mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2026-05-28 22:29:23 +00:00
style: Move tool pages to category folders
This commit is contained in:
@@ -0,0 +1,4 @@
|
||||
---
|
||||
title: Hardware
|
||||
weight: 4
|
||||
---
|
||||
@@ -0,0 +1,114 @@
|
||||
---
|
||||
title: Mobile Phones
|
||||
icon: material/cellphone-check
|
||||
description: These mobile devices provide the best hardware security support for custom Android operating systems.
|
||||
cover: android.webp
|
||||
schema:
|
||||
-
|
||||
"@context": http://schema.org
|
||||
"@type": WebPage
|
||||
name: Mobile Phone Recommendations
|
||||
url: "./"
|
||||
-
|
||||
"@context": http://schema.org
|
||||
"@type": Product
|
||||
name: Pixel
|
||||
brand:
|
||||
"@type": Brand
|
||||
name: Google
|
||||
image: /assets/img/android/google-pixel.png
|
||||
sameAs: https://en.wikipedia.org/wiki/Google_Pixel
|
||||
review:
|
||||
"@type": Review
|
||||
author:
|
||||
"@type": Organization
|
||||
name: Privacy Guides
|
||||
robots: nofollow, max-snippet:-1, max-image-preview:large
|
||||
---
|
||||
<small>Protects against the following threat(s):</small>
|
||||
|
||||
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
|
||||
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
|
||||
|
||||
Most **mobile phones** receive short or limited windows of security updates from OEMs; after these devices reach the end of their support period, they **cannot** be considered secure as they no longer receive firmware or driver security updates.
|
||||
|
||||
The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
|
||||
|
||||
[Recommended Android Distributions :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
|
||||
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Warning</p>
|
||||
|
||||
End-of-life devices (such as GrapheneOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
|
||||
|
||||
</div>
|
||||
|
||||
## General Purchasing Advice
|
||||
|
||||
When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
|
||||
|
||||
Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
|
||||
|
||||
Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of it being entered in the [IMEI database](https://gsma.com/get-involved/working-groups/terminal-steering-group/imei-database). There is also a risk involved with you being associated with the activity of the previous owner.
|
||||
|
||||
A few more tips regarding Android devices and operating system compatibility:
|
||||
|
||||
- Do not buy devices that have reached or are near their end-of-life; additional firmware updates must be provided by the manufacturer.
|
||||
- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
|
||||
- In short, if a device is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net) to find details!
|
||||
|
||||
## Google Pixel
|
||||
|
||||
Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
|
||||
|
||||
Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of 7 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-5 years competing OEMs typically offer.
|
||||
|
||||
[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
|
||||
|
||||
</div>
|
||||
|
||||
### Hardware Security
|
||||
|
||||
Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
|
||||
|
||||
Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
|
||||
|
||||
The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature.
|
||||
|
||||
### Buying a Google Pixel
|
||||
|
||||
A few more tips for purchasing a Google Pixel:
|
||||
|
||||
- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
|
||||
- Consider price beating options and specials offered at physical stores.
|
||||
- Look at online community bargain sites in your country. These can alert you to good sales.
|
||||
- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as:
|
||||
<math xmlns="http://www.w3.org/1998/Math/MathML" display="inline" class="tml-display" style="display:inline math;">
|
||||
<mfrac>
|
||||
<mtext>Cost</mtext>
|
||||
<mrow>
|
||||
<mtext>End of Life Date</mtext>
|
||||
<mo>−</mo>
|
||||
<mtext>Current Date</mtext>
|
||||
</mrow>
|
||||
</mfrac>
|
||||
</math>
|
||||
, meaning that the longer use of the device the lower cost per day.
|
||||
- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
|
||||
|
||||
The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
|
||||
|
||||
## Criteria
|
||||
|
||||
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
|
||||
|
||||
- Must support at least one of our recommended custom operating systems.
|
||||
- Must be currently sold new in stores.
|
||||
- Must receive a minimum of 5 years of security updates.
|
||||
- Must have dedicated secure element hardware.
|
||||
@@ -0,0 +1,129 @@
|
||||
---
|
||||
title: Security Keys
|
||||
icon: material/key-chain
|
||||
description: These security keys provide a form of phishing-immune authentication for accounts that support it.
|
||||
cover: multi-factor-authentication.webp
|
||||
---
|
||||
<small>Protects against the following threat(s):</small>
|
||||
|
||||
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
|
||||
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
|
||||
|
||||
A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the [FIDO2](basics/multi-factor-authentication.md#fido-fast-identity-online) security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
|
||||
|
||||
## Yubico Security Key
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
<figure markdown="span">
|
||||
{ width="315" }
|
||||
</figure>
|
||||
|
||||
The **Yubico Security Key** series is the most cost-effective hardware security key with FIDO Level 2 certification[^1]. It supports FIDO2/WebAuthn and FIDO Universal 2nd Factor (U2F), and works out of the box with most services that support a security key as a second factor, as well as many password managers.
|
||||
|
||||
[:octicons-home-16: Homepage](https://yubico.com/products/security-key){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://docs.yubico.com){ .card-link title="Documentation" }
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
These keys are available in both USB-C and USB-A variants, and both options support NFC for use with a mobile device as well.
|
||||
|
||||
This key provides only basic FIDO2 functionality, but for most people that is all you will need. Some notable features the Security Key series does **not** have include:
|
||||
|
||||
- [Yubico Authenticator](https://yubico.com/products/yubico-authenticator)
|
||||
- CCID Smart Card support (PIV-compatible)
|
||||
- OpenPGP
|
||||
|
||||
If you need any of those features, you should consider their higher-end [YubiKey](#yubikey) series instead.
|
||||
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Warning</p>
|
||||
|
||||
The firmware of Yubico's Security Keys is not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key.
|
||||
|
||||
</div>
|
||||
|
||||
## YubiKey
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
<figure markdown="span">
|
||||
{ width="400" }
|
||||
</figure>
|
||||
|
||||
The **YubiKey** series from Yubico are among the most popular security keys with FIDO Level 2 Certification[^1]. The **YubiKey 5 Series** has a wide range of features such as FIDO2/WebAuthn and FIDO U2F, [TOTP and HOTP](https://developers.yubico.com/OATH) authentication, [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), and [OpenPGP](https://developers.yubico.com/PGP).
|
||||
|
||||
[:octicons-home-16: Homepage](https://yubico.com/products/yubikey-5-overview){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://docs.yubico.com){ .card-link title="Documentation" }
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
The [comparison table](https://yubico.com/store/compare) shows how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series in terms of features and other specifications. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you choose the right security key.
|
||||
|
||||
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
|
||||
|
||||
For models which [support HOTP and TOTP](https://support.yubico.com/hc/articles/360013790319-How-many-accounts-can-I-register-my-YubiKey-with), the secrets are stored encrypted on the key and never exposed to the devices they are plugged into. Once a seed (shared secret) is given to the Yubico Authenticator, it will only give out the six-digit codes, but never the seed. This security model helps limit what an attacker can do if they compromise one of the devices running the Yubico Authenticator and make the YubiKey resistant to a physical attacker.
|
||||
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Warning</p>
|
||||
|
||||
The firmware of YubiKey is not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key.
|
||||
|
||||
</div>
|
||||
|
||||
## Nitrokey
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
<figure markdown="span">
|
||||
{ width="300" }
|
||||
</figure>
|
||||
|
||||
**Nitrokey** has a cost-effective security key capable of FIDO2/WebAuthn and FIDO U2F called the **Nitrokey Passkey**. For support for features such as PIV, OpenPGP, and TOTP and HOTP authentication, you need to purchase one of their other keys like the **Nitrokey 3**. Currently, only the **Nitrokey 3A Mini** has [FIDO Level 1 Certification](https://nitrokey.com/news/2024/nitrokey-3a-mini-receives-official-fido2-certification).
|
||||
|
||||
[:octicons-home-16: Homepage](https://nitrokey.com){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://nitrokey.com/data-privacy-policy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://docs.nitrokey.com){ .card-link title="Documentation" }
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
The [comparison table](https://nitrokey.com/products/nitrokeys#:~:text=The%20Nitrokey%20Family) shows how the different Nitrokey models compare to each other in terms of features and other specifications. Refer to Nitrokey's [documentation](https://docs.nitrokey.com/nitrokeys/features) for more details about the features available on your Nitrokey.
|
||||
|
||||
Nitrokey models can be configured using the [Nitrokey app](https://nitrokey.com/download).
|
||||
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Warning</p>
|
||||
|
||||
Excluding the Nitrokey 3, Nitrokeys which support HOTP and TOTP do not have encrypted storage, making them vulnerable to physical attacks.
|
||||
|
||||
</div>
|
||||
|
||||
## Criteria
|
||||
|
||||
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
|
||||
|
||||
### Minimum Requirements
|
||||
|
||||
- Must use high-quality, tamper-resistant hardware security modules.
|
||||
- Must support the latest FIDO2 specification.
|
||||
- Must not allow private key extraction.
|
||||
- Devices which cost over $35 must support handling OpenPGP and S/MIME.
|
||||
|
||||
### Best-Case
|
||||
|
||||
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
|
||||
|
||||
- Should be available in USB-C form factor.
|
||||
- Should be available with NFC.
|
||||
- Should support TOTP secret storage.
|
||||
- Should support secure firmware updates.
|
||||
|
||||
[^1]: Some governments or other organizations may require a key with Level 2 certification, but most people do not have to worry about this distinction.
|
||||
Reference in New Issue
Block a user