privacyguides/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-10-31 03:26:35 +00:00
Code Issues Activity

Add more abbreviations (#1087)

Browse Source 
Signed-off-by: Daniel Gray <dng@disroot.org>
This commit is contained in:
elitejake
2022-04-23 18:43:46 +05:30
committed by Daniel Gray
parent c8bd1533d8
commit c8caefaa71
5 changed files with 30 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/linux-desktop/hardening.en.md
View File

@@ -18,7 +18,7 @@ All these firewalls use the [Netfilter](https://en.wikipedia.org/wiki/Netfilter)
If you are using Flatpak packages, you can revoke their network socket access using Flatseal and prevent those applications from accessing your network. This permission is not bypassable. If you are using Flatpak packages, you can revoke their network socket access using Flatseal and prevent those applications from accessing your network. This permission is not bypassable.
If you are using non-classic [Snap](https://en.wikipedia.org/wiki/Snap_(package_manager)) packages on a system with proper snap confinement support (with both AppArmor and [CGroupsv1](https://en.wikipedia.org/wiki/Cgroups) present), you can use the Snap Store to revoke network permission as well. This is also not bypassable. If you are using non-classic [Snap](https://en.wikipedia.org/wiki/Snap_(package_manager)) packages on a system with proper snap confinement support (with both AppArmor and [cgroups](https://en.wikipedia.org/wiki/Cgroups) v1 present), you can use the Snap Store to revoke network permission as well. This is also not bypassable.
## Kernel hardening ## Kernel hardening
@@ -94,3 +94,5 @@ One of the problems with Secure Boot particularly on Linux is that only the [cha
After setting up Secure Boot it is crucial that you set a “firmware password” (also called a “supervisor password, “BIOS password” or “UEFI password”), otherwise an adversary can simply disable Secure Boot. After setting up Secure Boot it is crucial that you set a “firmware password” (also called a “supervisor password, “BIOS password” or “UEFI password”), otherwise an adversary can simply disable Secure Boot.
These recommendations can make you a little more resistant to [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, but they not good as a proper verified boot process such as that found on [Android](https://source.android.com/security/verifiedboot), [ChromeOS](https://support.google.com/chromebook/answer/3438631) or [Windows](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process). These recommendations can make you a little more resistant to [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, but they not good as a proper verified boot process such as that found on [Android](https://source.android.com/security/verifiedboot), [ChromeOS](https://support.google.com/chromebook/answer/3438631) or [Windows](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process).
--8<-- "includes/abbreviations.en.md"

2
docs/linux-desktop/overview.en.md
View File

@@ -74,3 +74,5 @@ For advanced users, we only recommend Arch Linux, not any of its derivatives. We
## Linux-libre kernel and “Libre” distributions ## Linux-libre kernel and “Libre” distributions
We strongly recommend **against** using the Linux-libre kernel, since it [removes security mitigations](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) and [suppresses kernel warnings](https://news.ycombinator.com/item?id=29674846) about vulnerable microcode for ideological reasons. We strongly recommend **against** using the Linux-libre kernel, since it [removes security mitigations](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) and [suppresses kernel warnings](https://news.ycombinator.com/item?id=29674846) about vulnerable microcode for ideological reasons.
--8<-- "includes/abbreviations.en.md"

2
docs/linux-desktop/sandboxing.en.md
View File

@@ -62,3 +62,5 @@ Red Hat develops [Podman](https://docs.podman.io/en/latest/) and secures it with
Another option is [Kata containers](https://katacontainers.io/), where virtual machines masquerade as containers. Each Kata container has its own Linux kernel and is isolated from the host. Another option is [Kata containers](https://katacontainers.io/), where virtual machines masquerade as containers. Each Kata container has its own Linux kernel and is isolated from the host.
These container technologies can be useful even for enthusiastic home users who may want to run certain web app software on their local area network (LAN) such as [Vaultwarden](https://github.com/dani-garcia/vaultwarden) or images provided by [linuxserver.io](https://www.linuxserver.io) to increase privacy by decreasing dependence on various web services. These container technologies can be useful even for enthusiastic home users who may want to run certain web app software on their local area network (LAN) such as [Vaultwarden](https://github.com/dani-garcia/vaultwarden) or images provided by [linuxserver.io](https://www.linuxserver.io) to increase privacy by decreasing dependence on various web services.
--8<-- "includes/abbreviations.en.md"

2
docs/passwords.en.md
View File

@@ -36,7 +36,7 @@ These password managers store the password database locally.
!!! warning !!! warning
KeePassXC stores its export data as [comma-separated values (CSV)](https://en.wikipedia.org/wiki/Comma-separated_values). This may mean data loss if you import this file into another password manager. We advise you check each record manually. KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-separated_values) files. This may mean data loss if you import this file into another password manager. We advise you check each record manually.
### KeePassDX ### KeePassDX

33
includes/abbreviations.en.md
View File

@@ -1,49 +1,60 @@
<!-- markdownlint-disable --> <!-- markdownlint-disable -->
*[2FA]: 2-Factor Authentication
*[AOSP]: Android Open Source Project *[AOSP]: Android Open Source Project
*[AVB]: Android Verified Boot *[AVB]: Android Verified Boot
*[DNS]: Domain Name System *[CLI]: Command Line Interface
*[CSV]: Comma-Separated Values
*[DNSSEC]: Domain Name System Security Extensions *[DNSSEC]: Domain Name System Security Extensions
*[DNS]: Domain Name System
*[DoH]: DNS over HTTPS *[DoH]: DNS over HTTPS
*[DoT]: DNS over TLS *[DoT]: DNS over TLS
*[E2EE]: End-to-End Encryption/Encrypted
*[ECS]: EDNS Client Subnet *[ECS]: EDNS Client Subnet
*[Exif]: Exchangeable image file format *[Exif]: Exchangeable image file format
*[E2EE]: End-to-End Encryption/Encrypted
*[FDE]: Full Disk Encryption *[FDE]: Full Disk Encryption
*[FIDO]: Fast IDentity Online *[FIDO]: Fast IDentity Online
*[GnuPG]: GNU Privacy Guard (PGP implementation)
*[GPG]: GNU Privacy Guard (PGP implementation) *[GPG]: GNU Privacy Guard (PGP implementation)
*[GPS]: Global Positioning System *[GPS]: Global Positioning System
*[HTTP]: Hypertext Transfer Protocol *[GUI]: Graphical User Interface
*[GnuPG]: GNU Privacy Guard (PGP implementation)
*[HOTP]: HMAC (Hash-based Message Authentication Code) based One-Time Password
*[HTTPS]: Hypertext Transfer Protocol Secure *[HTTPS]: Hypertext Transfer Protocol Secure
*[HTTP]: Hypertext Transfer Protocol
*[I2P]: Invisible Internet Project
*[IMAP]: Internet Message Access Protocol *[IMAP]: Internet Message Access Protocol
*[IP]: Internet Protocol *[IP]: Internet Protocol
*[IPv4]: Internet Protocol version 4
*[IPv6]: Internet Protocol version 6
*[ISP]: Internet Service Provider *[ISP]: Internet Service Provider
*[ISPs]: Internet Service Providers *[ISPs]: Internet Service Providers
*[I2P]: Invisible Internet Project
*[LUKS]: Linux Unified Key Setup (Full-Disk Encryption) *[LUKS]: Linux Unified Key Setup (Full-Disk Encryption)
*[MAC]: Media Access Control
*[MFA]: Multi-Factor Authentication *[MFA]: Multi-Factor Authentication
*[OCSP]: Online Certificate Status Protocol *[OCSP]: Online Certificate Status Protocol
*[OEM]: Original Equipment Manufacturer *[OEM]: Original Equipment Manufacturer
*[OEMs]: Original Equipment Manufacturers *[OEMs]: Original Equipment Manufacturers
*[OpenPGP]: Open-source implementation of Pretty Good Privacy (PGP)
*[OS]: Operating System *[OS]: Operating System
*[OTP]: One-Time Password *[OTP]: One-Time Password
*[OTPs]: One-Time Passwords *[OTPs]: One-Time Passwords
*[PGP]: Pretty Good Privacy (see OpenPGP) *[OpenPGP]: Open-source implementation of Pretty Good Privacy (PGP)
*[P2P]: Peer-to-Peer *[P2P]: Peer-to-Peer
*[PGP]: Pretty Good Privacy (see OpenPGP)
*[QNAME]: Qualified Name *[QNAME]: Qualified Name
*[SaaS]: Software as a Service (cloud software) *[RSS]: Really Simple Syndication
*[SELinux]: Security-Enhanced Linux *[SELinux]: Security-Enhanced Linux
*[SMS]: Short Message Service (standard text messaging) *[SMS]: Short Message Service (standard text messaging)
*[SMTP]: Simple Mail Transfer Protocol *[SMTP]: Simple Mail Transfer Protocol
*[SNI]: Server Name Indication *[SNI]: Server Name Indication
*[SSH]: Secure Shell
*[SaaS]: Software as a Service (cloud software)
*[TCP]: Transmission Control Protocol *[TCP]: Transmission Control Protocol
*[TEE]: Trusted Execution Environment *[TEE]: Trusted Execution Environment
*[TLS]: Transport Layer Security *[TLS]: Transport Layer Security
*[TOTP]: Time-based One-Time Password *[TOTP]: Time-based One-Time Password
*[UDP]: User Datagram Protocol
*[U2F]: Universal 2nd Factor *[U2F]: Universal 2nd Factor
*[VoIP]: Voice over IP (Internet Protocol) *[UDP]: User Datagram Protocol
*[VPN]: Virtual Private Network *[VPN]: Virtual Private Network
*[VoIP]: Voice over IP (Internet Protocol)
*[W3C]: World Wide Web Consortium *[W3C]: World Wide Web Consortium
*[2FA]: 2-Factor Authentication *[XMPP]: Extensible Messaging and Presence Protocol
*[cgroups]: Control Groups