privacyguides/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-07-28 06:11:03 +00:00
Code Issues Activity

Markdown style consistency (#858)

Browse Source 
Signed-off-by: Daniel Gray <dng@disroot.org>
This commit is contained in:
Jonah Aragon
2022-04-03 08:50:08 +00:00
committed by Daniel Gray
parent 929b942a4d
commit 46aa2088e5
35 changed files with 557 additions and 295 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docs/blog/2021/09/14/welcome-to-privacy-guides.md
View File

@@ -17,11 +17,13 @@ We chose the name Privacy Guides because it represents two things for us as an o
As a name, it moves us past recommendations of various tools and focuses us more on the bigger picture. We want to provide more _education_rather than _direction_surrounding privacy-related topics. You can see the very beginnings of this work in our new page on [threat modeling](https://privacyguides.org/threat-modeling/), or our [VPN](https://privacyguides.org/providers/vpn/) and [Email Provider](https://privacyguides.org/providers/email/) recommendations, but this is just the start of what we eventually hope to accomplish.
### Website Development
Our project has always been community-oriented and open-sourced. The source code for PrivacyTools is currently archived at [https://github.com/privacytools/privacytools.io](https://github.com/privacytools/privacytools.io). This repository will remain online as an archive of everything on PrivacyTools up to this transition.
The source code for our new website is available at [https://github.com/privacyguides/privacyguides.org](https://github.com/privacyguides/privacyguides.org). All updates from PrivacyTools have been merged into this new repository, and this is where all future work will take place.
### Services
PrivacyTools also runs a number of online services in use by many users. Some of these services are federated, namely Mastodon, Matrix, and PeerTube. Due to the technical nature of federation, it is impossible for us to change the domain name on these services, and because we cannot guarantee the future of the privacytools.io domain name we will be shutting down these services in the coming months.
We strongly urge users of these services to migrate to alternative providers in the near future. We hope that we will be able to provide enough time to make this as seamless of a transition as possible for our users.
@@ -33,11 +35,13 @@ Other services being operated by PrivacyTools currently will be discontinued. Th
Our future direction for online services is uncertain, but will be a longer-term discussion within our community after our work is complete on this initial transition. We are very aware that whatever direction we move from here will have to be done in a way that is sustainable in the very long term.
### r/PrivacyGuides
PrivacyTools has a sizable community on Reddit, but to ensure a unified image we have created a new Subreddit at [r/PrivacyGuides](https://www.reddit.com/r/PrivacyGuides/) that we encourage all Reddit users to join.
In the coming weeks our current plan is to wind down discussions on r/privacytoolsIO. We will be opening r/PrivacyGuides to lots of the discussions most people are used to shortly, but encouraging general “privacy news” or headline-type posts to be posted on [r/Privacy](https://www.reddit.com/r/privacy/) instead. In our eyes, r/Privacy is the “who/what/when/where” of the privacy community on Reddit, the best place to find the latest news and information; while r/PrivacyGuides is the “how”: a place to share and discuss tools, tips, tricks, and other advice. We think focusing on these strong points will serve to strengthen both communities, and we hope the good moderators of r/Privacy agree :)
### Final Thoughts
The former active team at PrivacyTools universally agrees on this direction towards Privacy Guides, and will be working exclusively on Privacy Guides rather than any “PrivacyTools” related projects. We intend to redirect PriavcyTools to new Privacy Guides properties for as long as possible, and archive existing PrivacyTools work as a pre-transition snapshot.
Privacy Guides additionally welcomes back PrivacyTools former sysadmin [Jonah](https://twitter.com/JonahAragon), who will be joining the projects leadership team.
@@ -50,9 +54,9 @@ We are all very excited about this new brand and direction, and hope to have you
**_Privacy Guides_** _is a socially motivated website that provides information for protecting your data security and privacy._
* [Join r/PrivacyGuides on Reddit](https://www.reddit.com/r/privacyguides)
* [Follow @privacy_guides on Twitter](https://twitter.com/privacy_guides)
* [Collaborate with us on GitHub](https://github.com/privacyguides/privacyguides.org)
* [Join our chat on Matrix](https://matrix.to/#/#privacyguides:aragon.sh)
* [Join r/PrivacyGuides on Reddit](https://www.reddit.com/r/privacyguides)
* [Follow @privacy_guides on Twitter](https://twitter.com/privacy_guides)
* [Collaborate with us on GitHub](https://github.com/privacyguides/privacyguides.org)
* [Join our chat on Matrix](https://matrix.to/#/#privacyguides:aragon.sh)
The contact for this story is Jonah, who is reachable on Twitter [@JonahAragon](https://twitter.com/JonahAragon), Matrix [@jonah:aragon.sh](https://matrix.to/#/@jonah:aragon.sh), or Signal 763-308-5533.

10
docs/blog/2021/12/01/firefox-privacy-2021-update.md
View File

@@ -11,9 +11,11 @@ A lot changed between 2019 and now, not least in regards to Firefox. Since our l
Now that so many privacy features are built into the browser, there is little need for extensions made by third-party developers. Accordingly, we have updated our very outdated [browser](https://privacyguides.org/browsers/) section. If you've got an old browser profile we suggest **creating a new one**. Some of the old advice may make your browser *more* unique.
#### Privacy Tweaks "about:config"
We're no longer recommending that users set `about:config` switches manually. Those switches need to be up to date and continuously maintained. They should be studied before blindly making modifications. Sometimes their behaviour changes in between Firefox releases, is superseded by other keys or they are removed entirely. We do not see any point in duplicating the efforts of the community [Arkenfox](https://github.com/arkenfox/user.js) project. Arkenfox has very good documentation in their [wiki](https://github.com/arkenfox/user.js/wiki) and we use it ourselves.
#### LocalCDN and Decentraleyes
These extensions aren't required with Total Cookie Protection (TCP), which is enabled if you've set Enhanced Tracking Protection (ETP) to **Strict**.
Replacing scripts on CDNs with local versions is not a comprehensive solution and is a form of [enumeration of badness](https://www.ranum.com/security/computer_security/editorials/dumb/). While it may work with some scripts that are included it doesn't help with most other third-party connections.
@@ -21,20 +23,25 @@ Replacing scripts on CDNs with local versions is not a comprehensive solution an
CDN extensions never really improved privacy as far as sharing your IP address was concerned and their usage is fingerprintable as this Tor Project developer [points out](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22089#note_2639603). They are the wrong tool for the job and are not a substitute for a good VPN or Tor. Its worth noting the [resources](https://git.synz.io/Synzvato/decentraleyes/-/tree/master/resources) for Decentraleyes are hugely out of date and would not be likely used anyway.
#### NeatURLs and ClearURLS
Previously we recommended ClearURLs to remove tracking parameters from URLs you might visit. These extensions are no longer needed with uBlock Origin's [`removeparam`](https://github.com/gorhill/uBlock/wiki/Static-filter-syntax#removeparam) feature.
#### HTTPS Everywhere
The EFF announced back in September they were [deprecating HTTPS-Everywhere](https://www.eff.org/deeplinks/2021/09/https-actually-everywhere) as most browsers now have an HTTPS-Only feature. We are pleased to see privacy features built into the browser and Firefox 91 introduced [HTTPS by Default in Private Browsing](https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-https-by-default-in-private-browsing/).
#### Multi Account Containers and Temporary Containers
Container extensions aren't as important as they used to be for privacy now that we have [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/).
Multi Account Container will still have some use if you use [Mozilla VPN](https://en.wikipedia.org/wiki/Mozilla_VPN) as it is going to be [integrated](https://github.com/mozilla/multi-account-containers/issues/2210) allowing you to configure specified containers to use a particular VPN server. Another use might be if you want to login to multiple accounts on the same domain.
#### Just-In-Time Compilation (JIT)
What is "Disable JIT" in Bromite? This option disables the JavaScript performance feature [JIT](https://en.wikipedia.org/wiki/Just-in-time_compilation). It can increase security but at the cost of performance. Those trade-offs vary wildly and are explored in [this](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/) publication by Johnathan Norman from the Microsoft Edge team. This option is very much a security vs performance option.
#### Mozilla browsers on Android
We don't recommend any Mozilla based browsers on Android. This is because we don't feel that [GeckoView](https://mozilla.github.io/geckoview) is quite as secure as it could be as it doesn't support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture), soon to be coming in desktop browsers or [isolated processes](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
We also noticed that there isn't an option for [HTTPS-Only mode](https://github.com/mozilla-mobile/fenix/issues/16952#issuecomment-907960218). The only way to get something similar is to install the [deprecated](https://www.eff.org/deeplinks/2021/09/https-actually-everywhere) extension [HTTPS Everywhere](https://www.eff.org/https-everywhere).
@@ -42,6 +49,7 @@ We also noticed that there isn't an option for [HTTPS-Only mode](https://github.
There are places which Firefox on Android shines for example browsing news websites where you may want to *partially* load some JavaScript (but not all) using medium or hard [blocking mode](https://github.com/gorhill/uBlock/wiki/Blocking-mode). The [reader view](https://support.mozilla.org/en-US/kb/view-articles-reader-view-firefox-android) is also pretty cool. We expect things will change in the future, so we're keeping a close eye on this.
#### Fingerprinting
Firefox has the ability to block known third party [fingerprinting resources](https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/). Mozilla has [advanced protection](https://support.mozilla.org/kb/firefox-protection-against-fingerprinting) against fingerprinting (RFP is enabled with Arkenfox).
We do not recommend extensions that promise to change your [browser fingerprint](https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead/). Some of those extensions [are detectable](https://www.cse.chalmers.se/~andrei/codaspy17.pdf) by websites through JavaScript and [CSS](https://hal.archives-ouvertes.fr/hal-03152176/file/style-fingerprinting-usenix.pdf) methods, particularly those which inject anything into the web content.
@@ -50,4 +58,4 @@ This includes **all** extensions that try to change the user agent or other brow
---
_Special thanks to [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) and [Tommy](https://tommytran.io) for their help with providing advice and further documentation during the research phase._
*Special thanks to [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) and [Tommy](https://tommytran.io) for their help with providing advice and further documentation during the research phase.*