privacyguides/privacyguides.org
1
1
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2026-05-14 23:51:24 +00:00
Code Issues Activity

style!: Convert admonitions to GFM

Browse Source
This commit is contained in:
Jonah Aragon
2026-05-12 16:35:13 -05:00
parent 96b28f0bc2
commit 33455cf719
25 changed files with 135 additions and 337 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/tools/advanced/alternative-networks/_index.md
+2 -13
View File
@@ -37,12 +37,8 @@ The recommended way to access the Tor network is via the official Tor Browser, w
You can access the Tor network using other tools; making this determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
<div class="admonition example" markdown>
<p class="admonition-title">Try it out!</p>
You can try connecting to *Privacy Guides* via Tor at [xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion](http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion).
</div>
> [!TIP]
> You can try connecting to *Privacy Guides* via Tor at [xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion](http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion).
#### Orbot
@@ -106,13 +102,6 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
Unlike Tor, all I2P traffic is internal to the I2P network, which means regular internet websites are **not** directly accessible from I2P. Instead, you can connect to websites which are hosted anonymously and directly on the I2P network, which are called "eepsites" and have domains which end in `.i2p`.
<div class="admonition example" markdown>
<p class="admonition-title">Try it out!</p>
You can try connecting to *Privacy Guides* via I2P at [privacyguides.i2p](http://privacyguides.i2p/?i2paddresshelper=fvbkmooriuqgssrjvbxu7nrwms5zyhf34r3uuppoakwwsm7ysv6q.b32.i2p).
</div>
Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](../../software/tor/_index.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](../../software/desktop-browsers/_index.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
content/tools/advanced/device-integrity/_index.md
+12 -26
View File
@@ -5,12 +5,8 @@ robots: nofollow, max-snippet:-1, max-image-preview:large
---
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
</div>
> [!IMPORTANT]
> These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
<div class="pg-card-logos">
{{< cards >}}
@@ -56,16 +52,12 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces, which are helpful to identify potential compromise.
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage require access to non-public indicators, research, and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://amnesty.org/en/tech) or [Access Nows Digital Security Helpline](https://accessnow.org/help).
</div>
> [!CAUTION]
> Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
>
> Reliable and comprehensive digital forensic support and triage require access to non-public indicators, research, and threat intelligence.
>
> Such support is available to civil society through [Amnesty International's Security Lab](https://amnesty.org/en/tech) or [Access Nows Digital Security Helpline](https://accessnow.org/help).
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
@@ -81,12 +73,9 @@ These tools can trigger false-positives. If any of these tools finds indicators
[{{< badge content="macOS" color="indigo" >}}](https://docs.mvt.re/en/latest/install)
[{{< badge content="Linux" color="yellow" >}}](https://docs.mvt.re/en/latest/install)
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
> [!WARNING]
> Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
</div>
MVT is *most* useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this, `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@@ -123,12 +112,9 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
> [!WARNING]
> Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
</div>
### Auditor (Android)
content/tools/hardware/mobile-phones/_index.md
+2 -5
View File
@@ -22,12 +22,9 @@ The mobile devices listed here provide a long lifespan of guaranteed security up
[Details about Android Security :material-arrow-right-drop-circle:](../../os/android-overview.md#security-protections)
{ .md-button }
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
> [!WARNING]
> End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
</div>
## General Purchasing Advice
content/tools/hardware/security-keys/_index.md
+6 -15
View File
@@ -35,12 +35,9 @@ This key provides only basic FIDO2 functionality, but for most people that is al
If you need any of those features, you should consider their higher-end [YubiKey](#yubikey) series instead.
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
> [!WARNING]
> The firmware of Yubico's Security Keys is not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key.
The firmware of Yubico's Security Keys is not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key.
</div>
## YubiKey
@@ -57,12 +54,9 @@ YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/suppor
For models which [support HOTP and TOTP](https://support.yubico.com/hc/articles/360013790319-How-many-accounts-can-I-register-my-YubiKey-with), the secrets are stored encrypted on the key and never exposed to the devices they are plugged into. Once a seed (shared secret) is given to the Yubico Authenticator, it will only give out the six-digit codes, but never the seed. This security model helps limit what an attacker can do if they compromise one of the devices running the Yubico Authenticator and make the YubiKey resistant to a physical attacker.
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
> [!WARNING]
> The firmware of YubiKey is not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key.
The firmware of YubiKey is not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key.
</div>
## Nitrokey
@@ -77,12 +71,9 @@ The [comparison table](https://nitrokey.com/products/nitrokeys#:~:text=The%20Nit
Nitrokey models can be configured using the [Nitrokey app](https://nitrokey.com/download).
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
> [!WARNING]
> Excluding the Nitrokey 3, Nitrokeys which support HOTP and TOTP do not have encrypted storage, making them vulnerable to physical attacks.
Excluding the Nitrokey 3, Nitrokeys which support HOTP and TOTP do not have encrypted storage, making them vulnerable to physical attacks.
</div>
## Criteria
content/tools/os/android/general-apps/_index.md
+6 -12
View File
@@ -28,12 +28,9 @@ Shelter supports blocking contact search cross profiles and sharing files across
{{< card link="https://patreon.com/PeterCxy" title="Contribute" icon="heart" >}}
{{< /cards >}}
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
> [!WARNING]
> When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
</div>
Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
@@ -59,14 +56,11 @@ Main privacy features include:
- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
- Microphone permission not required unless you want to record sound
<div class="admonition note" markdown>
<p class="admonition-title">Note</p>
> [!NOTE]
> Metadata is not currently deleted from video files, but that is planned.
>
> The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../../software/data-redaction/_index.md#exiferaser-android).
Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../../software/data-redaction/_index.md#exiferaser-android).
</div>
## Secure PDF Viewer
content/tools/os/android/obtaining-apps/_index.md
+2 -6
View File
@@ -106,9 +106,5 @@ Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https:/
The [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be useful places to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgment when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk.
<div class="admonition note" markdown>
<p class="admonition-title">F-Droid Basic</p>
In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](../../software/health-and-wellness/_index.md#gadgetbridge) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
</div>
> [!NOTE]
> In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](../../software/health-and-wellness/_index.md#gadgetbridge) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface).
content/tools/os/desktop/_index.md
+2 -5
View File
@@ -135,12 +135,9 @@ Whonix is best used [in conjunction with Qubes](https://whonix.org/wiki/Qubes/Wh
{{< card link="https://tails.net/doc/index.en.html" title="Documentation" icon="document-text" >}}
{{< /cards >}}
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
> [!WARNING]
> Tails [doesn't erase](https://gitlab.tails.boum.org/tails/tails/-/issues/5356) the [video memory](https://en.wikipedia.org/wiki/Dual-ported_video_RAM) when shutting down. When you restart your computer after using Tails, it might briefly display the last screen that was displayed in Tails. If you shut down your computer instead of restarting it, the video memory will erase itself automatically after being unpowered for some time.
Tails [doesn't erase](https://gitlab.tails.boum.org/tails/tails/-/issues/5356) the [video memory](https://en.wikipedia.org/wiki/Dual-ported_video_RAM) when shutting down. When you restart your computer after using Tails, it might briefly display the last screen that was displayed in Tails. If you shut down your computer instead of restarting it, the video memory will erase itself automatically after being unpowered for some time.
</div>
Tails is great for counter forensics due to amnesia (meaning nothing is written to the disk); however, it is not a hardened distribution like Whonix. It lacks many anonymity and security features that Whonix has and gets updated much less often (only once every six weeks). A Tails system that is compromised by malware may potentially bypass the transparent proxy, allowing for the user to be deanonymized.
content/tools/self-hosting/file-management/_index.md
+2 -6
View File
@@ -53,9 +53,5 @@ Self-hosting your own **file management** tools may be a good idea to reduce the
[{{< badge content="macOS" color="indigo" >}}](https://nextcloud.com/install/#install-clients)
[{{< badge content="Linux" color="yellow" >}}](https://nextcloud.com/install/#install-clients)
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. For this reason, we don't recommend third-party Nextcloud providers.
</div>
> [!WARNING]
> We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. For this reason, we don't recommend third-party Nextcloud providers.
content/tools/services/data-broker-removals/_index.md
+17 -33
View File
@@ -19,12 +19,8 @@ description: Our recommended methods for removing your personal information from
Counterintuitively, removing your personal data on these sites from the internet generally requires *providing* these companies with your personal data for them to comply with the request. Unfortunately, in most cases it is still worth doing so to minimize the amount of personal data about you which is publicly accessible.
<div class="admonition example" markdown>
<p class="admonition-title">Try it out</p>
Use your favorite [search engine](../search-engines/_index.md) to see if your data is trivially exposed by searching for your name in quotes, plus your general location. For example, search for `"Jane Smith" Chicago IL`. In many cases, you may find your personal information makes up many of the first results. Even if results about you aren't readily available though, you may still be affected. The list of data brokers linked below will provide more places to check whether your data is in any public databases.
</div>
> [!TIP]
> Use your favorite [search engine](../search-engines/_index.md) to see if your data is trivially exposed by searching for your name in quotes, plus your general location. For example, search for `"Jane Smith" Chicago IL`. In many cases, you may find your personal information makes up many of the first results. Even if results about you aren't readily available though, you may still be affected. The list of data brokers linked below will provide more places to check whether your data is in any public databases.
## Manual Opt-Outs <small>Free</small>
@@ -46,16 +42,12 @@ You should search for your information on these sites first, and submit an opt-o
- USPhonebook ([Search and Opt-Out](https://usphonebook.com/opt-out))
- Whitepages ([Search](https://whitepages.com), [Opt-Out](https://whitepages.com/suppression_requests))
<div class="admonition tip" markdown>
<p class="admonition-title">A tip on opt-out strategy</p>
Be sure to avoid burning out or becoming overwhelmed with this process. Unless you're in immediate danger, you can take breaks and avoid doing them all at once.[^1]
One strategy could be to look at a single website from the list above every week, starting from the top. Next week you move on to the following website on the list, and so on. When you reach the end of the list, you can start again from the beginning.
This sets you up on a nice schedule to re-review each website approximately every 3-4 months, and breaks down the process into simple 5 minute tasks you can easily add to your weekly routine.
</div>
> [!TIP]
> Be sure to avoid burning out or becoming overwhelmed with this process. Unless you're in immediate danger, you can take breaks and avoid doing them all at once.[^1]
>
> One strategy could be to look at a single website from the list above every week, starting from the top. Next week you move on to the following website on the list, and so on. When you reach the end of the list, you can start again from the beginning.
>
> This sets you up on a nice schedule to re-review each website approximately every 3-4 months, and breaks down the process into simple 5 minute tasks you can easily add to your weekly routine.
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's *Results about you*](#google-results-about-you-free) tool to help find any data that remains on the internet.
@@ -78,26 +70,18 @@ Some websites supported by EasyOptOuts are publicly searchable. In those cases E
Our [testing](https://www.privacyguides.org/articles/2025/02/03/easyoptouts-review) indicates that EasyOptOuts provides the best value out of any data removal service we've tested, with a very affordable price and high effectiveness. Independent [findings from Consumer Reports](https://discuss.privacyguides.net/t/consumer-reports-evaluating-people-search-site-removal-services/19948) also indicate that EasyOptOuts is one of the top performing data removal services.
<div class="admonition failure" markdown>
<p class="admonition-title">High priority sites not supported by EasyOptOuts</p>
EasyOptOuts does not cover the following sites we consider to be "high priority," so you should still manually opt-out of:
- Intelius ([Search](https://intelius.com), [Opt-Out](https://suppression.peopleconnect.us/login))
- PeekYou ([Search](https://peekyou.com), [Opt-Out](https://peekyou.com/about/contact/ccpa_optout/do_not_sell))
</div>
> [!CAUTION]
> EasyOptOuts does not cover the following sites we consider to be "high priority," so you should still manually opt-out of:
>
> - Intelius ([Search](https://intelius.com), [Opt-Out](https://suppression.peopleconnect.us/login))
> - PeekYou ([Search](https://peekyou.com), [Opt-Out](https://peekyou.com/about/contact/ccpa_optout/do_not_sell))
## Google *Results About You* <small>Free</small>
<div class="admonition warning" markdown>
<p class="admonition-title">Google is a data collector themselves</p>
This method will require you to submit your personal information to Google for them to periodically monitor their search results for. Google claims to not use the information provided to this tool to "personalize your experiences" across other Google products.
While Google is not a data broker themselves *per se*, as they don't sell or share your data with outside parties, some may find this relationship unacceptable. You should always decide whether the benefits of this tool outweigh the drawbacks for your individual situation.
</div>
> [!WARNING]
> This method will require you to submit your personal information to Google for them to periodically monitor their search results for. Google claims to not use the information provided to this tool to "personalize your experiences" across other Google products.
>
> While Google is not a data broker themselves *per se*, as they don't sell or share your data with outside parties, some may find this relationship unacceptable. You should always decide whether the benefits of this tool outweigh the drawbacks for your individual situation.
**Results about you** is a free tool which helps you discover whether your personal contact information, including your home address, phone number, and email address, appears in Google search results. If any personal information is found, you can request its removal.
content/tools/services/dns/_index.md
+2 -5
View File
@@ -129,12 +129,9 @@ While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot
[{{< badge content="macOS" color="indigo" >}}](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS)
[{{< badge content="Windows" color="red" >}}](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-Windows)
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
> [!WARNING]
> The anonymized DNS feature does [not](../../../wiki/advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic.
The anonymized DNS feature does [not](../../../wiki/advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic.
</div>
## Criteria
content/tools/services/email/_index.md
+6 -9
View File
@@ -42,16 +42,13 @@ These providers natively support OpenPGP encryption/decryption and the [Web Key
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
> [!WARNING]
> When using E2EE technology like OpenPGP your email will still have some metadata that is not encrypted in the header of the email, generally including the subject line! Read more about [email metadata](../../../wiki/basics/email-security.md#email-metadata-overview).
>
> OpenPGP also does not support forward secrecy, which means if the private key of either you or the message recipient is ever stolen, all previous messages encrypted with it will be exposed.
>
> - [How do I protect my private keys?](../../../wiki/basics/email-security.md#how-do-i-protect-my-private-keys)
When using E2EE technology like OpenPGP your email will still have some metadata that is not encrypted in the header of the email, generally including the subject line! Read more about [email metadata](../../../wiki/basics/email-security.md#email-metadata-overview).
OpenPGP also does not support forward secrecy, which means if the private key of either you or the message recipient is ever stolen, all previous messages encrypted with it will be exposed.
- [How do I protect my private keys?](../../../wiki/basics/email-security.md#how-do-i-protect-my-private-keys)
</div>
### Proton Mail
content/tools/services/financial-services/_index.md
+4 -12
View File
@@ -23,12 +23,8 @@ Making payments online is one of the biggest challenges to privacy. These servic
There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously.
<div class="admonition tip" markdown>
<p class="admonition-title">Check your current bank</p>
Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way, you are not trusting multiple parties with your personal information.
</div>
> [!TIP]
> Check your current bank: Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way, you are not trusting multiple parties with your personal information.
### Privacy.com (US)
@@ -88,9 +84,5 @@ These services allow you to purchase gift cards for a variety of merchants onlin
- Accepts payment in [a recommended cryptocurrency](../../software/cryptocurrency/_index.md).
- No ID requirement.
<div class="admonition tip" markdown>
<p class="admonition-title">Important notices</p>
The content here is not legal or financial advice. We do not endorse or encourage illicit activities, and we do not endorse or encourage anything which violates a company's terms of service. Check with a professional to confirm that these recommendations are legal and available in your jurisdiction. [See all notices](../../../about/notices.md).
</div>
> [!NOTE]
> The content here is not legal or financial advice. We do not endorse or encourage illicit activities, and we do not endorse or encourage anything which violates a company's terms of service. Check with a professional to confirm that these recommendations are legal and available in your jurisdiction. [See all notices](../../../about/notices.md).
content/tools/services/passwords/_index.md
+4 -7
View File
@@ -20,14 +20,11 @@ description: Password managers allow you to securely store and manage passwords
[Introduction to Passwords](../../../wiki/basics/passwords-overview.md)
<div class="admonition info" markdown>
<p class="admonition-title">Info</p>
> [!IMPORTANT]
> Built-in password managers in software like browsers and operating systems are sometimes not as good as dedicated password manager software. The advantage of a built-in password manager is good integration with the software, but it can often be very simple and lack privacy and security features that standalone offerings have.
>
> For example, the password manager in Microsoft Edge doesn't offer end-to-end encryption at all. Google's password manager has [optional](https://support.google.com/accounts/answer/11350823) E2EE, and [Apple's](https://support.apple.com/HT202303) offers E2EE by default.
Built-in password managers in software like browsers and operating systems are sometimes not as good as dedicated password manager software. The advantage of a built-in password manager is good integration with the software, but it can often be very simple and lack privacy and security features that standalone offerings have.
For example, the password manager in Microsoft Edge doesn't offer end-to-end encryption at all. Google's password manager has [optional](https://support.google.com/accounts/answer/11350823) E2EE, and [Apple's](https://support.apple.com/HT202303) offers E2EE by default.
</div>
## Cloud-based
content/tools/services/vpn/_index.md
+10 -24
View File
@@ -15,16 +15,12 @@ description: The best VPN services for protecting your privacy and security onli
If you're looking for additional *privacy* from your ISP, on a public Wi-Fi network, or while torrenting files, a **VPN** may be the solution for you.
<div class="admonition danger" markdown>
<p class="admonition-title">VPNs do not provide anonymity</p>
Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic.
If you are looking for **anonymity**, you should use the Tor Browser. If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices.
[Introduction to the Tor Browser](../../software/tor/_index.md#tor-browser) · [Tor Myths & FAQ](../../../wiki/advanced/tor-overview.md)
</div>
> [!CAUTION]
> Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic.
>
> If you are looking for **anonymity**, you should use the Tor Browser. If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices.
>
> [Introduction to the Tor Browser](../../software/tor/_index.md#tor-browser) · [Tor Myths & FAQ](../../../wiki/advanced/tor-overview.md)
[Detailed VPN Overview](../../../wiki/basics/vpn-overview.md)
@@ -102,14 +98,8 @@ Unfortunately, it does not work very well in countries where sophisticated filte
Proton VPN has published [App Store](https://apps.apple.com/app/id1437005085) and [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/ProtonVPN/android-app/releases).
<div class="admonition warning" markdown>
<p class="admonition-title">How to opt out of sharing telemetry</p>
On Android, Proton hides telemetry settings under the misleadingly labeled "**Help us fight censorship**" menu in the settings panel. On other platforms these settings can be found under the "**Usage statistics**" menu.
We are noting this because while we don't necessarily recommend against sharing anonymous usage statistics with developers, it is important that these settings are easily found and clearly labeled.
</div>
> [!TIP]
> On Android, Proton hides telemetry settings under the misleadingly labeled "**Help us fight censorship**" menu in the settings panel. On other platforms these settings can be found under the "**Usage statistics**" menu. We are noting this because while we don't necessarily recommend against sharing anonymous usage statistics with developers, it is important that these settings are easily found and clearly labeled.
#### :material-alert-outline:{ .pg-orange } Additional Notes
@@ -256,12 +246,8 @@ Mullvad is very transparent about which nodes they [own or rent](https://mullvad
## Criteria
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
It is important to note that using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy.
</div>
> [!CAUTION]
> It is important to note that using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy.
**Please note we are not affiliated with any of the providers we recommend. This allows us to provide completely objective recommendations.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements for any VPN provider wishing to be recommended, including strong encryption, independent security audits, modern technology, and more. We suggest you familiarize yourself with this list before choosing a VPN provider, and conduct your own research to ensure the VPN provider you choose is as trustworthy as possible.
content/tools/software/ai-chat/_index.md
+2 -6
View File
@@ -75,12 +75,8 @@ In addition to supporting a large range of text models, Kobold.cpp also supports
[{{< badge content="macOS" color="indigo" >}}](https://github.com/LostRuins/koboldcpp/releases)
[{{< badge content="Windows" color="red" >}}](https://github.com/LostRuins/koboldcpp/releases)
<div class="admonition info" markdown>
<p class="admonition-title">Compatibility Issues</p>
Kobold.cpp might not run on computers without AVX/AVX2 support.
</div>
> [!NOTE]
> Kobold.cpp might not run on computers without AVX/AVX2 support.
Kobold.cpp allows you to modify parameters such as the AI model temperature and the AI chat's system prompt. It also supports creating a network tunnel to access AI models from other devices such as your phone.
content/tools/software/cryptocurrency/_index.md
+4 -12
View File
@@ -17,12 +17,8 @@ Making payments online is one of the biggest challenges to privacy. These crypto
[Making Private Payments](../../../wiki/advanced/payments.md)
{ .md-button }
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust.
</div>
> [!CAUTION]
> Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust.
## Monero
@@ -78,12 +74,8 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- Cryptocurrency must provide private/untraceable transactions by default.
<div class="admonition tip" markdown>
<p class="admonition-title">Important notices</p>
The content here is not legal or financial advice. We do not endorse or encourage illicit activities, and we do not endorse or encourage anything which violates a company's terms of service. Check with a professional to confirm that these recommendations are legal and available in your jurisdiction. [See all notices](../../../about/notices.md).
</div>
> [!NOTE]
> The content here is not legal or financial advice. We do not endorse or encourage illicit activities, and we do not endorse or encourage anything which violates a company's terms of service. Check with a professional to confirm that these recommendations are legal and available in your jurisdiction. [See all notices](../../../about/notices.md).
[^1]: You may refer to the following pages for up-to-date information on countries in which Kraken does **not** allow the purchase of Monero: [Where is Kraken licensed or regulated?](https://support.kraken.com/hc/en-us/articles/where-is-kraken-licensed-or-regulated) and [Support for Monero (XMR) in Europe](https://support.kraken.com/hc/en-us/articles/support-for-monero-xmr-in-europe).
[^2]: You may refer to the following pages for up-to-date information on countries in which Cake Wallet and Monero.com **only** allow the direct purchase of Monero (through third-party providers): [Which countries are served by DFX?](https://docs.dfx.swiss/en/faq.html#which-countries-are-served-by-dfx) and [What are the supported countries/regions? (Guardarian)](https://guardarian.freshdesk.com/support/solutions/articles/80001151826-what-are-the-supported-countries-regions-).
content/tools/software/data-redaction/_index.md
+7 -13
View File
@@ -7,12 +7,9 @@ description: Use these tools to remove metadata like GPS location and other iden
When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata.
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
> [!WARNING]
> You should **never** use blur to redact [text in images](https://bishopfox.com/blog/unredacter-tool-never-pixelation). If you want to redact text in an image, you should draw a box over the text.
You should **never** use blur to redact [text in images](https://bishopfox.com/blog/unredacter-tool-never-pixelation). If you want to redact text in an image, you should draw a box over the text.
</div>
<div class="pg-card-logos">
{{< cards >}}
@@ -93,14 +90,11 @@ It is often a component of other Exif removal applications and in most Linux dis
[{{< badge content="macOS" color="indigo" >}}](https://exiftool.org)
[{{< badge content="Windows" color="red" >}}](https://exiftool.org)
<div class="admonition example" markdown>
<p class="admonition-title">Deleting data from a directory of files</p>
```bash
exiftool -all= *.file_extension
```
</div>
> [!TIP]
> To delete data from a directory of files, you can run this command inside the directory, replacing `file_extension` with the file type of the files you want to process (e.g. `jpg` or `png`):
> ```bash
> exiftool -all= *.file_extension
> ```
## Criteria
content/tools/software/desktop-browsers/_index.md
+6 -16
View File
@@ -66,12 +66,9 @@ This is required to prevent advanced forms of tracking, but does come at the cos
[{{< badge content="Windows" color="red" >}}](https://mozilla.org/firefox/windows)
[{{< badge content="Flathub" >}}](https://flathub.org/apps/details/org.mozilla.firefox)
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
> [!WARNING]
> Firefox includes a unique [download token](https://bugzilla.mozilla.org/show_bug.cgi?id=1677497#c0) in downloads from Mozilla's website and uses telemetry in Firefox to send the token. The token is **not** included in releases from the [Mozilla FTP](https://ftp.mozilla.org/pub/firefox/releases/).
Firefox includes a unique [download token](https://bugzilla.mozilla.org/show_bug.cgi?id=1677497#c0) in downloads from Mozilla's website and uses telemetry in Firefox to send the token. The token is **not** included in releases from the [Mozilla FTP](https://ftp.mozilla.org/pub/firefox/releases/).
</div>
### Recommended Firefox Configuration
@@ -151,12 +148,8 @@ Max Protection enforces the use of DNS over HTTPS, and a security warning will s
### Arkenfox (advanced)
<div class="admonition tip" markdown>
<p class="admonition-title">Use Mullvad Browser for advanced anti-fingerprinting</p>
[Mullvad Browser](#mullvad-browser) provides stronger anti-fingerprinting protections out of the box than Firefox, and does not require the use of Mullvad's VPN to benefit from these protections. Coupled with a VPN, Mullvad Browser can thwart more advanced tracking scripts which Arkenfox cannot. Firefox still has the advantage of being much more flexible, and allowing per-site exceptions for websites which you need to stay logged in to.
</div>
> [!TIP]
> [Mullvad Browser](#mullvad-browser) provides stronger anti-fingerprinting protections out of the box than Firefox, and does not require the use of Mullvad's VPN to benefit from these protections. Coupled with a VPN, Mullvad Browser can thwart more advanced tracking scripts which Arkenfox cannot. Firefox still has the advantage of being much more flexible, and allowing per-site exceptions for websites which you need to stay logged in to.
The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of carefully considered options for Firefox. If you [decide](https://github.com/arkenfox/user.js/wiki/1.1-To-Arkenfox-or-Not) to use Arkenfox, a [few options](https://github.com/arkenfox/user.js/wiki/3.2-Overrides-%5BCommon%5D) are subjectively strict and/or may cause some websites to not work properly—which you can [easily change](https://github.com/arkenfox/user.js/wiki/3.1-Overrides) to suit your needs. We **strongly recommend** reading through their full [wiki](https://github.com/arkenfox/user.js/wiki). Arkenfox also enables [container](https://support.mozilla.org/kb/containers#w_for-advanced-users) support.
@@ -179,12 +172,9 @@ Brave is built upon the Chromium web browser project, so it should feel familiar
[{{< badge content="Flathub" >}}](https://flathub.org/apps/com.brave.Browser)
[{{< badge content="GitHub" >}}](https://github.com/brave/brave-browser/releases)
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
> [!WARNING]
> Brave adds a "[referral code](https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes)" to the file name in downloads from the Brave website, which is used to track which source the browser was downloaded from, for example `BRV002` in a download named `Brave-Browser-BRV002.pkg`. The installer will then ping Brave's server with the referral code at the end of the installation process. If you're concerned about this, you can rename the installer file before opening it.
Brave adds a "[referral code](https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes)" to the file name in downloads from the Brave website, which is used to track which source the browser was downloaded from, for example `BRV002` in a download named `Brave-Browser-BRV002.pkg`. The installer will then ping Brave's server with the referral code at the end of the installation process. If you're concerned about this, you can rename the installer file before opening it.
</div>
### Recommended Brave Configuration
content/tools/software/email-clients/_index.md
+2 -12
View File
@@ -50,12 +50,9 @@ OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Fo
[{{< badge content="GitHub" >}}](https://github.com/thunderbird/thunderbird-android/releases)
[{{< badge content="Flathub" >}}](https://flathub.org/apps/details/org.mozilla.Thunderbird)
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
> [!WARNING]
> When replying to someone on a mailing list in Thunderbird Mobile, the "reply" option may also include the mailing list. For more information see [thunderbird/thunderbird-android #3738](https://github.com/thunderbird/thunderbird-android/issues/3738).
When replying to someone on a mailing list in Thunderbird Mobile, the "reply" option may also include the mailing list. For more information see [thunderbird/thunderbird-android #3738](https://github.com/thunderbird/thunderbird-android/issues/3738).
</div>
#### Recommended Configuration
@@ -93,13 +90,6 @@ These options can be found in :material-menu: → **Settings** → **Privacy & S
{{< card link="https://apple.com/legal/privacy/en-ww" title="Privacy Policy" icon="eye" >}}
{{< /cards >}}
<div class="admonition info" markdown>
<p class="admonition-title">For those using macOS Sonoma</p>
Currently, GPG Suite does [not yet](https://gpgtools.com/sonoma) have a stable release for macOS Sonoma.
</div>
Apple Mail has the ability to load remote content in the background or block it entirely and hide your IP address from senders on [macOS](https://support.apple.com/guide/mail/mlhl03be2866/mac) and [iOS](https://support.apple.com/guide/iphone/iphf084865c7/ios).
### FairEmail (Android)
content/tools/software/encryption/_index.md
+12 -20
View File
@@ -141,16 +141,12 @@ udisksctl unlock -b /dev/loop0
</details>
<div class="admonition note" markdown>
<p class="admonition-title">Remember to back up volume headers</p>
We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
```bash
cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
```
</div>
> [!IMPORTANT]
> We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
>
>```bash
>cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
>```
## Command-line
@@ -192,16 +188,12 @@ OpenPGP is sometimes needed for specific tasks such as digitally signing and enc
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
<div class="admonition tip" markdown>
<p class="admonition-title">Use future defaults when generating a key</p>
When [generating keys](https://gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to):
```bash
gpg --quick-gen-key alice@example.com future-default
```
</div>
> [!TIP]
> When [generating keys](https://gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to):
>
>```bash
>gpg --quick-gen-key alice@example.com future-default
>```
### GNU Privacy Guard
content/tools/software/frontends/_index.md
+18 -45
View File
@@ -34,19 +34,13 @@ When you are using an instance run by someone else, make sure to read the privac
{{< card link="https://github.com/redlib-org/redlib-instances/blob/main/instances.md" title="Public Instances" icon="server" >}}
{{< /cards >}}
<div class="admonition note" markdown>
<p class="admonition-title">Note</p>
> [!NOTE]
> The [Old Reddit](https://old.reddit.com) website doesn't require as much JavaScript as the new Reddit website does, but it has recently blocked access to IP addresses reserved for public VPNs. You can use Old Reddit in conjunction with the [Tor](../tor/_index.md) Onion that was [launched in October 2022](https://forum.torproject.org/t/reddit-onion-service-launch/5305) at [https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion](https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion).
The [Old Reddit](https://old.reddit.com) website doesn't require as much JavaScript as the new Reddit website does, but it has recently blocked access to IP addresses reserved for public VPNs. You can use Old Reddit in conjunction with the [Tor](../tor/_index.md) Onion that was [launched in October 2022](https://forum.torproject.org/t/reddit-onion-service-launch/5305) at [https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion](https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion).
</div>
> [!TIP]
> Redlib is useful if you want to disable JavaScript in your browser, such as [Tor Browser](../tor/_index.md#tor-browser) on the Safest security level.
<div class="admonition tip" markdown>
<p class="admonition-title">Tip</p>
Redlib is useful if you want to disable JavaScript in your browser, such as [Tor Browser](../tor/_index.md#tor-browser) on the Safest security level.
</div>
## TikTok
@@ -61,12 +55,9 @@ There are a number of public instances, with some that offer a [Tor](../tor/_ind
{{< card link="https://github.com/pablouser1/ProxiTok/wiki/Public-instances" title="Public Instances" icon="server" >}}
{{< /cards >}}
<div class="admonition tip" markdown>
<p class="admonition-title">Tip</p>
> [!TIP]
> ProxiTok is useful if you want to disable JavaScript in your browser, such as [Tor Browser](../tor/_index.md#tor-browser) on the Safest security level.
ProxiTok is useful if you want to disable JavaScript in your browser, such as [Tor Browser](../tor/_index.md#tor-browser) on the Safest security level.
</div>
## YouTube
@@ -83,19 +74,13 @@ There are a number of public instances, with some that offer a [Tor](../tor/_ind
{{< card link="https://docs.invidious.io/instances" title="Public Instances" icon="server" >}}
{{< /cards >}}
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
> [!WARNING]
> Invidious does not proxy video streams by default. Videos watched through Invidious will still make direct connections to Google's servers (e.g. `googlevideo.com`); however, some instances support video proxying—simply enable *Proxy videos* within the instances' settings or add `&local=true` to the URL.
Invidious does not proxy video streams by default. Videos watched through Invidious will still make direct connections to Google's servers (e.g. `googlevideo.com`); however, some instances support video proxying—simply enable *Proxy videos* within the instances' settings or add `&local=true` to the URL.
</div>
> [!TIP]
> Invidious is useful if you want to disable JavaScript in your browser, such as [Tor Browser](../tor/_index.md#tor-browser) on the Safest security level. It does not provide privacy by itself, and we dont recommend logging into any accounts.
<div class="admonition tip" markdown>
<p class="admonition-title">Tip</p>
Invidious is useful if you want to disable JavaScript in your browser, such as [Tor Browser](../tor/_index.md#tor-browser) on the Safest security level. It does not provide privacy by itself, and we dont recommend logging into any accounts.
</div>
### Piped
@@ -108,12 +93,9 @@ Piped requires JavaScript in order to function and there are a number of public
{{< card link="https://github.com/TeamPiped/documentation/blob/main/content/docs/public-instances/index.md" title="Public Instances" icon="server" >}}
{{< /cards >}}
<div class="admonition tip" markdown>
<p class="admonition-title">Tip</p>
> [!TIP]
> Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) without installing an extension. It does not provide privacy by itself, and we dont recommend logging into any accounts.
Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) without installing an extension. It does not provide privacy by itself, and we dont recommend logging into any accounts.
</div>
### FreeTube
@@ -131,12 +113,9 @@ When using FreeTube, your subscription list, playlists, watch history and search
[{{< badge content="Windows" color="red" >}}](https://freetubeapp.io/#download)
[{{< badge content="Flathub" >}}](https://flathub.org/apps/details/io.freetubeapp.FreeTube)
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
> [!WARNING]
> When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io), or [SponsorBlock](https://sponsor.ajay.app) depending on your configuration. Consider using a [VPN](../../services/vpn/_index.md) or [Tor](../tor/_index.md) if your [threat model](../../../wiki/basics/threat-modeling.md) requires hiding your IP address.
When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io), or [SponsorBlock](https://sponsor.ajay.app) depending on your configuration. Consider using a [VPN](../../services/vpn/_index.md) or [Tor](../tor/_index.md) if your [threat model](../../../wiki/basics/threat-modeling.md) requires hiding your IP address.
</div>
By default, FreeTube blocks all YouTube advertisements. In addition, FreeTube optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments.
@@ -153,12 +132,9 @@ Your subscription list and playlists are saved locally on your Android device.
[{{< badge content="GitHub" >}}](https://github.com/libre-tube/LibreTube/releases)
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
> [!WARNING]
> When using LibreTube, your IP address will be visible to YouTube, [Piped](https://github.com/TeamPiped/Piped/wiki/Instances), or [SponsorBlock](https://sponsor.ajay.app) depending on your configuration. Consider using a [VPN](../../services/vpn/_index.md) or [Tor](../tor/_index.md) if your [threat model](../../../wiki/basics/threat-modeling.md) requires hiding your IP address.
When using LibreTube, your IP address will be visible to YouTube, [Piped](https://github.com/TeamPiped/Piped/wiki/Instances), or [SponsorBlock](https://sponsor.ajay.app) depending on your configuration. Consider using a [VPN](../../services/vpn/_index.md) or [Tor](../tor/_index.md) if your [threat model](../../../wiki/basics/threat-modeling.md) requires hiding your IP address.
</div>
By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube uses [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. You are able to fully configure the types of segments that SponsorBlock will skip, or disable it completely. There is also a button on the video player itself to disable it for a specific video if desired.
@@ -177,12 +153,9 @@ Your subscription list and playlists are saved locally on your Android device.
1. The default instance is [FramaTube](https://framatube.org), however more can be added via **Settings****Content****PeerTube instances**.
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
> [!WARNING]
> When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](../../services/vpn/_index.md) or [Tor](../tor/_index.md) if your [threat model](../../../wiki/basics/threat-modeling.md) requires hiding your IP address.
When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](../../services/vpn/_index.md) or [Tor](../tor/_index.md) if your [threat model](../../../wiki/basics/threat-modeling.md) requires hiding your IP address.
</div>
## Criteria
content/tools/software/maps/_index.md
-5
View File
@@ -47,17 +47,12 @@ Please note that Organic Maps is a simple, basic app that lacks certain features
[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/us/app/id934850257)
[{{< badge content="Android" >}}](https://osmand.net/docs/versions/free-versions)
<div class="admonition warning" markdown>
<p class="admonition-title">Unique User Identifier</p>
OsmAnd generates a [unique user identifier (UUID)](https://osmand.net/docs/legal/terms-of-use/#6-unique-user-indentifier) for each app install that rotates every three months and is used for internal reports and statistics. The UUID is also sent to OsmAnd's servers when downloading maps. On Android, there is a setting that controls whether the UUID is sent with each download request. From the home screen, go to :material-menu: → :gear: **Settings** → :gear: **OsmAnd settings** → :material-web: **Identifiers**.
- [ ] Uncheck **Send Unique User Identifier (UUID)**
This setting is not available on the iOS app.
</div>
The app also includes a setting for sharing anonymous data about your downloaded maps and the features you use. This setting is disabled by default on Android, but enabled by default on iOS. To disable it in the iOS app, tap the :material-menu: on the home screen to find the :gear: **Settings** menu. Select that, then select :gear: **OsmAnd settings**.
- [ ] Uncheck **Send anonymous data**
content/tools/software/multi-factor-authentication/_index.md
+2 -6
View File
@@ -5,12 +5,8 @@ description: These tools assist you with securing your internet accounts with mu
<small>Protects against the following threat(s):</small>
[{{< badge content="Targeted Attacks" color="red" >}}](../../../wiki/basics/common-threats.md#attacks-against-specific-individuals)
<div class="admonition note" markdown>
<p class="admonition-title">Hardware Keys</p>
[Hardware security key recommendations](../../hardware/security-keys/_index.md) have been moved to their own category.
</div>
> [!NOTE]
> [Hardware security key recommendations](../../hardware/security-keys/_index.md) have been moved to their own category.
**Multifactor authentication apps** implement a security standard adopted by the Internet Engineering Task Force (IETF) called **Time-based One-time Passwords**, or **TOTP**. This is a method where websites share a secret with you which is used by your authenticator app to generate a six (usually) digit code based on the current time, which you enter while logging in for the website to check. Typically, these codes are regenerated every 30 seconds, and once a new code is generated the old one becomes useless. Even if a hacker gets one six-digit code, there is no way for them to reverse that code to get the original secret or otherwise be able to predict what any future codes might be.
content/tools/software/news-aggregators/_index.md
+1 -13
View File
@@ -103,30 +103,18 @@ Some social media services also support RSS, although it's not often advertised.
### Reddit
Reddit allows you to subscribe to Subreddits via RSS.
<div class="admonition example" markdown>
<p class="admonition-title">Example</p>
Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
Reddit allows you to subscribe to Subreddits via RSS. Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to:
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
```
</div>
### YouTube
You can subscribe to YouTube channels without logging in and associating usage information with your Google account.
<div class="admonition example" markdown>
<p class="admonition-title">Example</p>
To subscribe to a YouTube channel with an RSS client, first look for its [channel code](https://support.google.com/youtube/answer/6180214). The channel code can be found in the expanded description (i.e., the "About" section) of the YouTube channel you wish to subscribe to: **About****Share channel****Copy channel ID**. Replace `[CHANNEL ID]` below:
```text
https://youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID]
```
</div>
content/tools/software/tor/_index.md
+4 -11
View File
@@ -14,12 +14,9 @@ description: Protect your internet browsing from prying eyes by using the Tor ne
[:material-movie-open-play-outline: Video: Why You Need Tor](https://www.privacyguides.org/videos/2025/03/02/why-you-need-tor)
{ .md-button }
<div class="admonition tip" markdown>
<p class="admonition-title">Tip</p>
> [!TIP]
> Before connecting to Tor, please ensure you've read our [overview](../../../wiki/advanced/tor-overview.md) on what Tor is and how to connect to it safely. We often recommend connecting to Tor through a trusted [VPN provider](../../services/vpn/_index.md), but you have to do so **properly** to avoid decreasing your anonymity.
Before connecting to Tor, please ensure you've read our [overview](../../../wiki/advanced/tor-overview.md) on what Tor is and how to connect to it safely. We often recommend connecting to Tor through a trusted [VPN provider](../../services/vpn/_index.md), but you have to do so **properly** to avoid decreasing your anonymity.
</div>
There are a variety of ways to connect to the Tor network from your device, the most commonly used being the **Tor Browser**, a fork of Firefox designed for [:material-incognito: anonymous](../../../wiki/basics/common-threats.md#anonymity-vs-privacy){ .pg-purple } browsing for desktop computers and Android.
@@ -49,12 +46,8 @@ If more complete anonymity is paramount to your situation, you should **only** b
[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
[{{< badge content="Android" >}}](https://torproject.org/download/#android)
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
You should **never** install any additional extensions on Tor Browser or edit `about:config` settings, including the ones we suggest for Firefox. Browser extensions and non-standard settings make you stand out from others on the Tor network, thus making your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting).
</div>
> [!WARNING]
> You should **never** install any additional extensions on Tor Browser or edit `about:config` settings, including the ones we suggest for Firefox. Browser extensions and non-standard settings make you stand out from others on the Tor network, thus making your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting).
The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings). When modifying the security level setting, you **must** always restart the browser before continuing to use it. Otherwise, [the security settings may not be fully applied](https://www.privacyguides.org/articles/2025/05/02/tor-security-slider-flaw), putting you at a higher risk of fingerprinting and exploits than you may expect based on the setting chosen.