on + any legal theory (including, without limitation, negligence) or otherwise + for any direct, special, indirect, incidental, consequential, punitive, + exemplary, or other losses, costs, expenses, or damages arising out of + this Public License or use of the Licensed Material, even if the Licensor + has been advised of the possibility of such losses, costs, expenses, or + damages. Where a limitation of liability is not allowed in full or in + part, this limitation may not apply to You. + + c. The disclaimer of warranties and limitation of liability provided above + shall be interpreted in a manner that, to the extent possible, most + closely approximates an absolute disclaimer and waiver of all liability. + +### Section 6 – Term and Termination. + + a. This Public License applies for the term of the Copyright and Similar + Rights licensed here. However, if You fail to comply with this Public + License, then Your rights under this Public License terminate + automatically. + + b. Where Your right to use the Licensed Material has terminated under + Section 6(a), it reinstates: + + 1. automatically as of the date the violation is cured, provided it is + cured within 30 days of Your discovery of the violation; or + + 2. upon express reinstatement by the Licensor. + + For the avoidance of doubt, this Section 6(b) does not affect any right + the Licensor may have to seek remedies for Your violations of this Public + License. + + c. For the avoidance of doubt, the Licensor may also offer the Licensed + Material under separate terms or conditions or stop distributing the + Licensed Material at any time; however, doing so will not terminate this + Public License. + + d. Sections 1, 5, 6, 7, and 8 survive termination of this Public License. + +### Section 7 – Other Terms and Conditions. + + a. The Licensor shall not be bound by any additional or different terms or + conditions communicated by You unless expressly agreed. + + b. Any arrangements, understandings, or agreements regarding the Licensed + Material not stated herein are separate from and independent of the terms + and conditions of this Public License. + +### Section 8 – Interpretation. + + a. For the avoidance of doubt, this Public License does not, and shall not be + interpreted to, reduce, limit, restrict, or impose conditions on any use + of the Licensed Material that could lawfully be made without permission + under this Public License. + + b. To the extent possible, if any provision of this Public License is deemed + unenforceable, it shall be automatically reformed to the minimum extent + necessary to make it enforceable. If the provision cannot be reformed, it + shall be severed from this Public License without affecting the + enforceability of the remaining terms and conditions. + + c. No term or condition of this Public License will be waived and no failure + to comply consented to unless expressly agreed to by the Licensor. + + d. Nothing in this Public License constitutes or may be interpreted as a + limitation upon, or waiver of, any privileges and immunities that apply to + the Licensor or You, including from the legal processes of any + jurisdiction or authority. + +Creative Commons is not a party to its public licenses. Notwithstanding, +Creative Commons may elect to apply one of its public licenses to material it +publishes and in those instances will be considered the “Licensor.” The text of +the Creative Commons public licenses is dedicated to the public domain under the +CC0 Public Domain Dedication. Except for the limited purpose of indicating that +material is shared under a Creative Commons public license or as otherwise +permitted by the Creative Commons policies published at +creativecommons.org/policies, Creative Commons does not authorize the use of the +trademark “Creative Commons” or any other trademark or logo of Creative Commons +without its prior written consent including, without limitation, in connection +with any unauthorized modifications to any of its public licenses or any other +arrangements, understandings, or agreements concerning use of licensed material. +For the avoidance of doubt, this paragraph does not form part of the public +licenses. + +Creative Commons may be contacted at creativecommons.org. diff --git a/README.md b/README.md new file mode 100644 index 0000000..b151f9e --- /dev/null +++ b/README.md @@ -0,0 +1,336 @@ +[![Awesome](https://awesome.re/badge-flat2.svg)](https://github.com/zbetcheckin/Security_list) +[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com) +[![License](https://img.shields.io/badge/LICENSE-CC_BY_4.0-00a2ff?&style=flat-square)](https://creativecommons.org/licenses/by/4.0/) +[![Contributors](https://img.shields.io/github/contributors/lissy93/personal-security-checklist?color=%23ffa900&style=flat-square)](https://github.com/Lissy93/personal-security-checklist/graphs/contributors) + +# Personal Security Checklist + +> A curated checklist of tips to protect your dgital security and privacy + +**Too long? 🦒** See the [TLDR version](/2_TLDR_Short_List.md) instead. + +#### See Also +- [Why Privacy & Security Matters](/0_Why_It_Matters.md) +- [Privacy-Respecting Software](/5_Privacy_Respecting_Software.md) +- [Privacy & Security Gadgets](/6_Privacy_and-Security_Gadgets.md) +- [Further Links + More Awesome Stuff](/4_Privacy_And_Security_Links.md) + +## Contents + +[![-](https://i.ibb.co/0ZV22MT/1-passwords.png) Passwords](#passwords)
+[![-](https://i.ibb.co/thf142G/2-2fa.png) 2 Factor Authentication](#2-factor-authentication)
+[![-](https://i.ibb.co/N7D7g6D/3-web.png) Browsing the Web](#browser-and-search)
+[![-](https://i.ibb.co/7yQq5Sx/5-email.png) Email](#emails)
+[![-](https://i.ibb.co/HT2DTcC/6-social.png) Social Media](#social-media)
+[![-](https://i.ibb.co/NjHcZJc/4-vpn.png) Networking](#networking)
+[![-](https://i.ibb.co/J255QkL/7-devices.png) Mobile Phones](#mobile-devices)
+[![-](https://i.ibb.co/SvMPntJ/10-os.png) Personal Computers](#personal-computers)
+[![-](https://i.ibb.co/3N3mszQ/9-router.png) Smart Home](#smart-home)
+ +## Passwords + +Most reported data breaches are caused by the use of weak, default or stolen passwords (according to [this Verizon report](http://www.verizonenterprise.com/resources/reports/rp_dbir-2016-executive-summary_xg_en.pdf)). Massive amounts of private data have been, and will continue to be stolen because of this. + +Use strong passwords, which can't be easily guessed or cracked. Length is more important than complexity (at least 12+ characters), although it's a good idea to get a variety of symbols. Ideally you should use a different and secure password to access each service you use. To securely manage all of these, a password manager is usually the best option. [This guide](https://heimdalsecurity.com/blog/password-security-guide/) gives a lot more detail about choosing and managing passwords. + +**Security** | **Priority** | **Details and Hints** +--- | --- | --- +**Use a strong password** | Recommended | Try to get a good mixture of upper and lower-case letters, numbers and symbols. Avoid names, places and dictionary words where possible, and aim to get a decent length (a minimum of 12+ characters is ideal). Have a look at [HowSecureIsMyPassword.net](https://howsecureismypassword.net) and [How Long will it take to Crack my Password](https://www.betterbuys.com/estimating-password-cracking-times/) to get an idea of what a strong password is. See [this guide](https://securityinabox.org/en/guide/passwords/) for more information. +**Don’t save your password in browsers** | Recommended | Most modern browsers offer to save your credentials when you log into a site. Don’t allow this! As they are not always encrypted, hence can allow someone to gain easy access into your accounts. Also do not store passwords in a .txt file or any other unencrypted means. Ideally use a reputable password manager. +**Use different passwords for each account you have** | Recommended | If your credentials for one site get compromised, it can give hackers access to your other online accounts. So it is highly recommended not to reuse the same passwords. Again, the simplest way to manage having many different passwords, is to use a [password manager](https://en.wikipedia.org/wiki/Password_manager). Good options include [BitWarden](https://bitwarden.com), [1Password](https://1password.com), or for an offline app without sync [KeePass](https://keepass.info) / [KeePassXC](https://keepassxc.org). +**Be cautious when logging in on someone else’s device** | Recommended | When using someone else's machine, ensure that you're in a private session (like Incognito mode, Ctrl+Shift+N) so that nothing gets saved. Ideally you should avoid logging into your accounts on other people's computer, since you can't be sure their system is clean. Be especially cautious of public machines, or when accessing any of your secure accounts (email, banking etc.). +**Avoid password hints** | Optional | Some sites allow you to set password hints. Using this feature makes it easier for hackers. +**Never answer online security questions truthfully** | Optional | If a site asks security questions (such as place of birth, mother's maiden name or first car etc), don't provide real answers. It is a trivial task for hackers to find out this information. Instead, create a password inside your password manager to store your fictitious answer. +**Don’t use a 4-digit PIN to access your phone** | Optional | Don’t use a short PIN to access your smartphone or computer. Instead, use a text password. Pins or numeric passphrases are much easier crack, (A 4-digit pin has 10,000 combinations, compared to 7.4 million for a 4-character alpha-numeric code). +**Use an offline password manager** | Advanced | Consider an offline password manager, encrypted by a strong password. If you work across two or more computers, this could be stored on an encrypted USB. [KeePass](http://keepass.info/) is a strong choice. +**If possible, try to avoid biometric and hardware-based authentication** | Advanced | Fingerprint sensors, face detection and voice recognition are all hackable. Where possible replace these with traditional strong passwords. + +**See also** [Recommended Password Managers](/5_Privacy_Respecting_Software.md#password-managers) + + +## 2-Factor Authentication + +This is a more secure method of logging in, where you supply not just your password, but also an additional code usually from a device that only you have access to. + +Check which websites support multi-factor authentication: [twofactorauth.org](https://twofactorauth.org) + +**2FA Apps**: [Authy](https://authy.com/) *(with encrypted sync- not open source)*, [Authenticator Plus](https://www.authenticatorplus.com), [Microsoft Authenticator](https://www.microsoft.com/en-us/account/authenticator) and [LastPassAuthenticator](https://lastpass.com/auth/) (synced with your LastPass). For open source Android-only apps, see [Aegis](https://getaegis.app), [FreeOTP](https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp) and [AndOTP](https://play.google.com/store/apps/details?id=org.shadowice.flocke.andotp). [See more](/5_Privacy_Respecting_Software.md#2-factor-authentication) + +**Security** | **Priority** | **Details and Hints** +--- | --- | --- +**Enable 2FA on Security Critical Sites** | Recommended | In account settings, enable 2-factor authentication. Ideally do this for all your accounts, but at a minimum for all security-critical logins, (including your password manager, emails, finance and social sites). +**Keep backup codes safe** | Recommended | When you enable 2FA, you'll be given a few one-time codes to download, in case you ever lose access to your authenticator app or key. It's important to keep these safe, either encrypt and store them on a USB, or print them on paper and store them somewhere secure like a locked safe. Delete them from your computer once you've made a backup, in case your PC is compromised. +**Don't use SMS to receive OTPs** | Optional | Although SMS 2FA is certainly better than nothing, there are many weaknesses in this system, (such as SIM-swapping) ([read more](https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin)). Therefore avoid enabling SMS OTPs, even as backups. +**Don't use your Password Manager to store 2FA tokens** | Optional | One of the quickest approaches is to use the same system that stores your passwords, to also generate and fill OTP tokens, both LastPass and 1Password have this functionality. However if a malicious actor is able to gain access to this, they will have both your passwords, and your 2FA tokens, for all your online accounts. Instead use a separate authenticator from your password manager. +**Consider a hardware 2FA Key** | Optional | A physical 2FA key generates an OTP when inserted. Have a look at [NitroKey](https://www.nitrokey.com/) (open source), [YubiKey](https://www.yubico.com/) or [Solo Key](https://amzn.to/2Fe5Icw). You can also use it as a secondary method (in case your phone is lost or damaged). If this is your backup 2FA method, it should be kept somewhere secure, such as a locked safe, or if you use as physical key as your primary 2FA method, then keep it on you at all times. + +**See also** [Recommended 2FA Apps](/5_Privacy_Respecting_Software.md#2-factor-authentication) + + +## Browser and Search + +Most modern web browsers support add-ons and extensions. These can access anything that you do online so avoid installing anything that may not be legitimate and check permissions first. Be aware that every website that you interact with, including search engines, will likely be keeping records of all your activity. Last year Kaspersky reported [over a million data exploits caused by malicious sites](https://securelist.com/it-threat-evolution-q1-2017-statistics/78475/). + +For more browser security pointers, check out: [Here’s How To Get Solid Browser Security](https://heimdalsecurity.com/blog/ultimate-guide-secure-online-browsing/). + +**Security** | **Priority** | **Details and Hints** +--- | --- | --- +**Deactivate ActiveX** | Recommended | [ActiveX](https://en.wikipedia.org/wiki/ActiveX) is a browser extension API that is only supported by Microsoft Internet Explorer. It's enabled by default but is barely used for legitimate plugins these days. However, it gives plugins so much control that ActiveX malware is still around and as dangerous as ever. See [this article](https://www.howtogeek.com/162282/what-activex-controls-are-and-why-theyre-dangerous/) for more details. Better yet, use a modern browser instead of Internet Explorer. Note that Microsoft Edge doesn't support ActiveX. +**Disable Flash** | Recommended | Adobe Flash is infamous for its history of security vulnerabilities (a few of which you can [read about here](https://www.comparitech.com/blog/information-security/flash-vulnerabilities-security/)). See [this guide](https://www.howtogeek.com/222275/how-to-uninstall-and-disable-flash-in-every-web-browser/), on how to disable Flash player, or [this guide for more details on how dangerous it can be](https://www.tomsguide.com/us/disable-flash-how-to,news-21335.html). Adobe will end support for Flash Player in December 2020. +**Block Trackers** | Recommended | Consider installing a browser extension, such as [Privacy Badger](https://www.eff.org/privacybadger), to stop advertisers from tracking you in the background. +**Block scripts from bad origin** | Recommended | Use an extension such as [uBlock Origin](https://github.com/gorhill/uBlock), to block anything being loaded from an external or unverified origin. +**Force HTTPS only traffic** | Recommended | Using an extension such as [HTTPS Everywhere](https://www.eff.org/https-everywhere), will force all sites to load securely. +**Only use trusted browser add-ons and extensions** | Recommended | Both Firefox and Chrome web stores allow you to check what permissions/access rights an extension requires before you install it. Check the reviews. Only install extensions you really need, and removed those which you haven't used in a while. Extensions are able to see, log or modify anything you do in the browser, and some innocent looking browser apps, have malicious intentions. +**Always keep your browser up-to-date** | Recommended | Browser vulnerabilities are constantly being discovered and patched, so it’s important to keep it up to date, to avoid a zero-day exploit. You can [see which browser version your using here](https://www.whatismybrowser.com/), or follow [this guide](https://www.whatismybrowser.com/guides/how-to-update-your-browser/) for instructions on how to update. +**Use a private search engine** | Optional | Google tracks, logs and stores everything you do, but also displays biased results. Take a look at [DuckDuckGo](https://duckduckgo.com) or [StartPage](https://www.startpage.com). Neither store cookies nor cache anything. [Read more](https://hackernoon.com/data-privacy-concerns-with-google-b946f2b7afea) about Google Search Privacy. +**Consider a privacy browser** | Optional | Google openly collects usage data on Chrome usage, as does Apple and Microsoft. Switching to a privacy-focused browser will minimize background data collection, cross-origin cookies and third-party scrips. A popular option is [Brave Browser](https://brave.com/?ref=ali721), or [Firefox](https://www.mozilla.org/en-GB/firefox/new/) with a [few tweeks](https://restoreprivacy.com/firefox-privacy). Others include [Bromite](https://www.bromite.org/), [Epic Browser](https://www.epicbrowser.com/index.html) or [Comodo](https://www.comodo.com/home/browsers-toolbars/browser.php), [see more](/5_Privacy_Respecting_Software.md#browsers). The most secure option is [Tor Browser](https://www.torproject.org/). +**Use DNS-over-HTTPS** | Optional | Traditional DNS makes requests in plain text for everyone to see. It allows for eavesdropping and manipulation of DNS data through man-in-the-middle attacks. Whereas [DNS-over-HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) performs DNS resolution via the HTTPS protocol, meaning data between you and your DNS resolver is encrypted. You can follow [this guide to enable in Firefox](https://support.mozilla.org/en-US/kb/firefox-dns-over-https), for see [CoudFlares 1.1.1.1 Docs](https://1.1.1.1/help). +**Disable WebRTC** | Optional | [WebRTC](https://webrtc.org/) allows high-quality audio/video communication and peer-to-peer file-sharing straight from the browser. However it can pose as a privacy leak, especially if you are not using a proxy or VPN. In FireFox WebRTC can be disabled, by searching for, and disabling `media.peerconnection.enabled` in about:config. For other browsers, the [WebRTC-Leak-Prevent](ttps://github.com/aghorler/WebRTC-Leak-Prevent) extension can be installed. [uBlockOrigin](https://github.com/gorhill/uBlock) also allows WebRTC to be disabled. To learn more, [check out this guide](https://buffered.com/privacy-security/how-to-disable-webrtc-in-various-browsers/). +**Don't Connect to Open WiFi networks** | Optional | Browsing the internet while using public or open WiFi may leave you vulnerable to man-in-the-middle attacks, malware distribution and snooping. Some hotspots may also be unencrypted, or even malicious. If you do need to briefly use a public WiFi network, ensure you disable file sharing, only visit HTTPS websites and use a VPN. Also remove the network from your saved WiFi list after. See the [networking](#networking) section for more details. +**Use Tor** | Advanced | [The Tor Project](https://www.torproject.org/) provides a browser that encrypts and routes your traffic through multiple nodes, keeping users safe from interception and tracking. The main drawbacks are speed and user experience, as well as the possibility of DNS leaks from other programs (see [potential drawbacks](https://github.com/Lissy93/personal-security-checklist/issues/19)) but generally Tor is one of the most secure browser options for anonymity on the web. + +**Use different browsers, for different tasks** | Advanced | Compartmentalizing your activity can make it significantly harder for a malicious actor, company or government to get a clear picture of you through your browsing activity. This may include doing online shopping on 1 browser, using another browser, such as Tor for general browsing, and then a 3rd for, say social media. +**Disable JavaScript** | Advanced | Many modern web apps are JavaScript based, so disabling it will greatly decrease your browsing experience. But if you really want to go all out, then it will really reduce your attack surface. Read more about the growing [risk of JavaScript malware](https://heimdalsecurity.com/blog/javascript-malware-explained/). +**Route all desktop traffic via Tor** | Advanced | [Whonix](https://www.whonix.org/) allows for fail-safe, automatic, and desktop-wide use of the Tor network. It's based on Debian, and runs in a virtual machine. Straight-forward to install on Windows, OSX or Linux. + +**Recommended Software** +- [Privacy Browsers](/5_Privacy_Respecting_Software.md#browsers) +- [Non-Tracking Search Engines](/5_Privacy_Respecting_Software.md#search-engines) +- [Browser Extensions for Security](/5_Privacy_Respecting_Software.md#browser-extensions) + + +## Emails + +Nearly 50 years since the first email was sent, they’re still very much a big part of our day-to-day life, and will probably continue to be for the near future. So considering how much trust we put in them, it’s surprising how fundamentally insecure this infrastructure is. Email-related fraud [is on the up](https://www.csoonline.com/article/3247670/email/email-security-in-2018.html), and without taking basic measures you could be at risk. + +If a hacker gets access to your emails, it provides a gateway for your other accounts to be compromised, therefore email security is paramount for your digital safety. + +It's strongly advised not to use non end-to-end encrypted email, if you can't you should at least follow these guides for simple steps to improve security: [Yahoo](https://heimdalsecurity.com/blog/complete-guide-e-mail-security/#yahoo), [Gmail](https://heimdalsecurity.com/blog/complete-guide-e-mail-security/#gmail), [Outlook](https://heimdalsecurity.com/blog/complete-guide-e-mail-security/#outlook) and [AOL](https://heimdalsecurity.com/blog/complete-guide-e-mail-security/#aol). The easiest way to stay protected is to use a secure mail provider, such as [ProtonMail](https://protonmail.com/) or [Tutanota](https://tutanota.com/). + +**Security** | **Priority** | **Details and Hints** +--- | --- | --- +**Have more than one email address** | Recommended | Keeping your important and safety-critical messages separate from trivial subscriptions such as newsletters is a very good idea. Be sure to use different passwords. This will also make recovering a compromised account after an email breach easier. +**Keep security in mind when logging into emails** | Recommended | Your email account is one of the most important to protect with a secure password. Only sync your emails with your phone, if it is secured (encrypted with password). Don’t allow your browser to save your email password. Prevent man-in-the-middle attacks by only logging in on a secured browser. +**Always be wary of phishing and scams** | Recommended | If you get an email from someone you don’t recognize, don’t reply, don’t click on any links, and absolutely don’t download an attachment. Keep an eye out for senders pretending to be someone else, such as your bank, email provider or utility company. Check the domain, read it, ensure it’s addressed directly to you, and still don’t give them any personal details. Check out [this guide, on how to spot phishing emails](https://heimdalsecurity.com/blog/abcs-detecting-preventing-phishing/). +**Disable automatic loading of remote content in emails** | Recommended | Sometimes advertisers send emails which make reference to remote images, fonts, etc. If these remote resources are loaded automatically, they indicate to the sender that this specific email was received by you. +**Don’t share sensitive information over email** | Optional | Emails are very very easily intercepted. Also you can’t know how secure your recipient's environment is. Don’t share anything personal, such as bank details, passwords, and confidential information over email. Ideally, don’t use email as a primary method of communication. +**Don’t connect third-party apps to your email account** | Optional | If you give a third-party app (like Unroll.me) full access to your inbox, this makes you vulnerable to cyber attacks. The app can be compromised and, as a consequence, cyber criminals would gain unhindered access to all your emails and their contents. +**Consider switching to a more secure email provider** | Optional | Email providers such as [ProtonMail](https://protonmail.com), [CounterMail](https://countermail.com), [HushMail](https://www.hushmail.com/tapfiliate/?tap_a=44784-d2adc0&tap_s=724845-260ce4&program=hushmail-for-small-business) (for business users) or [MailFence](https://mailfence.com?src=digitald) allow for end-to-end encryption, full privacy as well as more security-focused features. See [this guide](https://github.com/OpenTechFund/secure-email) for details of the inner workings of these services. +**Use Aliasing / Anonymous Forwarding** | Advanced | Email aliasing allows messages to be sent to [anything]@my-domain.com and still land in your primary inbox. Effectively allowing you to use a different, unique email address for each service you sign up for. This means if you start receiving spam, you can block that alias and determine which company leaked your email address.
[Anonaddy](https://anonaddy.com) is an open source anonymous email forwarding service allowing you to create unlimited email aliases, with a free plan. As is [33Mail](http://33mail.com/Dg0gkEA), and this feature is also included with [ProtonMail](https://protonmail.com/pricing)'s Visionary package. + +**See also** [Recommended Encrypted Email Providers](/5_Privacy_Respecting_Software.md#encrypted-email) + +## Social Media + +**Security** | **Priority** | **Details and Hints** +--- | --- | --- +**Check your privacy settings** | Recommended | Most social networks allow you to control your privacy settings. Ensure that your profile can only be viewed by people who are in your friends list, and you know personally. +**Only put info on social media that you wouldn’t mind being public** | Recommended | Even with tightened security settings, don’t put anything online that you wouldn’t want to be seen by anyone other than your friends. Don’t rely solely on social networks security. +**Don’t give social networking apps permissions they don’t need** | Recommended | By default many of the popular social networking apps will ask for permission to access your contacts, your call log, your location, your messaging history etc.. If they don’t need this access, don’t grant it. +**Revoke access for apps your no longer using** | Recommended | Instructions: [Facebook](https://www.facebook.com/settings?tab=applications), [Twitter](https://twitter.com/settings/applications), [LinkedIn](https://www.linkedin.com/psettings/third-party-applications), [Instagram](https://www.instagram.com/accounts/manage_access/). +**Use a secure email provider** | Optional | Most email providers completely invade your privacy intercepting both messages sent and received. [ProtonMail](https://protonmail.com) is a secure email provider, that is open source and offers end-to-end encryption. There are alternative secure mail providers (such as [CounterMail](https://countermail.com), [HushMail](https://www.hushmail.com) and [MailFence](https://mailfence.com))- but [ProtonMail](https://protonmail.com) has both a clear interface and strong security record. +**Remove metadata before uploading media** | Optional | Most smartphones and some cameras automatically attach a comprehensive set of additional data to each photograph. This usually includes things like time, date, location, camera model, user etc. Remove this data before uploading. See [this guide](https://www.makeuseof.com/tag/3-ways-to-remove-exif-metadata-from-photos-and-why-you-might-want-to/) for more info. +**Don’t have any social media accounts** | Advanced | It may seem a bit extreme, but if you're serious about data privacy and security, stay away from entering information on any social media platform. + +**Recommended Software** +- [Alternative Social Media](/5_Privacy_Respecting_Software.md#social-networks) +- [Alternative Video Platforms](/5_Privacy_Respecting_Software.md#video-platforms) +- [Alternative Blogging Platforms](/5_Privacy_Respecting_Software.md#blogging-platforms) +- [News Readers and Aggregation](/5_Privacy_Respecting_Software.md#news-readers-and-aggregation) + +## Networking + +This section covers how you connect your devices to the internet, including configuring your router and setting up a VPN. + +A Virtual Private Network (VPN) protects your IP, and allows you to more securely connect to the internet. Use it when connecting to public WiFi or to restrict your ISP from seeing all sites you've visited. Note: VPNs are not a perfect solution and it is important to select a reputable provider, to entrust your data with. Tor provides greater anonymity. + +**Security** | **Priority** | **Details and Hints** +--- | --- | --- +**Use a VPN** | Recommended | Use a reputable, paid-for VPN. Choose one which does not keep logs and preferably is not based under a [5-eyes](https://en.wikipedia.org/wiki/Five_Eyes) jurisdiction. See [That One Privacy Site](https://thatoneprivacysite.net/) for a detailed comparison. As of 2020, [NordVPN](https://nordvpn.com/) and [SurfShark](https://surfshark.com/) are both good all-rounders (for speed, simplicity and security), and [Mullvad](https://mullvad.net/), [OVPN](https://www.ovpn.com/en) and [DoubleHop](https://www.doublehop.me/) are excellent for security. +**Don’t use a default router password** | Recommended | Change your router password- [here is a guide as to how](https://www.lifewire.com/how-to-change-your-wireless-routers-admin-password-2487652). +**Use WPA2** | Recommended | WPA and WEP make it very easy for a hacker to gain access to your router. Use a [WPA2](https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access) password instead. Ensure it is strong: 12+ alpha-numeric characters, avoiding dictionary words. +**Keep router firmware up-to-date** | Recommended | Manufacturers release firmware updates that fix security vulnerabilities, implement new standards and sometimes add features/ improve the performance your router. It's important to have the latest firmware installed, to avoid a malicious actor exploiting an un-patched vulnerability. You can usually update your router by navigating to [192.168.0.1](192.168.0.1) or [192.168.1.1](192.168.1.1) in your browser, entering the credentials on the sticker on the back of you of your router (not your WiFi password!), and following the on-screen instructions. Or follow a guide from your routers manufacturer: [Asus](https://www.asus.com/support/FAQ/1005484/), [D-Link](https://eu.dlink.com/uk/en/support/faq/routers/mydlink-routers/dir-810l/how-do-i-upgrade-the-firmware-on-my-router), [Linksys (older models)](https://www.linksys.com/us/support-article?articleNum=140365), [NetGear](https://kb.netgear.com/23442/How-do-I-update-my-NETGEAR-router-s-firmware-using-the-Check-button-in-the-router-web-interface) and [TP-Link](https://www.tp-link.com/us/support/faq/688/). Newer Linksys and Netgear routers update automatically, as does Google's router. +**Configure your router to use VPN** | Optional | If you set your VPN up on your router, then data from all devices on your home network is encrypted as it leaves the LAN. Again, it's important to select a secure VPN provider, as they will see what your ISP previously had been logging. Follow a guide from your router manufacturer or VPN provider, or see [this article](https://www.howtogeek.com/221889/connect-your-home-router-to-a-vpn-to-bypass-censorship-filtering-and-more/) to get started. Note that depending on your internet connection, and VPN provider, this could slow down your internet. +**Protect against DNS leaks** | Optional | When using a VPN, it is extremely important to exclusively use the DNS server of your VPN provider. For OpenVPN, you can add: `block-outside-dns` to your config file (which will have the extension `.ovn` or `.conf`). If you are unable to do this, then see [this article](https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html) for further instructions. You can check for leaks, using a [DNS Leak Test](https://www.dnsleaktest.com/) +**Use a secure VPN Protocol** | Optional | [OpenVPN](https://en.wikipedia.org/wiki/OpenVPN) is widely used, and currently considered as a secure [tunneling protocol](https://en.wikipedia.org/wiki/Tunneling_protocol), it's also open source, lightweight and efficient. [L2TP](https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol) can be good, but only when configured correctly, whereas it's much harder to go wrong with OpenVPN. Don't use [PPTP](https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol), which is now legacy, and not considered secure, and avoid [SSTP](https://en.wikipedia.org/wiki/Secure_Socket_Tunneling_Protocol) (proprietary, owned by Microsoft and due to lack of transparency, could be vulnerable to exploits). [IKEv2](https://en.wikipedia.org/wiki/Internet_Key_Exchange) and the new [WireGuard](https://www.wireguard.com/) protocol *(experimental)* are also good options. +**Avoid the free router from your ISP** | Optional | Typically they’re manufactured cheaply in bulk in China, and firmware updates which fix crucial security flaws aren’t released regularly. Consider an open source based router, such as [Turris MOX](https://www.turris.cz/en/mox/overview/) +**Ideally hide your SSID** | Optional | An SSID (or Service Set Identifier) is simply your network name. If it is not visible, it is much less likely to be targeted. You can usually hide it after logging into your router admin panel, [see here for more details](https://www.lifewire.com/hide-your-wireless-network-from-your-internet-leeching-neighbors-2487655). +**Whitelist MAC Addresses** | Optional | As well as a strong password, and hidden SSID, you can whitelist MAC addresses in your router settings, disallowing any unknown devices to immediately connect to your network, even if they know your credentials. A malicious actor can bypass this, by cloning their address to appear the same as one of your trusted devices, but it will add an extra step for them. +**Secure DNS** | Advanced | Use [DNS-over-HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) which performs DNS resolution via the HTTPS protocol, encrypting data between you and your DNS resolver. See [CoudFlares 1.1.1.1 Docs](https://1.1.1.1/help) for more details. Don't use Google DNS or other services which collect a lot of data. +**Use the Tor Network** | Advanced | VPNs have their weaknesses, since the provider knows your real details, whereas Tor is anonymous. For optimum security, route all your internet traffic through the Tor network. On Linux you can use [TorSocks](https://gitweb.torproject.org/torsocks.git) and [Privoxy](https://www.privoxy.org/), for Windows you can use [Whonix](https://www.whonix.org/), and on OSX [follow thsese instructions](https://maymay.net/blog/2013/02/20/howto-use-tor-for-all-network-traffic-by-default-on-mac-os-x/). Finally, you can use [OnionPi](https://learn.adafruit.com/onion-pi/overview) to use Tor for all your connected devices, by [configuring a Raspberry Pi to be a Tor Hotspot](https://lifehacker.com/how-to-anonymize-your-browsing-with-a-tor-powered-raspb-1793869805) +**Change your Router's Default IP** | Advanced | Modifying your router admin panels default IP address will makes it more difficult for malicious scripts in your web browser targeting local IP addresses, as well as adding an extra step for local network hackers +**Kill unused processes and services on your router** | Advanced | Services like Telnet and SSH (Secure Shell) that provide command-line access to devices should never be exposed to the internet and should also be disabled on the local network unless they're actually needed. In general, [any service that’s not used should be disabled](https://www.securityevaluators.com/knowledge/case_studies/routers/soho_service_hacks.php) to reduce attack surface. +**Disable WiFi on all Devices** | Advanced | Connecting to even a secure WiFi network increases your attack surface. Disabling your home WiFi and connect each device via Ethernet, and turning off WiFi on your phone and using a USB-C/ Lightening to Ethernet cable will protect against WiFi exploits, as Edward Snowden [says here](https://twitter.com/snowden/status/1175431946958233600?lang=en). + +**Recommended Software** +- [Virtual Private Networks](/5_Privacy_Respecting_Software.md#virtual-private-networks) +- [Mix Networks](/5_Privacy_Respecting_Software.md#mix-networks) +- [Open Source Proxies](/5_Privacy_Respecting_Software.md#proxies) +- [DNS Providers](/5_Privacy_Respecting_Software.md#dns) +- [Firewalls](/5_Privacy_Respecting_Software.md#firewalls) +- [Network Analysis Tools](/5_Privacy_Respecting_Software.md#network-analysis) + + +## Mobile Devices + +Most smartphone apps run in the background, collecting and logging data, making network requests and ultimately creating a clear picture of who you are, just from your data. This is a big problem from both a security and privacy perspective. + +Even non-smart phones, (and even when the screen is off) are constantly connecting to the nearest cell phone towers, (it does this by broadcasting its IMEI and MEID number). The towers then relay this information, along with any communications, to your mobile carrier, who will store these records indefinitely. The movements of your phone are the movements of you as a person, so all phone proximity and data records can always be linked directly back to you. So whenever your phone is on, there is a record of your presence at that place, being created and maintained by companies. + +SMS texting and traditional phone calls are not secure, so it's important to avoid using that to send or receive anything secure (such as log in codes, OTPs or any personal details). Instead use encrypted messaging, like Signal whenever you can. Be wary of who you share your phone number with. + +**Security** | **Priority** | **Details and Hints** +--- | --- | --- +**Turn off connectivity features that aren’t being used** | Recommended | When you're not using WiFi, Bluetooth, NFC or anything else, turn those features off. These are commonly used to easily hack individuals. +**Keep app count to a minimum** | Recommended | Uninstall apps that you don’t need or use regularly. As apps often run in the background, slowing your device down, but also collecting data. +**Don’t grant apps permissions that they don’t need** | Recommended | If an app doesn’t need access to your camera, don’t grant it access. Same with any features of your phone, be wary about what each app has access to. +**Only install Apps from official source** | Recommended | Applications on Apple App Store and Google Play Store are scanned and cryptographically signed, making them less likely to be malicious. Avoid downloading .apk or .ipa files from unverified source. Also check the reviews before downloading a new application. +**Only Charge your Device from a Trusted Source** | Recommended | When you charge your device via USB in a public space, it is possible for malicious actors to gain full access to your device, via [AT Commands](https://en.wikipedia.org/wiki/Hayes_command_set). You can read more about this at https://atcommands.org/ or from [this seminar](https://www.usenix.org/node/217625). To protect yourself, either only charge your phone from trusted sources, or use a [USB Data Blocker](https://amzn.to/30amhja). A Data blocker allows your phone to charge, while blocking the data transfer wires, blocking this exploit or any file transfers to run. ([PortaPow](https://portablepowersupplies.co.uk/) is recommended, since it still allows for fast-charge.) Available in both [USB-A](https://amzn.to/309kPh3) and [USB-C](https://amzn.to/39Wh5nJ). +**Set up a mobile carrier PIN** | Recommended | [SIM hijacking](https://securelist.com/large-scale-sim-swap-fraud/90353/) is when a hacker is able to get your mobile number transferred to their sim (often through social engineering your mobile carrier). This then allows them to receive 2FA SMS codes (enabling them to access your secure accounts, such as banking), or to pose as you. The easiest way to protect against this is to set up a PIN through your mobile provider, thus disallowing anyone without this PIN to make any changes to your account. The PIN should not be easily guessable, and it is important that you remember it, or store is somewhere secure. Using a non-SMS based 2FA method will reduce the damage that can be done if someone is able to take control of your SIM. [Read more](https://us.norton.com/internetsecurity-mobile-sim-swap-fraud.html) about the sim swap scam. +**Opt-out of personal ads** | Optional | In order for ads to be personalized, Google collects data about you, you can slightly reduce the amount they collect by opting-out of seeing personalized ads. See [this guide](https://www.androidguys.com/tips-tools/how-to-disable-personalized-ads-on-android/), for Android instructions. +**Erase after too many login attempts** | Optional | To protect against an attacker brute forcing your pin, if you lose your phone, set your device to erase after too many failed login attempts. See [this iPhone guide](https://www.howtogeek.com/264369/how-to-erase-your-ios-device-after-too-many-failed-passcode-attempts/). You can also do this via Find my Phone, but this increased security comes at a cost of decreased privacy. +**Monitor Trackers** | Optional | A tracker is a piece of software meant to collect data about you or your usages. [εxodus](https://reports.exodus-privacy.eu.org/en/) is a great service which lets you search for any app, by its name, and see which trackers are embedded in it. They also have [an app](https://play.google.com/store/apps/details?id=org.eu.exodus_privacy.exodusprivacy) which shows trackers and permissions for all your installed apps. +**Install a Firewall** | Optional | To prevent applications from leaking privacy-sensitive data, you can install a firewall app. This will make it easier to see and control which apps are making network requests in the background, and allow you to block specific apps from roaming when the screen is turned off. For Android, check out [NetGuard](https://www.netguard.me/), and for iOS there is [LockDown](https://apps.apple.com/us/app/lockdown-apps/id1469783711), both of which are open source. Alternatively there is [NoRootFirewall](https://play.google.com/store/apps/details?id=app.greyshirts.firewall) *Android*, [XPrivacy](https://github.com/M66B/XPrivacy) *Android (root required)*, [Fyde](https://apps.apple.com/us/app/fyde-mobile-security-access/) *iOS* and [Guardian Firewall](https://guardianapp.com/) *iOS*. +**Use secure, privacy-respecting apps** | Optional | Mainstream apps have a reputation for not respecting the privacy of their users, and they're usually closed-source meaning vulnerabilities can be hidden. [Prism-Break](https://prism-break.org) maintains a list of better alternatives, see [Android](https://prism-break.org/en/categories/android/) and [iOS](https://prism-break.org/en/categories/ios/). +**Use Signal, instead of SMS** | Optional | SMS may be convenient, but it's [not secure](https://www.fortherecordmag.com/archives/0315p25.shtml). [Signal](https://signal.org) is both the most secure and private option. [Silence](https://silence.im/) (encrypted SMS), [Threema](https://threema.ch), [Wire](https://wire.com/en/)(enterprise) and [Riot](https://about.riot.im/) are also encrypted.[iMessage](https://techcrunch.com/2014/02/27/apple-explains-exactly-how-secure-imessage-really-is/) and [WhatsApp](https://www.whatsapp.com) do claim to be [end-to-end-encrypted](https://signal.org/blog/whatsapp-complete/), but since they are not open source, verifying this is harder, and the private companies which own them (Apple and Facebook), have a questionable reputation when it comes to protecting users privacy. Keep in mind that although the transmission may be secured, messages can still be read if your or your recipients' devices have been compromised. +**Avoid using your real phone number when signing up for an account or service** | Optional | Where possible, avoid giving out your real phone number while creating accounts online. You can create phone numbers using services such as [Google Voice](https://voice.google.com) or [Skype](https://www.skype.com/en/features/online-number/). For temporary usage you can use a service like [iNumbr](https://www.inumbr.com) that generates a phone number that forwards messages and calls to your main number. +**Watch out for Stalkerware** | Optional | This is a malware that is installed directly onto your device by someone you know (partner, parent, boss etc.). It allows them to see your location, messages and other app data remotely. The app likely won't show up in your app draw, (but may visible in Settings --> Applications --> View All). Sometimes they can be disguised as a non-conspicuous app (such as a game, flashlight or calculator) which initially don't appear suspicious at all. Look out for unusual battery usage, network requests or high device temperature. If you suspect that stalkerware is on your device, the best way to get rid of it is through a factory reset. See [this guide](https://blog.malwarebytes.com/stalkerware/2019/10/how-to-protect-against-stalkerware-a-murky-but-dangerous-mobile-threat/) for more details. +**Sandbox Mobile Apps** | Advanced | Prevent permission-hungry apps from accessing your private data with [Island](https://play.google.com/store/apps/details?id=com.oasisfeng.island). It is a sandbox environment to clone selected apps and isolate them from accessing your personal data outside the sandbox (including call logs, contacts, photos and etc.) even if related permissions are granted. +**Consider Orbot** | Advanced | [Orbot](https://guardianproject.info/apps/orbot/) provides a system-wide [Tor](https://www.torproject.org/) connection. Although more secure than a VPN, it will be slower- see [Networking](#networking) section for more details. +**Consider running a custom ROM if you have an Android device** | Advanced | Your default OS tracks information about your usage, and app data, constantly. Consider a privacy-focused custom ROM, such as [Lineage](https://lineageos.org) or [CopperheadOS](https://copperhead.co/android/). + +**Recommended Software** +- [Mobile Apps, for Security + Privacy](/5_Privacy_Respecting_Software.md#mobile-apps) +- [Encrypted Messaging](/5_Privacy_Respecting_Software.md#encrypted-messaging) +- [Mobile Operation Systems](/5_Privacy_Respecting_Software.md#mobile-operating-systems) + +## Personal Computers + +Although Windows and OS X are easy to use and convenient, they both are far from secure. Your OS provides the interface between hardware and your applications, so if compromised can have detrimental effects. + +**Security** | **Priority** | **Details and Hints** +--- | --- | --- +**Keep your OS up-to-date** | Recommended | Microsoft, Apple and Google release regular OS updates, which fix security flaws. Always keep your device updated. +**Enable Firewall** | Recommended | A firewall is a program which monitors the incoming and outgoing traffic on your network, and blocks requests based on rules set during its configuration. Properly configured, a firewall can protect against some (but not all) attempts to remotely access your computer.
Follow these instructions to enable your firewall in [Windows](https://support.microsoft.com/en-us/help/4028544/windows-10-turn-windows-defender-firewall-on-or-off), [Mac OS](https://support.apple.com/en-us/HT201642), [Ubuntu](https://wiki.ubuntu.com/UncomplicatedFirewall) and other [Linux ditros](https://www.tecmint.com/start-stop-disable-enable-firewalld-iptables-firewall) +**Attach only known and trusted external hardware** | Recommended | Over the years there have been a variety of vulnerabilities in each major operating system relating to connecting untrusted hardware. In some cases the hardware talks to the host computer in a way the host computer does not expect, exploiting a vulnerability and directly infecting the host +**Don't charge unknown mobile devices from your PC** | Optional | If friends or colleagues want to charge their devices via USB, do not do this through your computers ports (unless you have a data blocker). By default the phone will want to sync to the host computer, but there is also specially crafted malware which takes advantage of the face that computers naturally trust connected USB devices. The owner of the phone may not even realize their device is infected +**Encrypt and Backup Important Files** | Optional | Backing up your phone can help keep your important data safe, if your device is lost, stolen or broken. But if you put your backup encrypted in the cloud, cloud providers will have access to it (if you don't pay for the service, then you are the product!).
[Cryptomator](https://cryptomator.org/) is an open source tool that makes this easy. It also works alongside [MountainDuck](https://mountainduck.io/) for mounting your remote drives on Windows and Mac. Other non-open-source options are [BoxCrypter](https://www.boxcryptor.com/), [Encrypto](https://macpaw.com/encrypto) and [odrive](https://www.odrive.com/). +**Uninstall Adobe Acrobat** | Optional | Adobe Acrobat was designed in a different age, before the Internet. Acrobat has had vulnerabilities that allowed specially crafted PDFs to load malware onto your system for the last two decades. Undoubtedly more vulnerabilities remain. You can use your browser to view PDFs, and browser-based software for editing +**Consider Switching to Linux** | Optional | Linux is considerably [more secure](https://www.pcworld.com/article/202452/why_linux_is_more_secure_than_windows.html) than both OSX and Windows. Some distros are still more secure than others, so it’s worth choosing the right one to get a balance between security and convenience. +**Avoid PC Apps that are not secure** | Optional | Mainstream apps have a reputation for not respecting the privacy of their users, and they're usually closed-source meaning vulnerabilities can be hidden. See here for compiled list of secure PC apps for [Windows](https://prism-break.org/en/categories/windows/), [OSX](https://prism-break.org/en/categories/macos/) and [Linux](https://prism-break.org/en/categories/gnu-linux/). +**Use a Security-Focused Distro** | Advanced | [QubeOS](https://www.qubes-os.org/) is based on “security by compartmentalization”, where each app is sandboxed. [Whonix](https://www.whonix.org/) is based on Tor, so 100% of your traffic will go through the onion router. [Tails](https://tails.boum.org/) is specifically designed to be run on a USB key and is ideal if you don’t want to leave a trace on the device your booting from. [Subgraph](https://subgraph.com/) is an “adversary resistant computing platform”, but also surprisingly easy to use +**Password protect your BIOS and drives** | Advanced | A BIOS or UEFI password helps to make an inexperienced hacker's life a little bit harder if they get a hold of your PC or hard drive, [here is a guide on how to do it](https://www.howtogeek.com/186235/how-to-secure-your-computer-with-a-bios-or-uefi-password/). +**Canary Tokens** | Advanced | Network breaches happen, but the longer it takes for you to find out about it, the more damage is done. A canary token is like a hacker honeypot, something that looks appealing to them once they've gained access to your system. When they open the file, unknowingly to them, a script is run which will not only alert you of the breach, but also grab some of the hackers system details.
[CanaryTokens.org](https://canarytokens.org/generate) and [BlueCloudDrive](https://blueclouddrive.com/generate) are excellent sites, that you can use to generate your tokens. Then just leave them somewhere prominent on your system. [Learn more](https://blog.thinkst.com/p/canarytokensorg-quick-free-detection.html) about canary tokens, or see [this guide](https://resources.infosecinstitute.com/how-to-protect-files-with-canary-tokens/) for details on how to create them yourself. + +**Recommended Software** +- [File Encryption](/5_Privacy_Respecting_Software.md#file-encryption) +- [AV and Malware Prevention](/5_Privacy_Respecting_Software.md#anti-virus-and-malware-prevention) +- [Operating Systems](/5_Privacy_Respecting_Software.md#operating-systems) + +## Smart Home + +Home assistants (such as Google Home, Alexa and Siri) and other internet connected devices collect large amounts of personal data (including voice samples, location data, home details and logs of all interactions). Since you have limited control on what is being collected, how it's stored, and what it will be used for, this makes it hard to recommend any consumer smart-home products to anyone who cares about privacy and security. + +Security vs Privacy: There are many smart devices on the market that claim to increase the security of your home while being easy and convenient to use (Such as [Cave Burglar Alarm](https://amzn.to/2Rx83Fb), [Blink Cam](https://amzn.to/30ylzg9), [Yale Lock](https://amzn.to/2tnQzDv) and [Ring Doorbell](https://amzn.to/2ufQ1zi) to name a few). These devices may appear to make security easier, but there is a trade-off in terms of privacy: as they collect large amounts of personal data, and leave you without control over how this is stored or used. The security of these devices is also questionable, since many of them can be (and are being) hacked, allowing an intruder to bypass detection with minimum effort. + +The most privacy-respecting option, would be to not use "smart" internet-connected devices in your home, and not to rely on a security device that requires an internet connection. But if you do, it is important to fully understand the risks of any given product, before buying it. Then adjust settings to increase privacy and security. The following checklist will help mitigate the risks associated with internet-connected home devices. + +**Security** | **Priority** | **Details and Hints** +--- | --- | --- +**Rename devices to not specify brand/model** | Recommended | If your device name shows what brand or model it is, it will make it easier for a malicious actor launch an attack targeting a specific device. For example avoid names like "Nest Cam", "Yale Lock YRD 256" or "Hive Thermostat". It's usually easy to change the device's default name. +**Disable microphone and camera when not in use** | Recommended | Smart speakers and other voice controlled devices store sound clips on a server (and sometimes monitored by employees to improve the speech detection), any accidental recordings could disclose sensitive or personal data. A targeted attack could also allow someone to gain control of a microphone/ camera, so using the hardware switch to turn it off will help protect from that. +**Understand what data is collected, stored and transmitted** | Recommended | Before purchasing any smart home device, do some research - and ensure that you understand, and are comfortable with what is being collected and how it is stored and used. Don't buy devices that share anything with third parties, and check the data [breach]([https://www.dehashed.com/breach](https://www.dehashed.com/breach)) database. +**Set privacy settings, and opt out of sharing data with third parties** | Recommended | Once installed, go to settings in the app, and under privacy ensure the strictest options are selected. Usually by default, the most possible data is being collected. +**Don't link your smart home devices to your real identity** | Recommended | Use a unique user name and password which does not identify you, your family, your location or any other personal details. When creating an account for a new smart home device, do not sign up/log in with Facebook, Google or any other third-party service. +**Keep firmware up-to-date** | Recommended | Ensure firmware versions on smart devices are up-to-date and software patches have been applied. Most smart home apps will notify you when a new firmware version is available, so all you have to do it accept and install. +**Protect your Network** | Recommended | On many smart home devices, anybody connected to your home WiFi is able to view the device content (such as camera footages, or motion statistics). So ensure that your WiFi and home networks are properly secured with a strong password and up-to-date firmware. (See the [Router Section](#your-router) for more details) +**Be wary of wearables** | Optional | Wearable smart devices allow companies to log even more data than ever before; they can track your every move to know exactly where you are and what you are doing at any given time. Again, you as the consumer have no control over what is done with that data. +**Don't connect your home's critical infrastructure to the Internet** | Optional | While a smart thermostat, burglar alarm, smoke detector and other appliances may seem convenient, they by design can be accessed remotely, meaning a hacker can gain control of your entire home, without even needing to be nearby. And by breaching multiple devices, the effects can be very serious. +**Don't use Alexa/ Google Home** | Optional | It is a known fact that voice-activated assistants collect a lot of personal data. Consider switching to [MyCroft](https://mycroft.ai/) which is an open source alternative, with much better privacy. +**Monitor your home network closely** | Optional | Check your local network for suspicious activity. One of the easier methods to do this is with [FingBox](https://amzn.to/38mdw8F), but you can also do it directly [through some routers](https://www.howtogeek.com/222740/how-to-the-monitor-the-bandwidth-and-data-usage-of-individual-devices-on-your-network/). +**Deny Internet access where possible** | Advanced | If possible deny the device/ app internet access, and use it only on your local network. You can configure a firewall to block certain devices from sending or receiving from the internet. +**Assess risks** | Advanced | Assess risks with your audience and data in mind: Be mindful of whose data is being collected, e.g. kids. Manage which devices can operate when (such as turning cameras off when you are at home, or disabling the internet for certain devices at specific times of day) + +**Recommended Software** +- [Home Automation](/5_Privacy_Respecting_Software.md#home-automation) +- [AI Voice Assistants](/5_Privacy_Respecting_Software.md#ai-voice-assistants) + + +## Sensible Computing + +Many data breaches, hacks and attacks are caused by human error. The following list contains steps you should take, to reduce the risk of this happening to you. Many of them are common sense, but it's worth takin note of. + + +**Security** | **Priority** | **Details and Hints** +--- | --- | --- +**If an email asks you to take a sensitive action, verify it first** | Recommended | Emails are easy for an attacker to spoof, and it is unfortunately common practice. So whenever an email asks you to take a sensitive action, call the company first, to verify it is authentic +**Don’t Trust Your Popup Notifications** | Recommended | It is a trivial task for a malicious actor to deploy fake pop-ups, either on your PC, phone or browser. If you click a popup, ensure the URL is correct before entering any information +**Never Leave Device Unattended** | Recommended | Even with a strong password, it's straight-forward to retrieve the data from your phone or computer (unless it is encrypted). If you lose your device, and have find my phone enabled, then remotely erase it +**Prevent Camfecting** | Recommended | It is a good idea to invest in some webcam covers, and microphone blockers to protect against [*camfecting*](https://en.wikipedia.org/wiki/Camfecting), where a malicious actor, or app is able spy on you and your physical space, without your knowledge. See [this guide](https://blog.malwarebytes.com/hacking-2/2019/09/15000-webcams-vulnerable-how-to-protect-webcam-hacking/) for more tips. Mute home assistants, (Alexa, Google Home and Siri) when you are not using them, or at least when you are discussing anything sensitive or anything conversation involving personal details +**Stay protected from shoulder surfers** | Recommended | Be sure to not let anyone 'shoulder surf' (read what is on your screen, when in public space). As they may be able to gather sensitive information about you. You could apply a privacy screen to your [laptop](https://amzn.to/2H7pOX7) and [mobile](https://amzn.to/39oHWrA), in order to restrict data being read from an angle +**Educate yourself about phishing attacks** | Recommended | Phishing is an attempt to obtain sensitive information (like an account password) by disguising as a trustworthy person or company. In recent years phishing attacks have become increasingly sophisticated and hackers are learning to use data that people put on the web to create highly specific and targeted attacks. Check the URL before entering any information. Understand the context- were you expecting the email or message, does it feel normal? Employ general good security practices will also help: Use 2FA, don't reuse passwords, close accounts you no longer use and backup your data. See these guides on: [How to Protect against Common Phishing Attacks](https://www.tripwire.com/state-of-security/security-awareness/6-common-phishing-attacks-and-how-to-protect-against-them) and [The Anatomy of a Phishing Email](https://www.howtogeek.com/58642/online-security-breaking-down-the-anatomy-of-a-phishing-email/) +**Watch out for Stalkerware** | Recommended | This is a malware that is installed directly onto your device by someone you know (partner, parent, boss etc). It allows them to see your location, messages and other app data remotely. The app likely won't show up in your app draw, (but may visible in Settings --> Applications --> View All). Sometimes they can be disguised as a non-conspicuous app (such as a game, flashlight or calculator) which initially don't appear suspicious at all. Look out for unusual battery usage, network requests or high device temperature. If you suspect that stalker ware is on your device, the best way to get rid of it is through a factory reset +**Install Reputable Software from Trusted Sources** | Recommended | It may seem obvious, but so much of the malware many PC users encounter is often as a result of accidentally downloading and installing bad software. Also, some legitimate applications try to offer you slightly dodgy freeware (such as toolbars, anti-virus, and other utilities). Be sure to pay attention while completing the installation process. Only download software from legitimate sources (often this isn't the top result in Google) so it's important to double check before downloading. Before installing, check it in [Virus Total](https://www.virustotal.com), which scans installable files using multiple AV checkers +**Store personal data securely** | Recommended | Backing up important data is important. But ensure that all information that is stored on your phone/laptop, USB or in a cloud is encrypted. That way, if it is accessed by a hacker (which unfortunately is all too common), it will be almost impossible for them to get to your personal files. For USB devices, see [VeraCrypt](https://www.veracrypt.fr/en/Home.html). For cloud backup, see [Cryptomator](https://cryptomator.org), and for your phone and laptop, see [this guide](https://www.howtogeek.com/260507/psa-encrypt-your-pc-phone-and-tablet-now.-youll-regret-it-later-if-you-dont) +**Do not assume a site is secure, just because it is `HTTPS`** | Recommended | Unlike HTTP, data sent over HTTPS is encrypted. However that does not mean you should trust that website by default. HTTPS Certificates can be obtained by anybody, so a cloned or scam site may have a valid certificate (as denoted by the padlock icon). Always check the URL, and don't enter any personal details unless you are certain a website is legitimate. Avoid entering data on any site that is not HTTPS +**Use Credit Cards, or Virtual Cards when paying online** | Optional | There are risks involved in entering your card details on any website. Credit cards have better consumer protection, compared to debit or bank cards, meaning you are more likely to be recompensated for fraudulent transactions. Better still, paying with a virtual, 1-time card will mean that even if those credentials are compromised a hacker will not be able to lift any of your money. [Privacy.com](https://privacy.com/join/VW7WC) offer virtual payment cards for that you can use anywhere on the internet, as does [Revolut Premium](revolut.ngih.net/Q9jdx) +**Review application permissions** | Optional | Ensure that no app have unnecessary access to your photos, camera, location, contacts, microphone, call logs etc. See these guides for how to manage app permissions on [Android](https://www.howtogeek.com/230683/how-to-manage-app-permissions-on-android-6.0) and [iOS](https://www.howtogeek.com/211623/how-to-manage-app-permissions-on-your-iphone-or-ipad). On Android, there is a great app called [Exodus Privacy](https://play.google.com/store/apps/details?id=org.eu.exodus_privacy.exodusprivacy), that displays all permissions, and trackers for each of your installed apps +**Opt-out of data sharing** | Optional | Many apps and services automatically opt you in for data collection and sharing. Often this data is sold onto third-parties, who buy customer logs from many companies, and are therefore able to combine them together and easily deduce your identity, and combine it with your habits, purchases, personal details, location etc. For instructions on how to opt-out, see [Simple Opt Out](https://simpleoptout.com) +**Review and update social media privacy** | Optional | Companies regularly update their terms, and that often leads to you being opted back. Check you Facebook, Twitter, Google etc. activity and privacy settings. See also [re-consent](https://github.com/cliqz-oss/re-consent) and [Jumbo](https://www.jumboprivacy.com) which are tools aimed at making this clearer and easier +**Compartmentalize** | Advanced | [Compartmentalization](https://en.wikipedia.org/wiki/Compartmentalization_(information_security)) is where to keep several categories of digital activity and files totally separate from each other. It means that if one area is breached, then an attacker will only have a proportion of your data, and the rest will still be safe. For example, store your work and personal files on separate devices, or use different web browsers for different types of activity, or even run certain tasks in a contained VM or on a separate device (such as having a work phone, and personal phone, or using a separate browser for social media/ chat rooms, or even running a VM for using specialist software) +**Use anonymous payment methods** | Advanced | Paying online with credit or debit card involves entering personal details, including name and residential address. Paying with cryptocurrency will not require you to enter any identifiable information. Both [Monero](https://www.getmonero.org) and [Zcash](https://z.cash/) are totally anonymous, and so best for privacy. See also: [Anonymous Payment Methods](/5_Privacy_Respecting_Software.md#payment-methods) + +**See also**: [Online Tools](/5_Privacy_Respecting_Software.md#online-tools) + +---- + +#### There's more to check out! +- [Why Privacy & Security Matters](/0_Why_It_Matters.md) +- [Privacy-Respecting Software](/5_Privacy_Respecting_Software.md) +- [Privacy & Security Gadgets](/6_Privacy_and-Security_Gadgets.md) +- [Further Links + More Awesome Stuff](/4_Privacy_And_Security_Links.md) + +#### Other Awesome Security Lists +- @sbilly/[awesome-security](https://github.com/sbilly/awesome-security) +- @0x4D31/[awesome-threat-detection](https://github.com/0x4D31/awesome-threat-detection) +- @hslatman/[awesome-threat-intelligence](https://github.com/hslatman/awesome-threat-intelligence) +- @PaulSec/[awesome-sec-talks](https://github.com/PaulSec/awesome-sec-talks) +- @Zbetcheckin/[security_list](https://github.com/zbetcheckin/Security_list) + +[See More](/4_Privacy_And_Security_Links.md#other-github-security-lists) + +---- + +## Notes + +*Thanks for visiting, hope you found something useful here :) Contributions are welcome, and much appreciated - to propose an edit [raise an issue](https://github.com/Lissy93/personal-security-checklist/issues/new/choose), or [open a PR](https://github.com/Lissy93/personal-security-checklist/pull/new/master). See: [`CONTRIBUTING.md`](/.github/CONTRIBUTING.md).* + +*I owe a lot of thanks others who've conducted research, written papers, developed software all in the interest of privacy and security. Full attributions and references found in [`ATTRIBUTIONS.md`](/ATTRIBUTIONS.md).* + +*Disclaimer: This is not an exhaustive list, and aims only to be taken as guide.* + +*Licensed under [Creative Commons, CC BY 4.0](https://creativecommons.org/licenses/by/4.0/), © [Alicia Sykes](https://aliciasykes.com) 2020* + +[![Attribution 4.0 International](https://licensebuttons.net/l/by/3.0/88x31.png)](/LICENSE.md) + +--- + +Get in touch 📬 + +[![Alicia Sykes on Twitter](https://img.shields.io/twitter/follow/Lissy_Sykes?style=social&logo=twitter)](https://twitter.com/Lissy_Sykes) +[![Alicia Sykes on GitHub](https://img.shields.io/github/followers/lissy93?label=Lissy93&style=social)](https://github.com/Lissy93) +[![Alicia Sykes on Mastodon](https://img.shields.io/mastodon/follow/1032965?domain=https%3A%2F%2Fmastodon.social)](https://mastodon.social/web/accounts/1032965) +[![Alicia Sykes on Keybase](https://img.shields.io/badge/aliciasykes--lightgrey?style=social&logo=Keybase)](https://keybase.io/aliciasykes) +[![Alicia Sykes's PGP](https://img.shields.io/badge/PGP--lightgrey?style=social&logo=Let%E2%80%99s%20Encrypt)](https://keybase.io/aliciasykes/pgp_keys.asc) +[![Alicia Sykes's Website](https://img.shields.io/badge/aliciasykes.com--lightgrey?style=social&logo=Tencent%20QQ)](https://aliciasykes.com) + +---- + +Found this helpful? Consider sharing it with others, to help them also improve their digital security 😇 + +[![Share on Twitter](https://img.shields.io/badge/Share-Twitter-17a2f3?style=for-the-badge&logo=Twitter)](http://twitter.com/share?text=Check%20out%20the%20Personal%20Cyber%20Security%20Checklist-%20an%20ultimate%20list%20of%20tips%20for%20protecting%20your%20digital%20security%20and%20privacy%20in%202020%2C%20with%20%40Lissy_Sykes%20%F0%9F%94%90%20%20%F0%9F%9A%80&url=https://github.com/Lissy93/personal-security-checklist) +[![Share on LinkedIn](https://img.shields.io/badge/Share-LinkedIn-0077b5?style=for-the-badge&logo=LinkedIn)]( +http://www.linkedin.com/shareArticle?mini=true&url=https://github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=https://github.com/Lissy93) +[![Share on Facebook](https://img.shields.io/badge/Share-Facebook-4267b2?style=for-the-badge&logo=Facebook)](https://www.linkedin.com/shareArticle?mini=true&url=https%3A//github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=) +[![Share on Mastodon](https://img.shields.io/badge/Share-Mastodon-56a7e1?style=for-the-badge&logo=Mastodon)](https://mastodon.social/web/statuses/new?text=Check%20out%20the%20Ultimate%20Personal%20Cyber%20Security%20Checklist%20by%20%40Lissy93%20on%20%23GitHub%20%20%F0%9F%94%90%20%E2%9C%A8) + diff --git a/index.html b/index.html index e239f32..6e50564 100644 --- a/index.html +++ b/index.html @@ -32,7 +32,6 @@ themeColor: '#060b2b', notFoundPage: '_404.html', coverpage: '_coverpage.html', - basePath: 'https://raw.githubusercontent.com/Lissy93/personal-security-checklist/master/', loadNavbar: true, onlyCover: true, executeScript: true,