Try it out!
- -You can try connecting to *Privacy Guides* via Tor at [xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion](http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion). - -Try it out!
- -You can try connecting to *Privacy Guides* via I2P at [privacyguides.i2p](http://privacyguides.i2p/?i2paddresshelper=fvbkmooriuqgssrjvbxu7nrwms5zyhf34r3uuppoakwwsm7ysv6q.b32.i2p). - -This is an advanced topic
- -These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively. - -Danger
- -Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security. - -Reliable and comprehensive digital forensic support and triage require access to non-public indicators, research, and threat intelligence. - -Such support is available to civil society through [Amnesty International's Security Lab](https://amnesty.org/en/tech) or [Access Now’s Digital Security Helpline](https://accessnow.org/help). - -Warning
+> [!WARNING] +> Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. -Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. - -Warning
+> [!WARNING] +> Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. -Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. - -Warning
+> [!WARNING] +> End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software. -End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software. - -Warning
+> [!WARNING] +> The firmware of Yubico's Security Keys is not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key. -The firmware of Yubico's Security Keys is not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key. - -Warning
+> [!WARNING] +> The firmware of YubiKey is not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key. -The firmware of YubiKey is not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key. - -Warning
+> [!WARNING] +> Excluding the Nitrokey 3, Nitrokeys which support HOTP and TOTP do not have encrypted storage, making them vulnerable to physical attacks. -Excluding the Nitrokey 3, Nitrokeys which support HOTP and TOTP do not have encrypted storage, making them vulnerable to physical attacks. - -Warning
+> [!WARNING] +> When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile. -When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile. - -Note
+> [!NOTE] +> Metadata is not currently deleted from video files, but that is planned. +> +> The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../../software/data-redaction/_index.md#exiferaser-android). -Metadata is not currently deleted from video files, but that is planned. - -The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../../software/data-redaction/_index.md#exiferaser-android). - -F-Droid Basic
- -In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](../../software/health-and-wellness/_index.md#gadgetbridge) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface). - -Warning
+> [!WARNING] +> Tails [doesn't erase](https://gitlab.tails.boum.org/tails/tails/-/issues/5356) the [video memory](https://en.wikipedia.org/wiki/Dual-ported_video_RAM) when shutting down. When you restart your computer after using Tails, it might briefly display the last screen that was displayed in Tails. If you shut down your computer instead of restarting it, the video memory will erase itself automatically after being unpowered for some time. -Tails [doesn't erase](https://gitlab.tails.boum.org/tails/tails/-/issues/5356) the [video memory](https://en.wikipedia.org/wiki/Dual-ported_video_RAM) when shutting down. When you restart your computer after using Tails, it might briefly display the last screen that was displayed in Tails. If you shut down your computer instead of restarting it, the video memory will erase itself automatically after being unpowered for some time. - -Danger
- -We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. For this reason, we don't recommend third-party Nextcloud providers. - -Try it out
- -Use your favorite [search engine](../search-engines/_index.md) to see if your data is trivially exposed by searching for your name in quotes, plus your general location. For example, search for `"Jane Smith" Chicago IL`. In many cases, you may find your personal information makes up many of the first results. Even if results about you aren't readily available though, you may still be affected. The list of data brokers linked below will provide more places to check whether your data is in any public databases. - -A tip on opt-out strategy
- -Be sure to avoid burning out or becoming overwhelmed with this process. Unless you're in immediate danger, you can take breaks and avoid doing them all at once.[^1] - -One strategy could be to look at a single website from the list above every week, starting from the top. Next week you move on to the following website on the list, and so on. When you reach the end of the list, you can start again from the beginning. - -This sets you up on a nice schedule to re-review each website approximately every 3-4 months, and breaks down the process into simple 5 minute tasks you can easily add to your weekly routine. - -High priority sites not supported by EasyOptOuts
- -EasyOptOuts does not cover the following sites we consider to be "high priority," so you should still manually opt-out of: - -- Intelius ([Search](https://intelius.com), [Opt-Out](https://suppression.peopleconnect.us/login)) -- PeekYou ([Search](https://peekyou.com), [Opt-Out](https://peekyou.com/about/contact/ccpa_optout/do_not_sell)) - -Google is a data collector themselves
- -This method will require you to submit your personal information to Google for them to periodically monitor their search results for. Google claims to not use the information provided to this tool to "personalize your experiences" across other Google products. - -While Google is not a data broker themselves *per se*, as they don't sell or share your data with outside parties, some may find this relationship unacceptable. You should always decide whether the benefits of this tool outweigh the drawbacks for your individual situation. - -Warning
+> [!WARNING] +> The anonymized DNS feature does [not](../../../wiki/advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic. -The anonymized DNS feature does [not](../../../wiki/advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic. - -Warning
+> [!WARNING] +> When using E2EE technology like OpenPGP your email will still have some metadata that is not encrypted in the header of the email, generally including the subject line! Read more about [email metadata](../../../wiki/basics/email-security.md#email-metadata-overview). +> +> OpenPGP also does not support forward secrecy, which means if the private key of either you or the message recipient is ever stolen, all previous messages encrypted with it will be exposed. +> +> - [How do I protect my private keys?](../../../wiki/basics/email-security.md#how-do-i-protect-my-private-keys) -When using E2EE technology like OpenPGP your email will still have some metadata that is not encrypted in the header of the email, generally including the subject line! Read more about [email metadata](../../../wiki/basics/email-security.md#email-metadata-overview). - -OpenPGP also does not support forward secrecy, which means if the private key of either you or the message recipient is ever stolen, all previous messages encrypted with it will be exposed. - -- [How do I protect my private keys?](../../../wiki/basics/email-security.md#how-do-i-protect-my-private-keys) - -Check your current bank
- -Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way, you are not trusting multiple parties with your personal information. - -Important notices
- -The content here is not legal or financial advice. We do not endorse or encourage illicit activities, and we do not endorse or encourage anything which violates a company's terms of service. Check with a professional to confirm that these recommendations are legal and available in your jurisdiction. [See all notices](../../../about/notices.md). - -Info
+> [!IMPORTANT] +> Built-in password managers in software like browsers and operating systems are sometimes not as good as dedicated password manager software. The advantage of a built-in password manager is good integration with the software, but it can often be very simple and lack privacy and security features that standalone offerings have. +> +> For example, the password manager in Microsoft Edge doesn't offer end-to-end encryption at all. Google's password manager has [optional](https://support.google.com/accounts/answer/11350823) E2EE, and [Apple's](https://support.apple.com/HT202303) offers E2EE by default. -Built-in password managers in software like browsers and operating systems are sometimes not as good as dedicated password manager software. The advantage of a built-in password manager is good integration with the software, but it can often be very simple and lack privacy and security features that standalone offerings have. - -For example, the password manager in Microsoft Edge doesn't offer end-to-end encryption at all. Google's password manager has [optional](https://support.google.com/accounts/answer/11350823) E2EE, and [Apple's](https://support.apple.com/HT202303) offers E2EE by default. - -VPNs do not provide anonymity
- -Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. - -If you are looking for **anonymity**, you should use the Tor Browser. If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices. - -[Introduction to the Tor Browser](../../software/tor/_index.md#tor-browser) · [Tor Myths & FAQ](../../../wiki/advanced/tor-overview.md) - -How to opt out of sharing telemetry
- -On Android, Proton hides telemetry settings under the misleadingly labeled "**Help us fight censorship**" menu in the settings panel. On other platforms these settings can be found under the "**Usage statistics**" menu. - -We are noting this because while we don't necessarily recommend against sharing anonymous usage statistics with developers, it is important that these settings are easily found and clearly labeled. - -Danger
- -It is important to note that using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy. - -Compatibility Issues
- -Kobold.cpp might not run on computers without AVX/AVX2 support. - -Danger
- -Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. - -Important notices
- -The content here is not legal or financial advice. We do not endorse or encourage illicit activities, and we do not endorse or encourage anything which violates a company's terms of service. Check with a professional to confirm that these recommendations are legal and available in your jurisdiction. [See all notices](../../../about/notices.md). - -Warning
+> [!WARNING] +> You should **never** use blur to redact [text in images](https://bishopfox.com/blog/unredacter-tool-never-pixelation). If you want to redact text in an image, you should draw a box over the text. -You should **never** use blur to redact [text in images](https://bishopfox.com/blog/unredacter-tool-never-pixelation). If you want to redact text in an image, you should draw a box over the text. - -Deleting data from a directory of files
- -```bash -exiftool -all= *.file_extension -``` - -Warning
+> [!WARNING] +> Firefox includes a unique [download token](https://bugzilla.mozilla.org/show_bug.cgi?id=1677497#c0) in downloads from Mozilla's website and uses telemetry in Firefox to send the token. The token is **not** included in releases from the [Mozilla FTP](https://ftp.mozilla.org/pub/firefox/releases/). -Firefox includes a unique [download token](https://bugzilla.mozilla.org/show_bug.cgi?id=1677497#c0) in downloads from Mozilla's website and uses telemetry in Firefox to send the token. The token is **not** included in releases from the [Mozilla FTP](https://ftp.mozilla.org/pub/firefox/releases/). - -Use Mullvad Browser for advanced anti-fingerprinting
- -[Mullvad Browser](#mullvad-browser) provides stronger anti-fingerprinting protections out of the box than Firefox, and does not require the use of Mullvad's VPN to benefit from these protections. Coupled with a VPN, Mullvad Browser can thwart more advanced tracking scripts which Arkenfox cannot. Firefox still has the advantage of being much more flexible, and allowing per-site exceptions for websites which you need to stay logged in to. - -Warning
+> [!WARNING] +> Brave adds a "[referral code](https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes)" to the file name in downloads from the Brave website, which is used to track which source the browser was downloaded from, for example `BRV002` in a download named `Brave-Browser-BRV002.pkg`. The installer will then ping Brave's server with the referral code at the end of the installation process. If you're concerned about this, you can rename the installer file before opening it. -Brave adds a "[referral code](https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes)" to the file name in downloads from the Brave website, which is used to track which source the browser was downloaded from, for example `BRV002` in a download named `Brave-Browser-BRV002.pkg`. The installer will then ping Brave's server with the referral code at the end of the installation process. If you're concerned about this, you can rename the installer file before opening it. - -Warning
+> [!WARNING] +> When replying to someone on a mailing list in Thunderbird Mobile, the "reply" option may also include the mailing list. For more information see [thunderbird/thunderbird-android #3738](https://github.com/thunderbird/thunderbird-android/issues/3738). -When replying to someone on a mailing list in Thunderbird Mobile, the "reply" option may also include the mailing list. For more information see [thunderbird/thunderbird-android #3738](https://github.com/thunderbird/thunderbird-android/issues/3738). - -For those using macOS Sonoma
- -Currently, GPG Suite does [not yet](https://gpgtools.com/sonoma) have a stable release for macOS Sonoma. - -Remember to back up volume headers
- -We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with: - -```bash -cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img -``` - -Use future defaults when generating a key
- -When [generating keys](https://gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to): - -```bash -gpg --quick-gen-key alice@example.com future-default -``` - -Note
+> [!NOTE] +> The [Old Reddit](https://old.reddit.com) website doesn't require as much JavaScript as the new Reddit website does, but it has recently blocked access to IP addresses reserved for public VPNs. You can use Old Reddit in conjunction with the [Tor](../tor/_index.md) Onion that was [launched in October 2022](https://forum.torproject.org/t/reddit-onion-service-launch/5305) at [https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion](https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion). -The [Old Reddit](https://old.reddit.com) website doesn't require as much JavaScript as the new Reddit website does, but it has recently blocked access to IP addresses reserved for public VPNs. You can use Old Reddit in conjunction with the [Tor](../tor/_index.md) Onion that was [launched in October 2022](https://forum.torproject.org/t/reddit-onion-service-launch/5305) at [https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion](https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion). -Tip
- -Redlib is useful if you want to disable JavaScript in your browser, such as [Tor Browser](../tor/_index.md#tor-browser) on the Safest security level. - -Tip
+> [!TIP] +> ProxiTok is useful if you want to disable JavaScript in your browser, such as [Tor Browser](../tor/_index.md#tor-browser) on the Safest security level. -ProxiTok is useful if you want to disable JavaScript in your browser, such as [Tor Browser](../tor/_index.md#tor-browser) on the Safest security level. - -Warning
+> [!WARNING] +> Invidious does not proxy video streams by default. Videos watched through Invidious will still make direct connections to Google's servers (e.g. `googlevideo.com`); however, some instances support video proxying—simply enable *Proxy videos* within the instances' settings or add `&local=true` to the URL. -Invidious does not proxy video streams by default. Videos watched through Invidious will still make direct connections to Google's servers (e.g. `googlevideo.com`); however, some instances support video proxying—simply enable *Proxy videos* within the instances' settings or add `&local=true` to the URL. -Tip
- -Invidious is useful if you want to disable JavaScript in your browser, such as [Tor Browser](../tor/_index.md#tor-browser) on the Safest security level. It does not provide privacy by itself, and we don’t recommend logging into any accounts. - -Tip
+> [!TIP] +> Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) without installing an extension. It does not provide privacy by itself, and we don’t recommend logging into any accounts. -Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) without installing an extension. It does not provide privacy by itself, and we don’t recommend logging into any accounts. - -Warning
+> [!WARNING] +> When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io), or [SponsorBlock](https://sponsor.ajay.app) depending on your configuration. Consider using a [VPN](../../services/vpn/_index.md) or [Tor](../tor/_index.md) if your [threat model](../../../wiki/basics/threat-modeling.md) requires hiding your IP address. -When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io), or [SponsorBlock](https://sponsor.ajay.app) depending on your configuration. Consider using a [VPN](../../services/vpn/_index.md) or [Tor](../tor/_index.md) if your [threat model](../../../wiki/basics/threat-modeling.md) requires hiding your IP address. - -Warning
+> [!WARNING] +> When using LibreTube, your IP address will be visible to YouTube, [Piped](https://github.com/TeamPiped/Piped/wiki/Instances), or [SponsorBlock](https://sponsor.ajay.app) depending on your configuration. Consider using a [VPN](../../services/vpn/_index.md) or [Tor](../tor/_index.md) if your [threat model](../../../wiki/basics/threat-modeling.md) requires hiding your IP address. -When using LibreTube, your IP address will be visible to YouTube, [Piped](https://github.com/TeamPiped/Piped/wiki/Instances), or [SponsorBlock](https://sponsor.ajay.app) depending on your configuration. Consider using a [VPN](../../services/vpn/_index.md) or [Tor](../tor/_index.md) if your [threat model](../../../wiki/basics/threat-modeling.md) requires hiding your IP address. - -Warning
+> [!WARNING] +> When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](../../services/vpn/_index.md) or [Tor](../tor/_index.md) if your [threat model](../../../wiki/basics/threat-modeling.md) requires hiding your IP address. -When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](../../services/vpn/_index.md) or [Tor](../tor/_index.md) if your [threat model](../../../wiki/basics/threat-modeling.md) requires hiding your IP address. - -Unique User Identifier
- OsmAnd generates a [unique user identifier (UUID)](https://osmand.net/docs/legal/terms-of-use/#6-unique-user-indentifier) for each app install that rotates every three months and is used for internal reports and statistics. The UUID is also sent to OsmAnd's servers when downloading maps. On Android, there is a setting that controls whether the UUID is sent with each download request. From the home screen, go to :material-menu: → :gear: **Settings** → :gear: **OsmAnd settings** → :material-web: **Identifiers**. - [ ] Uncheck **Send Unique User Identifier (UUID)** This setting is not available on the iOS app. -Hardware Keys
- -[Hardware security key recommendations](../../hardware/security-keys/_index.md) have been moved to their own category. - -Example
- -Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to. +Reddit allows you to subscribe to Subreddits via RSS. Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to: ```text https://reddit.com/r/[SUBREDDIT]/new/.rss ``` -Example
- To subscribe to a YouTube channel with an RSS client, first look for its [channel code](https://support.google.com/youtube/answer/6180214). The channel code can be found in the expanded description (i.e., the "About" section) of the YouTube channel you wish to subscribe to: **About** → **Share channel** → **Copy channel ID**. Replace `[CHANNEL ID]` below: ```text https://youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - -Tip
+> [!TIP] +> Before connecting to Tor, please ensure you've read our [overview](../../../wiki/advanced/tor-overview.md) on what Tor is and how to connect to it safely. We often recommend connecting to Tor through a trusted [VPN provider](../../services/vpn/_index.md), but you have to do so **properly** to avoid decreasing your anonymity. -Before connecting to Tor, please ensure you've read our [overview](../../../wiki/advanced/tor-overview.md) on what Tor is and how to connect to it safely. We often recommend connecting to Tor through a trusted [VPN provider](../../services/vpn/_index.md), but you have to do so **properly** to avoid decreasing your anonymity. - -Danger
- -You should **never** install any additional extensions on Tor Browser or edit `about:config` settings, including the ones we suggest for Firefox. Browser extensions and non-standard settings make you stand out from others on the Tor network, thus making your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting). - -