diff --git a/content/wiki/_index.md b/content/wiki/_index.md index 37be6b17..4b300d78 100644 --- a/content/wiki/_index.md +++ b/content/wiki/_index.md @@ -25,7 +25,7 @@ This is a selection of featured pages, but you can browse the sidebar for more t {{< cards >}} {{< card link="basics/passwords-overview" title="Intro to Passwords" subtitle="Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices, and our secrets. Despite often being the only thing between us and an adversary who’s after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced." >}} {{< card link="basics/vpn-overview" title="VPN Overview" subtitle="Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. Normally, an ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you’re posting or reading, but they can get an idea of the domains you request." >}} - {{< card link="basics/creating-accounts" title="Creating Accounts" subtitle="Often people sign up for services without thinking. Maybe it’s a streaming service to watch that new show everyone’s talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line." >}} + {{< card link="basics/account-creation" title="Creating Accounts" subtitle="Often people sign up for services without thinking. Maybe it’s a streaming service to watch that new show everyone’s talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line." >}} {{< card link="basics/common-threats" title="Common Threats" subtitle="Broadly speaking, we categorize our recommendations into the threats or goals that apply to most people. You may be concerned with none, one, a few, or all of these possibilities, and the tools and services you use depend on what your goals are. You may have specific threats outside these categories as well, which is perfectly fine!" >}} {{< /cards >}} diff --git a/content/wiki/advanced/communication-network-types.md b/content/wiki/advanced/communication-networks/_index.md similarity index 83% rename from content/wiki/advanced/communication-network-types.md rename to content/wiki/advanced/communication-networks/_index.md index 056fb04d..3bf5cfe1 100644 --- a/content/wiki/advanced/communication-network-types.md +++ b/content/wiki/advanced/communication-networks/_index.md @@ -4,14 +4,14 @@ weight: 40 description: An overview of several network architectures commonly used by instant messaging applications. --- -There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. +There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../../basics/threat-modeling.md) when deciding which app to use. -[Recommended Instant Messengers](../real-time-communication.md){ .md-button } -[:material-movie-open-play-outline: Video: It's time to stop using SMS](https://www.privacyguides.org/videos/2025/01/24/its-time-to-stop-using-sms-heres-why){ .md-button } +- [Recommended Instant Messengers](../../../tools/services/messengers/_index.md) +- [Video: It's time to stop using SMS](https://www.privacyguides.org/videos/2025/01/24/its-time-to-stop-using-sms-heres-why) ## Centralized Networks -![Centralized networks diagram](../assets/img/layout/network-centralized.svg){ align=left } +![Centralized networks diagram](./network-centralized.svg) Centralized messengers are those where all participants are on the same server or network of servers controlled by the same organization. @@ -34,7 +34,7 @@ Some self-hosted messengers allow you to set up your own server. Self-hosting ca ## Federated Networks -![Federated networks diagram](../assets/img/layout/network-decentralized.svg){ align=left } +![Federated networks diagram](./network-decentralized.svg) Federated messengers use multiple, independent, decentralized servers that are able to talk to each other (email is one example of a federated service). Federation allows system administrators to control their own server and still be a part of the larger communications network. @@ -57,7 +57,7 @@ When self-hosted, members of a federated server can discover and communicate wit ## Peer-to-Peer Networks -![P2P diagram](../assets/img/layout/network-distributed.svg){ align=left } +![P2P diagram](./network-distributed.svg) P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server. @@ -78,15 +78,15 @@ P2P networks do not use servers, as peers communicate directly between each othe - Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online. - Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online. - Some common messenger features may not be implemented or incompletely, such as message deletion. -- Your IP address and that of the contacts you're communicating with may be exposed if you do not use the software in conjunction with a [VPN](../vpn.md) or [Tor](../tor.md). Many countries have some form of mass surveillance and/or metadata retention. +- Your IP address and that of the contacts you're communicating with may be exposed if you do not use the software in conjunction with a [VPN](../../../tools/services/vpn/_index.md) or [Tor](../../../tools/software/tor/_index.md). Many countries have some form of mass surveillance and/or metadata retention. ## Anonymous Routing -![Anonymous routing diagram](../assets/img/layout/network-anonymous-routing.svg){ align=left } +![Anonymous routing diagram](./network-anonymous-routing.svg) A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three. -There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers." +There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](../tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers." Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit. diff --git a/content/wiki/advanced/network-anonymous-routing.svg b/content/wiki/advanced/communication-networks/network-anonymous-routing.svg similarity index 100% rename from content/wiki/advanced/network-anonymous-routing.svg rename to content/wiki/advanced/communication-networks/network-anonymous-routing.svg diff --git a/content/wiki/advanced/network-centralized.svg b/content/wiki/advanced/communication-networks/network-centralized.svg similarity index 100% rename from content/wiki/advanced/network-centralized.svg rename to content/wiki/advanced/communication-networks/network-centralized.svg diff --git a/content/wiki/advanced/network-decentralized.svg b/content/wiki/advanced/communication-networks/network-decentralized.svg similarity index 100% rename from content/wiki/advanced/network-decentralized.svg rename to content/wiki/advanced/communication-networks/network-decentralized.svg diff --git a/content/wiki/advanced/network-distributed.svg b/content/wiki/advanced/communication-networks/network-distributed.svg similarity index 100% rename from content/wiki/advanced/network-distributed.svg rename to content/wiki/advanced/communication-networks/network-distributed.svg diff --git a/content/wiki/advanced/dns-overview.md b/content/wiki/advanced/dns-overview.md index e701bb5c..cc713204 100644 --- a/content/wiki/advanced/dns-overview.md +++ b/content/wiki/advanced/dns-overview.md @@ -26,32 +26,35 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s 2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS. - === "Linux, macOS" - - ``` - dig +noall +answer privacyguides.org @1.1.1.1 - dig +noall +answer privacyguides.org @8.8.8.8 - ``` - === "Windows" - - ``` - nslookup privacyguides.org 1.1.1.1 - nslookup privacyguides.org 8.8.8.8 - ``` + {{< tabs >}} + {{< tab name="Linux, macOS" >}} + ```bash + dig +noall +answer privacyguides.org @1.1.1.1 + dig +noall +answer privacyguides.org @8.8.8.8 + ``` + {{< /tab >}} + {{< tab name="Windows" >}} + ```bash + nslookup privacyguides.org 1.1.1.1 + nslookup privacyguides.org 8.8.8.8 + ``` + {{< /tab >}} + {{< /tabs >}} 3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results: - === "Wireshark" - - ``` - wireshark -r /tmp/dns.pcap - ``` - - === "tshark" - - ``` - tshark -r /tmp/dns.pcap - ``` + {{< tabs >}} + {{< tab name="Wireshark" >}} + ```bash + wireshark -r /tmp/dns.pcap + ``` + {{< /tab >}} + {{< tab name="tshark" >}} + ```bash + tshark -r /tmp/dns.pcap + ``` + {{< /tab >}} + {{< /tabs >}} If you run the Wireshark command above, the top pane shows the "[frames](https://en.wikipedia.org/wiki/Ethernet_frame)", and the bottom pane shows all the data about the selected frame. Enterprise filtering and monitoring solutions (such as those purchased by governments) can do the process automatically, without human interaction, and can aggregate those frames to produce statistical data useful to the network observer. @@ -80,7 +83,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be [**DNS over HTTPS**](https://en.wikipedia.org/wiki/DNS_over_HTTPS), as defined in [RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484), packages queries in the [HTTP/2](https://en.wikipedia.org/wiki/HTTP/2) protocol and provides security with HTTPS. Support was first added in web browsers such as Firefox 60 and Chrome 83. -Native implementation of DoH showed up in iOS 14, macOS 11, Microsoft Windows, and Android 13 (however, it won't be enabled [by default](https://android-review.googlesource.com/c/platform/packages/modules/DnsResolver/+/1833144)). General Linux desktop support is waiting on the systemd [implementation](https://github.com/systemd/systemd/issues/8639) so [installing third-party software is still required](../dns.md#encrypted-dns-proxies). +Native implementation of DoH showed up in iOS 14, macOS 11, Microsoft Windows, and Android 13 (however, it won't be enabled [by default](https://android-review.googlesource.com/c/platform/packages/modules/DnsResolver/+/1833144)). General Linux desktop support is waiting on the systemd [implementation](https://github.com/systemd/systemd/issues/8639) so [installing third-party software is still required](../../tools/services/dns/_index.md#encrypted-dns-proxies). ### Native Operating System Support @@ -98,7 +101,7 @@ Apple does not provide a native interface for creating encrypted DNS profiles. [ #### Linux -`systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](../dns.md#dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS. +`systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](../../tools/services/dns/_index.md#dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS. ## What can an outside party see? @@ -128,7 +131,7 @@ We can see the [connection establishment](https://en.wikipedia.org/wiki/Transmis ## Why **shouldn't** I use encrypted DNS? -In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](../basics/threat-modeling.md). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](../advanced/tor-overview.md) or a [VPN](../vpn.md) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity. +In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](../basics/threat-modeling.md). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](tor-overview.md) or a [VPN](../../tools/services/vpn/_index.md) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity. When we do a DNS lookup, it's generally because we want to access a resource. Below, we will discuss some of the methods that may disclose your browsing activities even when using encrypted DNS: @@ -296,7 +299,7 @@ graph TB Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering. -[List of recommended DNS servers](../dns.md){ .md-button } +[List of recommended DNS servers](../../tools/services/dns/_index.md){ .md-button } ## What is DNSSEC? diff --git a/content/wiki/advanced/payments.md b/content/wiki/advanced/payments.md index 42cfdb1b..2db8102b 100644 --- a/content/wiki/advanced/payments.md +++ b/content/wiki/advanced/payments.md @@ -27,17 +27,17 @@ Cash remains the best option for in-person purchases for most people. Gift cards ### Online Marketplaces -If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer high limits (with ID verification), but they usually allow basic, low-limit accounts with just an email address. Expect limits under $10,000 for basic accounts and significantly higher limits for ID verified accounts (if offered). +If you have [cryptocurrency](../../tools/software/cryptocurrency/_index.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer high limits (with ID verification), but they usually allow basic, low-limit accounts with just an email address. Expect limits under $10,000 for basic accounts and significantly higher limits for ID verified accounts (if offered). When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy (more on this below). Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. -- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../../tools/services/financial-services/_index.md#gift-card-marketplaces) ## Virtual Cards Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. -- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../../tools/services/financial-services/_index.md#payment-masking-services) These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. @@ -45,6 +45,7 @@ These tend to be good options for recurring/subscription payments online, while Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a transparent blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only purchase amounts which would not be disastrous to lose. +

Danger

@@ -58,9 +59,9 @@ Additionally, many if not most cryptocurrencies are scams. Make transactions car There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. -- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#monero) +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../../tools/software/cryptocurrency/_index.md#monero) -Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can trace (at least to some extent) Bitcoin Lightning Network and/or Monero transactions. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million to further develop tools to do so. Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins in their current form only succeed in thwarting mass surveillance. +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can trace (at least to some extent) Bitcoin Lightning Network and/or Monero transactions. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million to further develop tools to do so. Due to the secrecy surrounding tools like these, none of these methods of tracing cryptocurrencies have been independently confirmed. However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins in their current form only succeed in thwarting mass surveillance. ### Other Coins (Bitcoin, Ethereum, etc.) @@ -68,7 +69,7 @@ The vast majority of cryptocurrency projects use a transparent blockchain, meani Anonymous transactions on a transparent blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, this example requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical (even for enthusiasts) for many years. -==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. +Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default. Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. ### Wallet Custody @@ -76,9 +77,9 @@ With cryptocurrency there are two forms of wallets: custodial wallets and self-c ### Acquisition -Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces (platforms which facilitate trades between people) are one option, though the user experience typically suffers. If using an exchange which requires KYC is acceptable for you as long as subsequent transactions can't be traced, it's much easier to purchase Monero on a centralized exchange or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own self-custody wallet to use privately from that point forward. +Acquiring [cryptocurrencies](../../tools/software/cryptocurrency/_index.md) like Monero privately can be difficult. P2P marketplaces (platforms which facilitate trades between people) are one option, though the user experience typically suffers. If using an exchange which requires KYC is acceptable for you as long as subsequent transactions can't be traced, it's much easier to purchase Monero on a centralized exchange or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own self-custody wallet to use privately from that point forward. -[Recommended places to buy Monero](../cryptocurrency.md#buying-monero){ .md-button } +[Recommended places to buy Monero](../../tools/software/cryptocurrency/_index.md#buying-monero){ .md-button } If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. @@ -86,11 +87,12 @@ If you go this route, make sure to purchase Monero at different times and in dif When you're making a payment in person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. -When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../../tools/services/vpn/_index.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. +

Important notices

-The content here is not legal or financial advice. We do not endorse or encourage illicit activities, and we do not endorse or encourage anything which violates a company's terms of service. Check with a professional to confirm that these recommendations are legal and available in your jurisdiction. [See all notices](../about/notices.md). +The content here is not legal or financial advice. We do not endorse or encourage illicit activities, and we do not endorse or encourage anything which violates a company's terms of service. Check with a professional to confirm that these recommendations are legal and available in your jurisdiction. [See all notices](/about/notices).
diff --git a/content/wiki/advanced/tor-overview.md b/content/wiki/advanced/tor-overview/_index.md similarity index 93% rename from content/wiki/advanced/tor-overview.md rename to content/wiki/advanced/tor-overview/_index.md index 2852fed2..932cf173 100644 --- a/content/wiki/advanced/tor-overview.md +++ b/content/wiki/advanced/tor-overview/_index.md @@ -4,9 +4,9 @@ weight: 20 description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- -![Tor logo](../assets/img/self-contained-networks/tor.svg){ align=right } +![Tor logo](/assets/img/self-contained-networks/tor.svg){ align=right } -[**Tor**](../alternative-networks.md#tor) is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool. +[**Tor**](../../tools/advanced/alternative-networks/_index.md#tor) is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool. [:material-movie-open-play-outline: Video: Why You Need Tor](https://www.privacyguides.org/videos/2025/03/02/why-you-need-tor){ .md-button } @@ -22,11 +22,11 @@ Tor works by routing your internet traffic through volunteer-operated servers in Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from. -If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry. +If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../../tools/software/tor/_index.md) without worry. If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN: -- You already use a [trusted VPN provider](../vpn.md) +- You already use a [trusted VPN provider](../../tools/services/vpn/_index.md) - Your threat model includes an adversary which is capable of extracting information from your ISP - Your threat model includes your ISP itself as an adversary - Your threat model includes local network administrators before your ISP as an adversary @@ -35,7 +35,7 @@ Because we already [generally recommend](../basics/vpn-overview.md) that the vas Connecting directly to Tor will make your connection stand out to any local network administrators or your ISP. Detecting and correlating this traffic [has been done](https://edition.cnn.com/2013/12/17/justice/massachusetts-harvard-hoax) in the past by network administrators to identify and deanonymize specific Tor users on their network. On the other hand, connecting to a VPN is almost always less suspicious, because commercial VPN providers are used by everyday consumers for a variety of mundane tasks like bypassing geo-restrictions, even in countries with heavy internet restrictions. -Therefore, you should make an effort to hide your IP address **before** connecting to the Tor network. You can do this by simply connecting to a VPN (through a client installed on your computer) and then accessing [Tor](../tor.md) as normal (e.g., through Tor Browser). This creates a connection chain like so: +Therefore, you should make an effort to hide your IP address **before** connecting to the Tor network. You can do this by simply connecting to a VPN (through a client installed on your computer) and then accessing [Tor](../../tools/software/tor/_index.md) as normal (e.g., through Tor Browser). This creates a connection chain like so: - [x] You → VPN → Tor → Internet @@ -57,6 +57,7 @@ Setting up bad configurations like these is difficult to do accidentally, becaus --- +

VPN/SSH Fingerprinting

@@ -99,17 +100,17 @@ Additionally, Tor Browser is based on Firefox's Extended Support Release builds, 1. Look for new Critical/High vulnerabilities in Firefox nightly or beta builds, then check if they are exploitable in Tor Browser (this vulnerability period can last weeks). 2. Chain *multiple* Medium/Low vulnerabilities together until they get the level of access they're looking for (this vulnerability period can last months or longer). -Those at risk of browser vulnerabilities should consider additional protections to defend against Tor Browser exploits, such as using Whonix in [Qubes](../os/qubes-overview.md) to contain your Tor browsing in a secure virtual machine and protect against leaks. +Those at risk of browser vulnerabilities should consider additional protections to defend against Tor Browser exploits, such as using Whonix in [Qubes](../os/qubes/_index.md) to contain your Tor browsing in a secure virtual machine and protect against leaks. ## Path Building to Clearnet Services "Clearnet services" are websites which you can access with any browser, like [privacyguides.org](https://www.privacyguides.org). Tor lets you connect to these websites anonymously by routing your traffic through a network comprised of thousands of volunteer-run servers called nodes (or relays). -Every time you [connect to Tor](../tor.md), it will choose three nodes to build a path to the internet—this path is called a "circuit." +Every time you [connect to Tor](../../tools/software/tor/_index.md), it will choose three nodes to build a path to the internet—this path is called a "circuit."
- ![Tor path showing your device connecting to an entry node, middle node, and exit node before reaching the destination website](../assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path showing your device connecting to an entry node, middle node, and exit node before reaching the destination website](../assets/img/how-tor-works/tor-path-dark.svg#only-dark) + ![Tor path showing your device connecting to an entry node, middle node, and exit node before reaching the destination website](/assets/img/how-tor-works/tor-path.svg#only-light) + ![Tor path showing your device connecting to an entry node, middle node, and exit node before reaching the destination website](/assets/img/how-tor-works/tor-path-dark.svg#only-dark)
Tor circuit pathway
@@ -144,8 +145,8 @@ The exit node will be chosen at random from all available Tor nodes ran with an Connecting to an Onion Service in Tor works very similarly to connecting to a clearnet service, but your traffic is routed through a total of **six** nodes before reaching the destination server. Just like before, however, only three of these nodes are contributing to *your* anonymity, the other three nodes protect *the Onion Service's* anonymity, hiding the website's true IP and location in the same manner that Tor Browser is hiding yours.
- ![Tor path showing your traffic being routed through your three Tor nodes plus three additional Tor nodes which hide the website's identity](../assets/img/how-tor-works/tor-path-hidden-service.svg#only-light) - ![Tor path showing your traffic being routed through your three Tor nodes plus three additional Tor nodes which hide the website's identity](../assets/img/how-tor-works/tor-path-hidden-service-dark.svg#only-dark) + ![Tor path showing your traffic being routed through your three Tor nodes plus three additional Tor nodes which hide the website's identity](/assets/img/how-tor-works/tor-path-hidden-service.svg#only-light) + ![Tor path showing your traffic being routed through your three Tor nodes plus three additional Tor nodes which hide the website's identity](/assets/img/how-tor-works/tor-path-hidden-service-dark.svg#only-dark)
Tor circuit pathway with Onion Services. Nodes in the blue fence belong to your browser, while nodes in the red fence belong to the server, so their identity is hidden from you.
@@ -164,8 +165,8 @@ Once Tor has built a circuit, data transmission is done as follows: Below is an alternative diagram showing the process. Each node removes its own layer of encryption, and when the destination server returns data, the same process happens entirely in reverse. For example, the exit node does not know who you are, but it does know which node it came from, and so it adds its own layer of encryption and sends it back.
- ![Tor encryption](../assets/img/how-tor-works/tor-encryption.svg#only-light) - ![Tor encryption](../assets/img/how-tor-works/tor-encryption-dark.svg#only-dark) + ![Tor encryption](/assets/img/how-tor-works/tor-encryption.svg#only-light) + ![Tor encryption](/assets/img/how-tor-works/tor-encryption-dark.svg#only-dark)
Sending and receiving data through the Tor Network
@@ -183,7 +184,7 @@ Though Tor does provide strong privacy guarantees, one must be aware that Tor is If you wish to use Tor for browsing the web, we only recommend the **official** Tor Browser—it is designed to prevent fingerprinting. -- [Tor Browser :material-arrow-right-drop-circle:](../tor.md#tor-browser) +- [Tor Browser :material-arrow-right-drop-circle:](../../tools/software/tor/_index.md#tor-browser) ### Protections provided by bridges diff --git a/content/assets/img/how-tor-works/tor-encryption-dark.svg b/content/wiki/advanced/tor-overview/tor-encryption-dark.svg similarity index 100% rename from content/assets/img/how-tor-works/tor-encryption-dark.svg rename to content/wiki/advanced/tor-overview/tor-encryption-dark.svg diff --git a/content/assets/img/how-tor-works/tor-encryption.svg b/content/wiki/advanced/tor-overview/tor-encryption.svg similarity index 100% rename from content/assets/img/how-tor-works/tor-encryption.svg rename to content/wiki/advanced/tor-overview/tor-encryption.svg diff --git a/content/assets/img/how-tor-works/tor-path-dark.svg b/content/wiki/advanced/tor-overview/tor-path-dark.svg similarity index 100% rename from content/assets/img/how-tor-works/tor-path-dark.svg rename to content/wiki/advanced/tor-overview/tor-path-dark.svg diff --git a/content/assets/img/how-tor-works/tor-path-hidden-service-dark.svg b/content/wiki/advanced/tor-overview/tor-path-hidden-service-dark.svg similarity index 100% rename from content/assets/img/how-tor-works/tor-path-hidden-service-dark.svg rename to content/wiki/advanced/tor-overview/tor-path-hidden-service-dark.svg diff --git a/content/assets/img/how-tor-works/tor-path-hidden-service.svg b/content/wiki/advanced/tor-overview/tor-path-hidden-service.svg similarity index 100% rename from content/assets/img/how-tor-works/tor-path-hidden-service.svg rename to content/wiki/advanced/tor-overview/tor-path-hidden-service.svg diff --git a/content/assets/img/how-tor-works/tor-path.svg b/content/wiki/advanced/tor-overview/tor-path.svg similarity index 100% rename from content/assets/img/how-tor-works/tor-path.svg rename to content/wiki/advanced/tor-overview/tor-path.svg diff --git a/content/wiki/basics/account-creation.md b/content/wiki/basics/account-creation.md index 013b5474..5e0df26b 100644 --- a/content/wiki/basics/account-creation.md +++ b/content/wiki/basics/account-creation.md @@ -29,16 +29,13 @@ There are usually multiple ways to sign up for an account, each with their own b The most common way to create a new account is by an email address and password. When using this method, you should use a password manager and follow [best practices](passwords-overview.md) regarding passwords. -
-

Tip

+> [!TIP] +> You can use your password manager to organize other authentication methods too! Just add the new entry and fill the appropriate fields, you can add notes for things like security questions or a backup key. -You can use your password manager to organize other authentication methods too! Just add the new entry and fill the appropriate fields, you can add notes for things like security questions or a backup key. - -
You will be responsible for managing your login credentials. For added security, you can set up [MFA](multi-factor-authentication.md) on your accounts. -[Recommended password managers](../passwords.md){ .md-button } +[Recommended password managers](../../tools/software/passwords/_index.md){ .md-button } #### Email aliases @@ -46,7 +43,7 @@ If you don't want to give your real email address to a service, you have the opt Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked. -[Recommended email aliasing services](../email-aliasing.md){ .md-button } +[Recommended email aliasing services](../../tools/services/email-aliasing/_index.md){ .md-button } ### "Sign in with..." (OAuth) diff --git a/content/wiki/basics/account-deletion.md b/content/wiki/basics/account-deletion/_index.md similarity index 94% rename from content/wiki/basics/account-deletion.md rename to content/wiki/basics/account-deletion/_index.md index 2c5d3ae3..14a3f41d 100644 --- a/content/wiki/basics/account-deletion.md +++ b/content/wiki/basics/account-deletion/_index.md @@ -12,7 +12,7 @@ Over time, it can be easy to accumulate a number of online accounts, many of whi If you have a password manager that you've used for your entire digital life, this part will be very easy. Oftentimes, they include built-in functionality for detecting if your credentials were exposed in a data breach—such as Bitwarden's [Data Breach Report](https://bitwarden.com/blog/have-you-been-pwned).
- ![Bitwarden's Data Breach Report feature](../assets/img/account-deletion/exposed_passwords.png) + ![Bitwarden's Data Breach Report feature](/assets/img/account-deletion/exposed_passwords.png)
Even if you haven't explicitly used a password manager before, there's a chance you've used the one in your browser ([Firefox](https://support.mozilla.org/kb/password-manager-remember-delete-edit-logins), [Chrome](https://passwords.google.com/intro), [Edge](https://support.microsoft.com/microsoft-edge/save-or-forget-passwords-in-microsoft-edge-b4beecb0-f2a8-1ca0-f26f-9ec247a3f336)) or your phone ([Google](https://passwords.google.com/intro) on stock Android, [Passwords](https://support.apple.com/HT211146) on iOS) without even realizing it. @@ -43,13 +43,13 @@ Residents of the EEA have additional rights regarding data erasure specified in In some situations where you plan to abandon an account, it may make sense to overwrite the account information with fake data. Once you've made sure you can log in, change all the information in your account to falsified information. The reason for this is that many sites will retain information you previously had even after account deletion. The hope is that they will overwrite the previous information with the newest data you entered. However, there is no guarantee that there won't be backups with the prior information. -For the account email, either create a new alternate email account via your provider of choice or create an alias using an [email aliasing service](../email-aliasing.md). You can then delete your alternate email address once you are done. We recommend against using temporary email providers, as oftentimes it is possible to reactivate temporary emails. +For the account email, either create a new alternate email account via your provider of choice or create an alias using an [email aliasing service](../../tools/services/email-aliasing/_index.md). You can then delete your alternate email address once you are done. We recommend against using temporary email providers, as oftentimes it is possible to reactivate temporary emails. ### Delete You can check [JustDeleteMe](https://justdeleteme.xyz) for instructions on deleting the account for a specific service. Some sites will graciously have a "Delete Account" option, while others will go as far as to force you to speak with a support agent. The deletion process can vary from site to site, with account deletion being impossible on some. -For services that don't allow account deletion, the best thing to do is falsify all your information as previously mentioned and strengthen account security. To do so, enable [MFA](multi-factor-authentication.md) and any extra security features offered. As well, change the password to a randomly-generated one that is the maximum allowed size (a [password manager](../passwords.md) can be useful for this). +For services that don't allow account deletion, the best thing to do is falsify all your information as previously mentioned and strengthen account security. To do so, enable [MFA](multi-factor-authentication.md) and any extra security features offered. As well, change the password to a randomly-generated one that is the maximum allowed size (a [password manager](../../tools/software/passwords/_index.md) can be useful for this). If you're satisfied that all information you care about is removed, you can safely forget about this account. If not, it might be a good idea to keep the credentials stored with your other passwords and occasionally re-login to reset the password. diff --git a/content/assets/img/account-deletion/exposed_passwords.png b/content/wiki/basics/account-deletion/exposed_passwords.png similarity index 100% rename from content/assets/img/account-deletion/exposed_passwords.png rename to content/wiki/basics/account-deletion/exposed_passwords.png diff --git a/content/wiki/basics/common-misconceptions.md b/content/wiki/basics/common-misconceptions.md index be357ae2..1f8e57d0 100644 --- a/content/wiki/basics/common-misconceptions.md +++ b/content/wiki/basics/common-misconceptions.md @@ -6,7 +6,7 @@ description: Privacy isn't a straightforward topic, and it's easy to get caught ## "Open-source software is always secure" or "Proprietary software is more secure" -These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis. +These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case. When you evaluate software, you should look at the reputation and security of each tool on an individual basis. Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations){ .pg-viridian }, which are discussed further in our [Common Threats](common-threats.md) page.[^1] @@ -23,7 +23,7 @@ We talk about "shifting trust" a lot when discussing solutions like VPNs (which ## "Privacy-focused solutions are inherently trustworthy" -Focusing solely on the privacy policies and marketing of a tool or provider can blind you to its weaknesses. When you're looking for a more private solution, you should determine what the underlying problem is and find technical solutions to that problem. For example, you may want to avoid Google Drive, which gives Google access to all of your data. The underlying problem in this case is lack of E2EE, so you should make sure that the provider you switch to actually implements E2EE, or use a tool (like [Cryptomator](../encryption.md#cryptomator-cloud)) which provides E2EE on any cloud provider. Switching to a "privacy-focused" provider (that doesn't implement E2EE) doesn't solve your problem: it just shifts trust from Google to that provider. +Focusing solely on the privacy policies and marketing of a tool or provider can blind you to its weaknesses. When you're looking for a more private solution, you should determine what the underlying problem is and find technical solutions to that problem. For example, you may want to avoid Google Drive, which gives Google access to all of your data. The underlying problem in this case is lack of E2EE, so you should make sure that the provider you switch to actually implements E2EE, or use a tool (like [Cryptomator](../../tools/software/encryption/_index.md#cryptomator-cloud)) which provides E2EE on any cloud provider. Switching to a "privacy-focused" provider (that doesn't implement E2EE) doesn't solve your problem: it just shifts trust from Google to that provider. The privacy policies and business practices of providers you choose are very important, but should be considered secondary to technical guarantees of your privacy: You shouldn't shift trust to another provider when trusting a provider isn't a requirement at all. @@ -33,9 +33,9 @@ We often see people describing privacy threat models that are overly complex. Of Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips: -1. ==Actions need to serve a particular purpose:== think about how to do what you want with the fewest actions. -2. ==Remove human failure points:== We fail, get tired, and forget things. To maintain security, avoid relying on manual conditions and processes that you have to remember. -3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight. +1. Actions need to serve a particular purpose: think about how to do what you want with the fewest actions. +2. Remove human failure points: We fail, get tired, and forget things. To maintain security, avoid relying on manual conditions and processes that you have to remember. +3. Use the right level of protection for what you intend. We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight. So, how might this look? @@ -45,16 +45,12 @@ One of the clearest threat models is one where people *know who you are* and one We don't suggest using a VPN or Tor for any of these things, as your identity is already known through other means. -
-

Tip

- - When shopping online, the use of a [parcel locker](https://en.wikipedia.org/wiki/Parcel_locker) can help keep your physical address private. - -
+ > [!TIP] + > When shopping online, the use of a [parcel locker](https://en.wikipedia.org/wiki/Parcel_locker) can help keep your physical address private. 2. **Unknown identity** - An unknown identity could be a stable pseudonym that you regularly use. It is not anonymous because it doesn't change. If you're part of an online community, you may wish to retain a persona that others know. This pseudonym isn't anonymous because—if monitored for long enough—details about the owner can reveal further information, such as the way they write, their general knowledge about topics of interest, etc. - You may wish to use a VPN for this, to mask your IP address. Financial transactions are more difficult to mask: You could consider using anonymous cryptocurrencies, such as [Monero](../cryptocurrency.md#monero). Employing altcoin shifting may also help to disguise where your currency originated. Typically, exchanges require KYC (know your customer) to be completed before they'll allow you to exchange fiat currency into any kind of cryptocurrency. Local meet-up options may also be a solution; however, those are often more expensive and sometimes also require KYC. + You may wish to use a VPN for this, to mask your IP address. Financial transactions are more difficult to mask: You could consider using anonymous cryptocurrencies, such as [Monero](../../tools/software/cryptocurrency/_index.md#monero). Employing altcoin shifting may also help to disguise where your currency originated. Typically, exchanges require KYC (know your customer) to be completed before they'll allow you to exchange fiat currency into any kind of cryptocurrency. Local meet-up options may also be a solution; however, those are often more expensive and sometimes also require KYC. 3. **Anonymous identity** - Even with experience, anonymous identities are difficult to maintain over long periods of time. They should be short-term and short-lived identities which are rotated regularly. diff --git a/content/wiki/basics/common-threats.md b/content/wiki/basics/common-threats.md index 1acde519..7a553c79 100644 --- a/content/wiki/basics/common-threats.md +++ b/content/wiki/basics/common-threats.md @@ -4,7 +4,7 @@ weight: 30 description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- -Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. +Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. You may be concerned with none, one, a few, or all of these possibilities, and the tools and services you use depend on what your goals are. You may have specific threats outside these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. :material-incognito: **Anonymity** @@ -62,14 +62,11 @@ When it comes to application security, we generally don't (and sometimes can't) To minimize the damage that a malicious piece of software *could* do, you should employ security by compartmentalization. For example, this could come in the form of using different computers for different jobs, using virtual machines to separate different groups of related applications, or using a secure operating system with a strong focus on application sandboxing and mandatory access control. -
-

Tip

+> [!TIP] +> Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources. +> +> Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../../tools/os/desktop/_index.md#qubes-os). -Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources. - -Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os). - -
## Attacks against Specific Individuals @@ -77,12 +74,9 @@ Desktop operating systems generally lag behind on proper sandboxing. ChromeOS ha Targeted attacks against a specific person are more problematic to deal with. Common attacks include sending malicious documents via email, exploiting vulnerabilities (e.g. in browsers and operating systems), and physical attacks. If this is a concern for you, you should employ more advanced threat mitigation strategies. -
-

Tip

+> [!TIP] +> By design, **web browsers**, **email clients**, and **office applications** typically run untrusted code, sent to you from third parties. Running multiple virtual machines—to separate applications like these from your host system, as well as each other—is one technique you can use to mitigate the chance of an exploit in these applications compromising the rest of your system. For example, technologies like Qubes OS or Microsoft Defender Application Guard on Windows provide convenient methods to do this. -By design, **web browsers**, **email clients**, and **office applications** typically run untrusted code, sent to you from third parties. Running multiple virtual machines—to separate applications like these from your host system, as well as each other—is one technique you can use to mitigate the chance of an exploit in these applications compromising the rest of your system. For example, technologies like Qubes OS or Microsoft Defender Application Guard on Windows provide convenient methods to do this. - -
If you are concerned about **physical attacks** you should use an operating system with a secure verified boot implementation, such as Android, iOS, macOS, or [Windows (with TPM)](https://learn.microsoft.com/windows/security/information-protection/secure-the-windows-10-boot-process). You should also make sure that your drive is encrypted, and that the operating system uses a TPM or Secure [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) or [Element](https://developers.google.com/android/security/android-ready-se) to rate limit attempts to enter the encryption passphrase. You should avoid sharing your computer with people you don't trust, because most desktop operating systems don't encrypt data separately per-user. @@ -92,6 +86,7 @@ If you are concerned about **physical attacks** you should use an operating syst Supply chain attacks are frequently a form of :material-target-account: Targeted Attack towards businesses, governments, and activists, although they can end up compromising the public at large as well. +

Example

@@ -123,10 +118,11 @@ The obvious problem with this is that the service provider (or a hacker who has Thankfully, E2EE can alleviate this issue by encrypting communications between you and your desired recipients before they are even sent to the server. The confidentiality of your messages is guaranteed, assuming the service provider doesn't have access to the private keys of either party. +

Note on Web-based Encryption

-In practice, the effectiveness of different E2EE implementations varies. Applications, such as [Signal](../real-time-communication.md#signal), run natively on your device, and every copy of the application is the same across different installations. If the service provider were to introduce a [backdoor](https://en.wikipedia.org/wiki/Backdoor_(computing)) in their application—in an attempt to steal your private keys—it could later be detected with [reverse engineering](https://en.wikipedia.org/wiki/Reverse_engineering). +In practice, the effectiveness of different E2EE implementations varies. Applications, such as [Signal](../../tools/services/messengers/_index.md#signal), run natively on your device, and every copy of the application is the same across different installations. If the service provider were to introduce a [backdoor](https://en.wikipedia.org/wiki/Backdoor_(computing)) in their application—in an attempt to steal your private keys—it could later be detected with [reverse engineering](https://en.wikipedia.org/wiki/Reverse_engineering). On the other hand, web-based E2EE implementations, such as Proton Mail's web app or Bitwarden's *Web Vault*, rely on the server dynamically serving JavaScript code to the browser to handle cryptography. A malicious server can target you and send you malicious JavaScript code to steal your encryption key (and it would be extremely hard to notice). Because the server can choose to serve different web clients to different people—even if you noticed the attack—it would be incredibly hard to prove the provider's guilt. @@ -142,6 +138,7 @@ Even with E2EE, service providers can still profile you based on **metadata**, w Mass surveillance is the intricate effort to monitor the "behavior, many activities, or information" of an entire (or substantial fraction of a) population.[^1] It often refers to government programs, such as the ones [disclosed by Edward Snowden in 2013](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)). However, it can also be carried out by corporations, either on behalf of government agencies or by their own initiative. +

Atlas of Surveillance

@@ -153,6 +150,7 @@ In France, you can take a look at the [Technopolice website](https://technopolic Governments often justify mass surveillance programs as necessary means to combat terrorism and prevent crime. However, as breaches of human rights, they're most often used to disproportionately target minority groups and political dissidents, among others. +

ACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward

@@ -202,16 +200,13 @@ Censorship online can be carried out (to varying degrees) by actors including to Censorship on corporate platforms is increasingly common, as platforms like Twitter and Facebook give in to public demand, market pressures, and pressures from government agencies. Government pressures can be covert requests to businesses, such as the White House [requesting the takedown](https://nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) of a provocative YouTube video, or overt, such as the Chinese government requiring companies to adhere to a strict regime of censorship. -People concerned with the threat of censorship can use technologies like [Tor](../advanced/tor-overview.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../social-networks.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily. +People concerned with the threat of censorship can use technologies like [Tor](../advanced/tor-overview.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../../tools/software/social-networks/_index.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily. -
-

Tip

+> [!TIP] +> While evading censorship itself can be easy, hiding the fact that you are doing it can be very problematic. +> +> You should consider which aspects of the network your adversary can observe, and whether you have plausible deniability for your actions. For example, using [encrypted DNS](../advanced/dns-overview.md#what-is-encrypted-dns) can help you bypass rudimentary, DNS-based censorship systems, but it can't truly hide what you are visiting from your ISP. A VPN or Tor can help hide what you are visiting from network administrators, but can't hide that you're using those networks in the first place. Pluggable transports (such as Obfs4proxy, Meek, or Shadowsocks) can help you evade firewalls that block common VPN protocols or Tor, but your circumvention attempts can still be detected by methods like probing or [deep packet inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection). -While evading censorship itself can be easy, hiding the fact that you are doing it can be very problematic. - -You should consider which aspects of the network your adversary can observe, and whether you have plausible deniability for your actions. For example, using [encrypted DNS](../advanced/dns-overview.md#what-is-encrypted-dns) can help you bypass rudimentary, DNS-based censorship systems, but it can't truly hide what you are visiting from your ISP. A VPN or Tor can help hide what you are visiting from network administrators, but can't hide that you're using those networks in the first place. Pluggable transports (such as Obfs4proxy, Meek, or Shadowsocks) can help you evade firewalls that block common VPN protocols or Tor, but your circumvention attempts can still be detected by methods like probing or [deep packet inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection). - -
You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. diff --git a/content/wiki/basics/email-security.md b/content/wiki/basics/email-security.md index af70e45b..f865bc38 100644 --- a/content/wiki/basics/email-security.md +++ b/content/wiki/basics/email-security.md @@ -11,9 +11,9 @@ As a result, email is best used for receiving transactional emails (like notific ## Email Encryption Overview -The standard way to add E2EE to emails between different email providers is by using OpenPGP. There are different implementations of the OpenPGP standard, the most common being [GnuPG](../encryption.md#gnu-privacy-guard) and [OpenPGP.js](https://openpgpjs.org). +The standard way to add E2EE to emails between different email providers is by using OpenPGP. There are different implementations of the OpenPGP standard, the most common being [GnuPG](../../tools/software/encryption/_index.md#gnu-privacy-guard) and [OpenPGP.js](https://openpgpjs.org). -Even if you use OpenPGP, it does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if the private key of either you or the message recipient is ever stolen, all previous messages encrypted with it will be exposed. This is why we recommend [instant messengers](../real-time-communication.md) which implement forward secrecy over email for person-to-person communications whenever possible. +Even if you use OpenPGP, it does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if the private key of either you or the message recipient is ever stolen, all previous messages encrypted with it will be exposed. This is why we recommend [instant messengers](../../tools/services/messengers/_index.md) which implement forward secrecy over email for person-to-person communications whenever possible. There is another standard which is popular with business called [S/MIME](https://en.wikipedia.org/wiki/S/MIME), however it requires a certificate issued from a [Certificate Authority](https://en.wikipedia.org/wiki/Certificate_authority) (not all of them issue S/MIME certificates, and often a yearly payment is required). In some cases it is more usable than PGP because it has support in popular/mainstream email applications like Apple Mail, [Google Workplace](https://support.google.com/a/topic/9061730), and [Outlook](https://support.office.com/article/encrypt-messages-by-using-s-mime-in-outlook-on-the-web-878c79fc-7088-4b39-966f-14512658f480). However, S/MIME does not solve the issue of lack of forward secrecy, and isn't particularly more secure than PGP. @@ -21,7 +21,7 @@ There is another standard which is popular with business called [S/MIME](https:/ The [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD) standard allows email clients to discover the OpenPGP key for other mailboxes, even those hosted on a different provider. Email clients which support WKD will ask the recipient's server for a key based on the email address' domain name. For example, if you emailed `jonah@privacyguides.org`, your email client would ask `privacyguides.org` for Jonah's OpenPGP key, and if `privacyguides.org` has a key for that account, your message would be automatically encrypted. -In addition to the [email clients we recommend](../email-clients.md) which support WKD, some webmail providers also support WKD. Whether *your own* key is published to WKD for others to use depends on your domain configuration. If you use an [email provider](../email.md#openpgp-compatible-services) which supports WKD, such as Proton Mail or Mailbox Mail, they can publish your OpenPGP key on their domain for you. +In addition to the [email clients we recommend](../../tools/software/email-clients/_index.md) which support WKD, some webmail providers also support WKD. Whether *your own* key is published to WKD for others to use depends on your domain configuration. If you use an [email provider](../../tools/services/email/_index.md#openpgp-compatible-services) which supports WKD, such as Proton Mail or Mailbox Mail, they can publish your OpenPGP key on their domain for you. If you use your own custom domain, you will need to configure WKD separately. If you control your domain name, you can set up WKD regardless of your email provider. One easy way to do this is to use the "[WKD as a Service](https://keys.openpgp.org/about/usage#wkd-as-a-service)" feature from the `keys.openpgp.org` server: Set a CNAME record on the `openpgpkey` subdomain of your domain pointed to `wkd.keys.openpgp.org`, then upload your key to [keys.openpgp.org](https://keys.openpgp.org). Alternatively, you can [self-host WKD on your own web server](https://wiki.gnupg.org/WKDHosting). @@ -29,11 +29,11 @@ If you use a shared domain from a provider which doesn't support WKD, like `@gma ### What Email Clients Support E2EE? -Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to decreased security if either the provider or the email client does not support [OAuth](account-creation.md#sign-in-with-oauth) or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication. +Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../../tools/software/email-clients/_index.md). Depending on the authentication method, this may lead to decreased security if either the provider or the email client does not support [OAuth](account-creation.md#sign-in-with-oauth) or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication. ### How Do I Protect My Private Keys? -A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device. +A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../../tools/hardware/security-keys/_index.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device. It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device. diff --git a/content/wiki/basics/hardware.md b/content/wiki/basics/hardware.md index 6200c24c..1fe09121 100644 --- a/content/wiki/basics/hardware.md +++ b/content/wiki/basics/hardware.md @@ -16,7 +16,7 @@ Some devices will have a "hardware security program", which is a collaboration b - [Windows Secured-core PCs](https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-highly-secure-11) meet a higher security criteria specified by Microsoft. These protections aren't only applicable to Windows users; Users of other operating systems can still take advantage of features like [DMA protection](https://learn.microsoft.com/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) and the ability to completely distrust Microsoft certificates. - [Android Ready SE](https://developers.google.com/android/security/android-ready-se) is a collaboration between vendors to ensure their devices follow [best practices](https://source.android.com/docs/security/best-practices/hardware) and include tamper resistant hardware backed storage for things like encryption keys. -- macOS running on an Apple SoC takes advantage of [hardware security](../os/macos-overview.md#hardware-security) which may not be available with third party operating systems. +- macOS running on an Apple SoC takes advantage of [hardware security](../os/macos/_index.md#hardware-security) which may not be available with third party operating systems. - [ChromeOS security](https://chromium.org/chromium-os/developer-library/reference/security/security-whitepaper) is at its best when running on a Chromebook as it is able to make use of available hardware features such as the [hardware root-of-trust](https://chromium.org/chromium-os/developer-library/reference/security/security-whitepaper/#hardware-root-of-trust-and-verified-boot). Even if you don't use these operating systems, participation in these programs may indicate that the manufacturer is following best practices when it comes to hardware security and updates. @@ -37,12 +37,9 @@ If you build your own PC, you may need to manually update your motherboard's fir Most computers and phones come equipped with a TPM (or a similar secure cryptoprocessor) which safely stores your encryption keys and handles other security-related functions. If you're currently using a machine that doesn't have one of these, you might benefit from purchasing a newer computer that has this feature. Some desktop and server motherboards have a "TPM header" which can accept a small accessory board containing the TPM. -
-

Note

+> [!NOTE] +> Virtual TPMs are susceptible to side-channel attacks and external TPMs, as a result of being separate from the CPU on the motherboard, are vulnerable to [sniffing](https://pulsesecurity.co.nz/articles/TPM-sniffing) when an attacker has access to the hardware. The solution to this problem is to include the secure processor inside the CPU itself, which is the case for Apple's chips and Microsoft's [Pluton](https://microsoft.com/en-us/security/blog/2020/11/17/meet-the-microsoft-pluton-processor-the-security-chip-designed-for-the-future-of-windows-pcs). -Virtual TPMs are susceptible to side-channel attacks and external TPMs, as a result of being separate from the CPU on the motherboard, are vulnerable to [sniffing](https://pulsesecurity.co.nz/articles/TPM-sniffing) when an attacker has access to the hardware. The solution to this problem is to include the secure processor inside the CPU itself, which is the case for Apple's chips and Microsoft's [Pluton](https://microsoft.com/en-us/security/blog/2020/11/17/meet-the-microsoft-pluton-processor-the-security-chip-designed-for-the-future-of-windows-pcs). - -
### Biometrics @@ -52,18 +49,15 @@ Biometrics can prevent someone from watching you type in your password, so if sh Most implementations of face authentication require you to be looking at your phone and also only work from a relatively close distance, so you don't need to worry too much about someone pointing your phone at your face to unlock it without your consent. You can still disable biometrics when your phone is locked if you want. On iOS, you can hold the side button and a volume button for 3 seconds to disable Face ID on models that support it. On Android, hold the power button and press Lockdown on the menu. -
-

Warning

+> [!WARNING] +> Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability. -Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability. - -
Android defines three [security classes](https://source.android.com/docs/security/features/biometric/measure#biometric-classes) for biometrics; you should check that your device is Class 3 before enabling biometrics. ### Device Encryption -If your device is [encrypted](../encryption.md), your data is most secure when your device is completely powered off (as opposed to merely asleep), i.e. before you've entered your encryption key or lock screen password for the first time. On phones, this state of higher security is referred to as "Before First Unlock" (BFU), and "After First Unlock" (AFU) once you enter the correct password after a reboot/power-on. AFU is considerably less secure against digital forensics toolkits and other exploits, compared to BFU. Therefore, if you are concerned about an attacker with physical access to your device, you should turn it off fully whenever you aren't using it. +If your device is [encrypted](../../tools/software/encryption/_index.md), your data is most secure when your device is completely powered off (as opposed to merely asleep), i.e. before you've entered your encryption key or lock screen password for the first time. On phones, this state of higher security is referred to as "Before First Unlock" (BFU), and "After First Unlock" (AFU) once you enter the correct password after a reboot/power-on. AFU is considerably less secure against digital forensics toolkits and other exploits, compared to BFU. Therefore, if you are concerned about an attacker with physical access to your device, you should turn it off fully whenever you aren't using it. This may be impractical, so consider whether it's worth it, but in either case even AFU mode is effective against most threats, given you are using a strong encryption key. @@ -75,18 +69,15 @@ Some threats can't be protected against by your internal components alone. Many Hardware keys are devices that use strong cryptography to authenticate you to a device or account. The idea is that because they can not be copied, you can use them to secure accounts in such a way that they can only be accessed with physical possession of the key, eliminating many remote attacks. -[Recommended Hardware Keys :material-arrow-right-drop-circle:](../security-keys.md){ .md-button .md-button--primary } [Learn More about Hardware Keys :material-arrow-right-drop-circle:](multi-factor-authentication.md#hardware-security-keys){ .md-button } +[Recommended Hardware Keys :material-arrow-right-drop-circle:](../../tools/hardware/security-keys/_index.md){ .md-button .md-button--primary } [Learn More about Hardware Keys :material-arrow-right-drop-circle:](multi-factor-authentication.md#hardware-security-keys){ .md-button } ### Camera/Microphone If you don't want to trust your OS's permission controls to prevent the camera from activating in the first place, you can buy camera blockers that physically prevent light from reaching the camera. You could also buy a device that doesn't have a built-in camera and use an external camera that you can unplug whenever you're done using it. Some devices come with built-in camera blockers or hardware switches that physically disconnect the camera from power. -
-

Warning

+> [!WARNING] +> You should only buy covers that fit your laptop and won't cause damage when you close the lid. Covering the camera will interfere with automatic brightness and face authentication features. -You should only buy covers that fit your laptop and won't cause damage when you close the lid. Covering the camera will interfere with automatic brightness and face authentication features. - -
For microphone access, in most cases you will need to trust your OS's built-in permission controls. Alternatively, buy a device that doesn't have a built-in microphone and use an external microphone that you can unplug when you're done using it. Some devices, like a [MacBook or an iPad](https://support.apple.com/guide/security/hardware-microphone-disconnect-secbbd20b00b/web), feature a hardware disconnect for the microphone when you close the lid. @@ -136,17 +127,14 @@ You may find it useful to go around your home and make a list of every connected Your router handles all your network traffic and acts as your first line of defense between you and the open internet. -
-

Note

+> [!NOTE] +> A lot of routers come with storage to put your files on so you can access them from any computer on your network. We recommend you don't use networking devices for things other than networking. In the event your router was compromised, your files would also be compromised. -A lot of routers come with storage to put your files on so you can access them from any computer on your network. We recommend you don't use networking devices for things other than networking. In the event your router was compromised, your files would also be compromised. - -
The most important thing to think about with routers is keeping them up-to-date. Many modern routers will automatically install updates, but many others won't. You should check on your router's settings page for this option. That page can usually be accessed by typing `192.168.1.1` or `192.168.0.1` into the URL bar of any browser assuming you're on the same network. You can also check in the network settings of your OS for "router" or "gateway". If your router does not support automatic updates, you will need to go to the manufacturer's site to download the updates and apply them manually. -Many consumer-grade routers aren't supported for very long. If your router isn't supported by the manufacturer anymore, you can check if it's supported by [FOSS firmware](../router.md). You can also buy routers that come with FOSS firmware installed by default; these tend to be supported longer than most routers. +Many consumer-grade routers aren't supported for very long. If your router isn't supported by the manufacturer anymore, you can check if it's supported by [FOSS firmware](../../tools/os/router-firmware/_index.md). You can also buy routers that come with FOSS firmware installed by default; these tend to be supported longer than most routers. Some ISPs provide a combined router/modem. It can be beneficial for security to purchase a separate router and set your ISP router/modem into modem-only mode. This way, even when your ISP-provided router is no longer getting updates, you can still get security updates and patches. It also means any problems that affect your modem won't affect your router and vice versa. diff --git a/content/wiki/basics/multi-factor-authentication.md b/content/wiki/basics/multi-factor-authentication/_index.md similarity index 94% rename from content/wiki/basics/multi-factor-authentication.md rename to content/wiki/basics/multi-factor-authentication/_index.md index 1acbe6ca..0b8f8899 100644 --- a/content/wiki/basics/multi-factor-authentication.md +++ b/content/wiki/basics/multi-factor-authentication/_index.md @@ -35,7 +35,7 @@ Unlike [WebAuthn](#fido-fast-identity-online), TOTP offers no protection against An adversary could set up a website to imitate an official service in an attempt to trick you into giving out your username, password and current TOTP code. If the adversary then uses those recorded credentials they may be able to log into the real service and hijack the account. -Although not perfect, TOTP is secure enough for most people, and when [hardware security keys](../security-keys.md) are not supported [authenticator apps](../multi-factor-authentication.md) are still a good option. +Although not perfect, TOTP is secure enough for most people, and when [hardware security keys](../../tools/hardware/security-keys/_index.md) are not supported [authenticator apps](../../tools/software/multi-factor-authentication/_index.md) are still a good option. ### Hardware security keys @@ -52,7 +52,7 @@ When logging into a website, all you need to do is to physically touch the secur The service will then forward the one-time password to the Yubico OTP server for validation. A counter is incremented both on the key and Yubico's validation server. The OTP can only be used once, and when a successful authentication occurs, the counter is increased which prevents reuse of the OTP. Yubico provides a [detailed document](https://developers.yubico.com/OTP/OTPs_Explained.html) about the process.
- ![Yubico OTP](../assets/img/multi-factor-authentication/yubico-otp.png) + ![Yubico OTP](/assets/img/multi-factor-authentication/yubico-otp.png)
There are some benefits and disadvantages to using Yubico OTP when compared to TOTP. @@ -70,7 +70,7 @@ U2F and FIDO2 refer to the [Client to Authenticator Protocol](https://en.wikiped WebAuthn is the most secure and private form of second factor authentication. While the authentication experience is similar to Yubico OTP, the key does not print out a one-time password and validate with a third-party server. Instead, it uses [public key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) for authentication.
- ![FIDO](../assets/img/multi-factor-authentication/fido.png) + ![FIDO](/assets/img/multi-factor-authentication/fido.png)
When you create an account, the public key is sent to the service, then when you log in, the service will require you to "sign" some data with your private key. The benefit of this is that no password data is ever stored by the service, so there is nothing for an adversary to steal. @@ -99,7 +99,7 @@ When configuring your MFA method, keep in mind that it is only as secure as your You should always have backups for your MFA method. Hardware security keys can get lost, stolen or simply stop working over time. It is recommended that you have a pair of hardware security keys with the same access to your accounts instead of just one. -When using TOTP with an authenticator app, be sure to back up your recovery keys or the app itself, or copy the "shared secrets" to another instance of the app on a different phone or to an encrypted container (e.g. [VeraCrypt](../encryption.md#veracrypt-disk)). +When using TOTP with an authenticator app, be sure to back up your recovery keys or the app itself, or copy the "shared secrets" to another instance of the app on a different phone or to an encrypted container (e.g. [VeraCrypt](../../tools/software/encryption/_index.md#veracrypt-disk)). ### Initial Set Up @@ -111,7 +111,7 @@ If you have to use email for MFA, make sure that the email account itself is sec If you use SMS MFA, use a carrier who will not switch your phone number to a new SIM card without account access, or use a dedicated VoIP number from a provider with similar security to avoid a [SIM swap attack](https://en.wikipedia.org/wiki/SIM_swap_scam). -[MFA tools we recommend](../multi-factor-authentication.md){ .md-button } +[MFA tools we recommend](../../tools/software/multi-factor-authentication/_index.md){ .md-button } ## More Places to Set Up MFA @@ -133,12 +133,9 @@ The command will prevent an adversary from bypassing MFA when the computer boots ### Linux -
-

Warning

+> [!WARNING] +> If the hostname of your system changes (such as due to DHCP), you would be unable to login. It is vital that you set up a proper hostname for your computer before following this guide. -If the hostname of your system changes (such as due to DHCP), you would be unable to login. It is vital that you set up a proper hostname for your computer before following this guide. - -
The `pam_u2f` module on Linux can provide two-factor authentication for logging in on most popular Linux distributions. If you have a hardware security key that supports U2F, you can set up MFA authentication for your login. Yubico has a guide [Ubuntu Linux Login Guide - U2F](https://support.yubico.com/hc/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F) which should work on any distribution. The package manager commands—such as `apt-get`—and package names may however differ. This guide does **not** apply to Qubes OS. diff --git a/content/assets/img/multi-factor-authentication/fido.png b/content/wiki/basics/multi-factor-authentication/fido.png similarity index 100% rename from content/assets/img/multi-factor-authentication/fido.png rename to content/wiki/basics/multi-factor-authentication/fido.png diff --git a/content/assets/img/multi-factor-authentication/yubico-otp.png b/content/wiki/basics/multi-factor-authentication/yubico-otp.png similarity index 100% rename from content/assets/img/multi-factor-authentication/yubico-otp.png rename to content/wiki/basics/multi-factor-authentication/yubico-otp.png diff --git a/content/wiki/basics/passwords-overview.md b/content/wiki/basics/passwords-overview.md index 7f52c308..f81bb160 100644 --- a/content/wiki/basics/passwords-overview.md +++ b/content/wiki/basics/passwords-overview.md @@ -16,9 +16,9 @@ This is called [credential stuffing](https://en.wikipedia.org/wiki/Credential_st ### Use randomly generated passwords -==You should **never** rely on yourself to come up with a good password.== We recommend using [randomly generated passwords](#passwords) or [diceware passphrases](#diceware-passphrases) with sufficient entropy to protect your accounts and devices. +You should **never** rely on yourself to come up with a good password. We recommend using [randomly generated passwords](#passwords) or [diceware passphrases](#diceware-passphrases) with sufficient entropy to protect your accounts and devices. -All of our [recommended password managers](../passwords.md) include a built-in password generator that you can use. +All of our [recommended password managers](../../tools/software/passwords/_index.md) include a built-in password generator that you can use. ### Rotating Passwords @@ -26,10 +26,11 @@ You should avoid changing passwords that you have to remember (such as your pass When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage. +

Checking for data breaches

-If your password manager lets you check for compromised passwords, make sure to do so and promptly change any password that may have been exposed in a data breach. Alternatively, you could follow [Have I Been Pwned's Latest Breaches feed](https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches) with the help of a [news aggregator](../news-aggregators.md). +If your password manager lets you check for compromised passwords, make sure to do so and promptly change any password that may have been exposed in a data breach. Alternatively, you could follow [Have I Been Pwned's Latest Breaches feed](https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches) with the help of a [news aggregator](../../tools/software/news-aggregators/_index.md).
@@ -51,12 +52,9 @@ An example of a diceware passphrase is `viewable fastness reluctant squishy seve To generate a diceware passphrase using real dice, follow these steps: -
-

Note

+> [!NOTE] +> These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy. -These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy. - -
1. Roll a six-sided die five times, noting down the number after each roll. @@ -66,6 +64,7 @@ These instructions assume that you are using [EFF's large word list](https://eff 4. Repeat this process until your passphrase has as many words as you need, which you should separate with a space. +

Important

@@ -159,12 +158,13 @@ The best way to store your passwords is by using a password manager. They allow There are many good options to choose from, both cloud-based and local. Choose one of our recommended password managers and use it to establish strong passwords across all of your accounts. We recommend securing your password manager with a [diceware passphrase](#diceware-passphrases) comprised of at least seven words. -[List of recommended password managers](../passwords.md){ .md-button } +[List of recommended password managers](../../tools/software/passwords/_index.md){ .md-button } +

Don't place your passwords and TOTP tokens inside the same password manager

-When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md). +When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../../tools/software/multi-factor-authentication/_index.md). Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager. @@ -174,4 +174,4 @@ Furthermore, we do not recommend storing single-use recovery codes in your passw ### Backups -You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. +You should store an [encrypted](../../tools/software/encryption/_index.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. diff --git a/content/wiki/basics/threat-modeling.md b/content/wiki/basics/threat-modeling.md index 952f8547..25b3b531 100644 --- a/content/wiki/basics/threat-modeling.md +++ b/content/wiki/basics/threat-modeling.md @@ -7,11 +7,11 @@ description: Balancing security, privacy, and usability is one of the first and Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! -If you wanted to use the **most** secure tools available, you'd have to sacrifice *a lot* of usability. And, even then, ==nothing is ever fully secure.== There's **high** security, but never **full** security. That's why threat models are important. +If you wanted to use the **most** secure tools available, you'd have to sacrifice *a lot* of usability. And, even then, nothing is ever fully secure. There's **high** security, but never **full** security. That's why threat models are important. **So, what are these threat models, anyway?** -==A threat model is a list of the most probable threats to your security and privacy endeavors.== Since it's impossible to protect yourself against **every** attack(er), you should focus on the **most probable** threats. In computer security, a threat is an event that could undermine your efforts to stay private and secure. +A threat model is a list of the most probable threats to your security and privacy endeavors. Since it's impossible to protect yourself against **every** attack(er), you should focus on the **most probable** threats. In computer security, a threat is an event that could undermine your efforts to stay private and secure. Focusing on the threats that matter to you narrows down your thinking about the protection you need, so you can choose the tools that are right for the job. @@ -27,13 +27,13 @@ To identify what could happen to the things you value and determine from whom yo ### What do I want to protect? -An “asset” is something you value and want to protect. In the context of digital security, ==an asset is usually some kind of information.== For example, your emails, contact lists, instant messages, location, and files are all possible assets. Your devices themselves may also be assets. +An “asset” is something you value and want to protect. In the context of digital security, an asset is usually some kind of information. For example, your emails, contact lists, instant messages, location, and files are all possible assets. Your devices themselves may also be assets. *Make a list of your assets: data that you keep, where it's kept, who has access to it, and what stops others from accessing it.* ### Who do I want to protect it from? -To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary”.== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network. +To answer this question, it's important to identify who might want to target you or your information. A person or entity that poses a threat to your assets is an “adversary”. Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network. *Make a list of your adversaries or those who might want to get hold of your assets. Your list may include individuals, a government agency, or corporations.* @@ -41,7 +41,7 @@ Depending on who your adversaries are, this list might be something you want to ### How likely is it that I will need to protect it? -==Risk is the likelihood that a particular threat against a particular asset will actually occur.== It goes hand-in-hand with capability. While your mobile phone provider has the capability to access all of your data, the risk of them posting your private data online to harm your reputation is low. +Risk is the likelihood that a particular threat against a particular asset will actually occur. It goes hand-in-hand with capability. While your mobile phone provider has the capability to access all of your data, the risk of them posting your private data online to harm your reputation is low. It is important to distinguish between what might happen and the probability it may happen. For instance, there is a threat that your building might collapse, but the risk of this happening is far greater in San Francisco (where earthquakes are common) than in Stockholm (where they are not). @@ -53,7 +53,7 @@ Assessing risks is both a personal and subjective process. Many people find cert There are many ways that an adversary could gain access to your data. For example, an adversary can read your private communications as they pass through the network, or they can delete or corrupt your data. -==The motives of adversaries differ widely, as do their tactics.== A government trying to prevent the spread of a video showing police violence may be content to simply delete or reduce the availability of that video. In contrast, a political opponent may wish to gain access to secret content and publish that content without you knowing. +The motives of adversaries differ widely, as do their tactics. A government trying to prevent the spread of a video showing police violence may be content to simply delete or reduce the availability of that video. In contrast, a political opponent may wish to gain access to secret content and publish that content without you knowing. Security planning involves understanding how bad the consequences could be if an adversary successfully gains access to one of your assets. To determine this, you should consider the capability of your adversary. For example, your mobile phone provider has access to all of your phone records. A hacker on an open Wi-Fi network can access your unencrypted communications. Your government might have stronger capabilities. @@ -61,7 +61,7 @@ Security planning involves understanding how bad the consequences could be if an ### How much trouble am I willing to go through to try to prevent potential consequences? -==There is no perfect option for security.== Not everyone has the same priorities, concerns, or access to resources. Your risk assessment will allow you to plan the right strategy for you, balancing convenience, cost, and privacy. +There is no perfect option for security. Not everyone has the same priorities, concerns, or access to resources. Your risk assessment will allow you to plan the right strategy for you, balancing convenience, cost, and privacy. For example, an attorney representing a client in a national security case may be willing to go to greater lengths to protect communications about that case, such as using encrypted email, than a mother who regularly emails her daughter funny cat videos. diff --git a/content/wiki/basics/vpn-overview.md b/content/wiki/basics/vpn-overview.md index 432bc6c6..bc66f21a 100644 --- a/content/wiki/basics/vpn-overview.md +++ b/content/wiki/basics/vpn-overview.md @@ -13,12 +13,9 @@ Normally, an ISP can see the flow of internet traffic entering and exiting your Using a VPN hides even this information from your ISP, by shifting the trust you place in your network to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing through it. -
-

Note

+> [!NOTE] +> When we refer to "Virtual Private Networks" on this website, we are usually referring to **commercial** [VPN providers](../../tools/services/vpn/_index.md), who you pay a monthly fee to in exchange for routing your internet traffic securely through their public servers. There are many other forms of VPN, such as ones you host yourself or ones operated by workplaces which allow you to securely connect to internal/employee network resources, however, these VPNs are usually designed for accessing remote networks securely, rather than protecting the privacy of your internet connection. -When we refer to "Virtual Private Networks" on this website, we are usually referring to **commercial** [VPN providers](../vpn.md), who you pay a monthly fee to in exchange for routing your internet traffic securely through their public servers. There are many other forms of VPN, such as ones you host yourself or ones operated by workplaces which allow you to securely connect to internal/employee network resources, however, these VPNs are usually designed for accessing remote networks securely, rather than protecting the privacy of your internet connection. - -
## How does a VPN work? @@ -73,15 +70,15 @@ You should not use that feature: The primary advantage of using Tor is that you Currently, Tor only supports the TCP protocol. UDP (used by [WebRTC](https://en.wikipedia.org/wiki/WebRTC), [HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3), and other protocols), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol), and other packets will be dropped. To compensate for this, VPN providers typically will route all non-TCP packets through their VPN server (your first hop). This is the case with [ProtonVPN](https://protonvpn.com/support/tor-vpn). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit). -The feature should be viewed as a *convenient* way to access hidden services on Tor, not to stay anonymous. For proper anonymity, use the actual [Tor Browser](../tor.md). +The feature should be viewed as a *convenient* way to access hidden services on Tor, not to stay anonymous. For proper anonymity, use the actual [Tor Browser](../../tools/software/tor/_index.md). ## Commercial VPN Ownership Most VPN services are owned by the same [few companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies). These shady companies run lots of smaller VPN services to create the illusion that you have more choice than you actually do and to maximize profit. Typically, these providers that feed into their shell company have terrible privacy policies and shouldn't be trusted with your internet traffic. You should be very strict about which provider you decide to use. -You should also be wary that many VPN review sites are merely advertising vehicles open to the highest bidder. ==Privacy Guides does not make money from recommending external products, and never uses affiliate programs.== +You should also be wary that many VPN review sites are merely advertising vehicles open to the highest bidder. Privacy Guides does not make money from recommending external products, and never uses affiliate programs. -[Our VPN Recommendations](../vpn.md){ .md-button } +[Our VPN Recommendations](../../tools/services/vpn/_index.md){ .md-button } ## Modern VPN Alternatives diff --git a/content/wiki/basics/why-privacy-matters.md b/content/wiki/basics/why-privacy-matters.md index 860fd1a9..05ae2d1c 100644 --- a/content/wiki/basics/why-privacy-matters.md +++ b/content/wiki/basics/why-privacy-matters.md @@ -1,7 +1,6 @@ --- title: "Why Privacy Matters" weight: 10 -prev: ../_index.md description: In the modern age of digital data exploitation, your privacy has never been more critical, and yet many believe it is already a lost cause. It is not. --- In the modern age of digital data exploitation, your privacy has never been more critical, and yet many believe it is already a lost cause. It is not. Your privacy is up for grabs, and you need to care about it. Privacy is about power, and it is so important that this power ends up in the right hands. @@ -27,11 +26,11 @@ Many people get the concepts of **privacy**, **security**, and **anonymity** con **Anonymity** -: Anonymity is the ability to act without a persistent identifier. You might achieve this online with [Tor](../tor.md), which allows you to browse the internet with a random IP address and network connection instead of your own. +: Anonymity is the ability to act without a persistent identifier. You might achieve this online with [Tor](../../tools/software/tor/_index.md), which allows you to browse the internet with a random IP address and network connection instead of your own. : **Pseudonymity** is a similar concept, but it allows you to have a persistent identifier without it being tied to your real identity. If everybody knows you as `@GamerGuy12` online, but nobody knows your real name, that is your pseudonym. -All of these concepts overlap, but it is possible to have any combination of these. The sweet spot for most people is when all three of these concepts overlap. However, it's trickier to achieve than many initially believe. Sometimes, you have to compromise on some of these, and that's okay too. This is where **threat modeling** comes into play, allowing you to make informed decisions about the [software and services](../tools.md) you use. +All of these concepts overlap, but it is possible to have any combination of these. The sweet spot for most people is when all three of these concepts overlap. However, it's trickier to achieve than many initially believe. Sometimes, you have to compromise on some of these, and that's okay too. This is where **threat modeling** comes into play, allowing you to make informed decisions about the [software and services](../../tools/_index.md) you use. [:material-book-outline: Learn More About Threat Modeling](threat-modeling.md){ .md-button } @@ -39,7 +38,7 @@ All of these concepts overlap, but it is possible to have any combination of the A common counter-argument to pro-privacy movements is the notion that one doesn't need privacy if they have **"nothing to hide."** This is a dangerous misconception, because it creates a sense that people who demand privacy must be deviant, criminal, or wrong. -==You shouldn't confuse privacy with secrecy.== We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. There are always certain facts about us—say, personal health information, or sexual behavior—that we wouldn't want the whole world to know, and that's okay. The need for privacy is legitimate, and that's what makes us human. Privacy is about empowering your rights over your own information, not about hiding secrets. +You shouldn't confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. There are always certain facts about us—say, personal health information, or sexual behavior—that we wouldn't want the whole world to know, and that's okay. The need for privacy is legitimate, and that's what makes us human. Privacy is about empowering your rights over your own information, not about hiding secrets. ## Is Privacy About Control? @@ -47,9 +46,9 @@ A common definition of privacy is that it is the ability to *control* who has ac Take cookie consent forms, for example. You may encounter these dozens of times per day on the various websites you visit, with a nice array of checkboxes and sliders which allow you to "curate" your preferences to exactly fit your needs. In the end, we just hit the "I Agree" button, because we just want to read the article or make a purchase. Nobody wants to complete a personal privacy audit on every single website they visit. This is an exercise in [choice architecture](https://en.wikipedia.org/wiki/Choice_architecture), designed to make you take the easy route out instead of delving into a maze of configuration options that don't need to exist in the first place. -==Control over your privacy inside most apps is an illusion.== It's a shiny dashboard with all sorts of choices you can make about your data, but rarely the choices you're looking for, like "only use my data to help me." This type of control is meant to make you feel guilty about your choices, that you "had the choice" to make the apps you use more private, and you chose not to. +Control over your privacy inside most apps is an illusion. It's a shiny dashboard with all sorts of choices you can make about your data, but rarely the choices you're looking for, like "only use my data to help me." This type of control is meant to make you feel guilty about your choices, that you "had the choice" to make the apps you use more private, and you chose not to. -Privacy is something we need to have baked into the [software and services](../tools.md) we use by default, you can't bend most apps into being private on your own. +Privacy is something we need to have baked into the [software and services](../../tools/_index.md) we use by default, you can't bend most apps into being private on your own. [:material-movie-open-play-outline: Video: 5 Steps to Improve Your Privacy](https://www.privacyguides.org/videos/2025/02/14/5-easy-steps-to-protect-yourself-online){ class="md-button" } diff --git a/content/wiki/os/_index.md b/content/wiki/os/_index.md index 76d7e521..b5852718 100644 --- a/content/wiki/os/_index.md +++ b/content/wiki/os/_index.md @@ -2,7 +2,7 @@ title: Operating Systems description: An overview of our operating system-related recommendations for all major computing hardware. --- -We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use privacy tools like our [recommended web browsers](../desktop-browsers.md) in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices. +We publish configuration guides for the major operating systems, because you can generally improve the amount of data that is collected about you on any option, especially if you use privacy tools like our [recommended web browsers](../../tools/software/desktop-browsers/_index.md) in place of native tools where appropriate. However, some operating systems will be more privacy-respecting inherently, and it will be much harder to achieve an equivalent level of privacy on other choices. > [!TIP] > You may also wish to explore our [recommended linux distros](../../tools/os/desktop/_index.md) and [recommended Android distros](../../tools/os/android/distributions/_index.md). diff --git a/content/wiki/os/android/_index.md b/content/wiki/os/android/_index.md index 402dc84c..2cb0b624 100644 --- a/content/wiki/os/android/_index.md +++ b/content/wiki/os/android/_index.md @@ -4,7 +4,7 @@ icon: simple/android description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. robots: nofollow, max-snippet:-1, max-image-preview:large --- -![Android logo](../assets/img/android/android.svg){ align=right } +![Android logo](/assets/img/android/android.svg){ align=right } The **Android Open Source Project** is a secure mobile operating system featuring strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -12,11 +12,11 @@ The **Android Open Source Project** is a secure mobile operating system featurin [:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation} [:octicons-code-16:](https://cs.android.com/android/platform/superproject/main){ .card-link title="Source Code" } -[Our Android Advice :material-arrow-right-drop-circle:](../android/index.md){ .md-button .md-button--primary } +[Our Android Advice :material-arrow-right-drop-circle:](../../../tools/os/android/_index.md){ .md-button .md-button--primary } ## Security Protections -Key components of the Android security model include [verified boot](#verified-boot), [firmware updates](#firmware-updates), and a robust [permission system](#android-permissions). These important security features form the baseline of the minimum criteria for our [mobile phone](../mobile-phones.md) and [custom Android OS](../android/distributions.md) recommendations. +Key components of the Android security model include [verified boot](#verified-boot), [firmware updates](#firmware-updates), and a robust [permission system](#android-permissions). These important security features form the baseline of the minimum criteria for our [mobile phone](../../../tools/hardware/mobile-phones/_index.md) and [custom Android OS](../../../tools/os/android/distributions/_index.md) recommendations. ### Verified Boot @@ -44,7 +44,7 @@ Fairphone, for example, markets their Fairphone 4 device as receiving 6 years of [**Permissions on Android**](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a [Google Pixel](../mobile-phones.md#google-pixel). +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a [Google Pixel](../../../tools/hardware/mobile-phones/_index.md#google-pixel). Android 10: @@ -73,19 +73,13 @@ An app may request a permission for a specific feature it has. For example, any [Exodus](https://exodus-privacy.eu.org) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. -
-

Warning

+> [!WARNING] +> If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. -If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. -
+> [!NOTE] +> Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics. -
-

Note

- -Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics. - -
## Privacy Features @@ -99,7 +93,7 @@ With user profiles, you can impose restrictions on a specific profile, such as: [**Work Profiles**](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles. -A **device controller** app such as [Shelter](../android/general-apps.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one. +A **device controller** app such as [Shelter](../../../tools/os/android/general-apps/_index.md#shelter) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one. The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside the work profile. @@ -127,11 +121,11 @@ If you are using a device with Google services—whether with the stock operatin ### Advanced Protection Program -If you have a Google account we suggest enrolling in the [Advanced Protection Program](https://landing.google.com/advancedprotection). It is available at no cost to anyone with two or more hardware security keys with [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) support. Alternatively, you can use [passkeys](https://fidoalliance.org/passkeys). +If you have a Google account we suggest enrolling in the [Advanced Protection Program](https://landing.google.com/advancedprotection). It is available at no cost to anyone with two or more hardware security keys with [FIDO](../../basics/multi-factor-authentication.md#fido-fast-identity-online) support. Alternatively, you can use [passkeys](https://fidoalliance.org/passkeys). The Advanced Protection Program provides enhanced threat monitoring and enables: -- Stricter two-factor authentication; e.g. that [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) **must** be used and disallows the use of [SMS OTPs](../basics/multi-factor-authentication.md#sms-or-email-mfa), [TOTP](../basics/multi-factor-authentication.md#time-based-one-time-password-totp) and [OAuth](../basics/account-creation.md#sign-in-with-oauth) +- Stricter two-factor authentication; e.g. that [FIDO](../../basics/multi-factor-authentication.md#fido-fast-identity-online) **must** be used and disallows the use of [SMS OTPs](../../basics/multi-factor-authentication.md#sms-or-email-mfa), [TOTP](../../basics/multi-factor-authentication.md#time-based-one-time-password-totp) and [OAuth](../../basics/account-creation.md#sign-in-with-oauth) - Only Google and verified third-party apps can access account data - Scanning of incoming emails on Gmail accounts for [phishing](https://en.wikipedia.org/wiki/Phishing#Email_phishing) attempts - Stricter [safe browser scanning](https://google.com/chrome/privacy/whitepaper.html#malware) with Google Chrome diff --git a/content/wiki/os/ios/_index.md b/content/wiki/os/ios/_index.md index 1a62d88a..0f70d01a 100644 --- a/content/wiki/os/ios/_index.md +++ b/content/wiki/os/ios/_index.md @@ -9,7 +9,7 @@ description: iOS is a mobile operating system developed by Apple for the iPhone. iOS devices are frequently praised by security experts for their robust data protection and adherence to modern best practices. However, the restrictiveness of Apple's ecosystem—particularly with their mobile devices—does still hamper privacy in a number of ways. -We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../android/distributions.md) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services. +We generally consider iOS to provide better than average privacy and security protections for most people, compared to stock Android devices from any manufacturer. However, you can achieve even higher standards of privacy with a [custom Android operating system](../../../tools/os/android/distributions/_index.md) like GrapheneOS, if you want or need to be completely independent of Apple or Google's cloud services. ### Activation Lock @@ -41,13 +41,13 @@ The majority of privacy and security concerns with Apple products are related to Therefore, if you do use iCloud you should [enable **Advanced Data Protection**](https://support.apple.com/HT212520). This encrypts nearly all of your iCloud data with keys stored on your devices (end-to-end encryption), rather than Apple's servers, so that your iCloud data is secured in the event of a data breach, and otherwise hidden from Apple. -The encryption used by Advanced Data Protection, while strong, [is not *quite* as robust](https://discuss.privacyguides.net/t/apple-advances-user-security-with-powerful-new-data-protections/10778/4) as the encryption offered by other [cloud services](../cloud.md), particularly when it comes to iCloud Drive. While we strongly encourage using Advanced Data Protection if you use iCloud, we would also suggest considering finding an alternative to iCloud from a more [privacy-focused service provider](../tools.md), although it is unlikely most people would be impacted by these encryption quirks. +The encryption used by Advanced Data Protection, while strong, [is not *quite* as robust](https://discuss.privacyguides.net/t/apple-advances-user-security-with-powerful-new-data-protections/10778/4) as the encryption offered by other [cloud services](../../../tools/services/cloud/_index.md), particularly when it comes to iCloud Drive. While we strongly encourage using Advanced Data Protection if you use iCloud, we would also suggest considering finding an alternative to iCloud from a more [privacy-focused service provider](../../../tools/_index.md), although it is unlikely most people would be impacted by these encryption quirks. You can also protect your data by limiting what you sync to iCloud in the first place. At the top of the **Settings** app, you'll see your name and profile picture if you are signed in to iCloud. Select that, then **iCloud**, and turn off the switches for any services you don't want to sync to iCloud. You may see third-party apps listed under **Show All** if they sync to iCloud, which you can disable here. #### iCloud+ -A paid **iCloud+** subscription (with any iCloud storage plan) comes with some privacy-protecting functionality. While these may provide adequate service for current iCloud customers, we wouldn't recommend purchasing an iCloud+ plan over a [VPN](../vpn.md) and [standalone email aliasing service](../email-aliasing.md) just for these features alone. +A paid **iCloud+** subscription (with any iCloud storage plan) comes with some privacy-protecting functionality. While these may provide adequate service for current iCloud customers, we wouldn't recommend purchasing an iCloud+ plan over a [VPN](../../../tools/services/vpn/_index.md) and [standalone email aliasing service](../../../tools/services/email-aliasing/_index.md) just for these features alone. [**Private Relay**](https://apple.com/legal/privacy/data/en/icloud-relay) is a proxy service which relays all of your Safari traffic, your DNS queries, and unencrypted traffic on your device through two servers: one owned by Apple and one owned by a third-party provider (including Akamai, Cloudflare, and Fastly). In theory this should prevent any single provider in the chain—including Apple—from having full visibility into which websites you visit while connected. Unlike a VPN, Private Relay does not protect traffic that's already encrypted. @@ -136,7 +136,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security. -Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md). +Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../../basics/passwords-overview.md). If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your phone will use the password you set up earlier as a fallback in case your biometric verification fails. Biometric unlock methods are primarily a convenience, although they do stop surveillance cameras or people over your shoulder from watching you input your passcode. @@ -154,12 +154,9 @@ After enabling Stolen Device Protection, [certain actions](https://support.apple iPhones are already resistant to brute-force attacks by making you wait long periods of time after multiple failed attempts; however, there have historically been exploits to get around this. To be extra safe, you can set your phone to wipe itself after 10 failed passcode attempts. -
-

Warning

+> [!WARNING] +> With this setting enabled, someone could intentionally wipe your phone by entering the wrong password many times. Make sure you have proper backups and only enable this setting if you feel comfortable with it. -With this setting enabled, someone could intentionally wipe your phone by entering the wrong password many times. Make sure you have proper backups and only enable this setting if you feel comfortable with it. - -
- [x] Turn on **Erase Data** @@ -209,7 +206,7 @@ Set wired accessories to ask for permission when you connect them. Select **Wire ### E2EE Calls -Normal phone calls made with the Phone app through your carrier are not E2EE. Both FaceTime Video and FaceTime Audio calls are E2EE. Alternatively, you can use [another app](../real-time-communication.md) like Signal for E2EE calls. +Normal phone calls made with the Phone app through your carrier are not E2EE. Both FaceTime Video and FaceTime Audio calls are E2EE. Alternatively, you can use [another app](../../../tools/services/messengers/_index.md) like Signal for E2EE calls. ### Encrypted iMessage @@ -229,19 +226,19 @@ When an app prompts you for access to your device's photo library, iOS provides Rather than allow an app to access all the photos on your device, you can allow it to only access whichever photos you choose by tapping the "Select Photos..." option in the permission dialog. You can change photo access permissions at any time by navigating to **Settings** → **Privacy & Security** → **Photos**. -![Photo Permissions](../assets/img/ios/photo-permissions-light.png#only-light) ![Photo Permissions](../assets/img/ios/photo-permissions-dark.png#only-dark) +![Photo Permissions](/assets/img/ios/photo-permissions-light.png#only-light) ![Photo Permissions](/assets/img/ios/photo-permissions-dark.png#only-dark) **Add Photos Only** is a permission that only gives an app the ability to download photos to the photo library. Not all apps which request photo library access provide this option. -![Private Access](../assets/img/ios/private-access-light.png#only-light) ![Private Access](../assets/img/ios/private-access-dark.png#only-dark) +![Private Access](/assets/img/ios/private-access-light.png#only-light) ![Private Access](/assets/img/ios/private-access-dark.png#only-dark) -Some apps also support **Private Access**, which functions similarly to the **Limited Access** permission. However, photos shared to apps using Private Access include their location by default. We recommend unchecking this setting if you do not [remove photo metadata](../data-redaction.md) beforehand. +Some apps also support **Private Access**, which functions similarly to the **Limited Access** permission. However, photos shared to apps using Private Access include their location by default. We recommend unchecking this setting if you do not [remove photo metadata](../../../tools/software/data-redaction/_index.md) beforehand. ### Contact Permissions Similarly, rather than allow an app to access all the contacts saved on your device, you can allow it to only access whichever contacts you choose. You can change contact access permissions at any time by navigating to **Settings** → **Privacy & Security** → **Contacts**. -![Contact Permissions](../assets/img/ios/contact-permissions-light.png#only-light) ![Contact Permissions](../assets/img/ios/contact-permissions-dark.png#only-dark) +![Contact Permissions](/assets/img/ios/contact-permissions-light.png#only-light) ![Contact Permissions](/assets/img/ios/contact-permissions-dark.png#only-dark) ### Require Biometrics and Hide Apps @@ -255,12 +252,9 @@ You can hide an app by long-pressing on it and selecting **Require Face ID/Touch Sometimes you might want to hand your phone to someone to make a call or do a specific task, but you don't want them to have full access to your phone. In these cases, you can quickly enable **[Guided Access](https://support.apple.com/guide/iphone/lock-iphone-to-one-app-iph7fad0d10/ios)** to lock the phone to one specific app until you authenticate. -
-

Warning

+> [!WARNING] +> Guided Access isn't foolproof, as it's possible you could leak data unintentionally or the feature could be bypassed. You should only use Guided Access for situations where you casually hand your phone to someone to use. You should not use it as a tool to protect against advanced adversaries. -Guided Access isn't foolproof, as it's possible you could leak data unintentionally or the feature could be bypassed. You should only use Guided Access for situations where you casually hand your phone to someone to use. You should not use it as a tool to protect against advanced adversaries. - -
### Redacting Elements in Images @@ -273,7 +267,7 @@ You can use the [Clean Up](https://support.apple.com/en-us/121429) feature on su - Tap the button labeled **Clean Up** - Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else. -Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app. +Our warning [against blurring text](../../../tools/software/data-redaction/_index.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
@@ -300,7 +294,7 @@ Apple always makes beta versions of iOS available early for those that wish to h ### Before First Unlock -If your threat model includes [:material-target-account: Targeted Attacks](../basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } that involve forensic tools, and you want to minimize the chance of exploits being used to access your phone, you should restart your device frequently. The state *after* a reboot but *before* unlocking your device is referred to as "Before First Unlock" (BFU), and when your device is in that state it makes it [significantly more difficult](https://belkasoft.com/checkm8_glossary) for forensic tools to exploit vulnerabilities to access your data. This BFU state allows you to receive notifications for calls, texts, and alarms, but most of the data on your device is still encrypted and inaccessible. This can be impractical, so consider whether these trade-offs make sense for your situation. +If your threat model includes [:material-target-account: Targeted Attacks](../../basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } that involve forensic tools, and you want to minimize the chance of exploits being used to access your phone, you should restart your device frequently. The state *after* a reboot but *before* unlocking your device is referred to as "Before First Unlock" (BFU), and when your device is in that state it makes it [significantly more difficult](https://belkasoft.com/checkm8_glossary) for forensic tools to exploit vulnerabilities to access your data. This BFU state allows you to receive notifications for calls, texts, and alarms, but most of the data on your device is still encrypted and inaccessible. This can be impractical, so consider whether these trade-offs make sense for your situation. iPhones [automatically reboot](https://support.apple.com/guide/security/protecting-user-data-in-the-face-of-attack-secf5549a4f5/1/web/1#:~:text=On%20an%20iPhone%20or%20iPad%20with%20iOS%2018%20and%20iPadOS%2018%20or%20later%2C%20a%20new%20security%20protection%20will%20restart%20devices%20if%20they%20remain%20locked%20for%20a%20prolonged%20period%20of%20time.) if they're not unlocked after a period of time. diff --git a/content/assets/img/ios/contact-permissions-dark.png b/content/wiki/os/ios/contact-permissions-dark.png similarity index 100% rename from content/assets/img/ios/contact-permissions-dark.png rename to content/wiki/os/ios/contact-permissions-dark.png diff --git a/content/assets/img/ios/contact-permissions-light.png b/content/wiki/os/ios/contact-permissions-light.png similarity index 100% rename from content/assets/img/ios/contact-permissions-light.png rename to content/wiki/os/ios/contact-permissions-light.png diff --git a/content/assets/img/ios/photo-permissions-dark.png b/content/wiki/os/ios/photo-permissions-dark.png similarity index 100% rename from content/assets/img/ios/photo-permissions-dark.png rename to content/wiki/os/ios/photo-permissions-dark.png diff --git a/content/assets/img/ios/photo-permissions-light.png b/content/wiki/os/ios/photo-permissions-light.png similarity index 100% rename from content/assets/img/ios/photo-permissions-light.png rename to content/wiki/os/ios/photo-permissions-light.png diff --git a/content/assets/img/ios/private-access-dark.png b/content/wiki/os/ios/private-access-dark.png similarity index 100% rename from content/assets/img/ios/private-access-dark.png rename to content/wiki/os/ios/private-access-dark.png diff --git a/content/assets/img/ios/private-access-light.png b/content/wiki/os/ios/private-access-light.png similarity index 100% rename from content/assets/img/ios/private-access-light.png rename to content/wiki/os/ios/private-access-light.png diff --git a/content/wiki/os/linux/_index.md b/content/wiki/os/linux/_index.md index e0e09001..55df55b1 100644 --- a/content/wiki/os/linux/_index.md +++ b/content/wiki/os/linux/_index.md @@ -7,7 +7,7 @@ description: Linux is an open-source, privacy-focused desktop operating system a Our website generally uses the term “Linux” to describe **desktop** Linux distributions. Other operating systems which also use the Linux kernel such as ChromeOS, Android, and Qubes OS are not discussed on this page. -[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md){ .md-button } +[Our Linux Recommendations :material-arrow-right-drop-circle:](../../../tools/os/desktop/_index.md){ .md-button } ## Security Notes @@ -15,11 +15,11 @@ There are some notable security concerns with Linux which you should be aware of - Avoid telemetry that often comes with proprietary operating systems - Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms) -- Use privacy-focused systems such as [Whonix](../desktop.md#whonix) or [Tails](../desktop.md#tails) +- Use privacy-focused systems such as [Whonix](../../../tools/os/desktop/_index.md#whonix) or [Tails](../../../tools/os/desktop/_index.md#tails) ### Open-Source Security -It is a [common misconception](../basics/common-misconceptions.md#open-source-software-is-always-secure-or-proprietary-software-is-more-secure) that Linux and other open-source software are inherently secure simply because the source code is available. There is an expectation that community verification occurs regularly, but this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security). +It is a [common misconception](../../basics/common-misconceptions.md#open-source-software-is-always-secure-or-proprietary-software-is-more-secure) that Linux and other open-source software are inherently secure simply because the source code is available. There is an expectation that community verification occurs regularly, but this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security). In reality, distro security depends on a number of factors, such as project activity, developer experience, the level of rigor applied to code reviews, and how often attention is given to specific parts of the codebase that may go untouched for years. @@ -35,7 +35,7 @@ Additionally, Linux falls behind in implementing [exploit mitigations](https://m ## Choosing your distribution -Not all Linux distributions are created equal. Our [Linux recommendation page](../desktop.md) is not meant to be an authoritative source on which distribution you should use, but our recommendations *are* aligned with the following guidelines. These are a few things you should keep in mind when choosing a distribution: +Not all Linux distributions are created equal. Our [Linux recommendation page](../../../tools/os/desktop/_index.md) is not meant to be an authoritative source on which distribution you should use, but our recommendations *are* aligned with the following guidelines. These are a few things you should keep in mind when choosing a distribution: ### Release cycle @@ -53,7 +53,7 @@ Traditionally, Linux distributions update by sequentially updating the desired p Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system. -The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue: +The atomic update method can achieve reliability with this model and is used for [distributions](../../../tools/os/desktop/_index.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue: - [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/-hpV5l-gJnQ) (YouTube) @@ -67,7 +67,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations){ .pg-viridian }, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../../basics/common-threats.md#attacks-against-certain-organizations){ .pg-viridian }, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. @@ -92,7 +92,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett ### Drive Encryption -Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device: +Most Linux distributions have an option within its installer for enabling [LUKS](../../../tools/software/encryption/_index.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device: - [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure) @@ -155,7 +155,7 @@ MAC address randomization is primarily beneficial for Wi-Fi connections. For Eth ### Other Identifiers -There are other system identifiers which you may wish to be careful about. You should give this some thought to see if it applies to your [threat model](../basics/threat-modeling.md): +There are other system identifiers which you may wish to be careful about. You should give this some thought to see if it applies to your [threat model](../../basics/threat-modeling.md): - **Hostnames:** Your system's hostname is shared with the networks you connect to. You should avoid including identifying terms like your name or operating system in your hostname, instead sticking to generic terms or random strings. - **Usernames:** Similarly, your username is used in a variety of ways across your system. Consider using generic terms like "user" rather than your actual name. diff --git a/content/assets/img/linux/screenshot_permission.png b/content/wiki/os/linux/screenshot_permission.png similarity index 100% rename from content/assets/img/linux/screenshot_permission.png rename to content/wiki/os/linux/screenshot_permission.png diff --git a/content/wiki/os/macos/_index.md b/content/wiki/os/macos/_index.md index 2840a86b..2a7a75a7 100644 --- a/content/wiki/os/macos/_index.md +++ b/content/wiki/os/macos/_index.md @@ -106,12 +106,9 @@ You can also have it ask for confirmation every time if you leave ChatGPT integr - [x] Turn on **Confirm Requests** -
-

Warning

+> [!WARNING] +> Any request made with ChatGPT will be sent to ChatGPT's servers, there is no on-device processing and no PCC like with Apple Intelligence. -Any request made with ChatGPT will be sent to ChatGPT's servers, there is no on-device processing and no PCC like with Apple Intelligence. - -
#### Privacy & Security @@ -135,7 +132,7 @@ Decide whether you want personalized ads based on your usage. ##### FileVault -On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on. +On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../../../tools/software/encryption/_index.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on. On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled. @@ -163,12 +160,9 @@ macOS employs defense in depth by relying on multiple layers of software and har ### Software Security -
-

Warning

+> [!WARNING] +> macOS allows you to install beta updates. These are unstable and may come with [extra telemetry](https://beta.apple.com/privacy) since they're for testing purposes. Because of this, we recommend you avoid beta software in general. -macOS allows you to install beta updates. These are unstable and may come with [extra telemetry](https://beta.apple.com/privacy) since they're for testing purposes. Because of this, we recommend you avoid beta software in general. - -
#### Signed System Volume @@ -186,25 +180,19 @@ System Integrity Protection makes critical file locations read-only to protect a ##### App Sandbox -On macOS, whether an app is sandboxed is determined by the developer when they sign it. The [App Sandbox](https://developer.apple.com/documentation/xcode/configuring-the-macos-app-sandbox) protects against vulnerabilities in the apps you run by limiting what a malicious actor can access in the event that the app is exploited. The App Sandbox *alone* can't protect against [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations){ .pg-viridian } by malicious developers. For that, sandboxing needs to be enforced by someone other than the developer themselves, as it is on the [App Store](https://support.apple.com/guide/security/gatekeeper-and-runtime-protection-sec5599b66df/1/web/1#:~:text=All%20apps%20from%20the%20App%20Store%20are%20sandboxed%20to%20restrict%20access%20to%20data%20stored%20by%20other%20apps.). +On macOS, whether an app is sandboxed is determined by the developer when they sign it. The [App Sandbox](https://developer.apple.com/documentation/xcode/configuring-the-macos-app-sandbox) protects against vulnerabilities in the apps you run by limiting what a malicious actor can access in the event that the app is exploited. The App Sandbox *alone* can't protect against [:material-package-variant-closed-remove: Supply Chain Attacks](../../basics/common-threats.md#attacks-against-certain-organizations){ .pg-viridian } by malicious developers. For that, sandboxing needs to be enforced by someone other than the developer themselves, as it is on the [App Store](https://support.apple.com/guide/security/gatekeeper-and-runtime-protection-sec5599b66df/1/web/1#:~:text=All%20apps%20from%20the%20App%20Store%20are%20sandboxed%20to%20restrict%20access%20to%20data%20stored%20by%20other%20apps.). -
-

Warning

+> [!WARNING] +> Software downloaded from outside the official App Store is not required to be sandboxed. If your threat model prioritizes defending against [:material-bug-outline: Passive Attacks](../../basics/common-threats.md#security-and-privacy){ .pg-orange }, then you may want to check if the software you download outside the App Store is sandboxed, which is up to the developer to *opt in*. -Software downloaded from outside the official App Store is not required to be sandboxed. If your threat model prioritizes defending against [:material-bug-outline: Passive Attacks](../basics/common-threats.md#security-and-privacy){ .pg-orange }, then you may want to check if the software you download outside the App Store is sandboxed, which is up to the developer to *opt in*. - -
You can check if an app uses the App Sandbox in a few ways: You can check if apps that are already running are sandboxed using the [Activity Monitor](https://developer.apple.com/documentation/security/protecting-user-data-with-app-sandbox#Verify-that-your-app-uses-App-Sandbox). -
-

Warning

+> [!WARNING] +> Just because one of an app's processes is sandboxed doesn't mean they all are. -Just because one of an app's processes is sandboxed doesn't mean they all are. - -
Alternatively, you can check apps before you run them by running this command in the terminal: @@ -220,7 +208,7 @@ If an app is sandboxed, you should see the following output: [Bool] true ``` -If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether. +If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether. ##### Hardened Runtime diff --git a/content/wiki/os/qubes/_index.md b/content/wiki/os/qubes/_index.md index 82ebc65e..b5fe460d 100644 --- a/content/wiki/os/qubes/_index.md +++ b/content/wiki/os/qubes/_index.md @@ -3,11 +3,11 @@ title: "Qubes Overview" icon: simple/qubesos description: Qubes is an operating system built around isolating apps within *qubes* (formerly "VMs") for heightened security. --- -[**Qubes OS**](../desktop.md#qubes-os) is an open-source operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated *qubes*, (which are Virtual Machines). You can assign each *qube* a level of trust based on its purpose. Qubes OS provides security by using isolation. It only permits actions on a per-case basis and therefore is the opposite of [badness enumeration](https://ranum.com/security/computer_security/editorials/dumb). +[**Qubes OS**](../../../tools/os/desktop/_index.md#qubes-os) is an open-source operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated *qubes*, (which are Virtual Machines). You can assign each *qube* a level of trust based on its purpose. Qubes OS provides security by using isolation. It only permits actions on a per-case basis and therefore is the opposite of [badness enumeration](https://ranum.com/security/computer_security/editorials/dumb). ## How does Qubes OS work? -Qubes uses [compartmentalization](https://qubes-os.org/intro) to keep the system secure. Qubes are created from templates, the defaults being for Fedora, Debian and [Whonix](../desktop.md#whonix). Qubes OS also allows you to create once-use [disposable](https://qubes-os.org/doc/how-to-use-disposables) *qubes*. +Qubes uses [compartmentalization](https://qubes-os.org/intro) to keep the system secure. Qubes are created from templates, the defaults being for Fedora, Debian and [Whonix](../../../tools/os/desktop/_index.md#whonix). Qubes OS also allows you to create once-use [disposable](https://qubes-os.org/doc/how-to-use-disposables) *qubes*.
The term qubes is gradually being updated to avoid referring to them as "virtual machines". @@ -16,17 +16,17 @@ Some of the information here and on the Qubes OS documentation may contain confl
-![Qubes architecture](../assets/img/qubes/qubes-trust-level-architecture.png) +![Qubes architecture](/assets/img/qubes/qubes-trust-level-architecture.png)
Qubes Architecture, Credit: What is Qubes OS Intro
Each qube has a [colored border](https://qubes-os.org/screenshots) that can help you keep track of the domain in which it runs. You could, for example, use a specific color for your banking browser, while using a different color for a general untrusted browser. -![Colored border](../assets/img/qubes/r4.0-xfce-three-domains-at-work.png) +![Colored border](/assets/img/qubes/r4.0-xfce-three-domains-at-work.png)
Qubes window borders, Credit: Qubes Screenshots
## Why Should I use Qubes? -Qubes OS is useful if your [threat model](../basics/threat-modeling.md) requires strong security and isolation, such as if you think you'll be opening untrusted files from untrusted sources. A typical reason for using Qubes OS is to open documents from unknown sources, but the idea is that if a single qube is compromised it won't affect the rest of the system. +Qubes OS is useful if your [threat model](../../basics/threat-modeling.md) requires strong security and isolation, such as if you think you'll be opening untrusted files from untrusted sources. A typical reason for using Qubes OS is to open documents from unknown sources, but the idea is that if a single qube is compromised it won't affect the rest of the system. Qubes OS utilizes [dom0](https://wiki.xenproject.org/wiki/Dom0) Xen VM for controlling other *qubes* on the host OS, all of which display individual application windows within dom0's desktop environment. There are many uses for this type of architecture. Here are some tasks you can perform. You can see just how much more secure these processes are made by incorporating multiple steps. @@ -56,7 +56,7 @@ The [qrexec framework](https://qubes-os.org/doc/qrexec) is a core part of Qubes ## Connecting to Tor via a VPN -We [recommend](../advanced/tor-overview.md) connecting to the Tor network via a [VPN](../vpn.md) provider, and luckily Qubes makes this easy to do with a combination of ProxyVMs and Whonix. +We [recommend](../../advanced/tor-overview.md) connecting to the Tor network via a [VPN](../../../tools/services/vpn/_index.md) provider, and luckily Qubes makes this easy to do with a combination of ProxyVMs and Whonix. After [creating a new ProxyVM](https://forum.qubes-os.org/t/configuring-a-proxyvm-vpn-gateway/19061) which connects to the VPN of your choice, you can chain your Whonix qubes to that ProxyVM **before** they connect to the Tor network, by setting the NetVM of your Whonix **Gateway** (`sys-whonix`) to the newly-created ProxyVM. @@ -66,8 +66,8 @@ Your qubes should be configured in a manner similar to this: |-----------------|------------------------------------------------------------------------------------------------------------------|-----------------| | sys-net | *Your default network qube (pre-installed)* | *n/a* | | sys-firewall | *Your default firewall qube (pre-installed)* | sys-net | -| ==sys-proxyvm== | The VPN ProxyVM you [created](https://forum.qubes-os.org/t/configuring-a-proxyvm-vpn-gateway/19061) | sys-firewall | -| sys-whonix | Your Whonix Gateway VM | ==sys-proxyvm== | +| sys-proxyvm | The VPN ProxyVM you [created](https://forum.qubes-os.org/t/configuring-a-proxyvm-vpn-gateway/19061) | sys-firewall | +| sys-whonix | Your Whonix Gateway VM | sys-proxyvm | | anon-whonix | Your Whonix Workstation VM | sys-whonix | ## Additional Resources diff --git a/content/assets/img/qubes/qubes-trust-level-architecture.png b/content/wiki/os/qubes/qubes-trust-level-architecture.png similarity index 100% rename from content/assets/img/qubes/qubes-trust-level-architecture.png rename to content/wiki/os/qubes/qubes-trust-level-architecture.png diff --git a/content/assets/img/qubes/r4.0-xfce-three-domains-at-work.png b/content/wiki/os/qubes/r4.0-xfce-three-domains-at-work.png similarity index 100% rename from content/assets/img/qubes/r4.0-xfce-three-domains-at-work.png rename to content/wiki/os/qubes/r4.0-xfce-three-domains-at-work.png diff --git a/content/wiki/os/windows/_index.md b/content/wiki/os/windows/_index.md index bc5dcb5e..d1eec17d 100644 --- a/content/wiki/os/windows/_index.md +++ b/content/wiki/os/windows/_index.md @@ -12,11 +12,12 @@ Unfortunately, this feature was added without too much thought about the privacy You can enhance your privacy and security on Windows without downloading any third-party tools with these guides: - Initial Installation (coming soon) -- [Group Policy Settings](group-policies.md) +- [Group Policy Settings](group-policies/) - Privacy Settings (coming soon) - Application Sandboxing (coming soon) - Security Hardening (coming soon) +

This section is new

diff --git a/content/wiki/os/windows/group-policies.md b/content/wiki/os/windows/group-policies.md index 56e1047b..bb9bfbf3 100644 --- a/content/wiki/os/windows/group-policies.md +++ b/content/wiki/os/windows/group-policies.md @@ -2,7 +2,7 @@ title: Group Policy Settings description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting. --- -Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better. +Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](_index.md#windows-editions) or better. These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk. diff --git a/hugo.yaml b/hugo.yaml index ff5f646a..d0a054db 100644 --- a/hugo.yaml +++ b/hugo.yaml @@ -48,36 +48,14 @@ menu: - identifier: updates name: Updates weight: 4 - - identifier: articles - name: Articles - pageRef: /posts/tag/articles/ - parent: updates - - identifier: videos - name: Videos - pageRef: /videos/ - parent: updates - - identifier: news - name: News - pageRef: /news/ - parent: updates - - name: Forum ↗ + pageRef: /news + - name: Forum url: "https://discuss.privacyguides.net" weight: 5 - - identifier: more - name: More - weight: 6 - - identifier: communitywiki - name: Community Guides ↗ - url: "https://discuss.privacyguides.net/c/community-wiki/9411/none" - parent: more - identifier: about name: About pageRef: /about - parent: more - - identifier: glossary - name: Glossary - pageRef: /glossary - parent: more + weight: 6 - name: Search weight: 7 params: