diff --git a/content/about/criteria.md b/content/about/criteria.md index d8f08fc7..1026533c 100644 --- a/content/about/criteria.md +++ b/content/about/criteria.md @@ -32,4 +32,4 @@ We have these requirements in regard to developers which wish to submit their pr - Why should anyone use it over the alternatives? - Must state what the exact threat model is with their project. - - It should be clear to potential users what the project can provide, and what it cannot. Ideally, a developer should be able to identify what [common threat(s)](../basics/common-threats.md) their project protects against. + - It should be clear to potential users what the project can provide, and what it cannot. Ideally, a developer should be able to identify what [common threat(s)](../wiki/basics/common-threats/_index.md) their project protects against. diff --git a/content/about/donate.md b/content/about/donate.md index 26495781..3b288060 100644 --- a/content/about/donate.md +++ b/content/about/donate.md @@ -113,11 +113,11 @@ We use donations for a variety of purposes, including: **Online Services** -: We host [internet services](services.md) for testing and showcasing different privacy-products we like and [recommend](../tools.md). Some of them are made publicly available for our community's use (SearXNG, Tor, etc.), and some are provided for our team members (email, etc.). +: We host [internet services](services.md) for testing and showcasing different privacy-products we like and [recommend](../tools/_index.md). Some of them are made publicly available for our community's use (SearXNG, Tor, etc.), and some are provided for our team members (email, etc.). **Product Purchases** -: We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). +: We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools/_index.md). Thank you to all those who support our mission! :material-heart:{ .pg-red } diff --git a/content/about/jobs/journalist.md b/content/about/jobs/journalist.md index e577fa89..9325e11f 100644 --- a/content/about/jobs/journalist.md +++ b/content/about/jobs/journalist.md @@ -26,8 +26,8 @@ Privacy Guides is a small, largely volunteer-driven nonprofit media organization Your responsibilities will include, but aren’t limited to: -- Creating high-quality articles for our [knowledge base](../../basics/why-privacy-matters.md). -- Performing product reviews for our [reviews](https://www.privacyguides.org/articles/category/reviews) section and [tool recommendations](../../tools.md). +- Creating high-quality articles for our [knowledge base](../../wiki/basics/why-privacy-matters/_index.md). +- Performing product reviews for our [reviews](https://www.privacyguides.org/articles/category/reviews) section and [tool recommendations](../../tools/_index.md). - Researching new topics to cover. - Interviewing and fact-checking all relevant sources. - Regular posting of high-quality, unbiased journalistic content across our platforms. diff --git a/content/about/privacytools.md b/content/about/privacytools.md index 31b1ef51..3c42cc70 100644 --- a/content/about/privacytools.md +++ b/content/about/privacytools.md @@ -73,7 +73,7 @@ BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status ## PrivacyTools.io Now -As of September 25th 2022 we are seeing BurungHantu's overall plans come to fruition on privacytools.io, and this is the very reason we decided to create this explainer page today. The website he is operating appears to be a heavily SEO-optimized version of the site which recommends tools in exchange for financial compensation. Very recently, IVPN and Mullvad, two VPN providers near-universally [recommended](../vpn.md) by the privacy community and notable for their stance against affiliate programs were removed from PrivacyTools. In their place? NordVPN, Surfshark, ExpressVPN, and hide.me; Giant VPN corporations with untrustworthy platforms and business practices, notorious for their aggressive marketing and affiliate programs. +As of September 25th 2022 we are seeing BurungHantu's overall plans come to fruition on privacytools.io, and this is the very reason we decided to create this explainer page today. The website he is operating appears to be a heavily SEO-optimized version of the site which recommends tools in exchange for financial compensation. Very recently, IVPN and Mullvad, two VPN providers near-universally [recommended](../tools/services/vpn/_index.md) by the privacy community and notable for their stance against affiliate programs were removed from PrivacyTools. In their place? NordVPN, Surfshark, ExpressVPN, and hide.me; Giant VPN corporations with untrustworthy platforms and business practices, notorious for their aggressive marketing and affiliate programs. ==**PrivacyTools has become exactly the type of site we [warned against](https://web.archive.org/web/20210729205249/https://blog.privacytools.io/the-trouble-with-vpn-and-privacy-reviews) on the PrivacyTools blog in 2019.**== We've tried to keep our distance from PrivacyTools since the transition, but their continued harassment towards our project and now their absurd abuse of the credibility their brand gained over 6 years of open-source contributions is extremely troubling to us. Those of us actually fighting for privacy are not fighting against each other, and are not getting our advice from the highest bidder. diff --git a/content/activism/_index.md b/content/activism/_index.md index 31d781c7..f05785f9 100644 --- a/content/activism/_index.md +++ b/content/activism/_index.md @@ -10,7 +10,7 @@ breadcrumbs: false cascade: type: docs --- -The **Guides and Tools for Privacy Activists** project from [*Privacy Guides*](../about.md) offers a new way to empower the digital rights community. +The **Guides and Tools for Privacy Activists** project from [*Privacy Guides*](../about/_index.md) offers a new way to empower the digital rights community. This section contains information to help you become a better defender of privacy rights, both for individuals and organizations. @@ -18,7 +18,7 @@ This section contains information to help you become a better defender of privac Fighting to improve our privacy cannot *only* be a matter of individual protections. -When [regulations keep attacking](https://www.privacyguides.org/articles/2025/09/08/chat-control-must-be-stopped/) the tools and services we rely on to protect our personal information, when corporations [exploit our data](../basics/common-threats.md/#surveillance-as-a-business-model) more aggressively every day, and when platforms exponentially [erode online pseudonymity](https://www.privacyguides.org/articles/2025/10/15/real-name-policies/), we must broaden our reach to fight for our rights. +When [regulations keep attacking](https://www.privacyguides.org/articles/2025/09/08/chat-control-must-be-stopped/) the tools and services we rely on to protect our personal information, when corporations [exploit our data](../wiki/basics/common-threats/_index.md#surveillance-as-a-business-model) more aggressively every day, and when platforms exponentially [erode online pseudonymity](https://www.privacyguides.org/articles/2025/10/15/real-name-policies/), we must broaden our reach to fight for our rights. ==For privacy to become a valued and respected human right, we must work together== to defend privacy rights as a community. @@ -26,7 +26,7 @@ This section will progressively grow with more tools to support the community in
-[:fontawesome-solid-toolbox:{ .toolbox-button-icon } Privacy Activist Toolbox](toolbox/index.md){ .toolbox-button .toolbox-bg } +[:fontawesome-solid-toolbox:{ .toolbox-button-icon } Privacy Activist Toolbox](toolbox/_index.md){ .toolbox-button .toolbox-bg } [:fontawesome-solid-address-card:{ .toolbox-button-icon } DPA Directory](legal/dpa-directory.md){ .toolbox-button .dpadirectory-bg } diff --git a/content/activism/toolbox/tip-beware-of-privacy-snake-oil.md b/content/activism/toolbox/tip-beware-of-privacy-snake-oil.md index f101445d..07f2fcbd 100644 --- a/content/activism/toolbox/tip-beware-of-privacy-snake-oil.md +++ b/content/activism/toolbox/tip-beware-of-privacy-snake-oil.md @@ -114,7 +114,7 @@ With that in mind, here are some green flags you can keep in mind when evaluatin ## More resources -- [Tool recommendations vetted by our community (*Privacy Guides*)](../../tools.md) +- [Tool recommendations vetted by our community (*Privacy Guides*)](../../tools/_index.md) - [Extensive guide on how to evaluate better privacy tools and organizations (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/) diff --git a/content/activism/toolbox/tip-consider-everyones-unique-situation.md b/content/activism/toolbox/tip-consider-everyones-unique-situation.md index ec63b9b0..ccbda893 100644 --- a/content/activism/toolbox/tip-consider-everyones-unique-situation.md +++ b/content/activism/toolbox/tip-consider-everyones-unique-situation.md @@ -8,7 +8,7 @@ Everyone has different needs, and everyone faces different dangers when their pe To give actionable privacy advices and recommendations, it's essential to **keep in mind everyone's situation**. There isn't a one-size-fits-all approach when it comes to data privacy. -Here's how you can get better at evaluating each person's unique [*threat model*](../../basics/threat-modeling.md): +Here's how you can get better at evaluating each person's unique [*threat model*](../../wiki/basics/threat-modeling/_index.md): ## What is a threat model? @@ -70,6 +70,6 @@ To be a good privacy advocate is to provide information and support when needed. ## More resources -- [More detailed information on threat modeling (*Privacy Guides*)](../../basics/threat-modeling.md) +- [More detailed information on threat modeling (*Privacy Guides*)](../../wiki/basics/threat-modeling/_index.md) -- [Examples of common threats (*Privacy Guides*)](../../basics/common-threats.md) +- [Examples of common threats (*Privacy Guides*)](../../wiki/basics/common-threats/_index.md) diff --git a/content/activism/toolbox/tip-dont-stop-at-individual-solutions.md b/content/activism/toolbox/tip-dont-stop-at-individual-solutions.md index 9a3445d3..bb02df89 100644 --- a/content/activism/toolbox/tip-dont-stop-at-individual-solutions.md +++ b/content/activism/toolbox/tip-dont-stop-at-individual-solutions.md @@ -12,7 +12,7 @@ Here's what to keep in mind to **expand your perspective on data privacy** beyon While it might feel easier to focus on our own needs, nobody lives in a vacuum. Even if you were able to somehow protect all the data you have custody of, there is a lot of data about you that isn't under your control, and a lot of data about *others* that impact you. -Moreover, it's important to consider others in different situations. For example, even if everyone who has access to a [VPN](../../vpn.md) service can stay protected from a particular issue, what about all the others? It's neither practical nor realistic to expect that *everyone* would be able to circumvent a problem by using a VPN. +Moreover, it's important to consider others in different situations. For example, even if everyone who has access to a [VPN](../../tools/services/vpn/_index.md) service can stay protected from a particular issue, what about all the others? It's neither practical nor realistic to expect that *everyone* would be able to circumvent a problem by using a VPN. While in some cases we might want to discuss immediate individual solutions in order to mitigate some harm, we must also attack the root cause of the problem. diff --git a/content/activism/toolbox/tip-engage-boosts-and-contribute.md b/content/activism/toolbox/tip-engage-boosts-and-contribute.md index 8790d681..a9300869 100644 --- a/content/activism/toolbox/tip-engage-boosts-and-contribute.md +++ b/content/activism/toolbox/tip-engage-boosts-and-contribute.md @@ -4,7 +4,7 @@ description: Once you have the knowledge, motivation, and energy to fight for pr icon: fontawesome/solid/bullhorn cover: activism/banner-toolbox-tip-engage.webp --- -Once you have the knowledge, motivation, and energy, **it's time to act**! Perhaps you've read all the tips here, or have read through our [Knowledge Base](../../basics/why-privacy-matters.md) already! But you don't need to know that much about privacy to start contributing. +Once you have the knowledge, motivation, and energy, **it's time to act**! Perhaps you've read all the tips here, or have read through our [Knowledge Base](../../wiki/basics/why-privacy-matters/_index.md) already! But you don't need to know that much about privacy to start contributing. The most important part is that you care about privacy rights, and want to be part of the movement to defend them. diff --git a/content/activism/toolbox/tip-improve-your-social-media-and-build-resilient-communities.md b/content/activism/toolbox/tip-improve-your-social-media-and-build-resilient-communities.md index e19b4c67..923e2384 100644 --- a/content/activism/toolbox/tip-improve-your-social-media-and-build-resilient-communities.md +++ b/content/activism/toolbox/tip-improve-your-social-media-and-build-resilient-communities.md @@ -70,7 +70,7 @@ Here are some resources to help you learn more about this social network, and it - [What is the Fediverse and how it's interconnected (*Stefan Bohacek* project)](https://jointhefediverse.net) -- [Social network recommendations (*Privacy Guides*)](../../social-networks.md) +- [Social network recommendations (*Privacy Guides*)](../../tools/software/social-networks/_index.md) - [Privacy and security on Mastodon (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/07/15/mastodon-privacy-and-security/) diff --git a/content/activism/toolbox/tip-keep-in-mind-the-whole-landscape.md b/content/activism/toolbox/tip-keep-in-mind-the-whole-landscape.md index 80380923..f55fe108 100644 --- a/content/activism/toolbox/tip-keep-in-mind-the-whole-landscape.md +++ b/content/activism/toolbox/tip-keep-in-mind-the-whole-landscape.md @@ -10,7 +10,7 @@ Here's how to get better at **considering the whole landscape**: ## The technology -Technology plays a crucial role in how we protect our digital information. Most people are already familiar with the [tools and services](../../tools.md) we can use to better protect our privacy, and the ways technology can endanger our privacy rights. Technologies like encryption, for example, are essential in our connected world. +Technology plays a crucial role in how we protect our digital information. Most people are already familiar with the [tools and services](../../tools/_index.md) we can use to better protect our privacy, and the ways technology can endanger our privacy rights. Technologies like encryption, for example, are essential in our connected world. But if we only consider the technological aspect, it will not be enough to defend our privacy rights. When we only think and talk about technical solutions, we are missing the bigger picture, and with it, the bigger solutions as well. @@ -44,7 +44,7 @@ Here are a few examples: - [**Age Verification**](https://www.privacyguides.org/articles/2025/05/06/age-verification-wants-your-face/) regulations and proposals are growing around the world at a terrifying rate. -- [**Data Brokers**](../../data-broker-removals.md) are incessantly exploiting our data due to weak regulations. +- [**Data Brokers**](../../tools/services/data-broker-removals/_index.md) are incessantly exploiting our data due to weak regulations. - [**Funding cuts**](https://www.privacyguides.org/articles/2025/02/03/the-future-of-privacy/) from new regulations have frequently impacted negatively the organizations and privacy tools we rely on. diff --git a/content/activism/toolbox/tip-keep-your-posts-and-community-inclusive.md b/content/activism/toolbox/tip-keep-your-posts-and-community-inclusive.md index 96038baf..9bf0a6a3 100644 --- a/content/activism/toolbox/tip-keep-your-posts-and-community-inclusive.md +++ b/content/activism/toolbox/tip-keep-your-posts-and-community-inclusive.md @@ -14,7 +14,7 @@ In privacy, **diversity** is an incredible strength, a necessity even. When peop Having a broad perspective is essential to understand the scope and impact of privacy issues, as well as the actionable solutions for diverse situations. -When people with different lived experiences and identities join our group, it expands our understanding of numerous [threat models](../../basics/threat-modeling.md), and allows us to adapt our message in ways that will be more inclusive. +When people with different lived experiences and identities join our group, it expands our understanding of numerous [threat models](../../wiki/basics/threat-modeling/_index.md), and allows us to adapt our message in ways that will be more inclusive. When people from different localities join our group, this helps us to regionalize our content and communication to make it accessible to people all around the world, and expand our network. And when people with different mentalities join our group, it helps us to reach out to people with different ways of thinking more easily. diff --git a/content/activism/toolbox/tip-know-your-privacy-laws.md b/content/activism/toolbox/tip-know-your-privacy-laws.md index 2a3e3030..56ff28a6 100644 --- a/content/activism/toolbox/tip-know-your-privacy-laws.md +++ b/content/activism/toolbox/tip-know-your-privacy-laws.md @@ -37,7 +37,7 @@ If your jurisdiction is protected by one or more privacy laws, it should be rela To start your research, you can look at [Privacy Guides' DPA Directory](../legal/dpa-directory.md) and check if your region is listed there. If it is, you will see what is the main consumer privacy law for this region, and you can click on the link to learn more about it. -If your region isn't listed in our DPA Directory, or if you are looking for another more specific privacy-related law, you should be able to find this information online simply using a [trustworthy search engine](../../search-engines.md). Look for keywords with your location (be specific about country + states/provinces/region) and "privacy laws" or "data protection regulations." +If your region isn't listed in our DPA Directory, or if you are looking for another more specific privacy-related law, you should be able to find this information online simply using a [trustworthy search engine](../../tools/services/search-engines/_index.md). Look for keywords with your location (be specific about country + states/provinces/region) and "privacy laws" or "data protection regulations." Always make sure to find a result that is from an official government source. diff --git a/content/activism/toolbox/tip-level-up-assemble-and-organize.md b/content/activism/toolbox/tip-level-up-assemble-and-organize.md index 13e0442f..ed71dae6 100644 --- a/content/activism/toolbox/tip-level-up-assemble-and-organize.md +++ b/content/activism/toolbox/tip-level-up-assemble-and-organize.md @@ -117,7 +117,7 @@ Here are a few privacy-focused tools and services that can help you to organize :page_with_curl: Use it as an alternative to Google Docs! -[More info](../../document-collaboration.md#cryptpad){ .md-button .md-button--primary } +[More info](../../tools/software/document-collaboration/_index.md#cryptpad){ .md-button .md-button--primary } [:octicons-home-16:](https://cryptpad.fr/){ .card-link title="Homepage" } [:octicons-feed-star-16:](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review/){ .card-link title="Our CryptPad review" } @@ -131,7 +131,7 @@ Here are a few privacy-focused tools and services that can help you to organize :speech_balloon: Use it as an [alternative](tip-improve-your-social-media-and-build-resilient-communities.md) to commercial social media such as *X*, *Facebook*, *Instagram*, *Threads*, *TikTok*, or *Bluesky*. -[More info](../../social-networks.md#mastodon){ .md-button .md-button--primary } +[More info](../../tools/software/social-networks/_index.md#mastodon){ .md-button .md-button--primary } [:octicons-home-16:](https://joinmastodon.org/){ .card-link title="Homepage" } [:octicons-feed-star-16:](https://www.privacyguides.org/articles/2025/07/15/mastodon-privacy-and-security/){ .card-link title="Notes on Mastodon Privacy & Security" } @@ -145,7 +145,7 @@ Here are a few privacy-focused tools and services that can help you to organize :loudspeaker: Use it as a privacy-preserving alternative to *Slack* or *Discord*. -[More info](../../social-networks.md#element){ .md-button .md-button--primary } +[More info](../../tools/software/social-networks/_index.md#element){ .md-button .md-button--primary } [:octicons-home-16:](https://element.io/){ .card-link title="Homepage" }
@@ -158,7 +158,7 @@ Here are a few privacy-focused tools and services that can help you to organize :video_camera: Use it to share videos with your community free from *YouTube*'s control. -[:octicons-home-16: Homepage](../../social-networks.md#peertube){ .md-button .md-button--primary } +[:octicons-home-16: Homepage](../../tools/software/social-networks/_index.md#peertube){ .md-button .md-button--primary } @@ -177,10 +177,10 @@ Here are a few privacy-focused tools and services that can help you to organize
More Alternatives  đź“— -- **Maps & Navigation:** [Organic Maps](../../maps.md#organic-maps) or [OsmAnd](../../maps.md#osmand) -- **Calendar Sync:** [Tuta](../../calendar.md#tuta) or [Proton](../../calendar.md#proton-calendar) -- **Cloud Storage:** [Proton Drive](../../cloud.md#proton-drive), [Tresorit](../../cloud.md#tresorit), or [Peergos](../../cloud.md#peergos) -- **File Sharing:** [OnionShare](../../file-sharing.md#onionshare), [Send](../../file-sharing.md#send), or [Syncthing](../../file-sharing.md#syncthing-p2p) +- **Maps & Navigation:** [Organic Maps](../../tools/software/maps/_index.md#organic-maps) or [OsmAnd](../../tools/software/maps/_index.md#osmand) +- **Calendar Sync:** [Tuta](../../tools/services/calendar/_index.md#tuta) or [Proton](../../tools/services/calendar/_index.md#proton-calendar) +- **Cloud Storage:** [Proton Drive](../../tools/services/cloud/_index.md#proton-drive), [Tresorit](../../tools/services/cloud/_index.md#tresorit), or [Peergos](../../tools/services/cloud/_index.md#peergos) +- **File Sharing:** [OnionShare](../../tools/software/file-sharing/_index.md#onionshare), [Send](../../tools/software/file-sharing/_index.md#send), or [Syncthing](../../tools/software/file-sharing/_index.md#syncthing-p2p) More tools for community organization could include [LAUTI](https://lauti.org/) for community calendars, and [Mobilizon](https://mobilizon.org/) for events and groups. For more on better alternatives to use, you can check this [tip on why and how to migrate away from Big Tech](tip-migrate-outside-the-surveillance-ecosystem.md) for your privacy advocacy work. @@ -210,4 +210,4 @@ More tools for community organization could include [LAUTI](https://lauti.org/) - [Campaign accelerator training (*Mobilisation Lab*)](https://mobilisationlab.org/training-coaching/campaign-accelerator-training/) - + diff --git a/content/activism/toolbox/tip-migrate-outside-the-surveillance-ecosystem.md b/content/activism/toolbox/tip-migrate-outside-the-surveillance-ecosystem.md index 1394aa6a..467c796e 100644 --- a/content/activism/toolbox/tip-migrate-outside-the-surveillance-ecosystem.md +++ b/content/activism/toolbox/tip-migrate-outside-the-surveillance-ecosystem.md @@ -24,7 +24,7 @@ While using the most popular mainstream tools and platforms for our work might s
-1. The first drawback is that by using products that are antithetical to our values, we are directly participating in sustaining anti-privacy corporations and contributing to [surveillance capitalism](../../basics/common-threats.md/#surveillance-as-a-business-model). +1. The first drawback is that by using products that are antithetical to our values, we are directly participating in sustaining anti-privacy corporations and contributing to [surveillance capitalism](../../wiki/basics/common-threats/_index.md#surveillance-as-a-business-model). 2. The second drawback is that simply by using Big Tech tools, we are indirectly promoting the usage of services that are horrible for everyone's privacy. @@ -47,7 +47,7 @@ While using the most popular mainstream tools and platforms for our work might s

What is the best tool?

-For each proposed alternative, you should always first consider your own [threat model](../../basics/threat-modeling.md). One tool might be ideal for one person or organization, but another tool might be better for another. Make sure to understand well your threat model in order to choose the tools that are the best for your unique situation. +For each proposed alternative, you should always first consider your own [threat model](../../wiki/basics/threat-modeling/_index.md). One tool might be ideal for one person or organization, but another tool might be better for another. Make sure to understand well your threat model in order to choose the tools that are the best for your unique situation.
@@ -73,11 +73,11 @@ Here's a list of alternative solutions you can start adopting to improve data pr
-- **[Messaging communication](../../real-time-communication.md):** Move your text message communication, audio calls, and video calls to a secure messenger like Signal. Enable features like Signal's username option, and disappearing messages. +- **[Messaging communication](../../tools/services/messengers/_index.md):** Move your text message communication, audio calls, and video calls to a secure messenger like Signal. Enable features like Signal's username option, and disappearing messages. -- **Sensitive messaging communication:** If your threat model requires a peer-to-peer solution that doesn't need a phone number and transits over the [Tor network](https://www.privacyguides.org/articles/2025/04/30/in-praise-of-tor/), you might want to use an application such as [Cwtch](https://docs.cwtch.im/) or [Briar](../../real-time-communication.md/#briar). +- **Sensitive messaging communication:** If your threat model requires a peer-to-peer solution that doesn't need a phone number and transits over the [Tor network](https://www.privacyguides.org/articles/2025/04/30/in-praise-of-tor/), you might want to use an application such as [Cwtch](https://docs.cwtch.im/) or [Briar](../../tools/services/messengers/_index.md#briar). -- **[Email communication](../../email.md):** Migrate to a privacy-respectful email service that offers end-to-end encryption, such as Proton Mail or Tuta. Make sure to inform yourself about the limitations of email privacy when using email for sensitive communication. +- **[Email communication](../../tools/services/email/_index.md):** Migrate to a privacy-respectful email service that offers end-to-end encryption, such as Proton Mail or Tuta. Make sure to inform yourself about the limitations of email privacy when using email for sensitive communication.

Service providers disclosure and compatibility

@@ -90,13 +90,13 @@ Here's a list of alternative solutions you can start adopting to improve data pr
-- **[Document storing and sharing](../../document-collaboration.md):** Move away from privacy-invasive Google products to store and share documents. Instead, use an end-to-end encrypted solution such as [CryptPad](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review/) for your collaborative documents and forms. Proton Drive also offers collaborative documents with *Proton Docs* and *Sheets*. +- **[Document storing and sharing](../../tools/software/document-collaboration/_index.md):** Move away from privacy-invasive Google products to store and share documents. Instead, use an end-to-end encrypted solution such as [CryptPad](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review/) for your collaborative documents and forms. Proton Drive also offers collaborative documents with *Proton Docs* and *Sheets*. -- **[Storing files](../../cloud.md):** Choose an end-to-end encrypted cloud solution to store and share files. Always keep in mind that if a cloud service provider doesn't offer solid end-to-end encryption, then it can potentially access any of your stored files. +- **[Storing files](../../tools/services/cloud/_index.md):** Choose an end-to-end encrypted cloud solution to store and share files. Always keep in mind that if a cloud service provider doesn't offer solid end-to-end encryption, then it can potentially access any of your stored files. - **Surveys:** Stop using products such as Google Forms to poll your community. Instead, choose a privacy-focused alternative such as [CryptPad Form](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review/#form) or [Framaforms](https://framaforms.org/abc/en/). -- **[Online calendar](../../calendar.md):** Your online calendar can be an important source of sensitive data. Moreover, you might store other's people data in it, or use it to share event links with collaborators. It's essential to make sure to use a privacy-protecting solution for online and collaborative calendars. +- **[Online calendar](../../tools/services/calendar/_index.md):** Your online calendar can be an important source of sensitive data. Moreover, you might store other's people data in it, or use it to share event links with collaborators. It's essential to make sure to use a privacy-protecting solution for online and collaborative calendars. - **Groups and events:** When organizing groups or events, be careful to choose platforms that are privacy-respectful and don't require participants to register personal information. Keep in mind that if you only use Facebook groups, you are contributing to people staying on a privacy-invasive platform. If you only use a closed Meetup group, you are demanding people create an account and share their sensitive data in order to join. Instead, use privacy-respectful platforms such as [Mobilizon](https://mobilizon.org/) or [LAUTI](https://lauti.org/) for groups and events, [Discourse](https://www.discourse.org/) for forums, or simply use your own website to advertise in-person events. @@ -110,7 +110,7 @@ Here's a list of alternative solutions you can start adopting to improve data pr - **Availability:** Make sure you or your organization is reachable outside the Big Tech ecosystem. If your organization only has a Facebook page, then people without a Facebook account cannot reach out to you. The same is true for other commercial social media. Instead, try to rely on a website you control yourself, or a social network page you can host yourself. -- **[Social media](../../social-networks.md):** Move away from commercial social media platforms. Mainstream platforms are almost all abusing their users' data. By keeping an account there, you are indirectly encouraging your followers to stay there as well, perpetuating the platform's abuse. +- **[Social media](../../tools/software/social-networks/_index.md):** Move away from commercial social media platforms. Mainstream platforms are almost all abusing their users' data. By keeping an account there, you are indirectly encouraging your followers to stay there as well, perpetuating the platform's abuse. While you may want to keep a minimal presence to advertise that you have now moved your activity to a more privacy-respectful platform, you should keep your engagement there to a minimum. @@ -120,7 +120,7 @@ Here's a list of alternative solutions you can start adopting to improve data pr ## More resources -- [Alternatives to Big Tech that have been vetted by our community (*Privacy Guides*)](../../tools.md) +- [Alternatives to Big Tech that have been vetted by our community (*Privacy Guides*)](../../tools/_index.md) - [Privacy-respecting European tech alternatives (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/03/19/private-european-alternatives/) diff --git a/content/activism/toolbox/tip-refuse-to-participate.md b/content/activism/toolbox/tip-refuse-to-participate.md index b11a5380..ddb22af1 100644 --- a/content/activism/toolbox/tip-refuse-to-participate.md +++ b/content/activism/toolbox/tip-refuse-to-participate.md @@ -70,7 +70,7 @@ There are many ways to refuse to participate in privacy-invasive practices and p ## More resources -- [*Privacy Guides* tools and services recommendations](../../tools.md) +- [*Privacy Guides* tools and services recommendations](../../tools/_index.md) - [You can say NO (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/06/17/you-can-say-no/) diff --git a/content/activism/toolbox/tip-start-alliances-not-wars.md b/content/activism/toolbox/tip-start-alliances-not-wars.md index aaf778c6..d185413d 100644 --- a/content/activism/toolbox/tip-start-alliances-not-wars.md +++ b/content/activism/toolbox/tip-start-alliances-not-wars.md @@ -46,7 +46,7 @@ Newcomers get confused when they receive competing new information. Confusion le Here are a few ideas to start building alliances within the privacy community: -- **Keep a list** of organizations and other privacy activists sharing your values. Mastodon's [list feature](https://fedi.tips/how-to-use-the-lists-feature-on-mastodon/) can be very helpful to build a social network feed for this. Using an [RSS feed reader](../../news-aggregators.md) is another great way to do this. +- **Keep a list** of organizations and other privacy activists sharing your values. Mastodon's [list feature](https://fedi.tips/how-to-use-the-lists-feature-on-mastodon/) can be very helpful to build a social network feed for this. Using an [RSS feed reader](../../tools/software/news-aggregators/_index.md) is another great way to do this. - **Get familiar** with what your allies are working on. Think about ways their mission might be compatible with yours. diff --git a/content/activism/toolbox/tip-welcome-beginners.md b/content/activism/toolbox/tip-welcome-beginners.md index e35c44ee..14ce9475 100644 --- a/content/activism/toolbox/tip-welcome-beginners.md +++ b/content/activism/toolbox/tip-welcome-beginners.md @@ -36,7 +36,7 @@ Kindness, patience, and compassion are the first steps to attract and retain new - **Start with the basics:** Depending on the context, do not neglect to discuss the most basic privacy concepts before jumping in the juicy tech. Fundamental ideas such as consent, data collection, data storage, or encryption are important to master in order to understand the benefits and dangers related to data privacy. Specific tech and services come and go, but *fundamental* ideas remain. Anyone who comprehends these core concepts will have a much easier time understanding all that follows. -- **No stupid questions:** There are no stupid questions, only impatient answerers. Whenever a beginner asks a question that seems obvious to you, refrain from replying with something dry or snarky such as "Google it," or its privacy-equivalent "DuckDuckGo it." This only has the effect of chasing people away from our community. If you don't feel like helping, just reply nothing. But if you do want to help, try to find an answer for them. If you are in a rush, something like "Hey! Sorry I don't have the answer, but maybe this [resource](../../basics/why-privacy-matters.md) might be helpful to you!" or "Sorry I'm not sure, but perhaps asking on this [forum](https://discuss.privacyguides.net/) might get you an answer." +- **No stupid questions:** There are no stupid questions, only impatient answerers. Whenever a beginner asks a question that seems obvious to you, refrain from replying with something dry or snarky such as "Google it," or its privacy-equivalent "DuckDuckGo it." This only has the effect of chasing people away from our community. If you don't feel like helping, just reply nothing. But if you do want to help, try to find an answer for them. If you are in a rush, something like "Hey! Sorry I don't have the answer, but maybe this [resource](../../wiki/basics/why-privacy-matters/_index.md) might be helpful to you!" or "Sorry I'm not sure, but perhaps asking on this [forum](https://discuss.privacyguides.net/) might get you an answer." - **Stay patient and compassionate:** Always stay patient with beginners and newcomers (and everyone else, actually). To keep people fighting with us and grow our movement, we cannot afford to lose anyone just because we felt angry that day. Develop your [empathy skills](tip-support-your-privacy-comrades.md) to provide support and reply with compassion. People stay where they feel safe and welcomed. ==Make them feel safe and welcomed.== diff --git a/content/privacy.md b/content/privacy.md index d99a8888..7577d920 100644 --- a/content/privacy.md +++ b/content/privacy.md @@ -272,7 +272,7 @@ You can see your account data by visiting your profile page on any websites wher On the forum, your [profile settings](https://discuss.privacyguides.net/my/preferences/account) include a link to download all of your activity in standard Comma Separated Values format. -If you do not have an account with us but have a data access request, please [contact us](about.md). +If you do not have an account with us but have a data access request, please [contact us](about/_index.md). ## How can I change or erase data about me? @@ -332,7 +332,7 @@ You can always request the deletion of your data at any time regardless of this ## How can I contact Privacy Guides about privacy? -You can send questions, requests, and complaints via email to us at . You may also use Signal or another [contact method](about.md#contact-us) to contact us more securely. +You can send questions, requests, and complaints via email to us at . You may also use Signal or another [contact method](about/_index.md#contact-us) to contact us more securely. For complaints under GDPR more generally, you always have the option to lodge complaints with your local data protection supervisory authorities. diff --git a/content/tools/_index.md b/content/tools/_index.md index b9843c30..7e842642 100644 --- a/content/tools/_index.md +++ b/content/tools/_index.md @@ -12,7 +12,7 @@ If you're looking for a specific solution to something, these are the hardware a If you want assistance figuring out the best privacy tools and alternative programs for your needs, start a discussion on our [forum](https://discuss.privacyguides.net)! -For more details about each project, why they were chosen, and additional tips or tricks we recommend, click the "Learn more" link in each section, or click on the recommendation itself to be taken to that specific section of the page. **Want a list of every tool we recommend? Check out our [all tools](./all.md) cheatsheet!** +For more details about each project, why they were chosen, and additional tips or tricks we recommend, click the "Learn more" link in each section, or click on the recommendation itself to be taken to that specific section of the page. **Want a list of every tool we recommend? Check out our [all tools](./all/_index.md) cheatsheet!**
{{< cards >}} diff --git a/content/tools/all/_index.md b/content/tools/all/_index.md index 13ac3c64..2fd21317 100644 --- a/content/tools/all/_index.md +++ b/content/tools/all/_index.md @@ -39,7 +39,7 @@ If you're looking for a specific solution to something, these are the hardware a #### DNS Providers -We [**recommend**](services/dns/#recommended-providers) a number of encrypted DNS servers based on a variety of criteria, such as [Mullvad](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) and [Quad9](https://quad9.net) amongst others. We recommend for you to read our pages on DNS before choosing a provider. In many cases, using an alternative DNS provider is not recommended. +We [**recommend**](../services/dns/_index.md#recommended-providers) a number of encrypted DNS servers based on a variety of criteria, such as [Mullvad](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) and [Quad9](https://quad9.net) amongst others. We recommend for you to read our pages on DNS before choosing a provider. In many cases, using an alternative DNS provider is not recommended. #### Encrypted DNS and filtering clients diff --git a/content/tools/hardware/mobile-phones/_index.md b/content/tools/hardware/mobile-phones/_index.md index 479aa2c1..a63bce1a 100644 --- a/content/tools/hardware/mobile-phones/_index.md +++ b/content/tools/hardware/mobile-phones/_index.md @@ -19,7 +19,7 @@ The mobile devices listed here provide a long lifespan of guaranteed security up [Recommended Android Distributions :material-arrow-right-drop-circle:](../../os/android/distributions.md) { .md-button .md-button--primary } -[Details about Android Security :material-arrow-right-drop-circle:](../../os/android-overview.md#security-protections) +[Details about Android Security :material-arrow-right-drop-circle:](../../os/android/_index.md#security-protections) { .md-button } > [!WARNING] diff --git a/content/tools/os/android/_index.md b/content/tools/os/android/_index.md index 28c58f50..98c316d4 100644 --- a/content/tools/os/android/_index.md +++ b/content/tools/os/android/_index.md @@ -13,7 +13,7 @@ description: Our advice for replacing privacy-invasive default Android features The **Android Open Source Project** (AOSP) is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features. -[General Android Overview](../os/android-overview.md) +[General Android Overview](../../../wiki/os/android/_index.md) { .md-button .md-button--primary } ## Our Advice @@ -22,12 +22,12 @@ The **Android Open Source Project** (AOSP) is an open-source mobile operating sy There are many methods of obtaining apps on Android while avoiding Google Play. Whenever possible, try using one of these methods before getting your apps from non-private sources: -[Obtaining Applications](obtaining-apps.md) +[Obtaining Applications](./obtaining-apps/_index.md) { .md-button } There are also many private alternatives to the apps that come pre-installed on your phone, such as the camera app. Besides the Android apps we recommend throughout this site in general, we've created a list of system utilities specific to Android which you might find useful. -[General App Recommendations](general-apps.md) +[General App Recommendations](./general-apps/_index.md) { .md-button } ### Install a Custom Distribution @@ -38,14 +38,14 @@ This problem could be solved by using an alternative Android distribution, commo Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria: -[Recommended Distributions](distributions.md) +[Recommended Distributions](distributions/_index.md) { .md-button } ### Avoid Root [Rooting](https://en.wikipedia.org/wiki/Rooting_(Android)) Android phones can decrease security significantly as it weakens the complete [Android security model](https://en.wikipedia.org/wiki/Android_(operating_system)#Security_and_privacy). This can decrease privacy should there be an exploit that is assisted by the decreased security. Common rooting methods involve directly tampering with the boot partition, making it impossible to perform successful Verified Boot. Apps that require root will also modify the system partition, meaning that Verified Boot would have to remain disabled. Having root exposed directly in the user interface also increases the attack surface of your device and may assist in [privilege escalation](https://en.wikipedia.org/wiki/Privilege_escalation) vulnerabilities and SELinux policy bypasses. -Content blockers which modify the [hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) (like AdAway) and firewalls which require root access persistently (like AFWall+) are dangerous and should not be used. They are also not the correct way to solve their intended purposes. For content blocking, we suggest encrypted [DNS](../dns.md) or content blocking functionality provided by a VPN instead. TrackerControl and AdAway in non-root mode will take up the VPN slot (by using a local loopback VPN), preventing you from using privacy-enhancing services such as [Orbot](../alternative-networks.md#orbot) or a [real VPN provider](../vpn.md). +Content blockers which modify the [hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) (like AdAway) and firewalls which require root access persistently (like AFWall+) are dangerous and should not be used. They are also not the correct way to solve their intended purposes. For content blocking, we suggest encrypted [DNS](../../services/dns/_index.md) or content blocking functionality provided by a VPN instead. TrackerControl and AdAway in non-root mode will take up the VPN slot (by using a local loopback VPN), preventing you from using privacy-enhancing services such as [Orbot](../../advanced/alternative-networks/_index.md#orbot) or a [real VPN provider](../../services/vpn/_index.md). AFWall+ works based on the [packet filtering](https://en.wikipedia.org/wiki/Firewall_(computing)#Packet_filter) approach and may be bypassable in some situations. diff --git a/content/tools/os/android/distributions/_index.md b/content/tools/os/android/distributions/_index.md index d8ed30ab..398123ff 100644 --- a/content/tools/os/android/distributions/_index.md +++ b/content/tools/os/android/distributions/_index.md @@ -3,8 +3,8 @@ title: Alternative Distributions description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- Protects against the following threat(s): -[{{< badge content="Targeted Attacks" color="red" >}}](../../../wiki/basics/common-threats/_index.md#attacks-against-specific-individuals) -[{{< badge content="Passive Attacks" color="amber" >}}](../../../wiki/basics/common-threats/_index.md#security-and-privacy) +[{{< badge content="Targeted Attacks" color="red" >}}](../../../../wiki/basics/common-threats/_index.md#attacks-against-specific-individuals) +[{{< badge content="Passive Attacks" color="amber" >}}](../../../../wiki/basics/common-threats/_index.md#security-and-privacy) A **custom Android-based operating system** (sometimes referred to as a **custom ROM**) can be a way to achieve a higher level of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services as well as other vendor software. @@ -31,21 +31,21 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik {{< card link="https://grapheneos.org/faq#privacy-policy" title="Privacy Policy" icon="eye" >}} {{< /cards >}} -GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../android-overview.md#work-profile) or [user profile](../android-overview.md#user-profiles) of your choice. +GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../_index.md#work-profile) or [user profile](../_index.md#user-profiles) of your choice. -[Google Pixel phones](../../hardware/mobile-phones/_index.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. +[Google Pixel phones](../../../hardware/mobile-phones/_index.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. ### Connectivity Checks -By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../../../wiki/basics/common-threats/_index.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. +By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../../../../wiki/basics/common-threats/_index.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. -If you want to hide information like this from an adversary on your network or ISP, you **must** use a [trusted VPN](../../services/vpn/_index.md) in addition to changing the connectivity check setting to **Standard (Google)**. It can be found in :gear: **Settings** → **Network & internet** → **Internet connectivity checks**. This option allows you to connect to Google's servers for connectivity checks, which, alongside the usage of a VPN, helps you blend in with a larger pool of Android devices. +If you want to hide information like this from an adversary on your network or ISP, you **must** use a [trusted VPN](../../../services/vpn/_index.md) in addition to changing the connectivity check setting to **Standard (Google)**. It can be found in :gear: **Settings** → **Network & internet** → **Internet connectivity checks**. This option allows you to connect to Google's servers for connectivity checks, which, alongside the usage of a VPN, helps you blend in with a larger pool of Android devices. ## Criteria -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. - Must be open-source software. - Must support bootloader locking with custom AVB key support. diff --git a/content/tools/os/android/general-apps/_index.md b/content/tools/os/android/general-apps/_index.md index 04bd6d1c..fc7ef50c 100644 --- a/content/tools/os/android/general-apps/_index.md +++ b/content/tools/os/android/general-apps/_index.md @@ -3,7 +3,7 @@ title: "General Apps" description: The apps listed here are Android-exclusive and specifically enhance or replace key system functionality. --- Protects against the following threat(s): -[{{< badge content="Passive Attacks" color="amber" >}}](../../../wiki/basics/common-threats/_index.md#security-and-privacy) +[{{< badge content="Passive Attacks" color="amber" >}}](../../../../wiki/basics/common-threats/_index.md#security-and-privacy) We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality. @@ -17,7 +17,7 @@ We recommend a wide variety of Android apps throughout this site. The apps liste ## Shelter -If your device is on Android 15 or greater, we recommend using the native [Private Space](../android-overview.md#private-space) feature instead, which provides nearly the same functionality without needing to place trust in and grant powerful permissions to a third-party app. +If your device is on Android 15 or greater, we recommend using the native [Private Space](../_index.md#private-space) feature instead, which provides nearly the same functionality without needing to place trust in and grant powerful permissions to a third-party app. **Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device. @@ -37,7 +37,7 @@ Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) a ## Secure Camera Protects against the following threat(s): -[{{< badge content="Public Exposure" color="green" >}}](../../../wiki/basics/common-threats/_index.md#limiting-public-information) +[{{< badge content="Public Exposure" color="green" >}}](../../../../wiki/basics/common-threats/_index.md#limiting-public-information) **Secure Camera** is a camera app focused on privacy and security which can capture images, videos, and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices. @@ -59,13 +59,13 @@ Main privacy features include: > [!NOTE] > Metadata is not currently deleted from video files, but that is planned. > -> The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../../software/data-redaction/_index.md#exiferaser-android). +> The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../../../software/data-redaction/_index.md#exiferaser-android). ## Secure PDF Viewer Protects against the following threat(s): -[{{< badge content="Targeted Attacks" color="red" >}}](../../../wiki/basics/common-threats/_index.md#attacks-against-specific-individuals) +[{{< badge content="Targeted Attacks" color="red" >}}](../../../../wiki/basics/common-threats/_index.md#attacks-against-specific-individuals) **Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [WebView](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files. @@ -82,7 +82,7 @@ Main privacy features include: ## Criteria -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. diff --git a/content/tools/os/android/obtaining-apps/_index.md b/content/tools/os/android/obtaining-apps/_index.md index fe591766..3bd82fc4 100644 --- a/content/tools/os/android/obtaining-apps/_index.md +++ b/content/tools/os/android/obtaining-apps/_index.md @@ -28,7 +28,7 @@ Obtainium allows you to download APK installer files from a wide variety of sour ## GrapheneOS App Store -GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../../advanced/device-integrity/_index.md#auditor-android), [Camera](general-apps.md#secure-camera), and [PDF Viewer](general-apps.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to. +GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](../../../advanced/device-integrity/_index.md#auditor-android), [Camera](../general-apps/_index.md#secure-camera), and [PDF Viewer](../general-apps/_index.md#secure-pdf-viewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to. ## Aurora Store @@ -47,13 +47,13 @@ Aurora Store does not allow you to download paid apps with their anonymous accou ## Manually with RSS Notifications -For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../../software/news-aggregators/_index.md) that will help you keep track of new releases. +For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](../../../software/news-aggregators/_index.md) that will help you keep track of new releases. ![RSS APK](./rss-apk-light.png#only-light) ![RSS APK](./rss-apk-dark.png#only-dark) ![APK Changes](./rss-changes-light.png#only-light) ![APK Changes](./rss-changes-dark.png#only-dark) ### GitHub -On GitHub, using [Secure Camera](general-apps.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL: +On GitHub, using [Secure Camera](../general-apps/_index.md#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL: `https://github.com/GrapheneOS/Camera/releases.atom` @@ -107,4 +107,4 @@ Other popular third-party repositories for F-Droid such as [IzzyOnDroid](https:/ The [F-Droid](https://f-droid.org/en/packages) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid) repositories are home to countless apps, so they can be useful places to search for and discover open-source apps that you can then download through other means such as the Play Store, Aurora Store, or by getting the APK directly from the developer. You should use your best judgment when looking for new apps via this method, and keep an eye on how frequently the app is updated. Outdated apps may rely on unsupported libraries, among other things, posing a potential security risk. > [!NOTE] -> In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](../../software/health-and-wellness/_index.md#gadgetbridge) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface). +> In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](../../../software/health-and-wellness/_index.md#gadgetbridge) is one example of this). If you really need an app like that, we recommend using the newer [F-Droid Basic](https://f-droid.org/en/packages/org.fdroid.basic) client instead of the original F-Droid app to obtain it. F-Droid Basic supports automatic background updates without privileged extension or root, and has a reduced feature set (limiting attack surface). diff --git a/content/tools/os/desktop/_index.md b/content/tools/os/desktop/_index.md index 57c683a1..ef7af44a 100644 --- a/content/tools/os/desktop/_index.md +++ b/content/tools/os/desktop/_index.md @@ -63,13 +63,13 @@ Tumbleweed follows a rolling release model where each update is released as a sn Arch Linux has a rolling release cycle. There is no fixed release schedule and packages are updated very frequently. -Being a DIY distribution, you are [expected to set up and maintain](../linux-overview.md#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier. +Being a DIY distribution, you are [expected to set up and maintain](../../../wiki/os/linux/_index.md#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier. A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org) are [reproducible](https://reproducible-builds.org)[^1]. ## Atomic Distributions -**Atomic distributions** (sometimes also referred to as **immutable distributions**) are operating systems which handle package installation and updates by layering changes atop your core system image, rather than by directly modifying the system. Advantages of atomic distros include increased stability and the ability to easily roll back updates. See [*Traditional vs. Atomic Updates*](../linux-overview.md#traditional-vs-atomic-updates) for more info. +**Atomic distributions** (sometimes also referred to as **immutable distributions**) are operating systems which handle package installation and updates by layering changes atop your core system image, rather than by directly modifying the system. Advantages of atomic distros include increased stability and the ability to easily roll back updates. See [*Traditional vs. Atomic Updates*](../../../wiki/os/linux/_index.md#traditional-vs-atomic-updates) for more info. ### Fedora Atomic Desktops diff --git a/content/tools/services/email/_index.md b/content/tools/services/email/_index.md index 54b8590e..49cfa449 100644 --- a/content/tools/services/email/_index.md +++ b/content/tools/services/email/_index.md @@ -150,7 +150,7 @@ Mailbox Mail supports [two-factor authentication](https://kb.mailbox.org/en/priv Mailbox Mail allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/en/private/encryption/your-encrypted-mailbox/). New messages that you receive will then be immediately encrypted with your public key. -However, [Open-Xchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox Mail, [does not support](https://kb.mailbox.org/en/business/security-privacy-article/encryption-of-calendar-and-address-book/) the encryption of your address book and calendar. A [standalone option](../../software/calendar/_index.md) may be more appropriate for that data. +However, [Open-Xchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox Mail, [does not support](https://kb.mailbox.org/en/business/security-privacy-article/encryption-of-calendar-and-address-book/) the encryption of your address book and calendar. A [standalone option](../calendar/_index.md) may be more appropriate for that data. #### :material-check:{ .pg-green } Email Encryption diff --git a/content/tools/software/encryption/_index.md b/content/tools/software/encryption/_index.md index d9d754ab..409545c1 100644 --- a/content/tools/software/encryption/_index.md +++ b/content/tools/software/encryption/_index.md @@ -100,11 +100,11 @@ Powering off your devices when they’re not in use provides the highest level o BitLocker is [officially supported](https://support.microsoft.com/en-us/windows/bitlocker-overview-44c0c61c-989d-4a69-8822-b95cd49b1bbf) on the Pro, Enterprise, and Education editions of Windows. The Home edition only supports automatic [Device Encryption](https://support.microsoft.com/en-us/windows/device-encryption-in-windows-cf7e2b6f-3e70-4882-9532-18633605b7df) and must meet specific hardware requirements. If you’re using the Home edition, we recommend [upgrading to Pro](https://support.microsoft.com/en-us/windows/upgrade-windows-home-to-windows-pro-ef34d520-e73f-3198-c525-d1a218cc2818), which can be done without reinstalling Windows or losing your files. -Pro and higher editions also support the more secure pre-boot [TPM+PIN](https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/faq#what-is-the-difference-between-a-tpm-owner-password--recovery-password--recovery-key--pin--enhanced-pin--and-startup-key) feature, configured through the appropriate [group policy](../../os/windows/group-policies.md#bitlocker-drive-encryption) settings. The PIN is rate limited and the TPM will panic and lock access to the encryption key either permanently or for a period of time if someone attempts to brute force access. +Pro and higher editions also support the more secure pre-boot [TPM+PIN](https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/faq#what-is-the-difference-between-a-tpm-owner-password--recovery-password--recovery-key--pin--enhanced-pin--and-startup-key) feature, configured through the appropriate [group policy](../../../wiki/os/windows/group-policies/_index.md#bitlocker-drive-encryption) settings. The PIN is rate limited and the TPM will panic and lock access to the encryption key either permanently or for a period of time if someone attempts to brute force access. ### FileVault -**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](../../os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip. +**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](../../../wiki/os/macos/_index.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip. {{< cards >}} {{< card link="https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac" title="Documentation" icon="document-text" >}} diff --git a/content/tools/software/language-tools/_index.md b/content/tools/software/language-tools/_index.md index 8388edff..23b2cbf0 100644 --- a/content/tools/software/language-tools/_index.md +++ b/content/tools/software/language-tools/_index.md @@ -46,7 +46,7 @@ LanguageTool offers integration with a variety of [office suites](https://langua {{< card link="https://github.com/LibreTranslate/LibreTranslate#mirrors" title="Public Instances" icon="server" >}} {{< /cards >}} -You can use LibreTranslate through a number of public instances, with some that offer a [Tor](tor.md) onion service or an [I2P](../../advanced/alternative-networks/_index.md#i2p-the-invisible-internet-project) eepsite. You can also host the software yourself for maximum control over the text submitted for translation. +You can use LibreTranslate through a number of public instances, with some that offer a [Tor](../tor/_index.md) onion service or an [I2P](../../advanced/alternative-networks/_index.md#i2p-the-invisible-internet-project) eepsite. You can also host the software yourself for maximum control over the text submitted for translation. We use a self-hosted instance of LibreTranslate to automatically translate posts on our [forum](https://discuss.privacyguides.net) to multiple languages. diff --git a/content/tools/software/mobile-browsers/_index.md b/content/tools/software/mobile-browsers/_index.md index 885e0c50..66ecbdd3 100644 --- a/content/tools/software/mobile-browsers/_index.md +++ b/content/tools/software/mobile-browsers/_index.md @@ -13,7 +13,7 @@ description: These browsers are what we currently recommend for standard/non-ano {{< /cards >}}
-These are our currently recommended **mobile web browsers** and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. +These are our currently recommended **mobile web browsers** and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](../tor/_index.md) instead. ## Brave @@ -33,7 +33,7 @@ Brave is built upon the Chromium web browser project, so it should feel familiar ### Recommended Brave Configuration -Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another. +Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](../tor/_index.md#tor-browser) will be traceable by *somebody* in some regard or another. === "Android" diff --git a/content/wiki/advanced/dns-overview/_index.md b/content/wiki/advanced/dns-overview/_index.md index 04e402df..d1d19f44 100644 --- a/content/wiki/advanced/dns-overview/_index.md +++ b/content/wiki/advanced/dns-overview/_index.md @@ -83,7 +83,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be [**DNS over HTTPS**](https://en.wikipedia.org/wiki/DNS_over_HTTPS), as defined in [RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484), packages queries in the [HTTP/2](https://en.wikipedia.org/wiki/HTTP/2) protocol and provides security with HTTPS. Support was first added in web browsers such as Firefox 60 and Chrome 83. -Native implementation of DoH showed up in iOS 14, macOS 11, Microsoft Windows, and Android 13 (however, it won't be enabled [by default](https://android-review.googlesource.com/c/platform/packages/modules/DnsResolver/+/1833144)). General Linux desktop support is waiting on the systemd [implementation](https://github.com/systemd/systemd/issues/8639) so [installing third-party software is still required](../../tools/services/dns/_index.md#encrypted-dns-proxies). +Native implementation of DoH showed up in iOS 14, macOS 11, Microsoft Windows, and Android 13 (however, it won't be enabled [by default](https://android-review.googlesource.com/c/platform/packages/modules/DnsResolver/+/1833144)). General Linux desktop support is waiting on the systemd [implementation](https://github.com/systemd/systemd/issues/8639) so [installing third-party software is still required](../../../tools/services/dns/_index.md#encrypted-dns-proxies). ### Native Operating System Support @@ -101,7 +101,7 @@ Apple does not provide a native interface for creating encrypted DNS profiles. [ #### Linux -`systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](../../tools/services/dns/_index.md#dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS. +`systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](../../../tools/services/dns/_index.md#dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS. ## What can an outside party see? @@ -131,7 +131,7 @@ We can see the [connection establishment](https://en.wikipedia.org/wiki/Transmis ## Why **shouldn't** I use encrypted DNS? -In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](../../basics/threat-modeling/_index.md). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](../tor-overview/_index.md) or a [VPN](../../tools/services/vpn/_index.md) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity. +In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](../../basics/threat-modeling/_index.md). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](../tor-overview/_index.md) or a [VPN](../../../tools/services/vpn/_index.md) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity. When we do a DNS lookup, it's generally because we want to access a resource. Below, we will discuss some of the methods that may disclose your browsing activities even when using encrypted DNS: @@ -299,7 +299,7 @@ graph TB Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering. -[List of recommended DNS servers](../../tools/services/dns/_index.md){ .md-button } +[List of recommended DNS servers](../../../tools/services/dns/_index.md){ .md-button } ## What is DNSSEC? diff --git a/content/wiki/advanced/payments/_index.md b/content/wiki/advanced/payments/_index.md index d5483155..6b66f2fc 100644 --- a/content/wiki/advanced/payments/_index.md +++ b/content/wiki/advanced/payments/_index.md @@ -27,17 +27,17 @@ Cash remains the best option for in-person purchases for most people. Gift cards ### Online Marketplaces -If you have [cryptocurrency](../../tools/software/cryptocurrency/_index.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer high limits (with ID verification), but they usually allow basic, low-limit accounts with just an email address. Expect limits under $10,000 for basic accounts and significantly higher limits for ID verified accounts (if offered). +If you have [cryptocurrency](../../../tools/software/cryptocurrency/_index.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer high limits (with ID verification), but they usually allow basic, low-limit accounts with just an email address. Expect limits under $10,000 for basic accounts and significantly higher limits for ID verified accounts (if offered). When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy (more on this below). Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. -- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../../tools/services/financial-services/_index.md#gift-card-marketplaces) +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../../../tools/services/financial-services/_index.md#gift-card-marketplaces) ## Virtual Cards Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. -- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../../tools/services/financial-services/_index.md#payment-masking-services) +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../../../tools/services/financial-services/_index.md#payment-masking-services) These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. @@ -59,7 +59,7 @@ Additionally, many if not most cryptocurrencies are scams. Make transactions car There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. -- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../../tools/software/cryptocurrency/_index.md#monero) +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../../../tools/software/cryptocurrency/_index.md#monero) Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can trace (at least to some extent) Bitcoin Lightning Network and/or Monero transactions. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million to further develop tools to do so. Due to the secrecy surrounding tools like these, none of these methods of tracing cryptocurrencies have been independently confirmed. However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins in their current form only succeed in thwarting mass surveillance. @@ -77,9 +77,9 @@ With cryptocurrency there are two forms of wallets: custodial wallets and self-c ### Acquisition -Acquiring [cryptocurrencies](../../tools/software/cryptocurrency/_index.md) like Monero privately can be difficult. P2P marketplaces (platforms which facilitate trades between people) are one option, though the user experience typically suffers. If using an exchange which requires KYC is acceptable for you as long as subsequent transactions can't be traced, it's much easier to purchase Monero on a centralized exchange or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own self-custody wallet to use privately from that point forward. +Acquiring [cryptocurrencies](../../../tools/software/cryptocurrency/_index.md) like Monero privately can be difficult. P2P marketplaces (platforms which facilitate trades between people) are one option, though the user experience typically suffers. If using an exchange which requires KYC is acceptable for you as long as subsequent transactions can't be traced, it's much easier to purchase Monero on a centralized exchange or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own self-custody wallet to use privately from that point forward. -[Recommended places to buy Monero](../../tools/software/cryptocurrency/_index.md#buying-monero){ .md-button } +[Recommended places to buy Monero](../../../tools/software/cryptocurrency/_index.md#buying-monero){ .md-button } If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. @@ -87,12 +87,12 @@ If you go this route, make sure to purchase Monero at different times and in dif When you're making a payment in person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. -When purchasing online, ideally you should do so over [Tor](../tor-overview/_index.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../../tools/services/vpn/_index.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. +When purchasing online, ideally you should do so over [Tor](../tor-overview/_index.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../../../tools/services/vpn/_index.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address.

Important notices

-The content here is not legal or financial advice. We do not endorse or encourage illicit activities, and we do not endorse or encourage anything which violates a company's terms of service. Check with a professional to confirm that these recommendations are legal and available in your jurisdiction. [See all notices](/about/notices). +The content here is not legal or financial advice. We do not endorse or encourage illicit activities, and we do not endorse or encourage anything which violates a company's terms of service. Check with a professional to confirm that these recommendations are legal and available in your jurisdiction. [See all notices](../../../about/notices.md).
diff --git a/content/wiki/advanced/tor-overview/_index.md b/content/wiki/advanced/tor-overview/_index.md index a152f207..87f65354 100644 --- a/content/wiki/advanced/tor-overview/_index.md +++ b/content/wiki/advanced/tor-overview/_index.md @@ -6,7 +6,7 @@ description: Tor is a free to use, decentralized network designed for using the ![Tor logo](tor.svg) -[**Tor**](../../tools/advanced/alternative-networks/_index.md#tor) is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool. +[**Tor**](../../../tools/advanced/alternative-networks/_index.md#tor) is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool. [:material-movie-open-play-outline: Video: Why You Need Tor](https://www.privacyguides.org/videos/2025/03/02/why-you-need-tor) @@ -22,11 +22,11 @@ Tor works by routing your internet traffic through volunteer-operated servers in Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from. -If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../../tools/software/tor/_index.md) without worry. +If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../../../tools/software/tor/_index.md) without worry. If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN: -- You already use a [trusted VPN provider](../../tools/services/vpn/_index.md) +- You already use a [trusted VPN provider](../../../tools/services/vpn/_index.md) - Your threat model includes an adversary which is capable of extracting information from your ISP - Your threat model includes your ISP itself as an adversary - Your threat model includes local network administrators before your ISP as an adversary @@ -35,7 +35,7 @@ Because we already [generally recommend](../../basics/vpn-overview/_index.md) th Connecting directly to Tor will make your connection stand out to any local network administrators or your ISP. Detecting and correlating this traffic [has been done](https://edition.cnn.com/2013/12/17/justice/massachusetts-harvard-hoax) in the past by network administrators to identify and deanonymize specific Tor users on their network. On the other hand, connecting to a VPN is almost always less suspicious, because commercial VPN providers are used by everyday consumers for a variety of mundane tasks like bypassing geo-restrictions, even in countries with heavy internet restrictions. -Therefore, you should make an effort to hide your IP address **before** connecting to the Tor network. You can do this by simply connecting to a VPN (through a client installed on your computer) and then accessing [Tor](../../tools/software/tor/_index.md) as normal (e.g., through Tor Browser). This creates a connection chain like so: +Therefore, you should make an effort to hide your IP address **before** connecting to the Tor network. You can do this by simply connecting to a VPN (through a client installed on your computer) and then accessing [Tor](../../../tools/software/tor/_index.md) as normal (e.g., through Tor Browser). This creates a connection chain like so: - [x] You → VPN → Tor → Internet @@ -106,7 +106,7 @@ Those at risk of browser vulnerabilities should consider additional protections "Clearnet services" are websites which you can access with any browser, like [privacyguides.org](https://www.privacyguides.org). Tor lets you connect to these websites anonymously by routing your traffic through a network comprised of thousands of volunteer-run servers called nodes (or relays). -Every time you [connect to Tor](../../tools/software/tor/_index.md), it will choose three nodes to build a path to the internet—this path is called a "circuit." +Every time you [connect to Tor](../../../tools/software/tor/_index.md), it will choose three nodes to build a path to the internet—this path is called a "circuit."
![Tor path showing your device connecting to an entry node, middle node, and exit node before reaching the destination website](tor-path.svg#only-light) @@ -184,7 +184,7 @@ Though Tor does provide strong privacy guarantees, one must be aware that Tor is If you wish to use Tor for browsing the web, we only recommend the **official** Tor Browser—it is designed to prevent fingerprinting. -- [Tor Browser :material-arrow-right-drop-circle:](../../tools/software/tor/_index.md#tor-browser) +- [Tor Browser :material-arrow-right-drop-circle:](../../../tools/software/tor/_index.md#tor-browser) ### Protections provided by bridges diff --git a/content/wiki/basics/account-creation/_index.md b/content/wiki/basics/account-creation/_index.md index bb890a66..1158ea8f 100644 --- a/content/wiki/basics/account-creation/_index.md +++ b/content/wiki/basics/account-creation/_index.md @@ -35,7 +35,7 @@ The most common way to create a new account is by an email address and password. You will be responsible for managing your login credentials. For added security, you can set up [MFA](../multi-factor-authentication/_index.md) on your accounts. -[Recommended password managers](../../tools/software/passwords/_index.md){ .md-button } +[Recommended password managers](../../../tools/software/passwords/_index.md){ .md-button } #### Email aliases @@ -43,7 +43,7 @@ If you don't want to give your real email address to a service, you have the opt Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked. -[Recommended email aliasing services](../../tools/services/email-aliasing/_index.md){ .md-button } +[Recommended email aliasing services](../../../tools/services/email-aliasing/_index.md){ .md-button } ### "Sign in with..." (OAuth) diff --git a/content/wiki/basics/account-deletion/_index.md b/content/wiki/basics/account-deletion/_index.md index 3cd63e3b..7d2d8d1d 100644 --- a/content/wiki/basics/account-deletion/_index.md +++ b/content/wiki/basics/account-deletion/_index.md @@ -43,13 +43,13 @@ Residents of the EEA have additional rights regarding data erasure specified in In some situations where you plan to abandon an account, it may make sense to overwrite the account information with fake data. Once you've made sure you can log in, change all the information in your account to falsified information. The reason for this is that many sites will retain information you previously had even after account deletion. The hope is that they will overwrite the previous information with the newest data you entered. However, there is no guarantee that there won't be backups with the prior information. -For the account email, either create a new alternate email account via your provider of choice or create an alias using an [email aliasing service](../../tools/services/email-aliasing/_index.md). You can then delete your alternate email address once you are done. We recommend against using temporary email providers, as oftentimes it is possible to reactivate temporary emails. +For the account email, either create a new alternate email account via your provider of choice or create an alias using an [email aliasing service](../../../tools/services/email-aliasing/_index.md). You can then delete your alternate email address once you are done. We recommend against using temporary email providers, as oftentimes it is possible to reactivate temporary emails. ### Delete You can check [JustDeleteMe](https://justdeleteme.xyz) for instructions on deleting the account for a specific service. Some sites will graciously have a "Delete Account" option, while others will go as far as to force you to speak with a support agent. The deletion process can vary from site to site, with account deletion being impossible on some. -For services that don't allow account deletion, the best thing to do is falsify all your information as previously mentioned and strengthen account security. To do so, enable [MFA](../multi-factor-authentication/_index.md) and any extra security features offered. As well, change the password to a randomly-generated one that is the maximum allowed size (a [password manager](../../tools/software/passwords/_index.md) can be useful for this). +For services that don't allow account deletion, the best thing to do is falsify all your information as previously mentioned and strengthen account security. To do so, enable [MFA](../multi-factor-authentication/_index.md) and any extra security features offered. As well, change the password to a randomly-generated one that is the maximum allowed size (a [password manager](../../../tools/software/passwords/_index.md) can be useful for this). If you're satisfied that all information you care about is removed, you can safely forget about this account. If not, it might be a good idea to keep the credentials stored with your other passwords and occasionally re-login to reset the password. diff --git a/content/wiki/basics/common-misconceptions/_index.md b/content/wiki/basics/common-misconceptions/_index.md index 9ab39e66..7fc7d73a 100644 --- a/content/wiki/basics/common-misconceptions/_index.md +++ b/content/wiki/basics/common-misconceptions/_index.md @@ -23,7 +23,7 @@ We talk about "shifting trust" a lot when discussing solutions like VPNs (which ## "Privacy-focused solutions are inherently trustworthy" -Focusing solely on the privacy policies and marketing of a tool or provider can blind you to its weaknesses. When you're looking for a more private solution, you should determine what the underlying problem is and find technical solutions to that problem. For example, you may want to avoid Google Drive, which gives Google access to all of your data. The underlying problem in this case is lack of E2EE, so you should make sure that the provider you switch to actually implements E2EE, or use a tool (like [Cryptomator](../../tools/software/encryption/_index.md#cryptomator-cloud)) which provides E2EE on any cloud provider. Switching to a "privacy-focused" provider (that doesn't implement E2EE) doesn't solve your problem: it just shifts trust from Google to that provider. +Focusing solely on the privacy policies and marketing of a tool or provider can blind you to its weaknesses. When you're looking for a more private solution, you should determine what the underlying problem is and find technical solutions to that problem. For example, you may want to avoid Google Drive, which gives Google access to all of your data. The underlying problem in this case is lack of E2EE, so you should make sure that the provider you switch to actually implements E2EE, or use a tool (like [Cryptomator](../../../tools/software/encryption/_index.md#cryptomator-cloud)) which provides E2EE on any cloud provider. Switching to a "privacy-focused" provider (that doesn't implement E2EE) doesn't solve your problem: it just shifts trust from Google to that provider. The privacy policies and business practices of providers you choose are very important, but should be considered secondary to technical guarantees of your privacy: You shouldn't shift trust to another provider when trusting a provider isn't a requirement at all. @@ -50,7 +50,7 @@ One of the clearest threat models is one where people *know who you are* and one 2. **Unknown identity** - An unknown identity could be a stable pseudonym that you regularly use. It is not anonymous because it doesn't change. If you're part of an online community, you may wish to retain a persona that others know. This pseudonym isn't anonymous because—if monitored for long enough—details about the owner can reveal further information, such as the way they write, their general knowledge about topics of interest, etc. - You may wish to use a VPN for this, to mask your IP address. Financial transactions are more difficult to mask: You could consider using anonymous cryptocurrencies, such as [Monero](../../tools/software/cryptocurrency/_index.md#monero). Employing altcoin shifting may also help to disguise where your currency originated. Typically, exchanges require KYC (know your customer) to be completed before they'll allow you to exchange fiat currency into any kind of cryptocurrency. Local meet-up options may also be a solution; however, those are often more expensive and sometimes also require KYC. + You may wish to use a VPN for this, to mask your IP address. Financial transactions are more difficult to mask: You could consider using anonymous cryptocurrencies, such as [Monero](../../../tools/software/cryptocurrency/_index.md#monero). Employing altcoin shifting may also help to disguise where your currency originated. Typically, exchanges require KYC (know your customer) to be completed before they'll allow you to exchange fiat currency into any kind of cryptocurrency. Local meet-up options may also be a solution; however, those are often more expensive and sometimes also require KYC. 3. **Anonymous identity** - Even with experience, anonymous identities are difficult to maintain over long periods of time. They should be short-term and short-lived identities which are rotated regularly. diff --git a/content/wiki/basics/common-threats/_index.md b/content/wiki/basics/common-threats/_index.md index 9da27868..3b9e0779 100644 --- a/content/wiki/basics/common-threats/_index.md +++ b/content/wiki/basics/common-threats/_index.md @@ -65,7 +65,7 @@ To minimize the damage that a malicious piece of software *could* do, you should > [!TIP] > Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources. > -> Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../../tools/os/desktop/_index.md#qubes-os). +> Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../../../tools/os/desktop/_index.md#qubes-os). ## Attacks against Specific Individuals @@ -122,7 +122,7 @@ Thankfully, E2EE can alleviate this issue by encrypting communications between y

Note on Web-based Encryption

-In practice, the effectiveness of different E2EE implementations varies. Applications, such as [Signal](../../tools/services/messengers/_index.md#signal), run natively on your device, and every copy of the application is the same across different installations. If the service provider were to introduce a [backdoor](https://en.wikipedia.org/wiki/Backdoor_(computing)) in their application—in an attempt to steal your private keys—it could later be detected with [reverse engineering](https://en.wikipedia.org/wiki/Reverse_engineering). +In practice, the effectiveness of different E2EE implementations varies. Applications, such as [Signal](../../../tools/services/messengers/_index.md#signal), run natively on your device, and every copy of the application is the same across different installations. If the service provider were to introduce a [backdoor](https://en.wikipedia.org/wiki/Backdoor_(computing)) in their application—in an attempt to steal your private keys—it could later be detected with [reverse engineering](https://en.wikipedia.org/wiki/Reverse_engineering). On the other hand, web-based E2EE implementations, such as Proton Mail's web app or Bitwarden's *Web Vault*, rely on the server dynamically serving JavaScript code to the browser to handle cryptography. A malicious server can target you and send you malicious JavaScript code to steal your encryption key (and it would be extremely hard to notice). Because the server can choose to serve different web clients to different people—even if you noticed the attack—it would be incredibly hard to prove the provider's guilt. @@ -200,7 +200,7 @@ Censorship online can be carried out (to varying degrees) by actors including to Censorship on corporate platforms is increasingly common, as platforms like Twitter and Facebook give in to public demand, market pressures, and pressures from government agencies. Government pressures can be covert requests to businesses, such as the White House [requesting the takedown](https://nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) of a provocative YouTube video, or overt, such as the Chinese government requiring companies to adhere to a strict regime of censorship. -People concerned with the threat of censorship can use technologies like [Tor](../../advanced/tor-overview/_index.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../../tools/software/social-networks/_index.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily. +People concerned with the threat of censorship can use technologies like [Tor](../../advanced/tor-overview/_index.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../../../tools/software/social-networks/_index.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily. > [!TIP] > While evading censorship itself can be easy, hiding the fact that you are doing it can be very problematic. diff --git a/content/wiki/basics/email-security/_index.md b/content/wiki/basics/email-security/_index.md index f7c3efc4..37cf5204 100644 --- a/content/wiki/basics/email-security/_index.md +++ b/content/wiki/basics/email-security/_index.md @@ -11,9 +11,9 @@ As a result, email is best used for receiving transactional emails (like notific ## Email Encryption Overview -The standard way to add E2EE to emails between different email providers is by using OpenPGP. There are different implementations of the OpenPGP standard, the most common being [GnuPG](../../tools/software/encryption/_index.md#gnu-privacy-guard) and [OpenPGP.js](https://openpgpjs.org). +The standard way to add E2EE to emails between different email providers is by using OpenPGP. There are different implementations of the OpenPGP standard, the most common being [GnuPG](../../../tools/software/encryption/_index.md#gnu-privacy-guard) and [OpenPGP.js](https://openpgpjs.org). -Even if you use OpenPGP, it does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if the private key of either you or the message recipient is ever stolen, all previous messages encrypted with it will be exposed. This is why we recommend [instant messengers](../../tools/services/messengers/_index.md) which implement forward secrecy over email for person-to-person communications whenever possible. +Even if you use OpenPGP, it does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if the private key of either you or the message recipient is ever stolen, all previous messages encrypted with it will be exposed. This is why we recommend [instant messengers](../../../tools/services/messengers/_index.md) which implement forward secrecy over email for person-to-person communications whenever possible. There is another standard which is popular with business called [S/MIME](https://en.wikipedia.org/wiki/S/MIME), however it requires a certificate issued from a [Certificate Authority](https://en.wikipedia.org/wiki/Certificate_authority) (not all of them issue S/MIME certificates, and often a yearly payment is required). In some cases it is more usable than PGP because it has support in popular/mainstream email applications like Apple Mail, [Google Workplace](https://support.google.com/a/topic/9061730), and [Outlook](https://support.office.com/article/encrypt-messages-by-using-s-mime-in-outlook-on-the-web-878c79fc-7088-4b39-966f-14512658f480). However, S/MIME does not solve the issue of lack of forward secrecy, and isn't particularly more secure than PGP. @@ -21,7 +21,7 @@ There is another standard which is popular with business called [S/MIME](https:/ The [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD) standard allows email clients to discover the OpenPGP key for other mailboxes, even those hosted on a different provider. Email clients which support WKD will ask the recipient's server for a key based on the email address' domain name. For example, if you emailed `jonah@privacyguides.org`, your email client would ask `privacyguides.org` for Jonah's OpenPGP key, and if `privacyguides.org` has a key for that account, your message would be automatically encrypted. -In addition to the [email clients we recommend](../../tools/software/email-clients/_index.md) which support WKD, some webmail providers also support WKD. Whether *your own* key is published to WKD for others to use depends on your domain configuration. If you use an [email provider](../../tools/services/email/_index.md#openpgp-compatible-services) which supports WKD, such as Proton Mail or Mailbox Mail, they can publish your OpenPGP key on their domain for you. +In addition to the [email clients we recommend](../../../tools/software/email-clients/_index.md) which support WKD, some webmail providers also support WKD. Whether *your own* key is published to WKD for others to use depends on your domain configuration. If you use an [email provider](../../../tools/services/email/_index.md#openpgp-compatible-services) which supports WKD, such as Proton Mail or Mailbox Mail, they can publish your OpenPGP key on their domain for you. If you use your own custom domain, you will need to configure WKD separately. If you control your domain name, you can set up WKD regardless of your email provider. One easy way to do this is to use the "[WKD as a Service](https://keys.openpgp.org/about/usage#wkd-as-a-service)" feature from the `keys.openpgp.org` server: Set a CNAME record on the `openpgpkey` subdomain of your domain pointed to `wkd.keys.openpgp.org`, then upload your key to [keys.openpgp.org](https://keys.openpgp.org). Alternatively, you can [self-host WKD on your own web server](https://wiki.gnupg.org/WKDHosting). @@ -29,11 +29,11 @@ If you use a shared domain from a provider which doesn't support WKD, like `@gma ### What Email Clients Support E2EE? -Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../../tools/software/email-clients/_index.md). Depending on the authentication method, this may lead to decreased security if either the provider or the email client does not support [OAuth](../account-creation/_index.md#sign-in-with-oauth) or a bridge application as [multifactor authentication](../multi-factor-authentication/_index.md) is not possible with plain password authentication. +Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../../../tools/software/email-clients/_index.md). Depending on the authentication method, this may lead to decreased security if either the provider or the email client does not support [OAuth](../account-creation/_index.md#sign-in-with-oauth) or a bridge application as [multifactor authentication](../multi-factor-authentication/_index.md) is not possible with plain password authentication. ### How Do I Protect My Private Keys? -A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../../tools/hardware/security-keys/_index.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device. +A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../../../tools/hardware/security-keys/_index.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device. It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device. diff --git a/content/wiki/basics/hardware/_index.md b/content/wiki/basics/hardware/_index.md index 72d10a49..2f558457 100644 --- a/content/wiki/basics/hardware/_index.md +++ b/content/wiki/basics/hardware/_index.md @@ -57,7 +57,7 @@ Android defines three [security classes](https://source.android.com/docs/securit ### Device Encryption -If your device is [encrypted](../../tools/software/encryption/_index.md), your data is most secure when your device is completely powered off (as opposed to merely asleep), i.e. before you've entered your encryption key or lock screen password for the first time. On phones, this state of higher security is referred to as "Before First Unlock" (BFU), and "After First Unlock" (AFU) once you enter the correct password after a reboot/power-on. AFU is considerably less secure against digital forensics toolkits and other exploits, compared to BFU. Therefore, if you are concerned about an attacker with physical access to your device, you should turn it off fully whenever you aren't using it. +If your device is [encrypted](../../../tools/software/encryption/_index.md), your data is most secure when your device is completely powered off (as opposed to merely asleep), i.e. before you've entered your encryption key or lock screen password for the first time. On phones, this state of higher security is referred to as "Before First Unlock" (BFU), and "After First Unlock" (AFU) once you enter the correct password after a reboot/power-on. AFU is considerably less secure against digital forensics toolkits and other exploits, compared to BFU. Therefore, if you are concerned about an attacker with physical access to your device, you should turn it off fully whenever you aren't using it. This may be impractical, so consider whether it's worth it, but in either case even AFU mode is effective against most threats, given you are using a strong encryption key. @@ -69,7 +69,7 @@ Some threats can't be protected against by your internal components alone. Many Hardware keys are devices that use strong cryptography to authenticate you to a device or account. The idea is that because they can not be copied, you can use them to secure accounts in such a way that they can only be accessed with physical possession of the key, eliminating many remote attacks. -[Recommended Hardware Keys :material-arrow-right-drop-circle:](../../tools/hardware/security-keys/_index.md){ .md-button .md-button--primary } [Learn More about Hardware Keys :material-arrow-right-drop-circle:](../multi-factor-authentication/_index.md#hardware-security-keys){ .md-button } +[Recommended Hardware Keys :material-arrow-right-drop-circle:](../../../tools/hardware/security-keys/_index.md){ .md-button .md-button--primary } [Learn More about Hardware Keys :material-arrow-right-drop-circle:](../multi-factor-authentication/_index.md#hardware-security-keys){ .md-button } ### Camera/Microphone @@ -135,6 +135,6 @@ The most important thing to think about with routers is keeping them up-to-date. If your router does not support automatic updates, you will need to go to the manufacturer's site to download the updates and apply them manually. -Many consumer-grade routers aren't supported for very long. If your router isn't supported by the manufacturer anymore, you can check if it's supported by [FOSS firmware](../../tools/os/router-firmware/_index.md). You can also buy routers that come with FOSS firmware installed by default; these tend to be supported longer than most routers. +Many consumer-grade routers aren't supported for very long. If your router isn't supported by the manufacturer anymore, you can check if it's supported by [FOSS firmware](../../../tools/os/router-firmware/_index.md). You can also buy routers that come with FOSS firmware installed by default; these tend to be supported longer than most routers. Some ISPs provide a combined router/modem. It can be beneficial for security to purchase a separate router and set your ISP router/modem into modem-only mode. This way, even when your ISP-provided router is no longer getting updates, you can still get security updates and patches. It also means any problems that affect your modem won't affect your router and vice versa. diff --git a/content/wiki/basics/multi-factor-authentication/_index.md b/content/wiki/basics/multi-factor-authentication/_index.md index b30cfd4a..34551aae 100644 --- a/content/wiki/basics/multi-factor-authentication/_index.md +++ b/content/wiki/basics/multi-factor-authentication/_index.md @@ -35,7 +35,7 @@ Unlike [WebAuthn](#fido-fast-identity-online), TOTP offers no protection against An adversary could set up a website to imitate an official service in an attempt to trick you into giving out your username, password and current TOTP code. If the adversary then uses those recorded credentials they may be able to log into the real service and hijack the account. -Although not perfect, TOTP is secure enough for most people, and when [hardware security keys](../../tools/hardware/security-keys/_index.md) are not supported [authenticator apps](../../tools/software/multi-factor-authentication/_index.md) are still a good option. +Although not perfect, TOTP is secure enough for most people, and when [hardware security keys](../../../tools/hardware/security-keys/_index.md) are not supported [authenticator apps](../../../tools/software/multi-factor-authentication/_index.md) are still a good option. ### Hardware security keys @@ -99,7 +99,7 @@ When configuring your MFA method, keep in mind that it is only as secure as your You should always have backups for your MFA method. Hardware security keys can get lost, stolen or simply stop working over time. It is recommended that you have a pair of hardware security keys with the same access to your accounts instead of just one. -When using TOTP with an authenticator app, be sure to back up your recovery keys or the app itself, or copy the "shared secrets" to another instance of the app on a different phone or to an encrypted container (e.g. [VeraCrypt](../../tools/software/encryption/_index.md#veracrypt-disk)). +When using TOTP with an authenticator app, be sure to back up your recovery keys or the app itself, or copy the "shared secrets" to another instance of the app on a different phone or to an encrypted container (e.g. [VeraCrypt](../../../tools/software/encryption/_index.md#veracrypt-disk)). ### Initial Set Up @@ -111,7 +111,7 @@ If you have to use email for MFA, make sure that the email account itself is sec If you use SMS MFA, use a carrier who will not switch your phone number to a new SIM card without account access, or use a dedicated VoIP number from a provider with similar security to avoid a [SIM swap attack](https://en.wikipedia.org/wiki/SIM_swap_scam). -[MFA tools we recommend](../../tools/software/multi-factor-authentication/_index.md){ .md-button } +[MFA tools we recommend](../../../tools/software/multi-factor-authentication/_index.md){ .md-button } ## More Places to Set Up MFA diff --git a/content/wiki/basics/passwords-overview/_index.md b/content/wiki/basics/passwords-overview/_index.md index c3cb5e35..75247f7b 100644 --- a/content/wiki/basics/passwords-overview/_index.md +++ b/content/wiki/basics/passwords-overview/_index.md @@ -18,7 +18,7 @@ This is called [credential stuffing](https://en.wikipedia.org/wiki/Credential_st You should **never** rely on yourself to come up with a good password. We recommend using [randomly generated passwords](#passwords) or [diceware passphrases](#diceware-passphrases) with sufficient entropy to protect your accounts and devices. -All of our [recommended password managers](../../tools/software/passwords/_index.md) include a built-in password generator that you can use. +All of our [recommended password managers](../../../tools/software/passwords/_index.md) include a built-in password generator that you can use. ### Rotating Passwords @@ -30,7 +30,7 @@ When it comes to passwords that you don't have to remember (such as passwords st

Checking for data breaches

-If your password manager lets you check for compromised passwords, make sure to do so and promptly change any password that may have been exposed in a data breach. Alternatively, you could follow [Have I Been Pwned's Latest Breaches feed](https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches) with the help of a [news aggregator](../../tools/software/news-aggregators/_index.md). +If your password manager lets you check for compromised passwords, make sure to do so and promptly change any password that may have been exposed in a data breach. Alternatively, you could follow [Have I Been Pwned's Latest Breaches feed](https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches) with the help of a [news aggregator](../../../tools/software/news-aggregators/_index.md).
@@ -158,13 +158,13 @@ The best way to store your passwords is by using a password manager. They allow There are many good options to choose from, both cloud-based and local. Choose one of our recommended password managers and use it to establish strong passwords across all of your accounts. We recommend securing your password manager with a [diceware passphrase](#diceware-passphrases) comprised of at least seven words. -[List of recommended password managers](../../tools/software/passwords/_index.md){ .md-button } +[List of recommended password managers](../../../tools/software/passwords/_index.md){ .md-button }

Don't place your passwords and TOTP tokens inside the same password manager

-When using [TOTP codes as multifactor authentication](../multi-factor-authentication/_index.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../../tools/software/multi-factor-authentication/_index.md). +When using [TOTP codes as multifactor authentication](../multi-factor-authentication/_index.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../../../tools/software/multi-factor-authentication/_index.md). Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager. @@ -174,4 +174,4 @@ Furthermore, we do not recommend storing single-use recovery codes in your passw ### Backups -You should store an [encrypted](../../tools/software/encryption/_index.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. +You should store an [encrypted](../../../tools/software/encryption/_index.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. diff --git a/content/wiki/basics/vpn-overview/_index.md b/content/wiki/basics/vpn-overview/_index.md index 8c5ce68d..c40692f6 100644 --- a/content/wiki/basics/vpn-overview/_index.md +++ b/content/wiki/basics/vpn-overview/_index.md @@ -14,7 +14,7 @@ Normally, an ISP can see the flow of internet traffic entering and exiting your Using a VPN hides even this information from your ISP, by shifting the trust you place in your network to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing through it. > [!NOTE] -> When we refer to "Virtual Private Networks" on this website, we are usually referring to **commercial** [VPN providers](../../tools/services/vpn/_index.md), who you pay a monthly fee to in exchange for routing your internet traffic securely through their public servers. There are many other forms of VPN, such as ones you host yourself or ones operated by workplaces which allow you to securely connect to internal/employee network resources, however, these VPNs are usually designed for accessing remote networks securely, rather than protecting the privacy of your internet connection. +> When we refer to "Virtual Private Networks" on this website, we are usually referring to **commercial** [VPN providers](../../../tools/services/vpn/_index.md), who you pay a monthly fee to in exchange for routing your internet traffic securely through their public servers. There are many other forms of VPN, such as ones you host yourself or ones operated by workplaces which allow you to securely connect to internal/employee network resources, however, these VPNs are usually designed for accessing remote networks securely, rather than protecting the privacy of your internet connection. ## How does a VPN work? @@ -70,7 +70,7 @@ You should not use that feature: The primary advantage of using Tor is that you Currently, Tor only supports the TCP protocol. UDP (used by [WebRTC](https://en.wikipedia.org/wiki/WebRTC), [HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3), and other protocols), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol), and other packets will be dropped. To compensate for this, VPN providers typically will route all non-TCP packets through their VPN server (your first hop). This is the case with [ProtonVPN](https://protonvpn.com/support/tor-vpn). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit). -The feature should be viewed as a *convenient* way to access hidden services on Tor, not to stay anonymous. For proper anonymity, use the actual [Tor Browser](../../tools/software/tor/_index.md). +The feature should be viewed as a *convenient* way to access hidden services on Tor, not to stay anonymous. For proper anonymity, use the actual [Tor Browser](../../../tools/software/tor/_index.md). ## Commercial VPN Ownership @@ -78,7 +78,7 @@ Most VPN services are owned by the same [few companies](https://vpnpro.com/blog/ You should also be wary that many VPN review sites are merely advertising vehicles open to the highest bidder. Privacy Guides does not make money from recommending external products, and never uses affiliate programs. -[Our VPN Recommendations](../../tools/services/vpn/_index.md){ .md-button } +[Our VPN Recommendations](../../../tools/services/vpn/_index.md){ .md-button } ## Modern VPN Alternatives diff --git a/content/wiki/basics/why-privacy-matters/_index.md b/content/wiki/basics/why-privacy-matters/_index.md index 91875c4e..b7b641a3 100644 --- a/content/wiki/basics/why-privacy-matters/_index.md +++ b/content/wiki/basics/why-privacy-matters/_index.md @@ -26,11 +26,11 @@ Many people get the concepts of **privacy**, **security**, and **anonymity** con **Anonymity** -: Anonymity is the ability to act without a persistent identifier. You might achieve this online with [Tor](../../tools/software/tor/_index.md), which allows you to browse the internet with a random IP address and network connection instead of your own. +: Anonymity is the ability to act without a persistent identifier. You might achieve this online with [Tor](../../../tools/software/tor/_index.md), which allows you to browse the internet with a random IP address and network connection instead of your own. : **Pseudonymity** is a similar concept, but it allows you to have a persistent identifier without it being tied to your real identity. If everybody knows you as `@GamerGuy12` online, but nobody knows your real name, that is your pseudonym. -All of these concepts overlap, but it is possible to have any combination of these. The sweet spot for most people is when all three of these concepts overlap. However, it's trickier to achieve than many initially believe. Sometimes, you have to compromise on some of these, and that's okay too. This is where **threat modeling** comes into play, allowing you to make informed decisions about the [software and services](../../tools/_index.md) you use. +All of these concepts overlap, but it is possible to have any combination of these. The sweet spot for most people is when all three of these concepts overlap. However, it's trickier to achieve than many initially believe. Sometimes, you have to compromise on some of these, and that's okay too. This is where **threat modeling** comes into play, allowing you to make informed decisions about the [software and services](../../../tools/_index.md) you use. [:material-book-outline: Learn More About Threat Modeling](../threat-modeling/_index.md){ .md-button } @@ -48,7 +48,7 @@ Take cookie consent forms, for example. You may encounter these dozens of times Control over your privacy inside most apps is an illusion. It's a shiny dashboard with all sorts of choices you can make about your data, but rarely the choices you're looking for, like "only use my data to help me." This type of control is meant to make you feel guilty about your choices, that you "had the choice" to make the apps you use more private, and you chose not to. -Privacy is something we need to have baked into the [software and services](../../tools/_index.md) we use by default, you can't bend most apps into being private on your own. +Privacy is something we need to have baked into the [software and services](../../../tools/_index.md) we use by default, you can't bend most apps into being private on your own. [:material-movie-open-play-outline: Video: 5 Steps to Improve Your Privacy](https://www.privacyguides.org/videos/2025/02/14/5-easy-steps-to-protect-yourself-online){ class="md-button" } diff --git a/content/wiki/os/_index.md b/content/wiki/os/_index.md index b5852718..ae94e8db 100644 --- a/content/wiki/os/_index.md +++ b/content/wiki/os/_index.md @@ -10,15 +10,15 @@ We publish configuration guides for the major operating systems, because you can ## Mobile Operating Systems {{< cards >}} - {{< card link="advanced/android-overview" title="Android Overview" subtitle="The Android Open Source Project is a secure mobile operating system featuring strong app sandboxing, Verified Boot (AVB), and a robust permission control system." tag="featured" >}} - {{< card link="advanced/ios-overview" title="iOS Overview" subtitle="iOS and iPadOS are proprietary mobile operating systems developed by Apple for their iPhone and iPad products, respectively. If you have an Apple mobile device, you can increase your privacy by disabling some built-in telemetry features, and hardening some privacy and security settings which are built in to the system." >}} + {{< card link="os/android" title="Android Overview" subtitle="The Android Open Source Project is a secure mobile operating system featuring strong app sandboxing, Verified Boot (AVB), and a robust permission control system." tag="featured" >}} + {{< card link="os/ios" title="iOS Overview" subtitle="iOS and iPadOS are proprietary mobile operating systems developed by Apple for their iPhone and iPad products, respectively. If you have an Apple mobile device, you can increase your privacy by disabling some built-in telemetry features, and hardening some privacy and security settings which are built in to the system." >}} {{< /cards >}} ## Desktop Operating Systems {{< cards >}} - {{< card link="advanced/linux" title="Linux Overview" subtitle="Linux is an open-source, privacy-focused desktop operating system alternative. In the face of pervasive telemetry and other privacy-encroaching technologies in mainstream operating systems, desktop Linux has remained the clear choice for people looking for total control over their computers from the ground up." tag="featured" >}} - {{< card link="advanced/qubes" title="Qubes Overview" subtitle="Qubes OS is an open-source operating system which uses the Xen hypervisor to provide strong security for desktop computing through isolated qubes, (which are Virtual Machines). You can assign each qube a level of trust based on its purpose. Qubes OS provides security by using isolation. It only permits actions on a per-case basis and therefore is the opposite of badness enumeration." >}} - {{< card link="advanced/macos" title="macOS Overview" subtitle="macOS is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings." >}} - {{< card link="advanced/windows" title="Windows Overview" subtitle="Microsoft Windows is a common OS shipped with many PCs by default. The following guides aim to provide some ways to improve privacy and reduce the default telemetry and data stored by disabling some unnecessary features. Over time, Microsoft adds features to the OS which can sometimes rely on cloud-based services. These features will often require certain types of optional data that is sometimes sent to remote servers for processing." >}} + {{< card link="os/linux" title="Linux Overview" subtitle="Linux is an open-source, privacy-focused desktop operating system alternative. In the face of pervasive telemetry and other privacy-encroaching technologies in mainstream operating systems, desktop Linux has remained the clear choice for people looking for total control over their computers from the ground up." tag="featured" >}} + {{< card link="os/qubes" title="Qubes Overview" subtitle="Qubes OS is an open-source operating system which uses the Xen hypervisor to provide strong security for desktop computing through isolated qubes, (which are Virtual Machines). You can assign each qube a level of trust based on its purpose. Qubes OS provides security by using isolation. It only permits actions on a per-case basis and therefore is the opposite of badness enumeration." >}} + {{< card link="os/macos" title="macOS Overview" subtitle="macOS is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings." >}} + {{< card link="os/windows" title="Windows Overview" subtitle="Microsoft Windows is a common OS shipped with many PCs by default. The following guides aim to provide some ways to improve privacy and reduce the default telemetry and data stored by disabling some unnecessary features. Over time, Microsoft adds features to the OS which can sometimes rely on cloud-based services. These features will often require certain types of optional data that is sometimes sent to remote servers for processing." >}} {{< /cards >}} diff --git a/content/wiki/os/windows/_index.md b/content/wiki/os/windows/_index.md index d1eec17d..1ad4d864 100644 --- a/content/wiki/os/windows/_index.md +++ b/content/wiki/os/windows/_index.md @@ -12,7 +12,7 @@ Unfortunately, this feature was added without too much thought about the privacy You can enhance your privacy and security on Windows without downloading any third-party tools with these guides: - Initial Installation (coming soon) -- [Group Policy Settings](group-policies/) +- [Group Policy Settings](./group-policies/_index.md) - Privacy Settings (coming soon) - Application Sandboxing (coming soon) - Security Hardening (coming soon)