Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multifactor authentication](multi-factor-authentication/_index.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../../tools/software/multi-factor-authentication/_index.md). +When using [TOTP codes as multifactor authentication](../multi-factor-authentication/_index.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../../tools/software/multi-factor-authentication/_index.md). Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager. diff --git a/content/wiki/basics/threat-modeling.md b/content/wiki/basics/threat-modeling/_index.md similarity index 99% rename from content/wiki/basics/threat-modeling.md rename to content/wiki/basics/threat-modeling/_index.md index 25b3b531..98eba4fe 100644 --- a/content/wiki/basics/threat-modeling.md +++ b/content/wiki/basics/threat-modeling/_index.md @@ -99,7 +99,7 @@ Making a security plan will help you to understand the threats that are unique t For people looking to increase their privacy and security online, we've compiled a list of common threats our visitors face or goals our visitors have, to give you some inspiration and demonstrate the basis of our recommendations. -- [Common Goals and Threats :material-arrow-right-drop-circle:](common-threats.md) +- [Common Goals and Threats :material-arrow-right-drop-circle:](../common-threats/_index.md) ## Sources diff --git a/content/wiki/basics/vpn-overview.md b/content/wiki/basics/vpn-overview/_index.md similarity index 94% rename from content/wiki/basics/vpn-overview.md rename to content/wiki/basics/vpn-overview/_index.md index 5c04d6ec..8c5ce68d 100644 --- a/content/wiki/basics/vpn-overview.md +++ b/content/wiki/basics/vpn-overview/_index.md @@ -9,7 +9,7 @@ Virtual Private Networks are a way of extending the end of your network to exit [:material-movie-open-play-outline: Video: Do you need a VPN?](https://www.privacyguides.org/videos/2024/12/12/do-you-need-a-vpn){ .md-button } -Normally, an ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Normally, an ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../../advanced/dns-overview/_index.md#why-shouldnt-i-use-encrypted-dns). Using a VPN hides even this information from your ISP, by shifting the trust you place in your network to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing through it. @@ -46,9 +46,9 @@ VPNs cannot encrypt data outside the connection between your device and the VPN ## When isn't a VPN suitable? -Using a VPN in cases where you're using your [real-life or well-known identity](common-misconceptions.md#complicated-is-better) online is unlikely to be useful. Doing so may trigger spam and fraud detection systems, such as if you were to log into your bank's website. +Using a VPN in cases where you're using your [real-life or well-known identity](../common-misconceptions/_index.md#complicated-is-better) online is unlikely to be useful. Doing so may trigger spam and fraud detection systems, such as if you were to log into your bank's website. -It's important to remember that a VPN will not provide you with absolute anonymity because the VPN provider itself will still have access to your real IP address, destination website information, and often a money trail that can be linked directly back to you. "No logging" policies are merely a promise; if you need complete safety from the network itself, consider using [Tor](../advanced/tor-overview/_index.md) in addition to or instead of a VPN. +It's important to remember that a VPN will not provide you with absolute anonymity because the VPN provider itself will still have access to your real IP address, destination website information, and often a money trail that can be linked directly back to you. "No logging" policies are merely a promise; if you need complete safety from the network itself, consider using [Tor](../../advanced/tor-overview/_index.md) in addition to or instead of a VPN. You also should not trust a VPN to secure your connection to an unencrypted, HTTP destination. In order to keep what you actually do on the websites you visit private and secure, you must use HTTPS. This will keep your passwords, session tokens, and queries safe from the VPN provider and other potential adversaries in between the VPN server and your destination. You should enable HTTPS-only mode in your browser (if it's supported) to mitigate attacks which try to downgrade your connection from HTTPS to HTTP. @@ -60,9 +60,9 @@ Another common reason encrypted DNS is recommended is that it prevents DNS spoof ## Should I use Tor *and* a VPN? -Maybe, Tor is not necessarily suitable for everybody in the first place. Consider your [threat model](threat-modeling.md), because if your adversary is not capable of extracting information from your VPN provider, using a VPN alone may provide enough protection. +Maybe, Tor is not necessarily suitable for everybody in the first place. Consider your [threat model](../threat-modeling/_index.md), because if your adversary is not capable of extracting information from your VPN provider, using a VPN alone may provide enough protection. -If you do use Tor then you are *probably* best off connecting to the Tor network via a commercial VPN provider. However, this is a complex subject which we've written more about on our [Tor overview](../advanced/tor-overview/_index.md) page. +If you do use Tor then you are *probably* best off connecting to the Tor network via a commercial VPN provider. However, this is a complex subject which we've written more about on our [Tor overview](../../advanced/tor-overview/_index.md) page. ## Should I access Tor through VPN providers that provide "Tor nodes"? diff --git a/content/wiki/basics/why-privacy-matters.md b/content/wiki/basics/why-privacy-matters/_index.md similarity index 98% rename from content/wiki/basics/why-privacy-matters.md rename to content/wiki/basics/why-privacy-matters/_index.md index 05ae2d1c..91875c4e 100644 --- a/content/wiki/basics/why-privacy-matters.md +++ b/content/wiki/basics/why-privacy-matters/_index.md @@ -32,7 +32,7 @@ Many people get the concepts of **privacy**, **security**, and **anonymity** con All of these concepts overlap, but it is possible to have any combination of these. The sweet spot for most people is when all three of these concepts overlap. However, it's trickier to achieve than many initially believe. Sometimes, you have to compromise on some of these, and that's okay too. This is where **threat modeling** comes into play, allowing you to make informed decisions about the [software and services](../../tools/_index.md) you use. -[:material-book-outline: Learn More About Threat Modeling](threat-modeling.md){ .md-button } +[:material-book-outline: Learn More About Threat Modeling](../threat-modeling/_index.md){ .md-button } ## Privacy vs. Secrecy diff --git a/content/wiki/os/android/_index.md b/content/wiki/os/android/_index.md index d0559d84..353b6672 100644 --- a/content/wiki/os/android/_index.md +++ b/content/wiki/os/android/_index.md @@ -4,7 +4,7 @@ icon: simple/android description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. robots: nofollow, max-snippet:-1, max-image-preview:large --- -{ align=right } +{ align=right } The **Android Open Source Project** is a secure mobile operating system featuring strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -125,7 +125,7 @@ If you have a Google account we suggest enrolling in the [Advanced Protection Pr The Advanced Protection Program provides enhanced threat monitoring and enables: -- Stricter two-factor authentication; e.g. that [FIDO](../../basics/multi-factor-authentication/_index.md#fido-fast-identity-online) **must** be used and disallows the use of [SMS OTPs](../../basics/multi-factor-authentication/_index.md#sms-or-email-mfa), [TOTP](../../basics/multi-factor-authentication/_index.md#time-based-one-time-password-totp) and [OAuth](../../basics/account-creation.md#sign-in-with-oauth) +- Stricter two-factor authentication; e.g. that [FIDO](../../basics/multi-factor-authentication/_index.md#fido-fast-identity-online) **must** be used and disallows the use of [SMS OTPs](../../basics/multi-factor-authentication/_index.md#sms-or-email-mfa), [TOTP](../../basics/multi-factor-authentication/_index.md#time-based-one-time-password-totp) and [OAuth](../../basics/account-creation/_index.md#sign-in-with-oauth) - Only Google and verified third-party apps can access account data - Scanning of incoming emails on Gmail accounts for [phishing](https://en.wikipedia.org/wiki/Phishing#Email_phishing) attempts - Stricter [safe browser scanning](https://google.com/chrome/privacy/whitepaper.html#malware) with Google Chrome diff --git a/content/wiki/os/ios/_index.md b/content/wiki/os/ios/_index.md index 19e214df..c48977f1 100644 --- a/content/wiki/os/ios/_index.md +++ b/content/wiki/os/ios/_index.md @@ -136,7 +136,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security. -Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../../basics/passwords-overview.md). +Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../../basics/passwords-overview/_index.md). If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your phone will use the password you set up earlier as a fallback in case your biometric verification fails. Biometric unlock methods are primarily a convenience, although they do stop surveillance cameras or people over your shoulder from watching you input your passcode. @@ -226,11 +226,11 @@ When an app prompts you for access to your device's photo library, iOS provides Rather than allow an app to access all the photos on your device, you can allow it to only access whichever photos you choose by tapping the "Select Photos..." option in the permission dialog. You can change photo access permissions at any time by navigating to **Settings** → **Privacy & Security** → **Photos**. -  +  **Add Photos Only** is a permission that only gives an app the ability to download photos to the photo library. Not all apps which request photo library access provide this option. -  +  Some apps also support **Private Access**, which functions similarly to the **Limited Access** permission. However, photos shared to apps using Private Access include their location by default. We recommend unchecking this setting if you do not [remove photo metadata](../../../tools/software/data-redaction/_index.md) beforehand. @@ -238,7 +238,7 @@ Some apps also support **Private Access**, which functions similarly to the **Li Similarly, rather than allow an app to access all the contacts saved on your device, you can allow it to only access whichever contacts you choose. You can change contact access permissions at any time by navigating to **Settings** → **Privacy & Security** → **Contacts**. -  +  ### Require Biometrics and Hide Apps @@ -294,7 +294,7 @@ Apple always makes beta versions of iOS available early for those that wish to h ### Before First Unlock -If your threat model includes [:material-target-account: Targeted Attacks](../../basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } that involve forensic tools, and you want to minimize the chance of exploits being used to access your phone, you should restart your device frequently. The state *after* a reboot but *before* unlocking your device is referred to as "Before First Unlock" (BFU), and when your device is in that state it makes it [significantly more difficult](https://belkasoft.com/checkm8_glossary) for forensic tools to exploit vulnerabilities to access your data. This BFU state allows you to receive notifications for calls, texts, and alarms, but most of the data on your device is still encrypted and inaccessible. This can be impractical, so consider whether these trade-offs make sense for your situation. +If your threat model includes [:material-target-account: Targeted Attacks](../../basics/common-threats/_index.md#attacks-against-specific-individuals){ .pg-red } that involve forensic tools, and you want to minimize the chance of exploits being used to access your phone, you should restart your device frequently. The state *after* a reboot but *before* unlocking your device is referred to as "Before First Unlock" (BFU), and when your device is in that state it makes it [significantly more difficult](https://belkasoft.com/checkm8_glossary) for forensic tools to exploit vulnerabilities to access your data. This BFU state allows you to receive notifications for calls, texts, and alarms, but most of the data on your device is still encrypted and inaccessible. This can be impractical, so consider whether these trade-offs make sense for your situation. iPhones [automatically reboot](https://support.apple.com/guide/security/protecting-user-data-in-the-face-of-attack-secf5549a4f5/1/web/1#:~:text=On%20an%20iPhone%20or%20iPad%20with%20iOS%2018%20and%20iPadOS%2018%20or%20later%2C%20a%20new%20security%20protection%20will%20restart%20devices%20if%20they%20remain%20locked%20for%20a%20prolonged%20period%20of%20time.) if they're not unlocked after a period of time. diff --git a/content/wiki/os/linux/_index.md b/content/wiki/os/linux/_index.md index 55df55b1..2406547f 100644 --- a/content/wiki/os/linux/_index.md +++ b/content/wiki/os/linux/_index.md @@ -19,7 +19,7 @@ There are some notable security concerns with Linux which you should be aware of ### Open-Source Security -It is a [common misconception](../../basics/common-misconceptions.md#open-source-software-is-always-secure-or-proprietary-software-is-more-secure) that Linux and other open-source software are inherently secure simply because the source code is available. There is an expectation that community verification occurs regularly, but this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security). +It is a [common misconception](../../basics/common-misconceptions/_index.md#open-source-software-is-always-secure-or-proprietary-software-is-more-secure) that Linux and other open-source software are inherently secure simply because the source code is available. There is an expectation that community verification occurs regularly, but this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security). In reality, distro security depends on a number of factors, such as project activity, developer experience, the level of rigor applied to code reviews, and how often attention is given to specific parts of the codebase that may go untouched for years. @@ -67,7 +67,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../../basics/common-threats.md#attacks-against-certain-organizations){ .pg-viridian }, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../../basics/common-threats/_index.md#attacks-against-certain-organizations){ .pg-viridian }, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. @@ -155,7 +155,7 @@ MAC address randomization is primarily beneficial for Wi-Fi connections. For Eth ### Other Identifiers -There are other system identifiers which you may wish to be careful about. You should give this some thought to see if it applies to your [threat model](../../basics/threat-modeling.md): +There are other system identifiers which you may wish to be careful about. You should give this some thought to see if it applies to your [threat model](../../basics/threat-modeling/_index.md): - **Hostnames:** Your system's hostname is shared with the networks you connect to. You should avoid including identifying terms like your name or operating system in your hostname, instead sticking to generic terms or random strings. - **Usernames:** Similarly, your username is used in a variety of ways across your system. Consider using generic terms like "user" rather than your actual name. diff --git a/content/wiki/os/macos/_index.md b/content/wiki/os/macos/_index.md index 2a7a75a7..d14de872 100644 --- a/content/wiki/os/macos/_index.md +++ b/content/wiki/os/macos/_index.md @@ -180,10 +180,10 @@ System Integrity Protection makes critical file locations read-only to protect a ##### App Sandbox -On macOS, whether an app is sandboxed is determined by the developer when they sign it. The [App Sandbox](https://developer.apple.com/documentation/xcode/configuring-the-macos-app-sandbox) protects against vulnerabilities in the apps you run by limiting what a malicious actor can access in the event that the app is exploited. The App Sandbox *alone* can't protect against [:material-package-variant-closed-remove: Supply Chain Attacks](../../basics/common-threats.md#attacks-against-certain-organizations){ .pg-viridian } by malicious developers. For that, sandboxing needs to be enforced by someone other than the developer themselves, as it is on the [App Store](https://support.apple.com/guide/security/gatekeeper-and-runtime-protection-sec5599b66df/1/web/1#:~:text=All%20apps%20from%20the%20App%20Store%20are%20sandboxed%20to%20restrict%20access%20to%20data%20stored%20by%20other%20apps.). +On macOS, whether an app is sandboxed is determined by the developer when they sign it. The [App Sandbox](https://developer.apple.com/documentation/xcode/configuring-the-macos-app-sandbox) protects against vulnerabilities in the apps you run by limiting what a malicious actor can access in the event that the app is exploited. The App Sandbox *alone* can't protect against [:material-package-variant-closed-remove: Supply Chain Attacks](../../basics/common-threats/_index.md#attacks-against-certain-organizations){ .pg-viridian } by malicious developers. For that, sandboxing needs to be enforced by someone other than the developer themselves, as it is on the [App Store](https://support.apple.com/guide/security/gatekeeper-and-runtime-protection-sec5599b66df/1/web/1#:~:text=All%20apps%20from%20the%20App%20Store%20are%20sandboxed%20to%20restrict%20access%20to%20data%20stored%20by%20other%20apps.). > [!WARNING] -> Software downloaded from outside the official App Store is not required to be sandboxed. If your threat model prioritizes defending against [:material-bug-outline: Passive Attacks](../../basics/common-threats.md#security-and-privacy){ .pg-orange }, then you may want to check if the software you download outside the App Store is sandboxed, which is up to the developer to *opt in*. +> Software downloaded from outside the official App Store is not required to be sandboxed. If your threat model prioritizes defending against [:material-bug-outline: Passive Attacks](../../basics/common-threats/_index.md#security-and-privacy){ .pg-orange }, then you may want to check if the software you download outside the App Store is sandboxed, which is up to the developer to *opt in*. You can check if an app uses the App Sandbox in a few ways: @@ -208,7 +208,7 @@ If an app is sandboxed, you should see the following output: [Bool] true ``` -If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether. +If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../../basics/common-threats/_index.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether. ##### Hardened Runtime diff --git a/content/wiki/os/qubes/_index.md b/content/wiki/os/qubes/_index.md index b3c62186..69797e48 100644 --- a/content/wiki/os/qubes/_index.md +++ b/content/wiki/os/qubes/_index.md @@ -16,17 +16,17 @@ Some of the information here and on the Qubes OS documentation may contain confl - +