|
|
|
|
@@ -6,15 +6,50 @@ description: Your threat model is personal to you, but these are some of the thi
|
|
|
|
|
|
|
|
|
|
Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
|
|
|
|
|
|
|
|
|
|
- <span class="pg-purple">:material-incognito: Anonymity</span> - Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically.
|
|
|
|
|
- <span class="pg-red">:material-target-account: Targeted Attacks</span> - Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically.
|
|
|
|
|
- <span class="pg-orange">:material-bug-outline: Passive Attacks</span> - Being protected from things like malware, data breaches, and other attacks that are made against many people at once.
|
|
|
|
|
- <span class="pg-viridian">:material-package-variant-closed-remove: Supply Chain Attacks</span> - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
|
|
|
|
|
- <span class="pg-teal">:material-server-network: Service Providers</span> - Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server).
|
|
|
|
|
- <span class="pg-blue">:material-eye-outline: Mass Surveillance</span> - Protection from government agencies, organizations, websites, and services which work together to track your activities.
|
|
|
|
|
- <span class="pg-brown">:material-account-cash: Surveillance Capitalism</span> - Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors.
|
|
|
|
|
- <span class="pg-green">:material-account-search: Public Exposure</span> - Limiting the information about you that is accessible online—to search engines or the general public.
|
|
|
|
|
- <span class="pg-blue-gray">:material-close-outline: Censorship</span> - Avoiding censored access to information or being censored yourself when speaking online.
|
|
|
|
|
<span class="pg-purple">:material-incognito: **Anonymity**</span>
|
|
|
|
|
:
|
|
|
|
|
|
|
|
|
|
Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically.
|
|
|
|
|
|
|
|
|
|
<span class="pg-red">:material-target-account: **Targeted Attacks**</span>
|
|
|
|
|
:
|
|
|
|
|
|
|
|
|
|
Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically.
|
|
|
|
|
|
|
|
|
|
<span class="pg-viridian">:material-package-variant-closed-remove: **Supply Chain Attacks**</span>
|
|
|
|
|
:
|
|
|
|
|
|
|
|
|
|
Typically a form of <span class="pg-red">:material-target-account: Targeted Attack</span> that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
|
|
|
|
|
|
|
|
|
|
<span class="pg-orange">:material-bug-outline: **Passive Attacks**</span>
|
|
|
|
|
:
|
|
|
|
|
|
|
|
|
|
Being protected from things like malware, data breaches, and other attacks that are made against many people at once.
|
|
|
|
|
|
|
|
|
|
<span class="pg-teal">:material-server-network: **Service Providers**</span>
|
|
|
|
|
:
|
|
|
|
|
|
|
|
|
|
Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server).
|
|
|
|
|
|
|
|
|
|
<span class="pg-blue">:material-eye-outline: **Mass Surveillance**</span>
|
|
|
|
|
:
|
|
|
|
|
|
|
|
|
|
Protection from government agencies, organizations, websites, and services which work together to track your activities.
|
|
|
|
|
|
|
|
|
|
<span class="pg-brown">:material-account-cash: **Surveillance Capitalism**</span>
|
|
|
|
|
:
|
|
|
|
|
|
|
|
|
|
Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors.
|
|
|
|
|
|
|
|
|
|
<span class="pg-green">:material-account-search: **Public Exposure**</span>
|
|
|
|
|
:
|
|
|
|
|
|
|
|
|
|
Limiting the information about you that is accessible online—to search engines or the general public.
|
|
|
|
|
|
|
|
|
|
<span class="pg-blue-gray">:material-close-outline: **Censorship**</span>
|
|
|
|
|
:
|
|
|
|
|
|
|
|
|
|
Avoiding censored access to information or being censored yourself when speaking online.
|
|
|
|
|
|
|
|
|
|
Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with <span class="pg-viridian">:material-package-variant-closed-remove: Supply Chain Attacks</span> and <span class="pg-red">:material-target-account: Targeted Attacks</span>. They will likely still want to protect their personal data from being swept up in <span class="pg-blue">:material-eye-outline: Mass Surveillance</span> programs. Similarly, many people may be primarily concerned with <span class="pg-green">:material-account-search: Public Exposure</span> of their personal data, but they should still be wary of security-focused issues, such as <span class="pg-orange">:material-bug-outline: Passive Attacks</span>—like malware affecting their devices.
|
|
|
|
|
|
|
|
|
|
@@ -45,6 +80,8 @@ Skrivbordsoperativsystem släpar i allmänhet efter vid korrekt sandlåda. Chrom
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
## Attacks against Specific Individuals
|
|
|
|
|
|
|
|
|
|
<span class="pg-red">:material-target-account: Riktade attacker</span>
|
|
|
|
|
|
|
|
|
|
Riktade attacker mot en specifik person är mer problematiska att hantera. Vanliga attacker är att skicka skadliga dokument via e-post, utnyttja sårbarheter (t.ex. i webbläsare och operativsystem) och fysiska attacker. Om detta är ett problem för dig bör du använda mer avancerade strategier för att minska hoten.
|
|
|
|
|
@@ -58,6 +95,8 @@ I **webbläsare**, **emailklienter** och **kontorsprogram** körs vanligtvis kod
|
|
|
|
|
|
|
|
|
|
If you are concerned about **physical attacks** you should use an operating system with a secure verified boot implementation, such as Android, iOS, macOS, or [Windows (with TPM)](https://learn.microsoft.com/windows/security/information-protection/secure-the-windows-10-boot-process). Du bör också se till att enheten är krypterad och att operativsystemet använder en TPM eller Secure [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) eller [Element](https://developers.google.com/android/security/android-ready-se) för att begränsa försöken att ange krypteringsfrasen. Du bör undvika att dela din dator med personer du inte litar på, eftersom de flesta stationära operativsystem inte krypterar data separat per användare.
|
|
|
|
|
|
|
|
|
|
## Attacks against Certain Organizations
|
|
|
|
|
|
|
|
|
|
<span class="pg-viridian">:material-package-variant-closed-remove: Supply Chain Attacks</span>
|
|
|
|
|
|
|
|
|
|
Supply chain attacks are frequently a form of <span class="pg-red">:material-target-account: Targeted Attack</span> towards businesses, governments, and activists, although they can end up compromising the public at large as well.
|
|
|
|
|
@@ -71,19 +110,19 @@ A notable example of this occurred in 2017 when M.E.Doc, a popular accounting so
|
|
|
|
|
|
|
|
|
|
There are few ways in which this type of attack might be carried out:
|
|
|
|
|
|
|
|
|
|
1. A contributor or employee might work their way into a position of power within a project or organization, then abuse that position by adding malicious code.
|
|
|
|
|
1. A contributor or employee might first work their way into a position of power within a project or organization, and then abuse that position by adding malicious code.
|
|
|
|
|
2. A developer may be coerced by an outside party to add malicious code.
|
|
|
|
|
3. An individual or group might identify a third party software dependency (also known as a library) and work to infiltrate it with the above two methods, knowing that it will be used by "downstream" software developers.
|
|
|
|
|
|
|
|
|
|
These sorts of attacks can require a lot of time and preparation to perform and are risky because they can be detected, particularly in open source projects if they are popular and have outside interest. Unfortunately they're also one of the most dangerous as they are very hard to mitigate entirely. We would encourage readers only use software which has a good reputation and makes an effort to reduce risk by:
|
|
|
|
|
These sorts of attacks can require a lot of time and preparation to perform and are risky because they can be detected, particularly in open source projects if they are popular and have outside interest. Unfortunately they're also one of the most dangerous as they are very hard to mitigate entirely. We would encourage readers to only use software which has a good reputation and makes an effort to reduce risk by:
|
|
|
|
|
|
|
|
|
|
1. Only adopting popular software that has been around for a while. The more interest in a project the greater likelihood that external parties will notice malicious changes. A malicious actor will also need to spend more time gaining community trust with meaningful contributions.
|
|
|
|
|
1. Only adopting popular software that has been around for a while. The more interest in a project, the greater likelihood that external parties will notice malicious changes. A malicious actor will also need to spend more time gaining community trust with meaningful contributions.
|
|
|
|
|
2. Finding software which releases binaries with widely-used, trusted build infrastructure platforms, as opposed to developer workstations or self-hosted servers. Some systems like GitHub Actions let you inspect the build script that runs publicly for extra confidence. This lessens the likelihood that malware on a developer's machine could infect their packages, and gives confidence that the binaries produced are in fact produced correctly.
|
|
|
|
|
3. Looking for code signing on individual source code commits and releases, which creates an auditable trail of who did what. For example: Was the malicious code in the software repository? Which developer added it? Was it added during the build process?
|
|
|
|
|
4. Checking whether the source code has meaningful commit messages (such as [conventional commits](https://conventionalcommits.org)) which explain what the change is supposed to accomplish. Clear messages can make it easier for outsiders to the project to verify, audit, and find bugs.
|
|
|
|
|
5. Noting the number of contributors or maintainers a program has. A lone developer may be more susceptible to being coerced into adding malicious code by an external party, or to negligently enable undesirable behavior. This may very well mean software developed by "Big Tech" has more scrutiny than a lone developer who doesn't answer to anyone.
|
|
|
|
|
4. Checking whether the source code has meaningful commit messages (such as [conventional commits](https://conventionalcommits.org)) which explain what each change is supposed to accomplish. Clear messages can make it easier for outsiders to the project to verify, audit, and find bugs.
|
|
|
|
|
5. Noting the number of contributors or maintainers a program has. A lone developer may be more susceptible to being coerced into adding malicious code by an external party, or to negligently enabling undesirable behavior. This may very well mean software developed by "Big Tech" has more scrutiny than a lone developer who doesn't answer to anyone.
|
|
|
|
|
|
|
|
|
|
## Sekretess från tjänsteleverantörer
|
|
|
|
|
## Privacy from Service Providers
|
|
|
|
|
|
|
|
|
|
<span class="pg-teal">:material-server-network: Tjänsteleverantörer</span>
|
|
|
|
|
|
|
|
|
|
@@ -98,7 +137,7 @@ Tack och lov kan E2EE lindra detta problem genom att kryptera kommunikationen me
|
|
|
|
|
|
|
|
|
|
I praktiken varierar effektiviteten i olika E2EE-genomföranden. Applikationer, till exempel [Signal](../real-time-communication.md#signal), körs naturligt på din enhet, och varje kopia av applikationen är densamma över olika installationer. Om tjänsteleverantören skulle införa en [backdoor](https://en.wikipedia.org/wiki/Backdoor_(computing)) i sitt program - i ett försök att stjäla dina privata nycklar - skulle det senare kunna upptäckas med [reverse engineering] (https://en.wikipedia.org/wiki/Reverse_engineering).
|
|
|
|
|
|
|
|
|
|
Å andra sidan är webbaserade E2EE-implementationer, som Proton Mail-webmail eller Bitwardens *Web Vault*, beroende av att servern dynamiskt serverar JavaScript-kod till webbläsaren för att hantera kryptografi. En skadlig server kan rikta dig och skicka skadlig JavaScript-kod för att stjäla din krypteringsnyckel (och det skulle vara extremt svårt att märka). Eftersom servern kan välja att betjäna olika webbklienter till olika människor - även om du märkte attacken - skulle det vara otroligt svårt att bevisa leverantörens skuld.
|
|
|
|
|
On the other hand, web-based E2EE implementations, such as Proton Mail's web app or Bitwarden's *Web Vault*, rely on the server dynamically serving JavaScript code to the browser to handle cryptography. En skadlig server kan rikta dig och skicka skadlig JavaScript-kod för att stjäla din krypteringsnyckel (och det skulle vara extremt svårt att märka). Eftersom servern kan välja att betjäna olika webbklienter till olika människor - även om du märkte attacken - skulle det vara otroligt svårt att bevisa leverantörens skuld.
|
|
|
|
|
|
|
|
|
|
Därför bör du använda inbyggda applikationer över webbklienter när det är möjligt.
|
|
|
|
|
|
|
|
|
|
@@ -121,7 +160,7 @@ In France you can take a look at the [Technopolice website](https://technopolice
|
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
Regeringar rättfärdigar ofta massövervakningsprogram som nödvändiga medel för att bekämpa terrorism och förebygga brottslighet. Men kränker de mänskliga rättigheterna, är det oftast används för att oproportionerligt rikta minoritetsgrupper och politiska dissidenter, bland annat.
|
|
|
|
|
Regeringar rättfärdigar ofta massövervakningsprogram som nödvändiga medel för att bekämpa terrorism och förebygga brottslighet. However, as breaches of human rights, they're most often used to disproportionately target minority groups and political dissidents, among others.
|
|
|
|
|
|
|
|
|
|
<div class="admonition quote" markdown>
|
|
|
|
|
<p class="admonition-title">ACLU: <em><a href="https://aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward">The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward</a></em></p>
|
|
|
|
|
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS
|
|
|
|
|
|
|
|
|
|
Trots den ökande massövervakningen i USA har regeringen konstaterat att massövervakningsprogram som avsnitt 215 har haft "litet unikt värde" när det gäller att stoppa faktiska brott eller terroristplaner, och att insatserna i stort sett har varit en kopia av FBI:s egna riktade övervakningsprogram.[^2]
|
|
|
|
|
|
|
|
|
|
På nätet kan du spåras på olika sätt:
|
|
|
|
|
Online, you can be tracked via a variety of methods, including but not limited to:
|
|
|
|
|
|
|
|
|
|
- Din IP-adress
|
|
|
|
|
- Webbläsarcookies
|
|
|
|
|
@@ -140,10 +179,10 @@ På nätet kan du spåras på olika sätt:
|
|
|
|
|
- Fingeravtryck från din webbläsare eller enhet
|
|
|
|
|
- Betalningsmetod korrelation
|
|
|
|
|
|
|
|
|
|
\[Denna lista är inte uttömmande].
|
|
|
|
|
|
|
|
|
|
If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information.
|
|
|
|
|
|
|
|
|
|
## Surveillance as a Business Model
|
|
|
|
|
|
|
|
|
|
<span class="pg-brown">:material-account-cash: Övervakningskapitalism</span>
|
|
|
|
|
|
|
|
|
|
> Övervakningskapitalism är ett ekonomiskt system som är centrerat kring insamling och kommersialisering av personuppgifter i syfte att skapa vinst.[^3]
|
|
|
|
|
|
Crowdin Bot