Compare commits
10 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 0e861aaf79 | |||
| e57874d3cc | |||
| f8f1b327c0 | |||
| 17c499945f | |||
| dbbe200623 | |||
| eaf2ef194b | |||
| 39f281f428 | |||
| 86655d7831 | |||
|
56ec37aec1
|
|||
| 9261e78237 |
@@ -2965,15 +2965,6 @@
|
||||
"contributions": [
|
||||
"translation"
|
||||
]
|
||||
},
|
||||
{
|
||||
"login": "qiyongzheng",
|
||||
"name": "qiyongzheng",
|
||||
"avatar_url": "https://avatars.githubusercontent.com/u/153378707?v=4",
|
||||
"profile": "https://github.com/qiyongzheng",
|
||||
"contributions": [
|
||||
"doc"
|
||||
]
|
||||
}
|
||||
],
|
||||
"contributorsPerLine": 5,
|
||||
|
||||
@@ -99,24 +99,13 @@ jobs:
|
||||
continue-on-error: true
|
||||
privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}
|
||||
|
||||
build_videos:
|
||||
if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:build videos') }}
|
||||
needs: [submodule, metadata]
|
||||
uses: ./.github/workflows/build-videos.yml
|
||||
with:
|
||||
ref: ${{github.event.pull_request.head.ref}}
|
||||
repo: ${{github.event.pull_request.head.repo.full_name}}
|
||||
continue-on-error: true
|
||||
privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}
|
||||
|
||||
combine_build:
|
||||
needs: [build_english, build_i18n, build_blog, build_videos]
|
||||
needs: [build_english, build_i18n, build_blog]
|
||||
if: |
|
||||
(always() && !cancelled() && !failure()) &&
|
||||
needs.build_english.result == 'success' &&
|
||||
(needs.build_i18n.result == 'success' || needs.build_i18n.result == 'skipped') &&
|
||||
(needs.build_blog.result == 'success' || needs.build_blog.result == 'skipped') &&
|
||||
(needs.build_videos.result == 'success' || needs.build_videos.result == 'skipped')
|
||||
(needs.build_blog.result == 'success' || needs.build_blog.result == 'skipped')
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
@@ -138,5 +127,5 @@ jobs:
|
||||
|
||||
cleanup:
|
||||
if: ${{ always() }}
|
||||
needs: [build_english, build_i18n, build_blog, build_videos]
|
||||
needs: [build_english, build_i18n, build_blog]
|
||||
uses: privacyguides/.github/.github/workflows/cleanup.yml@main
|
||||
|
||||
@@ -1,104 +0,0 @@
|
||||
name: 🛠️ Build Videos
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
ref:
|
||||
required: true
|
||||
type: string
|
||||
repo:
|
||||
required: true
|
||||
type: string
|
||||
context:
|
||||
type: string
|
||||
default: deploy-preview
|
||||
continue-on-error:
|
||||
type: boolean
|
||||
default: true
|
||||
privileged:
|
||||
type: boolean
|
||||
default: true
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
continue-on-error: ${{ inputs.continue-on-error }}
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
steps:
|
||||
- name: Add GitHub Token to Environment
|
||||
run: |
|
||||
echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Download Repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
repository: ${{ inputs.repo }}
|
||||
ref: ${{ inputs.ref }}
|
||||
persist-credentials: "false"
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Download Submodules
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
pattern: repo-*
|
||||
path: modules
|
||||
|
||||
- name: Move mkdocs-material-insiders to mkdocs-material
|
||||
if: inputs.privileged
|
||||
run: |
|
||||
rmdir modules/mkdocs-material
|
||||
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
|
||||
|
||||
- name: Move brand submodule to theme/assets/brand
|
||||
run: |
|
||||
rmdir theme/assets/brand
|
||||
mv modules/repo-brand theme/assets/brand
|
||||
|
||||
- name: Install Python (pipenv)
|
||||
if: inputs.privileged
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
cache: "pipenv"
|
||||
|
||||
- name: Install Python (no pipenv)
|
||||
if: ${{ !inputs.privileged }}
|
||||
uses: actions/setup-python@v5
|
||||
|
||||
- name: Install Python Dependencies
|
||||
if: inputs.privileged
|
||||
run: |
|
||||
pip install pipenv
|
||||
pipenv install
|
||||
sudo apt install pngquant
|
||||
|
||||
- name: Install Python Dependencies (Unprivileged)
|
||||
if: ${{ !inputs.privileged }}
|
||||
run: |
|
||||
pip install mkdocs-material mkdocs-rss-plugin mkdocs-glightbox mkdocs-macros-plugin
|
||||
sudo apt install pngquant
|
||||
|
||||
- name: Build Website (Privileged)
|
||||
if: inputs.privileged
|
||||
run: |
|
||||
pipenv run mkdocs build --config-file mkdocs.videos.yml
|
||||
|
||||
- name: Build Website (Unprivileged)
|
||||
if: ${{ !inputs.privileged }}
|
||||
run: |
|
||||
BUILD_INSIDERS=false mkdocs build --config-file mkdocs.videos.yml
|
||||
|
||||
- name: Package Website
|
||||
run: |
|
||||
tar -czf site-build-videos.tar.gz site
|
||||
|
||||
- name: Upload Site
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: site-build-videos.tar.gz
|
||||
path: site-build-videos.tar.gz
|
||||
retention-days: 1
|
||||
@@ -1,85 +0,0 @@
|
||||
# Copyright (c) 2021-2025 Jonah Aragon <jonah@triplebit.net>
|
||||
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
# of this software and associated documentation files (the "Software"), to
|
||||
# deal in the Software without restriction, including without limitation the
|
||||
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
||||
# sell copies of the Software, and to permit persons to whom the Software is
|
||||
# furnished to do so, subject to the following conditions:
|
||||
|
||||
# The above copyright notice and this permission notice shall be included in
|
||||
# all copies or substantial portions of the Software.
|
||||
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
|
||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
||||
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
|
||||
# IN THE SOFTWARE.
|
||||
|
||||
name: 📦 Immediate Releases
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
push:
|
||||
branches:
|
||||
- "main"
|
||||
paths:
|
||||
- "blog/**"
|
||||
- "videos/**"
|
||||
|
||||
concurrency:
|
||||
group: release-deployment
|
||||
cancel-in-progress: false
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
pages: write
|
||||
id-token: write
|
||||
deployments: write
|
||||
|
||||
jobs:
|
||||
submodule:
|
||||
strategy:
|
||||
matrix:
|
||||
repo: [mkdocs-material-insiders, brand]
|
||||
uses: privacyguides/.github/.github/workflows/download-repo.yml@main
|
||||
with:
|
||||
repo: ${{ matrix.repo }}
|
||||
secrets:
|
||||
ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
|
||||
|
||||
build_blog:
|
||||
needs: submodule
|
||||
permissions:
|
||||
contents: read
|
||||
uses: ./.github/workflows/build-blog.yml
|
||||
with:
|
||||
repo: ${{ github.repository }}
|
||||
ref: ${{ github.ref }}
|
||||
continue-on-error: false
|
||||
|
||||
build_videos:
|
||||
needs: submodule
|
||||
permissions:
|
||||
contents: read
|
||||
uses: ./.github/workflows/build-videos.yml
|
||||
with:
|
||||
repo: ${{ github.repository }}
|
||||
ref: ${{ github.ref }}
|
||||
continue-on-error: false
|
||||
|
||||
deploy:
|
||||
needs: [build_blog, build_videos]
|
||||
uses: privacyguides/webserver/.github/workflows/deploy-garage.yml@main
|
||||
with:
|
||||
environment: production
|
||||
secrets:
|
||||
PROD_GARAGE_KEY_ID: ${{ secrets.PROD_GARAGE_KEY_ID }}
|
||||
PROD_GARAGE_SECRET_KEY: ${{ secrets.PROD_GARAGE_SECRET_KEY }}
|
||||
|
||||
cleanup:
|
||||
if: ${{ always() }}
|
||||
needs: [build_blog, build_videos]
|
||||
uses: privacyguides/.github/.github/workflows/cleanup.yml@main
|
||||
@@ -74,16 +74,6 @@ jobs:
|
||||
ref: ${{ github.ref }}
|
||||
continue-on-error: false
|
||||
|
||||
build_videos:
|
||||
needs: submodule
|
||||
permissions:
|
||||
contents: read
|
||||
uses: ./.github/workflows/build-videos.yml
|
||||
with:
|
||||
repo: ${{ github.repository }}
|
||||
ref: ${{ github.ref }}
|
||||
continue-on-error: false
|
||||
|
||||
release:
|
||||
name: Create release notes
|
||||
needs: build
|
||||
@@ -105,7 +95,7 @@ jobs:
|
||||
makeLatest: true
|
||||
|
||||
deploy:
|
||||
needs: [build, build_blog, build_videos]
|
||||
needs: [build, build_blog]
|
||||
uses: privacyguides/webserver/.github/workflows/deploy-all.yml@main
|
||||
secrets:
|
||||
NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
|
||||
@@ -122,5 +112,5 @@ jobs:
|
||||
|
||||
cleanup:
|
||||
if: ${{ always() }}
|
||||
needs: [build, build_blog, build_videos]
|
||||
needs: [build, build_blog]
|
||||
uses: privacyguides/.github/.github/workflows/cleanup.yml@main
|
||||
|
||||
@@ -28,4 +28,3 @@ no-hard-tabs: true
|
||||
emphasis-style:
|
||||
style: "asterisk"
|
||||
no-duplicate-header: false
|
||||
no-trailing-punctuation: false
|
||||
|
||||
@@ -611,7 +611,6 @@ Privacy Guides wouldn't be possible without these wonderful people ([emoji key](
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/bruch-alex"><img src="https://avatars.githubusercontent.com/u/173354246?v=4" width="100px;" loading=lazy /><br /><sub><b>Alex Bruch</b></sub></a><br /><a href="#translation-bruch-alex" title="Translation">🌍</a></td>
|
||||
<td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/qiyongzheng"><img src="https://avatars.githubusercontent.com/u/153378707?v=4" width="100px;" loading=lazy /><br /><sub><b>qiyongzheng</b></sub></a><br /><a href="https://github.com/privacyguides/privacyguides.org/commits?author=qiyongzheng" title="Documentation">📖</a></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
<tfoot>
|
||||
|
||||
|
Before Width: | Height: | Size: 95 KiB |
@@ -1,261 +0,0 @@
|
||||
---
|
||||
date:
|
||||
created: 2025-01-23T19:15:00
|
||||
categories:
|
||||
- Tutorials
|
||||
authors:
|
||||
- jonah
|
||||
description: Your phone is an essential tool, but it also represents a huge risk to your privacy and security. Understanding these best practices when it comes to securing your smartphone will help keep you and your data safe.
|
||||
schema_type: AnalysisNewsArticle
|
||||
---
|
||||
# The Protesters' Guide to Smartphone Security
|
||||
|
||||

|
||||
|
||||
<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides | Photo: Koshu Kunii / Unsplash</small>
|
||||
|
||||
For most protesters, activists, and journalists, your smartphone is an essential tool you depend on for organizing with your peers, accessing and distributing information, and helping others. It also represents a great risk, as a tool that is easily appropriated by authorities for targeted and mass surveillance.<!-- more -->
|
||||
|
||||
The perennial question when it comes to protests is whether you should bring your phone at all. If you leave your phone at home, that is probably the safest your data will get, and you will be at very low risk of being tracked by mass surveillance tools. On the other hand, your phone is a critical resource when it comes to coordinating with others, getting updates on the protest from social media, or simply documenting what is going on with your phone's camera.
|
||||
|
||||
If possible, bringing a separate device like a "burner phone," an old phone you can reset, or even a regular old-fashioned camera is a much better option than bringing your primary phone. Any data you don't bring with you can't be taken from you at the scene.
|
||||
|
||||
However, getting access to or affording devices like these aren't a realistic option for many people. Whether you decide to take your smartphone or a secondary smartphone with you to the event, this guide will cover how to maximize that device's security and minimize risks to your privacy.
|
||||
|
||||
## Your Risks at a Protest
|
||||
|
||||
There are plenty of risks you should consider if you use your smartphone at a protest. We are going to try and cover the following in this guide:
|
||||
|
||||
1. Losing your device.
|
||||
|
||||
2. Authorities confiscating your smartphone.
|
||||
|
||||
3. Service disruption, either due to intentional interference by authorities or caused by networks being overloaded by large groups of people.
|
||||
|
||||
4. Targeted surveillance:
|
||||
- Disrupting your service.
|
||||
- Blocking delivery of calls/SMS to your number.
|
||||
- Monitoring your unencrypted traffic.
|
||||
- Monitoring communications over local radios like walkie-talkies, etc.
|
||||
|
||||
5. Mass surveillance:
|
||||
- Interference with web services. Popular communication platforms like Twitter or TikTok could be throttled or blocked.
|
||||
- Interference with messengers and voice services like Signal or WhatsApp.
|
||||
- Authorities could use public Wi-Fi networks in the area to monitor traffic and identify nearby devices.
|
||||
- Cell phone companies could provide records to authorities of devices near cell towers in the area to track and identify protesters.
|
||||
|
||||
Like all of our guides, we are going to cover the general best practices and provide helpful tips, but your individual situation may be different. You should always research and plan according to what you specifically are doing, and if you need legal advice you should always consult a qualified and licensed attorney.
|
||||
|
||||
## Secure Your Device
|
||||
|
||||
If your phone falls into the wrong hands, the information on it could be hugely damaging to yourself or others. Make sure you've taken the necessary steps to prevent it from being broken into.
|
||||
|
||||
### Use a Strong Screen Lock
|
||||
|
||||
At a bare minimum, you should use a 6-digit PIN, but ideally you should protect your phone with an alphanumeric passphrase. This prevents people from trivially accessing your data, and additionally protects your data with strong encryption.
|
||||
|
||||
Barring a massive security exploit (more on this [later](#consider-your-phones-security-patches)), most law enforcement tools work by essentially brute-forcing your PIN, running tons of guesses until it gets one right. This makes a long and unique passphrase your strongest protection against your data being stolen by people in possession of your device.
|
||||
|
||||
In the United States and many other countries it is legal to refuse to unlock your phone or provide your passcode to law enforcement. **Know your rights** wherever you're located before attending a protest, so you aren't blindly following orders later.
|
||||
|
||||
### Disable Biometic Authentication
|
||||
|
||||
We commonly recommend using biometric features like Face ID or Touch ID to prevent "shoulder surfing" attacks, where an attacker steals your PIN by discreetly watching you enter it, or where your PIN is recorded by surveillance cameras in the area.
|
||||
|
||||
**However**, in this situation it may make more sense to disable biometric authentication. Authorities are trained and known to use biometrics quickly to forcefully unlock your device, so you should be mindful of this fact when deciding what to do. If you disable biometrics, be wary of shoulder surfing attacks and prying eyes by obscuring or covering your phone whenever you unlock it.
|
||||
|
||||
Whatever you do, make sure you know how to quickly shut down your phone or disable biometrics at a moment's notice. Many phones have begun replacing the standard "hold down the power button" function with voice assistants or other features, so practice performing the actual shutdown method beforehand to familiarize yourself.
|
||||
|
||||
Modern iPhones require you to hold down the side button and either volume button before the power-off slider appears. Even if you don't get a chance to slide to power off, getting to this screen will at least disable biometric authentication, making your phone a bit more secure than it otherwise might be.
|
||||
|
||||
In the United States, it is still a legal gray area when it comes to whether law enforcement can force you to use biometrics, but many court decisions have leaned toward saying they **can** compel you to use your fingerprint. Using a passphrase and disabling biometrics gives you more robust 5th Amendment rights. In other countries you should again familiarize yourself with your rights in this scenario, so that you can make the most informed decision.
|
||||
|
||||
### Hide Your Notifications
|
||||
|
||||
Even with your device locked, law enforcement can see everything you're up to simply by scrolling through your notifications. Reducing the amount of information accessible on the lock screen improves your security and the security of those you're messaging, so make sure your notifications are only visible when your device is unlocked.
|
||||
|
||||
On an iPhone:
|
||||
|
||||
1. Open **Settings**
|
||||
2. Navigate to **Notifications**
|
||||
3. Navigate to **Show Previews**
|
||||
4. Select **Never** (or, **When Unlocked**)
|
||||
|
||||
On Android:
|
||||
|
||||
1. Open **Settings**
|
||||
2. Navigate to **Notifications**
|
||||
3. Touch **Notifications on lock screen**
|
||||
- Select **Don't show any notifications**
|
||||
4. Switch **Sensitive notifications** to **off**
|
||||
|
||||
### Disable Lock Screen Actions
|
||||
|
||||
In a similar vein, any functionality you have enabled while your device is unlocked can pose a security risk. It is always best practice to reduce your attack surface by disabling these options whenever possible. Even though these features are typically designed to not pose a security risk to your data, they have been known to be exploited in the past to bypass lock screens and other security features.
|
||||
|
||||
On an iPhone:
|
||||
|
||||
1. Open **Settings**
|
||||
2. Navigate to **Face ID & Passcode**
|
||||
3. Scroll to the **Allow Access When Locked** section
|
||||
4. Switch all features you don't need **off**
|
||||
|
||||
On Android, disabling functionality while the phone is locked will vary widely by manufacturer. Some like Samsung provide more flexible options in their lock screen settings, but others like Google do not provide the option to disable the quick settings panel or other similar features.
|
||||
|
||||
### Avoid External Storage
|
||||
|
||||
Your Android phone might have the option to store files or photos on a microSD card, but these cards are not always subject to the same encryption standards as your phone's built-in storage. You should check whether your microSD card can be encrypted in your phone's settings, although this will prevent it from being read by other devices like your computer later.
|
||||
|
||||
Additionally, even *if* it's encrypted, it still won't benefit from the same security protections that your phone's built-in storage provides, such as advanced brute-force protections. Ideally you should remove all external storage devices from your phone during the event, and save photos, videos, and other files to your phone's encrypted internal storage.
|
||||
|
||||
### Consider Your Phone's Security Patches
|
||||
|
||||
Exploits against smartphones are discovered on a very regular basis, and spyware companies that work with law enforcement—like Cellebrite—abuse these exploits to crack into stolen devices. If your phone is no longer receiving regular updates from its manufacturer, you are in a very dangerous position as you may be vulnerable to the exploits used.
|
||||
|
||||
In general, we consider the latest iPhone and latest Google Pixel to be the most secured against this sort of threat. You can increase your security further by using a [hardened alternative operating system](https://www.privacyguides.org/en/android/distributions/) on your Google Pixel.
|
||||
|
||||
Robust security information about phones from other manufacturers is less common. If you use a different device you may still consider the risks to be worth it, but if confiscation is of *particular* concern to you, or especially if your phone no longer receives security patches, you may want to consider leaving the phone at home.
|
||||
|
||||
## Protect Against Surveillance
|
||||
|
||||
### Disable AirDrop
|
||||
|
||||
One of the most innocuous features enabled on millions of iPhones is also one of the most dangerous for those seeking to protect their privacy in public. Apple's AirDrop protocol [uses](https://www.usenix.org/system/files/sec21-heinrich.pdf) trivially bypassed security measures that authorities like the Chinese government have openly [bragged](https://arstechnica.com/security/2024/01/hackers-can-id-unique-apple-airdrop-users-chinese-authorities-claim-to-do-just-that/) about cracking to identify users since at least 2022.
|
||||
|
||||
You should assume that any device with AirDrop enabled is constantly broadcasting your name, email address, and phone number to everyone around you, **even if** you have it set to "Contacts Only." Apple has known about this [flaw](https://www.macrumors.com/2021/04/23/airdrop-researchers-security-flaw/) since 2019 and has not issued any fix.
|
||||
|
||||
1. Open the **Settings** app
|
||||
2. Navigate to **General**
|
||||
3. Navigate to **AirDrop**
|
||||
4. Select **Receiving Off**
|
||||
|
||||
### Lock Down Your Network
|
||||
|
||||
Your phone signals can be used to track you even if you don't make a call or send a text. Some law enforcement agencies use "stingrays," devices which can impersonate a cell tower to track visitors to an area. While the capabilities of the most modern ones isn't fully known, you should definitely protect yourself from the subset of stingrays which abuse the lower security standards of older, 2G networks.
|
||||
|
||||
On Android:
|
||||
|
||||
1. Open **Settings**
|
||||
2. Navigate to **Network & internet**
|
||||
3. Navigate to **SIMs**
|
||||
4. Select your carrier or SIM card
|
||||
5. Switch **Allow 2G** to **off**
|
||||
|
||||
On iPhone:
|
||||
|
||||
1. Open **Settings**
|
||||
2. Navigate to **Privacy & Security**
|
||||
3. Navigate to **Lockdown Mode**
|
||||
4. Select **Turn On Lockdown Mode**
|
||||
|
||||
Note that enabling [Lockdown Mode](https://www.privacyguides.org/articles/2022/10/27/macos-ventura-privacy-security-updates/#lockdown-mode) on an iPhone will change a variety of settings to harden its security. Many of them are smart improvements, but certain apps and features [won't work](https://support.apple.com/HT212650) normally, so read the previous links here for more details.
|
||||
|
||||
### Use Airplane Mode Frequently
|
||||
|
||||
Even after mitigating the risks of 2G networks, your cellular activity can still be tracked. If not by law enforcement then by your carrier, who will likely be responsive to law enforcement's requests for data after the fact.
|
||||
|
||||
To prevent this, you should keep your phone turned off or use Airplane Mode to disable cellular connections whenever possible. Ideally you should only connect to networks in an emergency situation to communicate with others in your group, otherwise keeping messages and network transmissions to a minimum is key.
|
||||
|
||||
### Disable Location Services
|
||||
|
||||
If you have to keep your device powered on and connected, you can at least minimize the number of parties who have access to your location data. Be mindful of apps that you choose to share your location with, and consider disabling location services entirely while you're at the event.
|
||||
|
||||
On an iPhone:
|
||||
|
||||
1. Open **Settings**
|
||||
2. Navigate to **Privacy & Security**
|
||||
3. Navigate to **Location Services**
|
||||
4. Switch **Location Services** to **off**
|
||||
|
||||
On Android:
|
||||
|
||||
1. Open **Settings**
|
||||
2. Navigate to **Location**
|
||||
3. Switch **Use location** to **off**
|
||||
|
||||
If you use an Android phone, you should also check your Google account settings to [ensure location history is disabled](https://support.google.com/accounts/answer/3118687). Google is frequently tapped by law enforcement to provide location data, because they don't protect your personal information with strong, zero-knowledge encryption.
|
||||
|
||||
## Other Tips
|
||||
|
||||
### Use Signal
|
||||
|
||||
[**Signal**](https://www.privacyguides.org/en/real-time-communication/#signal) is the most secure app for sending text messages and making voice calls with others. It is also impossible to configure Signal to lower its encryption security or other security standards, so you know that everyone in your group is using settings that are safe by default.
|
||||
|
||||
Signal is battle-tested for this situation. [Signal has responded to 6 government requests](https://signal.org/bigbrother/) since 2016, and in each case the only information they were able to provide was at most:
|
||||
|
||||
1. Whether the user was registered with Signal
|
||||
2. When that user registered with Signal
|
||||
3. When that user connected to Signal last
|
||||
|
||||
Keep in mind that using Signal could still expose your phone's location, simply due to making a network request as we covered above. You should still keep your phone in [Airplane Mode](#use-airplane-mode-frequently) and minimize the use of Signal or any other networked app during the event.
|
||||
|
||||
There *are* other [encrypted messengers](https://www.privacyguides.org/en/real-time-communication/), some of them even making use of technologies developed by Signal. However, they all come with trade-offs that could easily compromise your security. WhatsApp and Facebook Messenger are end-to-end encrypted for example, but they collect copious amounts of *metadata* about your messages, such as who you're sending them to, when you're sending them, your location when you're sending them, etc. Apple's iMessage service in the Messages app has strong encryption but similar metadata concerns, and only works if everyone in your group has an iPhone.
|
||||
|
||||
### Protect Your Access to Information
|
||||
|
||||
Phones can be easily lost, taken, broken, or they can simply run out of juice. Bring a spare mobile battery or a charged power bank with you, and try to minimize your phone usage to preserve power. You should also make sure your mobile plan is topped up and you have enough mobile data prior to the event.
|
||||
|
||||
You should also write down the number of an emergency contact or a lawyer on a physical piece of paper, or [even](https://xcancel.com/madeleine_rae/status/1266528386878443522) in Sharpie on your arm. You'll want this information easily accessible if you're arrested regardless of your phone's state or location.
|
||||
|
||||
### Change Your Camera Settings
|
||||
|
||||
Check your camera settings for things which may draw unwanted attention, like the flash or a shutter sound. You should go through these settings in advance and configure it for the safest possible use.
|
||||
|
||||
### Back Up Your Data
|
||||
|
||||
You should be prepared to have your phone taken or lost during a protest. You can limit the potential costs and headache to you if this happens by making sure you have an updated, encrypted backup of your data.
|
||||
|
||||
If you have an iPhone, you can make a local backup to a macOS computer or a Windows computer with iTunes. You can also back up to iCloud, but these backups are only secure if you enable [Advanced Data Protection](https://www.privacyguides.org/en/os/ios-overview/#icloud) on your iCloud account. We strongly encourage [enabling Advanced Data Protection](https://support.apple.com/en-us/108756) for all iCloud users in any case, as it protects not only device backups but most iCloud account data as well.
|
||||
|
||||
The backup situation on Android is not nearly as robust unfortunately, but you can back up photos and files with a variety of services. If you use an online backup service we recommend choosing one with strong, zero-knowledge encryption so that the service provider is unable to access your data.
|
||||
|
||||
- [Recommended Photo Backup Services](https://www.privacyguides.org/en/photo-management/)
|
||||
- [Recommended Cloud Drive Services](https://www.privacyguides.org/en/cloud/)
|
||||
- [Recommended File Sync Services](https://www.privacyguides.org/en/file-sharing/)
|
||||
|
||||
## At The Protest
|
||||
|
||||
### Keep Your Device Locked
|
||||
|
||||
You should always use your camera to take pictures or videos while your phone is locked, in case your device is taken while filming. This is easier if you've [disabled biometrics](#disable-biometic-authentication), because Face ID or similar features might unlock your device automatically when you don't want that to happen.
|
||||
|
||||
On an iPhone you can hold down the camera icon on the lock screen to open the camera without unlocking your device. You could also configure the Action Button to open the camera, or use the dedicated camera button on the latest iPhone model.
|
||||
|
||||
On a Google Pixel and most other Android devices, double-tapping the power button will open the camera without needing to unlock your device.
|
||||
|
||||
You should learn and/or set up device shortcuts to do things quickly, ideally while the device remains locked whenever possible, and ensure you're familiar with the shortcuts before the event.
|
||||
|
||||
### Have a Backup Communications Network
|
||||
|
||||
In the event of an internet blackout, it might be a good idea to have a backup network prepared, organized with other attendees. Messaging apps like [Briar](https://www.privacyguides.org/en/real-time-communication/#briar) can operate in a local mesh mode, connecting to other devices in the area with Bluetooth or local Wi-Fi connections instead of relying on centralized internet services.
|
||||
|
||||
You might also want to consider local radios like walkie-talkies, although keep in mind these devices are nearly always unencrypted and can be easily monitored by others, so you won't want to use them to transmit sensitive information.
|
||||
|
||||
## After The Event
|
||||
|
||||
### If Your Phone Was Taken
|
||||
|
||||
If you lose your phone, you may be able to locate or wipe your phone remotely depending on the model. Here are some instructions for common devices you can try:
|
||||
|
||||
- [Finding a lost Android device](https://support.google.com/android/answer/3265955?hl=en)
|
||||
- [Finding a lost iPhone](https://support.apple.com/en-us/104978)
|
||||
|
||||
If you were logged in to any online services on your phone, you should try and get them signed out. On many social media websites for example, you can go to your account's settings to see what devices are signed in and revoke their access remotely.
|
||||
|
||||
Please be aware of the **legal consequences** of these actions. Wiping your device or revoking online account access could lead to obstruction of justice or destruction of evidence charges in some jurisdictions. You should always speak with your licensed attorney before deciding how to proceed. If your phone was taken by law enforcement you may have legal recourse to get it back.
|
||||
|
||||
### Be Mindful of Others
|
||||
|
||||
If you post your photos online, be mindful of identifiable faces or other characteristics of your fellow protesters or bystanders. Law enforcement or vigilantes use these photos to track down other attendees and arrest or harass them.
|
||||
|
||||
To prevent this, you can obscure the faces of anyone in the image. Most phones have [built-in photo editing tools](https://www.privacyguides.org/en/os/ios-overview/#redacting-elements-in-images) that allow you to draw on an image. Blurring can sometimes be reversed, so blocking it out entirely is generally preferable.
|
||||
|
||||
Be careful of the editing tools you use, and don't select highlighters or other semi-transparent editing tools. Even if you scribble over an area of a photo multiple times with a dark/black "highlighter" tool until it *appears* black, that can often be reversed with photo editing software by adjusting the contrast of the image. Using a shape/rectangle tool to draw a black box over areas you wish to redact is much better than trying to manually cross out image elements with drawing tools.
|
||||
|
||||
The Signal app also has built-in tools for photo editing and blurring. You can send a photo to yourself in the "Notes to Self" chat, then save the edited image from that chat for sharing. Signal also automatically removes photo metadata, so if you use it you're already covered with our next section:
|
||||
|
||||
### Scrub Photo Metadata
|
||||
|
||||
Photos have hidden information, or *metadata*, embedded in them which include the type of phone/camera you used, the photo's location, and other potentially sensitive data.
|
||||
|
||||
You should use a [metadata removal tool](https://www.privacyguides.org/en/data-redaction/) to remove this data from images before you share them with others. If you send a photo to someone using Signal, that app removes this metadata automatically.
|
||||
@@ -18,8 +18,6 @@ schema_type: AnalysisNewsArticle
|
||||
|
||||

|
||||
|
||||
<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides | Photo: Unsplash</small>
|
||||
|
||||
One of the most common questions users have when it comes to privacy is about messaging services. It seems almost all of them mention some level of privacy or encryption to entice the user to sign up for their service, but how can you be sure you’re using the most secure, privacy respecting platform?<!-- more -->
|
||||
|
||||
The answer actually lies in one’s [threat model](https://www.privacyguides.org/basics/threat-modeling/), which is often an ignored step in choosing all privacy related apps and services, meaning a lot of users limit their internet and communication experience because they believe they need Edward Snowden level privacy settings.
|
||||
|
||||
@@ -17,8 +17,6 @@ schema_type: NewsArticle
|
||||
|
||||

|
||||
|
||||
<small aria-hidden="true">Illustration: Privacy Guides | Photo: Unsplash</small>
|
||||
|
||||
Dear *Privacy Guides* Community,
|
||||
|
||||
On the 15th of October, it was [brought to our attention](https://web.archive.org/web/20201127034309/https://www.reddit.com/r/privacy/comments/di5rn3/startpage_is_now_owned_by_an_advertising_company/) that Startpage.com was reportedly (partially?) taken over by a company called the Privacy One Group, which is in turn owned by a company called System1. We found this quite remarkable as the two companies seem to have conflicting business models.<!-- more --> Startpage has been known for basing their advertisements on what their users enter in their search bar. System1 on the other hand, is a pay-per-click advertising company that "[has developed a pre-targeting platform that identifies and unlocks consumer intent across channels including social, native, email, search, market research and lead generation rather than relying solely on what consumers enter into search boxes.](https://web.archive.org/web/20201127034309/https://www.bizjournals.com/losangeles/news/2017/09/20/system1-raises-270-million-for-consumer-intent.html)"
|
||||
|
||||
@@ -17,8 +17,6 @@ schema_type: NewsArticle
|
||||
|
||||

|
||||
|
||||
<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides | Photo: Unsplash</small>
|
||||
|
||||
It has recently come to the attention of the *Privacy Guides* team that **Wire**, the popular end-to-end encryption messaging platform [has been sold or moved to a US company](https://web.archive.org/web/20201128215737/https://forum.privacytools.io/t/wire-swiss-gmbh-is-now-owned-by-a-usa-holding-company/1932). After a week of questioning, Wire finally confirmed they had changed holding companies and would now be a US based company in a move they called “simple and pragmatic,” as they worked to expand their foothold in the enterprise market. This also came alongside the news that Wire had accepted more than $8 million in Venture Capital (VC) funding from Morpheus Ventures, as well as other investors.<!-- more -->
|
||||
|
||||
Morpheus Ventures holds a [portfolio](https://web.archive.org/web/20201128215737/https://morpheus.com/portfolio/) including companies in healthcare, voice AI, life insurance, and retail customer data analytics: All sectors that have historically used invasive data collection methods to survive. Why would a VC with a portfolio centered on consumer data want to invest in a company whose mission claims to protect that very same information?
|
||||
|
||||
@@ -17,8 +17,6 @@ schema_type: AnalysisNewsArticle
|
||||
|
||||

|
||||
|
||||
<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides | Photo: Unsplash</small>
|
||||
|
||||
A lot changed between 2019 and now, not least in regards to Firefox. Since our last post, Mozilla has [improved](https://blog.mozilla.org/en/products/firefox/latest-firefox-rolls-out-enhanced-tracking-protection-2-0-blocking-redirect-trackers-by-default/) privacy with [Enhanced Tracking Protection (ETP)](https://blog.mozilla.org/en/products/firefox/firefox-now-available-with-enhanced-tracking-protection-by-default/). Earlier this year Mozilla introduced [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/) (Dynamic First Party Isolation dFPI). This was then further tightened with [Enhanced Cookie Clearing](https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-enhanced-cookie-clearing/). We’re also looking very forward to [Site Isolation](https://blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/) (code named Fission) being enabled by default in the coming releases.<!-- more -->
|
||||
|
||||
Now that so many privacy features are built into the browser, there is little need for extensions made by third-party developers. Accordingly, we have updated our very outdated [browser](https://www.privacyguides.org/desktop-browsers/) section. If you’ve got an old browser profile we suggest **creating a new one**. Some of the old advice may make your browser *more* unique.
|
||||
|
||||
@@ -17,8 +17,6 @@ schema_type: AnalysisNewsArticle
|
||||
|
||||

|
||||
|
||||
<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides | Photo: Unsplash</small>
|
||||
|
||||
Mozilla Firefox is one of the most popular web browsers around, and for good reason. It's fast, secure, open-source, and it's backed by an organization that actually respects your privacy. Unlike many other Chrome alternatives and forks, it has a massive development team behind it that publishes new updates on a constant, regular basis. Regular updates doesn't only mean shiny new features, it means you'll also receive security updates that will keep you protected as you browse the web.<!-- more -->
|
||||
|
||||
Because of all of this, [we recommend Firefox](https://www.privacyguides.org/desktop-browsers/#firefox) as our general-purpose browser for most users. It's the best alternative to Chrome and Edge for privacy conscious individuals.
|
||||
|
||||
@@ -16,8 +16,6 @@ schema_type: AnalysisNewsArticle
|
||||
|
||||

|
||||
|
||||
<small aria-hidden="true">Image: Unsplash</small>
|
||||
|
||||
**"No shady privacy policies or back doors for advertisers" proclaims the Firefox homepage, but that's no longer true in Firefox 128.**
|
||||
|
||||
Less than a month after [acquiring the AdTech company Anonym](https://discuss.privacyguides.net/t/mozilla-acquires-anonym-raising-the-bar-for-privacy-preserving-digital-advertising/18936), Mozilla has added special software co-authored by Meta and built for the advertising industry directly to the latest release of Firefox, in an experimental trial you have to opt out of manually. This "Privacy-Preserving Attribution" (PPA) API adds another tool to the arsenal of tracking features that advertisers can use, which is thwarted by traditional content blocking extensions.<!-- more -->
|
||||
|
||||
@@ -1,65 +0,0 @@
|
||||
---
|
||||
date:
|
||||
created: 2025-01-17
|
||||
categories:
|
||||
- Announcements
|
||||
authors:
|
||||
- niek-de-wilde
|
||||
tags:
|
||||
- Privacy Guides
|
||||
description: Privacy Guides is welcoming three new additions to the team.
|
||||
schema_type: NewsArticle
|
||||
---
|
||||
|
||||
# Privacy Guides Hires Three Staff Members
|
||||
|
||||
At Privacy Guides, we are always looking for ways to be more effective at our mission of promoting privacy and security for everyone. To help us grow, reach a broader audience, and provide more high quality educational resources, we are thrilled to announce the hiring of three talented individuals to our team! Each of them brings a strong passion to their respective roles, and we are excited about working with them.<!-- more -->
|
||||
|
||||
## Em – Journalist
|
||||
|
||||
{ align=right }
|
||||
|
||||
We’re excited to welcome Em (she/her), our new journalist, who will play an important role in taking our [articles](https://www.privacyguides.org/articles/) to the next level. She will be focusing on creating in-depth, interesting posts that explore the most important topics in the world of online privacy, security, and digital rights. Em will also conduct interviews with experts in the industry, analyze reports and studies, and produce investigative news stories to keep our readers informed.
|
||||
|
||||
*Em is a privacy advocate and public‑interest technologist who has been fervently defending privacy rights online (and offline) since 2018. Her work focuses on raising awareness and informing the public and organizations on data privacy tools, practices, and regulations. She is a passionate writer and thorough investigator, continuously working on ways to improve adoption of better privacy practices, and regularly creating educational material to make protective tools accessible to the groups who need them most.*
|
||||
|
||||
*Em is also a human rights activist who deeply values inclusivity, diversity, accessibility, and software for the public good. In her free time, you can find Em on Mastodon sharing privacy tips or boosting photos of cats and moss.*
|
||||
|
||||
[:material-mastodon: Follow Em at @Em0nM4stodon@infosec.exchange](https://infosec.exchange/@Em0nM4stodon)
|
||||
|
||||
## Jordan – Content Producer
|
||||
|
||||
{ align=right }
|
||||
|
||||
We also welcome Jordan Warne (they/them), our new content producer who will manage our channels on various video platforms! Jordan has a strong background in video production and content strategy, and we’re confident that they will help us expand our reach and connect with a broader audience. Through informative, easy-to-understand videos, Jordan will simplify complex privacy topics and keep our community engaged. Expect a significantly larger presence on our [PeerTube](https://neat.tube/c/privacyguides/videos) and [YouTube](https://www.youtube.com/@privacyguides) channels in the coming months!
|
||||
|
||||
*Jordan is a passionate creative with an education in both cybersecurity and photography. Having completed a Diploma of Digital Imaging at Billy Blue College of Design, Jordan is equipped with the skills and experience to take Privacy Guides' video content to the next level. Having recently completed a Diploma of Information Technology (Cybersecurity) Jordan has the unique skillset to simplify complex cybersecurity topics and turn them into engaging and approachable content.*
|
||||
|
||||
*Outside producing high-quality videos, Jordan enjoys exploring the Australian bush, capturing intricate details of its flora and fauna through photography.*
|
||||
|
||||
[:material-mastodon: Follow Jordan at @jw@social.lol](https://social.lol/@jw)
|
||||
|
||||
## Kevin – Intern
|
||||
|
||||
{ align=right }
|
||||
|
||||
Last but not least, we are excited to start working with Kevin Pham (he/him), our new intern focused on community & news, who will support both Em and Jordan in their roles while also engaging with our community across all platforms. His enthusiasm for digital privacy and his commitment to helping others make him a perfect fit for our team. He will help with managing our community, and interact with our growing online community to ensure that everyone has a voice. Kevin’s passion and eagerness to learn will no doubt contribute greatly to our mission.
|
||||
|
||||
*Kevin is a senior at Tufts University studying Political Science and Science & Technology Studies. Originally from Florida, he is now freezing up in the greater Boston area. Kevin is passionate about usable security and privacy for vulnerable populations. He has previously worked with Freedom of the Press Foundation's Digital Security Team and Cornell Tech's Clinic to End Tech Abuse to help journalists and domestic violence survivors alike.*
|
||||
|
||||
*Besides doomscrolling on social media, he loves cooking new recipes, reading philosophy essays, and perpetuating his caffeine addiction with Vietnamese coffee. Please feel free to reach out to him to discuss anything regarding best operational security practices and threat modeling...or just say hi!*
|
||||
|
||||
[:material-mastodon: Follow Kevin at @kevpham@mastodon.social](https://mastodon.social/@kevpham)
|
||||
|
||||
## What This Means for Privacy Guides
|
||||
|
||||
The expansion of the Privacy Guides team continues our commitment to provide the best quality resources and information on privacy and security. With Em’s investigative work, Jordan’s video content, and Kevin’s hands-on support, we look forward to communicating easy to understand and factual information with a broader audience.
|
||||
|
||||
We’re excited to see how these talented people will help Privacy Guides continue to grow, and we look forward to the amazing work they will contribute in the coming months.
|
||||
|
||||
Thank you for being a part of our community, and stay tuned for the exciting new content and updates that will be coming your way soon!
|
||||
Welcome aboard, Em, Jordan, and Kevin! Let’s make privacy accessible for everyone. 🚀
|
||||
|
||||
[:material-mastodon: Follow Privacy Guides at @privacyguides@neat.computer](https://mastodon.neat.computer/@privacyguides)
|
||||
|
||||
[:material-youtube: Subscribe to Privacy Guides on YouTube](https://www.youtube.com/@privacyguides)
|
||||
@@ -12,8 +12,6 @@ schema_type: BackgroundNewsArticle
|
||||
|
||||

|
||||
|
||||
<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides</small>
|
||||
|
||||
In February, the OpenCollective Foundation (OCF)—[our fiscal host of 4 years](https://blog.privacyguides.org/2019/10/31/weve-joined-the-open-collective-foundation/)—sent us an email to [announce](https://docs.opencollective.foundation/) that they would be shutting down, and they would no longer be able to collect donations on our behalf (or for any of the hundreds of projects they provided fiscal hosting services to). We immediately began to consider multiple options for the future of this project, including forming our own non-profit or finding another [fiscal host](https://en.wikipedia.org/wiki/Fiscal_sponsorship).<!-- more -->
|
||||
|
||||
We're excited to announce a [partnership](https://magicgrants.org/2024/07/22/Privacy-Guides-Fund) with MAGIC Grants, a Public 501(c)(3) charity with the mission of supporting privacy projects like ours and providing undergraduate scholarships for students interested in cryptocurrencies and privacy. They will immediately take over all of the operations previously provided by OCF, including accepting donations on our behalf, handling any of our accounting and taxes, reimbursing team members and volunteers, and taking legal ownership of assets like our domains and servers.
|
||||
|
||||
@@ -16,8 +16,6 @@ schema_type: NewsArticle
|
||||
|
||||

|
||||
|
||||
<small aria-hidden="true">Illustration: Privacy Guides</small>
|
||||
|
||||
Dear *Privacy Guides* Community,
|
||||
|
||||
In October 2019, we learned that System1 had become the majority shareholder in Startpage.com via a new System1 subsidiary, Privacy One Group. Due to the uncertainty surrounding the acquisition and the initial lack of clear communication from the Startpage team towards the privacy community, we were forced to delist Startpage from our [search engine recommendations](https://www.privacyguides.org/en/search-engines/).<!-- more --> In an [explanatory blog post](delisting-startpage.md), we asked for more clarity surrounding the situation, stating:
|
||||
|
||||
@@ -18,8 +18,6 @@ schema_type: OpinionNewsArticle
|
||||
|
||||

|
||||
|
||||
<small aria-hidden="true">Image: Unsplash</small>
|
||||
|
||||
We may think that we know the differences between privacy, security and anonymity, however we often mix them up. People will often criticize a product or service as “not private” when they really mean “not anonymous.” Privacy, security, and anonymity often complement each other, but they are not always dependent on each other, and they are definitely not the same thing. A service can be private without being anonymous, or even secure without being private. Which one should you prioritize?<!-- more --> To some extent, there are no wrong answers. It really comes down to your threat model and what your desired goal is. It is perfectly fine to pick a product that provides privacy even though it doesn't provide anonymity. Furthermore, it's okay to pick a product that doesn't provide security if it does provide one of the other features. The important thing is that you need to be aware what these products and services are and aren’t offering you so that you can use them correctly.
|
||||
|
||||
There’s lots of ways to define privacy, security, and anonymity. Someone showed me [this](https://code.privacyguides.dev/privacyguides/privacytools.io/issues/1760#issuecomment-10452) definition and I really liked it. It seems to pretty much hit the nail on the head when applying these terms specifically to data privacy and cybersecurity:
|
||||
|
||||
@@ -19,8 +19,6 @@ schema_type: AnalysisNewsArticle
|
||||
|
||||

|
||||
|
||||
<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides | Photo: Unsplash</small>
|
||||
|
||||
There’s a massive problem in the privacy world. Websites, social media accounts, and other platforms are constantly popping up out of nowhere, telling you to buy *The Greatest Service Ever* in order to solve all your privacy woes, whatever that may be. These websites often employ marketing teams to make sure their “reviews” are what you see first when you begin your research. Some of them are even operated by VPN providers themselves, operating under anonymous business entities to hide their bias, or doing it right out in the open, hoping you’ll mistake their advertising-filled press releases and blogs as insider knowledge of the VPN space.<!-- more -->
|
||||
|
||||
When a seemingly “unbiased review” on a site is merely a paid advertisement in disguise, that website is breaking their reader’s trust. From a consumer’s point of view, affiliate marketing and other paid promotional techniques like this make it near impossible to know when a review is genuine or not.
|
||||
|
||||
@@ -20,8 +20,6 @@ schema_type: NewsArticle
|
||||
|
||||

|
||||
|
||||
<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides</small>
|
||||
|
||||
We are excited to announce the launch of [Privacy Guides](https://www.privacyguides.org/) and [r/PrivacyGuides](https://www.reddit.com/r/PrivacyGuides/), and welcome the privacy community to participate in our crowdsourced software recommendations and share tips and tricks for keeping your data safe online. Our goal is to be a central resource for privacy and security-related tips that are usable by anybody, and to carry on the trusted legacy of PrivacyTools.<!-- more -->
|
||||
|
||||
As we [announced](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/) on the PrivacyTools blog in July, we made the decision to migrate off our former privacytools.io domain for various reasons, including an inability to contact the current domain holder for over a year and [growing](http://www.thedarksideof.io/) [issues](https://fortune.com/2020/08/31/crypto-fraud-io-domain-chagos-islands-uk-colonialism-cryptocurrency/) [with the .IO top-level domain](https://code.privacyguides.dev/privacyguides/privacytools.io/issues/1324). As attempts to regain ownership of the domain have proven fruitless, we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to [www.privacyguides.org](https://www.privacyguides.org/), and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc.
|
||||
|
||||
@@ -16,8 +16,6 @@ schema_type: NewsArticle
|
||||
|
||||

|
||||
|
||||
<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides</small>
|
||||
|
||||
[Privacy Guides](https://www.privacyguides.org) provides knowledge, recommendations, and services to protect you against global mass surveillance programs and encourage self-control of your data online. Our website is free of advertisements and is not affiliated with any listed providers, because we believe that our ability to recommend solutions without receiving financial kickbacks is incredibly important in remaining unbiased.<!-- more -->
|
||||
|
||||
However, we have always accepted and solicited financial contributions from our community. Running this network of websites and services for free to the public is a time-consuming and costly endeavor. We do it because we believe it is the right thing to do, not because we are looking to make a profit. Any contributions have been either used to pay our expenses or saved in a reserve for expansion or times of need.
|
||||
|
||||
@@ -18,8 +18,6 @@ schema_type: OpinionNewsArticle
|
||||
|
||||

|
||||
|
||||
<small aria-hidden="true">Illustration: Tor Project</small>
|
||||
|
||||
It makes me smile when I come across someone struggling with the decision of whether to get a [VPN](https://www.privacyguides.org/vpn/). It makes me smile not because of the indecision and relative lack of knowledge, but because it wasn't so long ago I was in exactly the same position—perceiving VPNs to be some kind of extreme measure only the paranoid and the criminal resorted to. How wrong I was.<!-- more -->
|
||||
|
||||
In just a few months I've come to realize that something like a VPN is in fact a basic measure one might take in the effort to more freely roam the Internet—tainted as it is by censorship, surveillance and many other forms of state control. So where do you go from realizing these issues if you know them to be the threats that they are to democracy and freedom? You seek to *take control*.
|
||||
|
||||
@@ -29,26 +29,6 @@ In addition to our core team, [many other people](about/contributors.md) have ma
|
||||
|
||||
[Job Openings :material-arrow-right-drop-circle:](about/jobs.md)
|
||||
|
||||
## Contact Us
|
||||
|
||||
[:simple-discourse: Join the Privacy Guides forum](https://discuss.privacyguides.net/){ .md-button .md-button--primary }
|
||||
|
||||
The best way to get individual help is from our community on Discourse. If you notice an issue with our website, please open a discussion in the [Site Development](https://discuss.privacyguides.net/c/site-development/7) category on our forum. If you have a question about anything we cover, please ask it in the [Questions](https://discuss.privacyguides.net/c/privacy/questions/8) category on our forum.
|
||||
|
||||
{ align=right }
|
||||
|
||||
Have a tip for us, or need to share some sensitive information? The best way to get in touch with us securely is via `@privacyguides.01` on Signal. This group account is monitored by [Jonah](https://discuss.privacyguides.net/u/jonah), [Niek](https://discuss.privacyguides.net/u/niek-de-wilde), [Em](https://discuss.privacyguides.net/u/ematprivacyguides), and [Jordan](https://discuss.privacyguides.net/u/jordan).
|
||||
|
||||
[:simple-signal: Chat on Signal](https://signal.me/#eu/zg9xcrIv5w-EtXt2FmTJgfWv01LmyTed8rpr7RDv35Mizq8ISZ9NJLmYtzsxI0Z4){ .md-button }
|
||||
|
||||
You may also email the entire team at <team@privacyguides.org>. This is a shared inbox that could be read by any [team member](https://discuss.privacyguides.net/u?group=team&order=solutions&period=all), so please consider what sensitive information you share via email accordingly.
|
||||
|
||||
We will do our best to respond to all queries within 3 business days, but please understand we are unable to provide individualized advice to everyone who asks. If you have a question about privacy, you will receive a much more detailed and timely response from the Privacy Guides community by [asking on our forum](https://discuss.privacyguides.net/c/privacy/questions/8).
|
||||
|
||||
You can also use OpenPGP to contact us via email, if you feel comfortable with your client's security settings. You can discover the PGP keys of our team members using WKD if your client supports it. If it doesn't, or you don't know what that means, you can also find the public key for any Privacy Guides email account by searching on [keys.openpgp.org](https://keys.openpgp.org/). We do not have PGP for the shared team inbox, only individual mailboxes which can be found in our team directory below.
|
||||
|
||||
If you need an alternative secure channel, please request one via any contact method including social media, and we will work with you to establish one. Please do not share any sensitive information with us before we have established an appropriately secure discussion channel.
|
||||
|
||||
## Executive Committee
|
||||
<!-- markdownlint-disable MD030 -->
|
||||
|
||||
@@ -118,50 +98,6 @@ The project executive committee consists of five volunteers charged with managem
|
||||
|
||||
</div>
|
||||
|
||||
## Staff
|
||||
|
||||
Our staff are paid to contribute to supplemental content at Privacy Guides, like [video production](https://www.youtube.com/@privacyguides), [news articles and tutorials](https://www.privacyguides.org/articles/), and our discussion communities and social media. Most are available and paid on a full-time basis to assist the organization.
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- :jack_o_lantern:{ .lg .middle } **Em**
|
||||
|
||||
---
|
||||
|
||||
:material-text-account: Journalist
|
||||
|
||||
[:material-account: Profile](https://discuss.privacyguides.net/u/ematprivacyguides)
|
||||
|
||||
[:material-github:](https://github.com/EmAtPrivacyGuides "GitHub")
|
||||
[:material-mastodon:](https://infosec.exchange/@Em0nM4stodon "@Em0nM4stodon@infosec.exchange"){rel=me}
|
||||
[:material-email:](mailto:em@privacyguides.org "Email")
|
||||
|
||||
- :full_moon_with_face:{ .lg .middle } **Jordan Warne**
|
||||
|
||||
---
|
||||
|
||||
:material-text-account: Content Producer
|
||||
|
||||
[:material-account: Profile](https://discuss.privacyguides.net/u/Jordan)
|
||||
|
||||
[:material-github:](https://github.com/jordan-warne "GitHub")
|
||||
[:material-mastodon:](https://social.lol/@jw "@jw@social.lol"){rel=me}
|
||||
[:material-email:](mailto:jordan@privacyguides.org "Email")
|
||||
|
||||
- :japanese_goblin:{ .lg .middle } **Kevin Pham**
|
||||
|
||||
---
|
||||
|
||||
:material-text-account: Community & News Intern
|
||||
|
||||
[:material-account: Profile](https://discuss.privacyguides.net/u/kevpham)
|
||||
|
||||
[:material-github:](https://github.com/kevpham123 "GitHub")
|
||||
[:material-mastodon:](https://mastodon.social/@kevpham "@kevpham@mastodon.social"){rel=me}
|
||||
[:material-email:](mailto:kevin@privacyguides.org "Email")
|
||||
|
||||
</div>
|
||||
|
||||
## In The Media
|
||||
|
||||
> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies.
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
meta_title: "The Best Android Operating Systems - Privacy Guides"
|
||||
meta_title: "The Best Custom Android OSes (aka Custom ROMs) - Privacy Guides"
|
||||
title: "Alternative Distributions"
|
||||
description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
|
||||
schema:
|
||||
@@ -26,15 +26,13 @@ robots: nofollow, max-snippet:-1, max-image-preview:large
|
||||
- [:material-target-account: Targeted Attacks](../basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
|
||||
- [:material-bug-outline: Passive Attacks](../basics/common-threats.md#security-and-privacy){ .pg-orange }
|
||||
|
||||
A **custom Android-based operating system** (sometimes referred to as a **custom ROM**) can be a way to achieve a higher level of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services as well as other vendor software.
|
||||
A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services.
|
||||
|
||||
We recommend installing GrapheneOS if you have a Google Pixel as it provides improved security hardening and additional privacy features. The reasons we don't list other operating systems or devices are as follows:
|
||||
We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
|
||||
|
||||
- They often have [weaker security](index.md#install-a-custom-distribution).
|
||||
- Support is frequently dropped when the maintainer loses interest or upgrades their device, which is in contrast to the predictable [support cycle](https://grapheneos.org/faq#device-lifetime) that GrapheneOS follows.
|
||||
- They generally have few or no notable privacy or security improvements that make installing them worthwhile.
|
||||
## AOSP Derivatives
|
||||
|
||||
## GrapheneOS
|
||||
### GrapheneOS
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
|
||||
|
After Width: | Height: | Size: 79 KiB |
|
After Width: | Height: | Size: 85 KiB |
|
After Width: | Height: | Size: 116 KiB |
|
After Width: | Height: | Size: 56 KiB |
|
After Width: | Height: | Size: 56 KiB |
|
After Width: | Height: | Size: 111 KiB |
|
After Width: | Height: | Size: 82 KiB |
|
After Width: | Height: | Size: 62 KiB |
|
After Width: | Height: | Size: 82 KiB |
|
After Width: | Height: | Size: 1.7 MiB |
|
After Width: | Height: | Size: 69 KiB |
|
After Width: | Height: | Size: 66 KiB |
|
After Width: | Height: | Size: 13 KiB |
|
After Width: | Height: | Size: 109 KiB |
|
After Width: | Height: | Size: 106 KiB |
|
After Width: | Height: | Size: 17 KiB |
|
After Width: | Height: | Size: 27 KiB |
|
After Width: | Height: | Size: 42 KiB |
|
After Width: | Height: | Size: 33 KiB |
|
After Width: | Height: | Size: 33 KiB |
|
After Width: | Height: | Size: 15 KiB |
@@ -74,7 +74,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
|
||||
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
|
||||
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
|
||||
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
|
||||
- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
|
||||
- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service. Please note that you can only buy Monero on RetoSwap if you already own a small amount of Monero (currently a minimum of 0.11 XMR) in order to fund security deposits, although there are ongoing efforts to drop this requirement in the future.
|
||||
|
||||
## Criteria
|
||||
|
||||
|
||||
@@ -34,7 +34,7 @@ Most **mobile phones** receive short or limited windows of security updates from
|
||||
|
||||
The mobile devices listed here provide a long lifespan of guaranteed security updates and allow you to install a custom operating system without violating the Android security model.
|
||||
|
||||
[Recommended Android Distributions :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
|
||||
[Recommended Custom OSes :material-arrow-right-drop-circle:](android/distributions.md){ .md-button .md-button--primary } [Details about Android Security :material-arrow-right-drop-circle:](os/android-overview.md#security-protections){ .md-button }
|
||||
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Warning</p>
|
||||
|
||||
@@ -155,7 +155,7 @@ All devices with Google Play Services installed automatically generate an [adver
|
||||
|
||||
On Android distributions with [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), go to :gear: **Settings** → **Apps** → **Sandboxed Google Play** → **Google Settings** → **Ads**, and select *Delete advertising ID*.
|
||||
|
||||
On Android distributions with privileged Google Play Services (which includes the stock installation on most devices), the setting may be in one of several locations. Check
|
||||
On Android distributions with privileged Google Play Services (such as stock OSes), the setting may be in one of several locations. Check
|
||||
|
||||
- :gear: **Settings** → **Google** → **Ads**
|
||||
- :gear: **Settings** → **Privacy** → **Ads**
|
||||
|
||||
@@ -104,7 +104,7 @@ It is important to install **Software Updates** frequently to get the latest sec
|
||||
- [x] Turn on **Install iOS Updates**
|
||||
- [x] Turn on **Security Responses & System Files**
|
||||
|
||||
**AirDrop** is commonly used to easily share files, but it represents a significant privacy risk. The AirDrop protocol constantly broadcasts your personal information to your surroundings, with [very weak](https://www.usenix.org/system/files/sec21-heinrich.pdf) security protections. Your identity can easily be discovered by attackers even with limited resources, and the Chinese government has [openly acknowledged](https://arstechnica.com/security/2024/01/hackers-can-id-unique-apple-airdrop-users-chinese-authorities-claim-to-do-just-that/) using such techniques to identify AirDrop users in public since 2022.
|
||||
**AirDrop** allows you to easily transfer files, but it can allow strangers to send you files you do not want.
|
||||
|
||||
- [x] Select **AirDrop** → **Receiving Off**
|
||||
|
||||
@@ -250,20 +250,11 @@ In addition to locking apps behind biometrics, you can also hide apps so that th
|
||||
|
||||
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
|
||||
|
||||
### Redacting Elements in Images
|
||||
### Blacking Out Faces/Information
|
||||
|
||||
If you need to hide information in a photo, you can use Apple's built-in editing tools to do so.
|
||||
|
||||
If your device supports it, you can use the [Clean Up](https://support.apple.com/en-us/121429) feature to pixelate faces or remove objects from images.
|
||||
|
||||
- Open the **Photos** app and tap the photo you have selected for redaction
|
||||
- Tap the :material-tune: (at the bottom of the screen)
|
||||
- Tap the button labeled **Clean Up**
|
||||
- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
|
||||
|
||||
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
|
||||
|
||||
- Tap the image you have selected for redaction
|
||||
- Tap the :material-tune: (at the bottom of the screen) → markup symbol (top right) → plus icon at the bottom right
|
||||
- Select **Add Shape** and choose the square or circle
|
||||
- On the toolbar, tap the circle (left-most option) and choose black as the color for filling in the shape. You can also move the shape and increase its size as you see fit.
|
||||
|
||||
@@ -0,0 +1,272 @@
|
||||
---
|
||||
title: System Hardening
|
||||
icon: material/monitor-lock
|
||||
---
|
||||
|
||||
## Setting up Windows after Installation
|
||||
|
||||
If you wish to limit the amount of data Microsoft obtains from your device, an [offline/local account](https://answers.microsoft.com/en-us/windows/forum/all/how-to-create-a-local-or-offline-account-in/95097c32-40c4-48c0-8f3b-3bcb67afaf7c) is **recommended**.
|
||||
|
||||

|
||||
|
||||
<div class="admonition note" markdown>
|
||||
<p class="admonition-title">Note</p>
|
||||
|
||||
Microsoft is pushing users to use Microsoft accounts for other editions except Education and Enterprise after installation.
|
||||
|
||||
So, You could also follow the guide by [ghacks.net](https://www.ghacks.net/2022/05/13/how-to-bypass-the-microsoft-account-requirement-during-windows-setup/) to bypass the Microsoft account requirement during setup and use Local account.
|
||||
</div>
|
||||
|
||||
While setting up, it is recommended to use a generic name such as `user` and `host` and avoid identifying terms such as your name or operating system. This can make it more difficult for privileged `Win32` apps or attackers to discern your identity.
|
||||
|
||||
For security, it's recommended to set up Windows Hello on all of your accounts because it uses the trusted platform module (TPM) if applicable, which protects against brute-force attacks; see the documentation: [How Windows Uses the TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm#windows-hello-for-business)
|
||||
|
||||
- [ ] Toggle off all privacy related settings as shown in the image:
|
||||
|
||||

|
||||
|
||||
## Encrypting the Drive
|
||||
|
||||
After you have installed Windows, turn on full disk encryption (FDE) using BitLocker via the Control Panel.
|
||||
|
||||
<div class="admonition info" markdown>
|
||||
<p class="admonition-title">Choosing the Way to Encrypt</p>
|
||||
|
||||
It is recommended to use only the Control Panel because if you go to encrypt via settings app, Microsoft named it as `Device Encryption` and designed it in a way that the encryption keys for BitLocker would be stored on Microsoft's server which is attached to your Microsoft account. This can be dangerous to your privacy and security as anyone who gains access to your account, as could an attacker if they were able to gain access to Microsoft's servers or any Law Enforcement could by a Gag order.
|
||||
|
||||
</div>
|
||||
|
||||
The best way is to go to the Control Panel by searching for it in the Start Menu or from the context menu (right-click) in File Explorer and set it up for all of the drives that you have.
|
||||
|
||||

|
||||
|
||||
Bitlocker is suggested because of the native implementation by the OS and along with the usage of hardware to be resistant against encryption flaws.
|
||||
|
||||
### Security policies for Bitlocker
|
||||
|
||||
Enable the Following group policies before you start encrypting your drives.
|
||||
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Tip</p>
|
||||
|
||||
To go to it, search **Group Policy** in the **Windows Search Bar** and press **Enter** or type `gpedit.msc` in ++win+r++. Then, proceed as mentioned below.
|
||||
|
||||
</div>
|
||||
|
||||
General Policies :
|
||||
|
||||
Go to `Computer Configuration` > `Administrative Templates` > `Windows Components` > `Bitlocker Drive Encryption`
|
||||
|
||||

|
||||

|
||||
|
||||
For OS drives :
|
||||
|
||||
Go to `Computer Configuration` > `Administrative Templates` > `Windows Components` > `Bitlocker Drive Encryption` > `Operating System Drives`
|
||||
|
||||
Enable Group policies as in the images below <!--(Check images side by side)--> :
|
||||
|
||||

|
||||

|
||||

|
||||

|
||||

|
||||
|
||||
For Fixed Drives :
|
||||
|
||||
Go to `Computer Configuration` > `Administrative Templates` > `Windows Components` > `Bitlocker Drive Encryption` > `Fixed Data Drives` > `Enforce drive encryption type on fixed data drives`
|
||||
|
||||

|
||||
|
||||
These policies ensure that your drives are encrypted with `XTS-AES-256` Bit encryption, **fully**.
|
||||
|
||||
### Setting up Pre-boot Authentication
|
||||
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Update your TPM</p>
|
||||
|
||||
Before enabling Bitlocker in your device,It is strongly recommended to update your TPM chip by downloading package only from **OEM** Websites.
|
||||
|
||||
</div>
|
||||
|
||||
As you are using Windows 11, TPM is used to encrypt and decrypt the drive but it is susceptible to [cold boot attacks](https://blog.elcomsoft.com/2021/01/understanding-bitlocker-tpm-protection/). So, it is recommended to use TPM + PIN to protect the drives
|
||||
|
||||
After enabling all the group policies above, Go to Control panel and click on Add PIN. It can be alphanumeric if you had enabled the above policies.
|
||||
|
||||
You can check if it's enabled by typing `manage-bde -status`. It will normally show in **Key Protectors**: **Numerical Password** (it's the recovery key) and **TPM And PIN**.
|
||||
|
||||
<div class="admonition abstract" markdown>
|
||||
<p class="admonition-title">Disabling pre-boot Authentication (Not Recommended)</p>
|
||||
|
||||
- open a **terminal** as an **administrator** and type this command `manage-bde -protectors -add c: -TPM`.
|
||||
- You can again check if it worked by typing `manage-bde -status c:` and it will show you **Numerical Password** and **TPM**
|
||||
|
||||
</div>
|
||||
|
||||
<div class="admonition info" markdown>
|
||||
<p class="admonition-title">Info</p>
|
||||
|
||||
The above Group Policy configuration tells the TPM to release the encryption keys after entering PIN instead of releasing it on boot automatically.
|
||||
|
||||
Doing this will set a double password. So, you enter the PIN to release the encryption keys from TPM & boot Windows and another credential to unlock your user account.
|
||||
|
||||
The pre-boot PIN not only protects the OS drive but also other fixed drives used just for storage if bitlocker is enabled for that drive also.
|
||||
|
||||
</div>
|
||||
|
||||
When you do this, the encryption keys of your drive are only unlocked once you enter the PIN, and the decryption happens after. If you forget or lose the PIN, you won't be able to access your drives and OS anymore, and the only way to recover is using the Recovery Key provided during the initial setup of BitLocker. **Make sure you store it in a safe place**, such as a password manager, and keep backups of your Recovery Key or even use an encrypted USB drive.
|
||||
|
||||
The preboot authentication is recommend to avoid data being accessed by removal of user Account passwords by methods like this - [How to Reset Windows 11 Password Without Any Software](https://youtu.be/0gOZoroPNuA) and access data even though Bitlocker is enabled and managed by TPM
|
||||
|
||||
But when you use TPM + Startup PIN, nobody can restart to load the shell and bypass password. Because you need to enter your PIN to go to the Advanced Startup settings as in the video.
|
||||
|
||||
Enabling or not-enabling is up to the user's threat model.
|
||||
|
||||
If it's a personal device, Startup PIN + TPM is recommended.
|
||||
If a family computer, Normal Bitlocker (Managed by TPM) for OS drive is recommended.
|
||||
|
||||
It is recommended to encrypt the OS drive at the least. Encrypting secondary drives either via Bitlocker or other encryption tools such as Veracrypt is upto the user's threat model.
|
||||
|
||||
## Creation of User Account and usage
|
||||
|
||||
- By Default Windows gives `administrator` access to the user account. Create another `standard` user account to reduce the attack surface enormously as most vulnerabilities today come from the fact that the user is always in `administrator` mode. In addition, you shouldn't use the same password for standard and administrator account.
|
||||
|
||||
- Don't use admin account for any of your personal tasks!
|
||||
|
||||
- Just restrict it to the standard account created.
|
||||
|
||||
- Set [UAC](https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings) settings to the [Highest Privilege](https://support.microsoft.com/en-us/windows/about-user-account-control-settings-d5b2046b-dcb8-54eb-f732-059f321afe18).
|
||||
|
||||
- Only use your account for you, if someone needs to use your computer **ALWAYS** create another standard account, even if it's for a one-time use, even if it's your family or someone you trust. This person can plug a malicious USB, can connect to malicious Wi-Fi network, download infectious files, etc... without you knowing about it.
|
||||
|
||||
- You might be afraid that the user accessing your device via another User account can access your Internal drive and access critical files violating your privacy. Refer, [Privacy page](windows/privacy/#restrict-access-to-data-drives) on How to restrict access to certain drives only or use EFS on a per-file basis. You can read more about EFS on [Privacy page](privacy.md).
|
||||
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Tip</p>
|
||||
|
||||
You should ALWAYS do the quick shortcut ++win+l++ to lock your device when you are away to prevent unauthorized access.
|
||||
|
||||
</div>
|
||||
|
||||
- If you don't like managing a standard account, then enforce authentication for Administrator accounts too like Standard ones by following the guide by [Wikihow](https://www.wikihow.tech/Require-UAC-Passwords-on-Administrator-Accounts)
|
||||
- This way, Even administrators need to use Password to approve processes instead of just clicking `Yes` or `No`.
|
||||
|
||||
## Securing the Boot chain
|
||||
|
||||
- In your BIOS/UEFI settings, disable the booting of USB devices
|
||||
- Add a password to your BIOS/UEFI settings which restricts anyone from changing them.
|
||||
|
||||
### Enabling Secure Boot
|
||||
|
||||
- Windows 11 secures its bootloader by default by using Secure boot with the usage of TPM.
|
||||
|
||||
- Windows 10, on the other hand, doesn't come with Secure boot enabled by default except for new devices.
|
||||
|
||||
To enable Secure Boot from the PC BIOS menu. Follow this Step-by-Step Instructions by visiting this [documentation](https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/disabling-secure-boot?view=windows-11#re-enable-secure-boot).
|
||||
|
||||
Visit: [https://docs.microsoft.com/en-us/mem/intune/user-help/you-need-to-enable-secure-boot-windows#check-secure-boot-status](https://docs.microsoft.com/en-us/mem/intune/user-help/you-need-to-enable-secure-boot-windows#check-secure-boot-status) on how to verify if enabled after enabling secure boot.
|
||||
|
||||
### Firmware Protection
|
||||
|
||||
As there are thousands of PC vendors that produce many models with different UEFI BIOS versions, there becomes an incredibly large number of SRTM measurements upon bootup. Two techniques exist to establish trust here—either maintain a list of known 'bad' SRTM measurements (also known as a blocklist), or a list of known 'good' SRTM measurements (also known as an allowlist).
|
||||
|
||||
**System Guard** lets the system freely boot into untrusted code initially, but shortly after launches the system into a trusted state by taking control of all CPUs and forcing them down a well-known and measured code path. This has the benefit of allowing untrusted early UEFI code to boot the system, but then being able to securely transition into a trusted and measured state.
|
||||
|
||||
- [x] Enable [System Guard](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows) by following the instructions of [Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection) to secure the boot chain.
|
||||
|
||||
You can also know how to check if it is enabled or not in the guide.
|
||||
|
||||
<div class="admonition note" markdown>
|
||||
<p class="admonition-title">Note</p>
|
||||
|
||||
System Guard is mostly available on Windows Secured-Core PCs not on regular consumer devices. So, Before enabling it check the requirements of your Device.
|
||||
|
||||
</div>
|
||||
|
||||
## Protection against Malware and Viruses
|
||||
|
||||
- Just use the built-in Windows Defender Security to protect against threats and stick to it. Don't use any other Antivirus or Anti-Malware software [as it can weaken your security and your privacy](https://wonderfall.space/windows-hardening/#microsoft-defender-antivirus).
|
||||
|
||||
- [x] **Enable** [Windows Defender in a Sandbox](https://www.microsoft.com/security/blog/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/) by launching a **terminal** as an **administrator** and copy/paste this command ```setx /M MP_FORCE_USE_SANDBOX 1```. Restart your device and check if there's a process called **MsMpEngCP.exe** by typing `tasklist` in the terminal to verify.
|
||||
|
||||
- [ ] Disable Autoplay for devices so that malware hidden in USB don't execute on plugging in
|
||||

|
||||
- [x] Enable [Controlled Folder Access](https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-controlled-folders) in Windows defender settings. So, The Important folders you listed for protection doesn't get attacked or held hostage in case of a ransomware attack and also stops apps from accessing your important folders. This could also be used as a firewall for the filesystem such as Choosing the drives in the protected ones. And allowing each app when it request access to your device.
|
||||
|
||||
- [x] Enable [Microsoft Defender Application Guard](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview). After installing by going to "[Turn Windows Features on or off](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard)" you can enable it. This runs Microsoft Edge in an Isolated Hyper-V container preventing unknown Malware from damaging the system.
|
||||
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Warning</p>
|
||||
|
||||
When you use Microsoft Defender Application Guard it bypasses the VPN you are using as when you use WDAG is launching the application in what is essentially a virtual machine, so it bypasses the host, where the VPN is connected.
|
||||
|
||||
</div>
|
||||
|
||||
- [x] Enable [Memory Integrity](https://support.microsoft.com/en-us/windows/core-isolation-e30ed737-17d8-42f3-a2a9-87521df09b78) (also called Hypervisor-Protected Code Integrity) in Windows Defender settings which will run important system process isolated in an environment that cannot be attacked by viruses & malware.
|
||||
|
||||
- [x] Enable `Display File Extensions` as most problems start here.
|
||||
|
||||
<div class="admonition example" markdown>
|
||||
<p class="admonition-title">Enabling file extension</p>
|
||||
|
||||
On standard Windows settings, Malware can hide itself if the filename is like: `Secure-File.txt.exe`
|
||||
|
||||
What you see? A file named `Secure-File.txt`
|
||||
|
||||
Of course the attacker can add a different icon to the file, so it looks like you open the file type extension you think.
|
||||
|
||||
And if you open it, the Malware start's.
|
||||
|
||||
Just Open the File Explorer's settings and change it to show File Extensions by clicking on `View` > `Show` or by configuring via [Registry Editor](https://github.com/beerisgood/Windows11_Hardening/blob/master/always%20display%20file%20typ%20extension)
|
||||
</div>
|
||||
|
||||
## Apps
|
||||
|
||||
- Avoid any types of Cleaning software at all cost. As Microsoft is working on its own implementation specfically designed for windows.
|
||||
- To Install apps, using the `winget` (Windows Package manager). More details in [Sandboxing page](/windows/sandboxing/#using-winget-to-install-sofwaret)
|
||||
|
||||
## Security Improvements
|
||||
|
||||
- Use [PeaZip](https://peazip.github.io/) archiver instead of 7-zip as it disables [Mark of the Web(MoW)](https://nolongerset.com/mark-of-the-web-details/) [support by default](https://github.com/nmantani/archiver-MOTW-support-comparison#*2) leading to execution of malicious instantly after extracting.
|
||||
|
||||
- Using MS edge or brave over Firefox. Edge is recommended with MDAG mode for secure browsing if security is your priority. Brave is recommeded if content blocking is important for you (Brave shields)
|
||||
|
||||
- [Check](https://learn.microsoft.com/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt#how-to-check-if-kernel-dma-protection-is-enabled) if Kernel DMA protections is turned on.
|
||||
|
||||
- Use [Winget](/windows/sandboxing/#using-winget-to-install-sofware) tool to remove Bloatware instead of third party apps.
|
||||
|
||||
- [x] Block all incoming connections in Windows firewall.
|
||||
- Go to `Firewall & Network Protection` in Windows defender security.
|
||||
- Go to `Domain`, `Private` and `Public` network settings
|
||||
- Scroll and check the box under **Incoming Connections**
|
||||
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">A note regarding screen casting</p>
|
||||
|
||||
If you try to cast your screen to another device or cast another device screen to your device via Wireless display (Optional feature). You won't be able to connect the devices. As we have blocked Incoming connections. Miracast (Wireless casting) requires incoming connection to send data back and forth to show the screen on other or vice versa.
|
||||
|
||||
If you want to cast, then disable incoming connections in public network and cast your device and block connection again.
|
||||
|
||||
There is no problem if you use normal Projection via cable.
|
||||
|
||||
</div>
|
||||
|
||||
## Keeping your device up-to-date
|
||||
|
||||
You should keep your Windows Device up-to-date by enabling automatic updates. It is recommended to do so to keep your device with latest security fixes and new features.
|
||||
|
||||
To get information about the latest updates, you can look at the [Windows Release Information](https://docs.microsoft.com/en-us/windows/release-health/windows11-release-information).
|
||||
|
||||
It is recommended to stick to driver updates provided via Optional Updates, as they are thoroughly vetted by Microsoft for the stability of your device, and **do not rely on third-party apps for driver updates**. This way, you get the latest updates and security patches for your drivers along with firmware updates as long as your device is supported by the OEM.
|
||||
|
||||
Some Hardware vendors like Nvidia, Intel has their own updater tool which will provide latest drivers.
|
||||
|
||||
It is recommended to rather rely on Windows updates or first-party apps.
|
||||
|
||||
**Credits** : The page is mostly made based on the recommendations of Windows Hardening Guide by [beerisgood](https://github.com/beerisgood/Windows11_Hardening)
|
||||
|
||||
*[TPM]: Trusted Platform Module
|
||||
*[FDE]: Full Disk Encryption
|
||||
*[UAC]: User Account Control
|
||||
*[WDAG]: Windows Defender Application Guard
|
||||
*[SRTM]: Static Root-of-Trust Measurement
|
||||
@@ -13,9 +13,9 @@ You can enhance your privacy and security on Windows without downloading any thi
|
||||
|
||||
- Initial Installation (coming soon)
|
||||
- [Group Policy Settings](group-policies.md)
|
||||
- Privacy Settings (coming soon)
|
||||
- Application Sandboxing (coming soon)
|
||||
- Security Hardening (coming soon)
|
||||
- [Privacy Settings](privacy.md)
|
||||
- [Application Sandboxing](sandboxing.md)
|
||||
- [Security Hardening](hardening.md)
|
||||
|
||||
<div class="admonition example" markdown>
|
||||
<p class="admonition-title">This section is new</p>
|
||||
|
||||
@@ -0,0 +1,86 @@
|
||||
---
|
||||
title: Achieving Privacy
|
||||
icon: material/incognito
|
||||
---
|
||||
|
||||
## Using Microsoft account
|
||||
|
||||
You should avoid sign in to Windows with a Microsoft account. As signing in to applications like Microsoft Office (which some users are required to do for their school or company) will trigger a dark pattern offering you to sign in to Windows, which will connect your device to your Microsoft account, and compels sending data to Microsoft servers and it is critical to reject this offer.
|
||||
|
||||
It’s worth noting that according to [this study](https://www.autoriteitpersoonsgegevens.nl/sites/default/files/atoms/files/public_version_dutch_dpa_informal_translation_summary_of_investigation_report.pdf) it seems that Windows collects more telemetry when signed into a Microsoft Account.
|
||||
|
||||

|
||||
|
||||
You should log in to that specific app only if you need to.
|
||||
|
||||
or
|
||||
|
||||
Create another standard user account and connect it to Microsoft account if you are required for School or Work and keep the apps to that account alone. By restricting other data drive access, it is fully isolated from other profiles.
|
||||
|
||||
## Telemetry
|
||||
|
||||
To disable telemetry at full level, Open Group policy and navigate to `Computer Configuration` > `Administrative Templates` > `Windows Components` > `Data Collection and Preview builds` and choose as required
|
||||
|
||||

|
||||
|
||||
The above works only if you use Enterprise or Education edition. If Professional, It will send required (Basic) data.
|
||||
|
||||
If you read this article - [https://www.softscheck.com/en/blog/windows-10-enterprise-telemetry-analysis/](https://www.softscheck.com/en/blog/windows-10-enterprise-telemetry-analysis/), Enterprise even sends data even though telemetry is disabled. But there is no updated info about this available.
|
||||
|
||||
Disabling full telemetry or sending basic data to Microsoft is totally upto the user's threat model.
|
||||
|
||||
- [ ] Disable `Automatic Sample Submission` in Windows Defender, as the feature will send your files as a sample for Signature Database and might leak your data. You can do it via the below Group Policy so to not prompt you again and again constantly.
|
||||
|
||||
```text
|
||||
Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > MAPS > Send file samples when further analysis is required to Never Send.
|
||||
```
|
||||
|
||||
- [ ] Disable Windows spotlight by navigating to `User Configuration` > `Administrative Templates` > `Windows Components` > `Cloud Content` and setting **Turn off all Windows Spotlight features** policy to enabled.
|
||||
|
||||
<div class="admonition note" markdown>
|
||||
<p class="admonition-title">Note</p>
|
||||
|
||||
This explicitly disables Windows spotlight features in Lockscreen and Desktop to sever unnecessary connections between Microsoft servers and the device.
|
||||
|
||||
</div>
|
||||
|
||||
- [ ] Disable Bing integration in Windows search, by navigating to `Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results`. This way your search queries for local indexed data is not sent to Microsoft.
|
||||
|
||||
- [ ] Disable notification in the Lock screen in Windows settings
|
||||

|
||||
|
||||
- [ ] Disable Online Speech recognition and Voice activation
|
||||

|
||||

|
||||
|
||||
- [ ] Disable delivery optimization in Windows Update settings.
|
||||
|
||||
- Check all the App permissions and allow only necessary ones.
|
||||
|
||||
## Hide MAC Address
|
||||
|
||||
Go to `Settings` > `Network & Internet` > `Wifi`
|
||||
|
||||
Enable **Random hardware addresses**
|
||||
|
||||
## Restrict access to data drives
|
||||
|
||||
To prevent other users from accessing your secondary data drives. Type `gpedit.msc` in Windows Run dialog box.
|
||||
|
||||
Go to `User Configuration` > `Administrative Templates` > `Windows Components` > `File Explorer` and set the Group Policy as below.
|
||||
|
||||

|
||||
|
||||
The above configuration will restrict other users to the OS drive where Windows is installed. Making total isolation between your Account and other user account.
|
||||
|
||||
If it's a shared drive with another person but you don't want the user to access sensitive data then use EFS. EFS encrypts the documents so that the user who encrypted it can only access it and not others.
|
||||
|
||||

|
||||
|
||||
It is better to export the Private key certificate and store in a safe place so as to use the file later in other devices. To do so,
|
||||
|
||||
Press, ++win+r++, Then type `certmgr.msc`, Under `Personal` > `Certificates`. Click the certificate that contains your username. Right Click and choose export. If you find this too tricky, then after using EFS for first time. You will see an encrypted locker Icon in system tray which help you in exporting on clicking it.
|
||||
|
||||
To import in another device, simply open and install this certificate in that device and choose the above location. Then you can access EFS encrypted files in other system too.
|
||||
|
||||
*[EFS]: Encrypted File System
|
||||
@@ -0,0 +1,155 @@
|
||||
---
|
||||
title: Application Sandboxing
|
||||
icon: octicons/apps-16
|
||||
---
|
||||
|
||||
## Native Application Sandboxing
|
||||
|
||||
### Application Packaging by Windows
|
||||
|
||||
Windows has two types of application packaging such as `.exe`/`.msi` (Win32) and `.appx`/`.msix` (UWA).
|
||||
|
||||
#### Universal Windows Application (UWA)
|
||||
|
||||
UWAs are processes that operate within the `AppContainer` is an application sandbox environment, which implements mechanisms for the restriction of `AppContainer` processes in terms of what system resources they can access. Basically, Application that is fully isolated and only given access to certain resources.
|
||||
|
||||
#### Win32 Apps
|
||||
|
||||
Win32 is the application platform of choice for developing and running classic Windows applications, that
|
||||
is, Win32 applications, that require direct access to Windows and hardware.
|
||||
|
||||
The core of Win32 is the Win32 API implemented in the Windows SubDLLs (DLLs) and the ntdll.dll library file. With the combination of `SubDLLs` and `ntdll.dll`, the Win32 application has direct access to full system resources.
|
||||
|
||||
#### A comparison between UWA and Win32
|
||||
|
||||
| UWAs | Windows |
|
||||
| :--------- | :---------------------------------- |
|
||||
|UWAs run as restricted, containerized `AppContainer` processes that run by accessing the WinRT API, a subset of COM functionalities and the Win32 API. They have specific properties that define process restrictions in terms of the system resources that processes can access.| Win32 applications run as Windows native, traditional processes that run by accessing the Win32 API and COM functionalities to their full extent and a subset of the WinRT API to directly access all system resources. They do not run as restricted processes, all system functionalities are by design directly available to them.|
|
||||
|Only a single instance of a given UWA may run at a given time. | Any number of instances of a given Win32 application may run simultaneously. |
|
||||
|UWAs are distributed as application packages, archive files with a pre-defined format and required content that is necessary for the deployment and operation of UWAs |The way in which Win32 applications are distributed is not restricted by the operating system. It is defined by the application vendors. |
|
||||
|
||||
The above comparison gives a clear cut that UWA/UWP apps are the best ones to use in terms of sandboxing the app.
|
||||
|
||||
### Choosing the way to install software
|
||||
|
||||
UWA apps are primarily distributed through Microsoft store and are counter-signed by Microsoft while as third party UWA's are signed by the vendor without Microsoft's signature.
|
||||
|
||||
It is recommended to use the UWA apps as they are sandboxed into their own containers.
|
||||
|
||||
And for Win32 apps. If you are required to use Win32 apps. Install the application in the host and run it using [Windows Sandbox](/windows/sandboxing/#run-programs-instantly-in-sandbox).
|
||||
|
||||
It is **recommended** to install in host and use in Sandbox to reduce your time installing the software again and again in Windows Sandbox.
|
||||
|
||||
### Finding Win32 and UWP apps in Windows Store
|
||||
|
||||
Generally, apps available in Microsoft store was UWP only before Windows 11 was launched but after the launch both Win32 and UWP apps co-exist in the store.
|
||||
|
||||
At this point, it is difficult to differentiate between Win32 and UWP apps. To find which is UWP or Win32. Read below:
|
||||
|
||||
When you see an app in store and scroll down to *Additional Information* section and see if it asks for certain permissions like in the image below:
|
||||
|
||||

|
||||
|
||||
If the Win32 App, Microsoft store will explicitly state that it is Provided and Updated by `****` and `Uses all System resources` as in the image below:
|
||||
|
||||

|
||||
|
||||
<div class="admonition note" markdown>
|
||||
<p class="admonition-title">Un-sandboxed UWP apps</p>
|
||||
|
||||
Some UWP apps in the store due to the lift of restrictions in Microsoft store developers can submit the app with a property named `runFullTrust` which disables sandboxing of that UWP application and shows that `Uses all System Resources` in *Additional Information* section such as Firefox. By this you can know if a UWP app is sandboxed or not.
|
||||
|
||||
If it is sandboxed, it will show only certain permissions in *Additional Information* section.
|
||||
</div>
|
||||
|
||||
<div class="admonition abstract" markdown>
|
||||
<p class="admonition-title">Note</p>
|
||||
|
||||
Most apps will ask that if the app needs to be used for all users or just for your user account. It is best you keep the app to your user Account. So, We achieve better sandboxing between different user accounts.
|
||||
|
||||
</div>
|
||||
|
||||
#### Another way to find
|
||||
|
||||
[rg-adguard.net](https://store.rg-adguard.net/) is a third party Microsoft store app which can be used to download `.appx` files (Installer for UWP) and install UWP apps. You can use this site to download Age Restricted apps in store and Install it. **Note** that paid apps don't work unless you connect a Microsoft Account.
|
||||
|
||||
## Using Winget to Install Sofware
|
||||
|
||||
Windows Package Manager winget command-line tool is bundled with Windows 11 and modern versions of Windows 10 by default as the App Installer.
|
||||
|
||||
The winget command line tool enables users to discover, install, upgrade, remove and configure applications on Windows 10 and Windows 11 computers. This tool is the client interface to the Windows Package Manager service.
|
||||
|
||||
More information here : [https://learn.microsoft.com/en-us/windows/package-manager/winget/](https://learn.microsoft.com/en-us/windows/package-manager/winget/)
|
||||
|
||||
The Winget tool is a powerful tool to install apps that are safe, trusted and official ones. This should be used to avoid sketchy installers.
|
||||
|
||||
Even you have apps installed via the traditional installer setup. You can continue using winget
|
||||
|
||||
A Quick demo by ThioJoe - [https://youtu.be/uxr7m8wDeGA](https://youtu.be/uxr7m8wDeGA)
|
||||
|
||||
Detailed info about the tool by Microsoft - [https://youtu.be/Lk1gbe_JTpY](https://youtu.be/Lk1gbe_JTpY)
|
||||
|
||||
If you understood about Winget, then this tool - [https://winstall.app/](https://winstall.app/) is suggested to bulk install apps.
|
||||
|
||||
Note : Be sure to install via Winget or using MSI installer to upgrade the app easily.
|
||||
|
||||
### Benefits of winget
|
||||
|
||||
There are general advantages in having a package manager regardless of the operating system.
|
||||
|
||||
- Security : The packages that the package manager includes are usually safe because they’re verified by maintainers.
|
||||
- Automation : It’s easier to install or uninstall N applications using a package manager. No need to do it manually.
|
||||
- Maintenance : With a package manager usually you can update all your applications, including configurations.
|
||||
Exploration. Instead of searching manually in a browser for an application you can use the package manager. Since it’s centralized it should be easier to find what you want.
|
||||
|
||||
## Windows Sandbox
|
||||
|
||||
Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine.
|
||||
|
||||
The sandbox is temporary like TailsOS running on a USB drive. When it's closed, all the software and files and the state are deleted. You get a brand-new instance of the sandbox every time you open it.
|
||||
|
||||
You can know more from the Official [Documentation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview).
|
||||
|
||||
**Use case of Sandbox:** The Windows Sandbox can be used to run unknown software or if you want to isolate your Workspace from the host with only Specific set of apps, etc.
|
||||
|
||||
### Using Sandbox
|
||||
|
||||
To use Sandbox, you can create a configuration file as per the official Microsoft [Documentation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file) for your needs.
|
||||
|
||||
So, when opening the file, sandbox opens with the Configurations you had set up in your file.
|
||||
|
||||
If you do not understand the documentation, you can use [Windows Sandbox Editor](https://github.com/damienvanrobaeys/Windows_Sandbox_Editor) instead. It is a GUI application that can be used to create configuration files easily.
|
||||
|
||||
<div class="admonition note" markdown>
|
||||
<p class="admonition-title">Regarding Windows Sandbox Editor</p>
|
||||
|
||||
The repository doesn't provide a package. So, you need to download the whole codebase. After, extracting the zip Windows Defender or other Antivirus software may flag the [exe](https://github.com/damienvanrobaeys/Windows_Sandbox_Editor/tree/master/EXE) file as a malware. So, it is recommended to install it via the [Powershell Script](https://github.com/damienvanrobaeys/Windows_Sandbox_Editor/tree/master/Install%20on%20desktop%20(in%20case%20of%20issue%20with%20EXE)) they provide.
|
||||
|
||||
By default, You cannot execute Scripts in Powershell and it is restricted to commands only. It is recommend you allow the Terminal to `Unrestricted` mode and use it to install the editor via Script after that change it back to `Restricted` [execution policy](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.2) to prevent accidental execution of malicious scripts in the future.
|
||||
|
||||
</div>
|
||||
|
||||
### Run programs instantly in Sandbox
|
||||
|
||||
[Run in Sandbox](https://github.com/damienvanrobaeys/Run-in-Sandbox) is a tool to quickly run files in Windows Sandbox with a right click.
|
||||
|
||||
We recommend you to use this software as it is convenient and easy to use and even credited by Microsoft.
|
||||
|
||||
A full guide on How to use it can be found here: [https://www.systanddeploy.com/2021/11/run-in-sandbox-quick-way-to-runextract.html](https://www.systanddeploy.com/2021/11/run-in-sandbox-quick-way-to-runextract.html)
|
||||
|
||||
Note: The same note of installing sandbox editor via PowerShell also applies here except this doesn't provide an `exe` at all.
|
||||
|
||||
This page is based on the German BSI project - [SiSyPHuS Win10](https://www.bsi.bund.de/EN/Topics/Cyber-Security/Recommendations/SiSyPHuS_Win10/SiSyPHuS_node.html)'s Work Package 9 Dcoument.
|
||||
|
||||
**For Advanced Users :**
|
||||
|
||||
Sandboxie Plus, is a Sandboxing tool which uses File system and registry Virtualization techniques to sandbox every apps and at the same data not being lost like Windows Sandbox.
|
||||
|
||||
Use this at your own Risk !
|
||||
|
||||
*[UWA]:Universal Windows Applications
|
||||
*[UWP]:Universal Windows Platform
|
||||
*[SubDLLs]: Subsystem Dynamic link libraries
|
||||
*[ntdll.dll]: A core Windows library file that implements functions for interaction with the kernel.
|
||||
*[WinRT]: Windows Runtime
|
||||
*[COM]: Component Object Model
|
||||
@@ -0,0 +1,105 @@
|
||||
---
|
||||
title: Windows Overview
|
||||
icon: fontawesome/brands/microsoft
|
||||
---
|
||||
|
||||
## Windows
|
||||
|
||||
Windows is a proprietary operating system created by Microsoft Inc. in 1985. It is primarily focused on personal computing and is now the most popular desktop OS, used by about [75%](https://gs.statcounter.com/os-market-share/desktop/worldwide) of all desktop users. However, it has its own privacy and security issues.
|
||||
|
||||
## Issues present in Windows
|
||||
|
||||
Over the years, Microsoft has demonstrated a lot of privacy-invasive behaviour with their software and services. They have continually taken advantage of the fact that Windows is the most wide-used desktop OS, and that most people don't change the default settings, in order to collect users' personal information.
|
||||
|
||||
Windows 10 was [criticized](https://www.theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings) for having default settings that sent a lot of data and telemetry back to Microsoft, including:
|
||||
|
||||
<div class="admonition quote" markdown>
|
||||
<p class="admonition-title">[Criticism of Microsoft - Wikipedia](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection)</p>
|
||||
|
||||
User's contacts and calendar events, location data and history, "telemetry" (diagnostics data) ... and "advertising ID", as well as further data when the Cortana assistant is enabled.
|
||||
|
||||
</div>
|
||||
|
||||
At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. Only after [criticism](https://www.theverge.com/2016/7/21/12246266/france-microsoft-privacy-windows-10-cnil) from the France data protection commission, the [Electronic Frontier Foundation](https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive) and the [European Union](https://www.reuters.com/article/us-microsoft-dataprotection-eu-idUSKBN15Z1UI), Microsoft changed the way they collect telemetry, allowing users to choose between "Basic" (now renamed as `Required`) and "Full", with "Basic" mode collecting [much less telemetry](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects). Along with that, Microsoft collects a [lot more data from Windows 10](https://web.archive.org/web/20210711143017/https://privacytools.io/operating-systems/#win10).
|
||||
|
||||
With the launch of Windows 11, a lot of [other](https://www.windowscentral.com/one-thing-microsoft-didnt-discuss-windows-11-privacy) [concerns](https://www.pcworld.com/article/539183/windows-11-review-an-unnecessary-replacement-for-windows-10.html) were raised, such as:
|
||||
|
||||
- Integration of Microsoft Teams into the OS, which would encourage users to switch to the service, allowing Microsoft to collect even more data.
|
||||
- Removing the ability to have local accounts in Windows 11 Home, therefore forcing you to log into a Microsoft account so as to collect more data.
|
||||
- Having all data collection options on by default
|
||||
- Working with Amazon to bring Android apps to Windows through the Windows Subsystem for Android, likely allowing both Microsoft and Amazon to collect data about Android app usage on Windows.
|
||||
- Using users in a P2P way to distribute Windows updates to reduce load in Microsoft's servers without users' consent.
|
||||
|
||||
## Choosing your Windows edition
|
||||
|
||||
While using Windows, it is better to select either Windows **Enterprise** Edition or **Education** Edition because it gives more control over the system for hardening it for privacy and security by giving access to stops the OS from sending any Telemetry data using GP Editor.
|
||||
|
||||
If you cannot get the above editions, you should opt for **Professional** Edition.
|
||||
|
||||
### Editions to avoid
|
||||
|
||||
- It is not recommended to use forks or modified versions of Windows such as Windows AME. It should be avoided at all cost. Since modified versions of Windows, such as AME, don't get updates, antivirus programs like Defender can fall out of date or be disabled entirely, opening you up to attacks.
|
||||
|
||||
- Windows **Home** edition is **not** recommended as it does not have many advantages that Professional edition provides such as BitLocker Drive Encryption, Hyper-V, Windows Sandbox, etc. It also uploads Bitlocker Encryption keys to Microsoft servers which actually defies the aspect of the encryption implemented as the key was supposed to be hold by the user.
|
||||
|
||||
#### Recommendations
|
||||
|
||||
We recommend you choose Windows 11 over Windows 10 as it is the latest version and brings many security-related improvements with it by default such as [Secure Boot](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-secure-boot), [VBS](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs), [HVCI](https://docs.microsoft.com/en-us/windows-hardware/drivers/bringup/device-guard-and-credential-guard), etc. Windows 10 will stop getting updates after [October 14, 2025](https://docs.microsoft.com/en-us/lifecycle/products/windows-10-home-and-pro).
|
||||
|
||||
### Installing Windows
|
||||
|
||||
We recommend that you use the official [Media Creation tool](https://www.microsoft.com/software-download/windows11) to flash the ISO to the USB, over third-party options such as Rufus, Balena Etcher, etc., so that you don't tamper the ISO.
|
||||
|
||||
#### Downloading ISO
|
||||
|
||||
To download the ISO. Follow these steps :
|
||||
|
||||
- Download Media Creation tool under `Windows 11 Installation Media`
|
||||
- Open a Command prompt terminal in the directory where `mediacreationtool.exe` is downloaded.
|
||||
- And Input the following Command :
|
||||
|
||||
```text
|
||||
mediacreationtool.exe /Eula Accept /Retail /MediaArch x64 /MediaLangCode en-US /MediaEdition Enterprise
|
||||
```
|
||||
|
||||
- If it asks for Activation key, Use this Generic Key `XGVPP-NMH47-7TTHJ-W3FW7-8HV2C`. This will just allow you to download the ISO but activation is totally upon the user.
|
||||
- Accept the UAC prompt
|
||||
- Download the ISO file or flash to a USB as you wish
|
||||
|
||||
<div class="admonition note" markdown>
|
||||
<p class="admonition-title">Note</p>
|
||||
|
||||
- The ISO will consists **only** of Professional, Education & Enterprise editions with a size of ~4.2 GB (Instead of >5.5GB when you download the Multi-Edition ISO). When you download using the above way, no other editions such as Home are included in it.
|
||||
- If you want to change the language of the ISO file, Just change the `en-US` part with the appropriate language and country code as per your needs.
|
||||
|
||||
</div>
|
||||
|
||||
### Activating Windows
|
||||
|
||||
Activating Education/Enterprise edition is different because for Enterprise Edition it needs to be a part of an enterprise network or buying an enterprise License for several devices and use it for your one device & for Education Edition it needs to be a part of school network or managed by a school administrator.
|
||||
|
||||
For activating Professional edition, you can buy the license key from resellers (not recommended) or the [Microsoft Store](https://www.microsoft.com/d/windows-11-pro/dg7gmgf0d8h4?rtc=1).
|
||||
|
||||
If you are currently using Pro and want to upgrade to Enterprise. Then, Follow the guide [here](https://www.kapilarya.com/how-to-upgrade-windows-11-pro-to-enterprise-edition)
|
||||
|
||||
<div class="admonition abstract" markdown>
|
||||
<p class="admonition-title">Note</p>
|
||||
|
||||
This guide will be mostly on Windows 11 but some of the recommendations can be applied to Windows 10 too.
|
||||
|
||||
</div>
|
||||
|
||||
<div class="admonition danger" markdown>
|
||||
<p class="admonition-title">Warning</p>
|
||||
|
||||
If you are going to install Windows 11, then install it only on supported devices. It is not recommended to use tools/scripts that are available online to bypass the requirements which would break the security of Windows 11 which it is aimed for.
|
||||
|
||||
**Never** download *Pirated* ISO Files
|
||||
|
||||
</div>
|
||||
|
||||
*[GP]: Group Policy
|
||||
*[VBS]: Virtualization-Based Security
|
||||
*[HVCI]: Hypervisor-Protected Code Integrity
|
||||
*[AME]: Ameliorated
|
||||
*[P2P]: Peer-to-Peer
|
||||
@@ -76,7 +76,7 @@ If you use Android and your threat model requires protecting against [:material-
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Molly** is an alternative Signal client for Android which allows you to encrypt the local database with a passphrase at rest, to have unused RAM data securely shredded, to route your connection via Tor, and [more](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening#privacy-and-security-features). It also has usability improvements including scheduled backups, automatic locking, [UnifiedPush](https://unifiedpush.org) support, and the ability to use your Android phone as a linked device instead of the primary device for a Signal account.
|
||||
**Molly** is an alternative Signal client for Android which allows you to encrypt the local database with a passphrase at rest, to have unused RAM data securely shredded, to route your connection via Tor, and [more](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening#privacy-and-security-features). It also has usability improvements including scheduled backups, automatic locking, and the ability to use your Android phone as a linked device instead of the primary device for a Signal account.
|
||||
|
||||
[:octicons-home-16: Homepage](https://molly.im){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" }
|
||||
@@ -99,9 +99,11 @@ Molly is updated every two weeks to include the latest features and bug fixes fr
|
||||
|
||||
Note that you are trusting multiple parties by using Molly, as you now need to trust the Signal team *and* the Molly team to deliver safe and timely updates.
|
||||
|
||||
There is a version of Molly called **Molly-FOSS** which removes proprietary code like the Google services used by both Signal and Molly, at the expense of some features like battery-saving push notifications via Google Play Services. You can regain push notifications without Google Play Services in either version of Molly with [UnifiedPush](https://unifiedpush.org), but it requires running a separate program called [Mollysocket](https://github.com/mollyim/mollysocket) on another device to function. Mollysocket can either be self-hosted on a separate computer or server (VPS), or alternatively a public Mollysocket instance can be used ([step-by-step tutorial, in German](https://kuketz-blog.de/messenger-wechsel-von-signal-zu-molly-unifiedpush-mollysocket-ntfy)).
|
||||
There is a version of Molly called **Molly-FOSS** which removes proprietary code like the Google services used by both Signal and Molly, at the expense of some features like battery-saving push notifications via Google Play Services.
|
||||
|
||||
All versions of Molly provide the same security improvements.
|
||||
There is also a version called [**Molly-UP**](https://github.com/mollyim/mollyim-android#unifiedpush) which is based on Molly-FOSS and adds support for push notifications with [UnifiedPush](https://unifiedpush.org), an open source alternative to the push notifications provided by Google Play Services, but it requires running a separate program called [Mollysocket](https://github.com/mollyim/mollysocket) to function. Mollysocket can either be self-hosted on a separate computer or server (VPS), or alternatively a public Mollysocket instance can be used ([step-by-step tutorial, in German](https://kuketz-blog.de/messenger-wechsel-von-signal-zu-molly-unifiedpush-mollysocket-ntfy)).
|
||||
|
||||
All three versions of Molly provide the same security improvements.
|
||||
|
||||
Molly and Molly-FOSS support [reproducible builds](https://github.com/mollyim/mollyim-android/tree/main/reproducible-builds), meaning it's possible to confirm that the compiled APKs match the source code.
|
||||
|
||||
|
||||
@@ -448,7 +448,6 @@
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/bruch-alex"><img src="https://avatars.githubusercontent.com/u/173354246?v=4" width="100px;" loading=lazy /><br /><sub><b>Alex Bruch</b></sub></a><br /><a href="#translation-bruch-alex" title="Translation">🌍</a></td>
|
||||
<td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/qiyongzheng"><img src="https://avatars.githubusercontent.com/u/153378707?v=4" width="100px;" loading=lazy /><br /><sub><b>qiyongzheng</b></sub></a><br /><a href="https://github.com/privacyguides/privacyguides.org/commits?author=qiyongzheng" title="Documentation">📖</a></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
<tfoot>
|
||||
|
||||
@@ -26,6 +26,7 @@ NAV_ABOUT_TEAM_MEMBERS="Team Members"
|
||||
NAV_ADVANCED="Advanced"
|
||||
NAV_ADVANCED_TOPICS="Advanced Topics"
|
||||
NAV_BLOG="Articles"
|
||||
NAV_CHANGELOG="Changelog"
|
||||
NAV_CODE_OF_CONDUCT="Code of Conduct"
|
||||
NAV_COMMUNITY="Community"
|
||||
NAV_CONTRIBUTING="Contributing"
|
||||
@@ -41,7 +42,6 @@ NAV_SOFTWARE="Software"
|
||||
NAV_HARDWARE="Hardware"
|
||||
NAV_TECHNICAL_GUIDES="Technical Guides"
|
||||
NAV_TECHNOLOGY_ESSENTIALS="Technology Essentials"
|
||||
NAV_VIDEOS="Videos"
|
||||
NAV_WRITING_GUIDE="Writing Guide"
|
||||
SITE_DESCRIPTION="Privacy Guides is your central privacy and security resource to protect yourself online."
|
||||
SITE_LANGUAGE="English"
|
||||
|
||||
@@ -59,9 +59,6 @@ extra:
|
||||
- icon: simple/bluesky
|
||||
link: https://bsky.app/profile/privacyguides.org
|
||||
name: !ENV [SOCIAL_BLUESKY, "Bluesky"]
|
||||
- icon: simple/peertube
|
||||
link: https://neat.tube/c/privacyguides
|
||||
name: !ENV [SOCIAL_PEERTUBE, "PeerTube"]
|
||||
- icon: simple/matrix
|
||||
link: https://matrix.to/#/#privacyguides:matrix.org
|
||||
name: !ENV [SOCIAL_MATRIX, "Matrix"]
|
||||
@@ -215,9 +212,10 @@ nav:
|
||||
- index.md
|
||||
- editorial.md
|
||||
- tags.md
|
||||
- !ENV [NAV_VIDEOS, "Videos"]: /videos/
|
||||
- !ENV [NAV_ABOUT, "About"]: /en/about/
|
||||
- "Donate": /en/about/donate/
|
||||
- !ENV [NAV_CHANGELOG, "Changelog"]:
|
||||
"https://github.com/privacyguides/privacyguides.org/releases"
|
||||
- !ENV [NAV_FORUM, "Forum"]: "https://discuss.privacyguides.net/"
|
||||
|
||||
validation:
|
||||
|
||||
@@ -1,216 +0,0 @@
|
||||
# Copyright (c) 2022-2024 Jonah Aragon <jonah@triplebit.net>
|
||||
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
# of this software and associated documentation files (the "Software"), to
|
||||
# deal in the Software without restriction, including without limitation the
|
||||
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
||||
# sell copies of the Software, and to permit persons to whom the Software is
|
||||
# furnished to do so, subject to the following conditions:
|
||||
|
||||
# The above copyright notice and this permission notice shall be included in
|
||||
# all copies or substantial portions of the Software.
|
||||
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
|
||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
||||
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
|
||||
# IN THE SOFTWARE.
|
||||
|
||||
docs_dir: "videos"
|
||||
site_url: "https://www.privacyguides.org/videos/"
|
||||
site_dir: "site/videos"
|
||||
|
||||
site_name: Privacy Guides
|
||||
site_description: "Privacy Guides is the most popular & trustworthy non-profit privacy resource to find privacy tools and learn about protecting your digital life."
|
||||
edit_uri_template: blob/main/videos/{path}?plain=1
|
||||
|
||||
extra:
|
||||
privacy_guides:
|
||||
footer:
|
||||
intro:
|
||||
!ENV [
|
||||
FOOTER_INTRO,
|
||||
"Privacy Guides is a non-profit, socially motivated website that provides information for protecting your data security and privacy.",
|
||||
]
|
||||
note:
|
||||
!ENV [
|
||||
FOOTER_NOTE,
|
||||
"We do not make money from recommending certain products, and we do not use affiliate links.",
|
||||
]
|
||||
copyright:
|
||||
author:
|
||||
!ENV [FOOTER_COPYRIGHT_AUTHOR, "Privacy Guides and contributors."]
|
||||
date: !ENV [FOOTER_COPYRIGHT_DATE, "2019-2024"]
|
||||
license:
|
||||
- fontawesome/brands/creative-commons
|
||||
- fontawesome/brands/creative-commons-by
|
||||
- fontawesome/brands/creative-commons-sa
|
||||
homepage: https://www.privacyguides.org/en/
|
||||
generator: false
|
||||
context: !ENV [BUILD_CONTEXT, "production"]
|
||||
offline: !ENV [BUILD_OFFLINE, false]
|
||||
deploy: !ENV DEPLOY_ID
|
||||
social:
|
||||
- icon: simple/mastodon
|
||||
link: https://mastodon.neat.computer/@privacyguides
|
||||
name: !ENV [SOCIAL_MASTODON, "Mastodon"]
|
||||
- icon: simple/bluesky
|
||||
link: https://bsky.app/profile/privacyguides.org
|
||||
name: !ENV [SOCIAL_BLUESKY, "Bluesky"]
|
||||
- icon: simple/peertube
|
||||
link: https://neat.tube/c/privacyguides
|
||||
name: !ENV [SOCIAL_PEERTUBE, "PeerTube"]
|
||||
- icon: simple/matrix
|
||||
link: https://matrix.to/#/#privacyguides:matrix.org
|
||||
name: !ENV [SOCIAL_MATRIX, "Matrix"]
|
||||
- icon: simple/discourse
|
||||
link: https://discuss.privacyguides.net/
|
||||
name: !ENV [SOCIAL_FORUM, "Forum"]
|
||||
- icon: simple/github
|
||||
link: https://github.com/privacyguides
|
||||
name: !ENV [SOCIAL_GITHUB, "GitHub"]
|
||||
- icon: simple/torbrowser
|
||||
link: http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion/posts/
|
||||
name: !ENV [SOCIAL_TOR_SITE, "Hidden service"]
|
||||
|
||||
repo_url:
|
||||
!ENV [BUILD_REPO_URL, "https://github.com/privacyguides/privacyguides.org"]
|
||||
repo_name: ""
|
||||
|
||||
theme:
|
||||
name: material
|
||||
language: en
|
||||
custom_dir: theme
|
||||
font:
|
||||
text: Public Sans
|
||||
code: DM Mono
|
||||
palette:
|
||||
- media: "(prefers-color-scheme)"
|
||||
scheme: default
|
||||
accent: deep purple
|
||||
toggle:
|
||||
icon: material/brightness-auto
|
||||
name: !ENV [THEME_DARK, "Switch to dark mode"]
|
||||
- media: "(prefers-color-scheme: dark)"
|
||||
scheme: slate
|
||||
accent: amber
|
||||
toggle:
|
||||
icon: material/brightness-2
|
||||
name: !ENV [THEME_LIGHT, "Switch to light mode"]
|
||||
- media: "(prefers-color-scheme: light)"
|
||||
scheme: default
|
||||
accent: deep purple
|
||||
toggle:
|
||||
icon: material/brightness-5
|
||||
name: !ENV [THEME_AUTO, "Switch to system theme"]
|
||||
favicon: assets/brand/logos/png/favicon-32x32.png
|
||||
icon:
|
||||
repo: simple/github
|
||||
features:
|
||||
- announce.dismiss
|
||||
- navigation.tracking
|
||||
- navigation.tabs
|
||||
- navigation.path
|
||||
- navigation.indexes
|
||||
- navigation.footer
|
||||
- content.action.edit
|
||||
- content.tabs.link
|
||||
- content.tooltips
|
||||
- search.highlight
|
||||
|
||||
extra_css:
|
||||
- assets/stylesheets/extra.css?v=20240829
|
||||
|
||||
watch:
|
||||
- theme
|
||||
- includes
|
||||
|
||||
plugins:
|
||||
blog:
|
||||
blog_dir: .
|
||||
blog_toc: true
|
||||
post_url_format: "{date}/{file}"
|
||||
post_excerpt_max_authors: 0
|
||||
authors_profiles: false
|
||||
categories: false
|
||||
rss:
|
||||
match_path: posts/.*
|
||||
abstract_chars_count: -1
|
||||
date_from_meta:
|
||||
as_creation: date.created
|
||||
as_update: date.updated
|
||||
categories:
|
||||
- categories
|
||||
- tags
|
||||
glightbox: {}
|
||||
tags: {}
|
||||
search: {}
|
||||
privacy:
|
||||
enabled: !ENV [BUILD_PRIVACY, true]
|
||||
offline:
|
||||
enabled: !ENV [BUILD_OFFLINE, false]
|
||||
group:
|
||||
enabled: !ENV [BUILD_INSIDERS, true]
|
||||
plugins:
|
||||
macros: {}
|
||||
meta: {}
|
||||
optimize:
|
||||
enabled: !ENV [OPTIMIZE, PRODUCTION, NETLIFY, false]
|
||||
typeset: {}
|
||||
social:
|
||||
cards: !ENV [CARDS, true]
|
||||
cards_dir: assets/img/social
|
||||
cards_layout_dir: theme/layouts
|
||||
cards_layout: page
|
||||
|
||||
markdown_extensions:
|
||||
admonition: {}
|
||||
pymdownx.details: {}
|
||||
pymdownx.superfences:
|
||||
custom_fences:
|
||||
- name: mermaid
|
||||
class: mermaid
|
||||
format: !!python/name:pymdownx.superfences.fence_code_format
|
||||
pymdownx.tabbed:
|
||||
alternate_style: true
|
||||
pymdownx.arithmatex:
|
||||
generic: true
|
||||
pymdownx.critic: {}
|
||||
pymdownx.caret: {}
|
||||
pymdownx.keys: {}
|
||||
pymdownx.mark: {}
|
||||
pymdownx.tilde: {}
|
||||
pymdownx.snippets:
|
||||
auto_append:
|
||||
- !ENV [BUILD_ABBREVIATIONS, "includes/abbreviations.en.txt"]
|
||||
pymdownx.tasklist:
|
||||
custom_checkbox: true
|
||||
attr_list: {}
|
||||
def_list: {}
|
||||
md_in_html: {}
|
||||
meta: {}
|
||||
abbr: {}
|
||||
pymdownx.emoji:
|
||||
emoji_index: !!python/name:material.extensions.emoji.twemoji
|
||||
emoji_generator: !!python/name:material.extensions.emoji.to_svg
|
||||
tables: {}
|
||||
footnotes: {}
|
||||
toc:
|
||||
toc_depth: 4
|
||||
|
||||
nav:
|
||||
- !ENV [NAV_HOME, "Home"]: /en/
|
||||
- !ENV [NAV_KNOWLEDGE_BASE, "Knowledge Base"]: /en/basics/why-privacy-matters/
|
||||
- !ENV [NAV_RECOMMENDATIONS, "Recommendations"]: /en/tools/
|
||||
- !ENV [NAV_BLOG, "Articles"]: /articles/
|
||||
- !ENV [NAV_VIDEOS, "Videos"]:
|
||||
- index.md
|
||||
- !ENV [NAV_ABOUT, "About"]: /en/about/
|
||||
- "Donate": /en/about/donate/
|
||||
- !ENV [NAV_FORUM, "Forum"]: "https://discuss.privacyguides.net/"
|
||||
|
||||
validation:
|
||||
nav:
|
||||
not_found: info
|
||||
@@ -132,6 +132,16 @@ extra:
|
||||
"If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know.",
|
||||
]
|
||||
rss:
|
||||
- title:
|
||||
!ENV [
|
||||
HOMEPAGE_RSS_CHANGELOG_TITLE,
|
||||
"Privacy Guides release changelog",
|
||||
]
|
||||
link:
|
||||
!ENV [
|
||||
HOMEPAGE_RSS_CHANGELOG_LINK,
|
||||
"https://discuss.privacyguides.net/c/site-development/changelog/9.rss",
|
||||
]
|
||||
- title: !ENV [HOMEPAGE_RSS_BLOG_TITLE, "Privacy Guides blog feed"]
|
||||
link:
|
||||
!ENV [
|
||||
@@ -148,16 +158,6 @@ extra:
|
||||
HOMEPAGE_RSS_FORUM_LINK,
|
||||
"https://discuss.privacyguides.net/latest.rss",
|
||||
]
|
||||
- title:
|
||||
!ENV [
|
||||
HOMEPAGE_RSS_CHANGELOG_TITLE,
|
||||
"Privacy Guides release changelog",
|
||||
]
|
||||
link:
|
||||
!ENV [
|
||||
HOMEPAGE_RSS_CHANGELOG_LINK,
|
||||
"https://discuss.privacyguides.net/c/site-development/changelog/9.rss",
|
||||
]
|
||||
translation_notice:
|
||||
notice: !ENV TRANSLATION_NOTICE
|
||||
cta: !ENV [TRANSLATION_NOTICE_CTA, "Visit Crowdin"]
|
||||
@@ -170,9 +170,6 @@ extra:
|
||||
- icon: simple/bluesky
|
||||
link: https://bsky.app/profile/privacyguides.org
|
||||
name: !ENV [SOCIAL_BLUESKY, "Bluesky"]
|
||||
- icon: simple/peertube
|
||||
link: https://neat.tube/c/privacyguides
|
||||
name: !ENV [SOCIAL_PEERTUBE, "PeerTube"]
|
||||
- icon: simple/matrix
|
||||
link: https://matrix.to/#/#privacyguides:matrix.org
|
||||
name: !ENV [SOCIAL_MATRIX, "Matrix"]
|
||||
@@ -394,6 +391,9 @@ nav:
|
||||
- !ENV [NAV_OPERATING_SYSTEMS_WINDOWS, "Windows"]:
|
||||
- "os/windows/index.md"
|
||||
- "os/windows/group-policies.md"
|
||||
- "os/windows/privacy.md"
|
||||
- "os/windows/hardening.md"
|
||||
- "os/windows/sandboxing.md"
|
||||
- !ENV [NAV_RECOMMENDATIONS, "Recommendations"]:
|
||||
- "tools.md"
|
||||
- !ENV [NAV_INTERNET_BROWSING, "Internet Browsing"]:
|
||||
@@ -444,7 +444,6 @@ nav:
|
||||
- "alternative-networks.md"
|
||||
- "device-integrity.md"
|
||||
- !ENV [NAV_BLOG, "Articles"]: "/articles/"
|
||||
- !ENV [NAV_VIDEOS, "Videos"]: /videos/
|
||||
- !ENV [NAV_ABOUT, "About"]:
|
||||
- "about.md"
|
||||
- "about/donate.md"
|
||||
@@ -471,6 +470,8 @@ nav:
|
||||
- "meta/git-recommendations.md"
|
||||
- "meta/commit-messages.md"
|
||||
- !ENV [NAV_DONATE, "Donate"]: https://donate.magicgrants.org/privacyguides
|
||||
- !ENV [NAV_CHANGELOG, "Changelog"]:
|
||||
"https://github.com/privacyguides/privacyguides.org/releases"
|
||||
- !ENV [NAV_FORUM, "Forum"]: "https://discuss.privacyguides.net/"
|
||||
|
||||
validation:
|
||||
|
||||
|
Before Width: | Height: | Size: 212 KiB |
@@ -118,7 +118,7 @@
|
||||
<div class="md-nav__link" title="Date published">
|
||||
{% include ".icons/material/calendar.svg" %}
|
||||
<time
|
||||
datetime="{{ page.config.date.created }}Z"
|
||||
datetime="{{ page.config.date.created }}"
|
||||
class="md-ellipsis"
|
||||
itemprop="datePublished"
|
||||
>
|
||||
@@ -245,18 +245,6 @@
|
||||
{% block content %}
|
||||
{% include "partials/content.html" %}
|
||||
{% endblock %}
|
||||
<div>
|
||||
<hr>
|
||||
<p><strong><a href="https://discuss.privacyguides.net/c/announcements/articles/10">
|
||||
<span class="twemoji">
|
||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12.103 0C18.666 0 24 5.485 24 11.997c0 6.51-5.33 11.99-11.9 11.99L0 24V11.79C0 5.28 5.532 0 12.103 0m.116 4.563a7.4 7.4 0 0 0-6.337 3.57 7.25 7.25 0 0 0-.148 7.22L4.4 19.61l4.794-1.074a7.42 7.42 0 0 0 8.136-1.39 7.26 7.26 0 0 0 1.737-7.997 7.375 7.375 0 0 0-6.84-4.585z"></path></svg>
|
||||
</span> Join our forum
|
||||
</a>
|
||||
to comment on this article.</strong></p>
|
||||
<p><em>Thank you for reading, and please consider sharing this post with your friends.
|
||||
Privacy Guides is an independent, nonprofit media outlet. We don't have ads or sponsors, so if you liked this work your <a href="https://donate.magicgrants.org/privacyguides">donation</a> would be greatly appreciated.
|
||||
Have a question, comment, or tip for us? You can securely <a href="https://www.privacyguides.org/en/about/#contact-us">contact us</a> at <code>@privacyguides.01</code> on Signal.</em></p>
|
||||
</div>
|
||||
</article>
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
||||
@@ -1,109 +0,0 @@
|
||||
definitions:
|
||||
- &site_name >-
|
||||
{{ config.site_name }}
|
||||
|
||||
- &page_title >-
|
||||
{{ page.meta.get("title", page.title) }}
|
||||
|
||||
- &page_description >-
|
||||
{{ page.meta.get("description", config.site_description) or "" }}
|
||||
|
||||
- &page_logo >-
|
||||
{% if page.meta.preview and page.meta.preview.logo %}
|
||||
{{- page.meta.preview.logo -}}
|
||||
{% endif %}
|
||||
|
||||
- &page_icon >-
|
||||
{%- if not page.meta.preview or not page.meta.preview.logo -%}
|
||||
material/video-box
|
||||
{%- endif -%}
|
||||
|
||||
- &logo >-
|
||||
theme/assets/brand/logos/svg/logo/privacy-guides-logo-notext-colorbg.svg
|
||||
|
||||
# Meta tags
|
||||
tags:
|
||||
# Open Graph
|
||||
og:type: video.other
|
||||
og:title: *page_title
|
||||
og:description: *page_description
|
||||
og:image: "{{ image.url }}"
|
||||
og:image:type: "{{ image.type }}"
|
||||
og:image:width: "{{ image.width }}"
|
||||
og:image:height: "{{ image.height }}"
|
||||
og:url: "{{ page.canonical_url }}"
|
||||
|
||||
# Video
|
||||
og:video: "{{ page.meta.embed }}"
|
||||
og:video:url: "{{ page.meta.embed }}"
|
||||
og:video:secure_url: "{{ page.meta.embed }}"
|
||||
og:video:type: "text/html"
|
||||
og:video:width: "560"
|
||||
og:video:height: "315"
|
||||
|
||||
# Mastodon
|
||||
fediverse:creator: "@privacyguides@neat.computer"
|
||||
|
||||
# Twitter
|
||||
twitter:site: "@privacy_guides"
|
||||
twitter:creator: "@privacy_guides"
|
||||
twitter:card: summary_large_image
|
||||
twitter:title: *page_title
|
||||
twitter:description: *page_description
|
||||
twitter:image: "{{ image.url }}"
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
# Specification
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
# Card size and layers
|
||||
size: { width: 1200, height: 630 }
|
||||
layers:
|
||||
# Background
|
||||
- background:
|
||||
color: "#FFD06F"
|
||||
|
||||
- size: { width: 512, height: 512 }
|
||||
offset: { x: 600, y: 59 }
|
||||
background:
|
||||
image: *page_logo
|
||||
|
||||
- background:
|
||||
color: "#FFD06F99"
|
||||
|
||||
# Page icon
|
||||
- size: { width: 630, height: 630 }
|
||||
offset: { x: 570, y: 0 }
|
||||
icon:
|
||||
value: *page_icon
|
||||
color: "#00000033"
|
||||
|
||||
# Logo
|
||||
- size: { width: 64, height: 64 }
|
||||
offset: { x: 64, y: 64 }
|
||||
background:
|
||||
image: *logo
|
||||
|
||||
# Site name
|
||||
- size: { width: 768, height: 42 }
|
||||
offset: { x: 160, y: 78 }
|
||||
typography:
|
||||
content: *site_name
|
||||
color: "#2d2d2d"
|
||||
font:
|
||||
family: Bagnard
|
||||
style: Bold
|
||||
|
||||
# Page title
|
||||
- size: { width: 864, height: 256 }
|
||||
offset: { x: 62, y: 192 }
|
||||
typography:
|
||||
content: *page_title
|
||||
align: start
|
||||
color: "#2d2d2d"
|
||||
line:
|
||||
amount: 3
|
||||
height: 1.5
|
||||
font:
|
||||
family: Bagnard
|
||||
style: Bold
|
||||
@@ -52,6 +52,10 @@
|
||||
|
||||
{% set translation_notice = config.extra.privacy_guides.translation_notice %}
|
||||
{% if config.theme.language == "en" %}
|
||||
<hr>
|
||||
<h2 class="md-feedback__title">Share this website and spread privacy knowledge</h2>
|
||||
<p><input class="admonition quote social-share-text" id="share" type="text" value="Privacy Guides: https://www.privacyguides.org - Cybersecurity resources and privacy-focused tools to protect yourself online" onclick="select()" readonly=""></p>
|
||||
<p><em>Copy this text to easily share Privacy Guides with your friends and family on any social network!</em></p>
|
||||
{% elif translation_notice %}
|
||||
<div class="admonition info">
|
||||
<p>{{ translation_notice.notice }} <strong><a href="https://crowdin.com/project/privacyguides">{{ translation_notice.cta }}</a></strong></p>
|
||||
|
||||
@@ -1,41 +0,0 @@
|
||||
<!-- Post excerpt -->
|
||||
<article class="md-post md-post--excerpt">
|
||||
<header class="md-post__header">
|
||||
|
||||
<!-- Post metadata -->
|
||||
<div class="md-post__meta md-meta">
|
||||
<ul class="md-meta__list">
|
||||
|
||||
<!-- Post date -->
|
||||
<li class="md-meta__item">
|
||||
<time datetime="{{ post.config.date.created }}">
|
||||
{{- post.config.date.created | date -}}
|
||||
</time>
|
||||
{#- Collapse whitespace -#}
|
||||
</li>
|
||||
|
||||
<!-- Post readtime -->
|
||||
{% if post.config.readtime %}
|
||||
{% set time = post.config.readtime %}
|
||||
<li class="md-meta__item">
|
||||
{{ "# min watch" | replace("#", time) }}
|
||||
</li>
|
||||
{% endif %}
|
||||
</ul>
|
||||
</div>
|
||||
</header>
|
||||
|
||||
<!-- Post content -->
|
||||
<div class="md-post__content md-typeset">
|
||||
<h2 class="toclink">
|
||||
<a href="{{ post.url | url }}">
|
||||
{{ post.title | d(config.site_name, true)}}
|
||||
</a>
|
||||
</h2>
|
||||
<div>
|
||||
<a href="{{ post.url | url }}">
|
||||
<img width="100%" height="100%" src="{{ post.meta.thumbnail }}"></img>
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
</article>
|
||||
@@ -1,232 +0,0 @@
|
||||
<!--
|
||||
Copyright (c) 2024-2025 Jonah Aragon <jonah@triplebit.net>
|
||||
Copyright (c) 2016-2025 Martin Donath <martin.donath@squidfunk.com>
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to
|
||||
deal in the Software without restriction, including without limitation the
|
||||
rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
||||
sell copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
||||
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
|
||||
IN THE SOFTWARE.
|
||||
-->
|
||||
|
||||
{% extends "main.html" %}
|
||||
|
||||
{% import "partials/nav-item.html" as item with context %}
|
||||
|
||||
{% block extrahead %}
|
||||
<script type="application/ld+json">
|
||||
{
|
||||
"@context": "https://schema.org",
|
||||
"@type": "VideoObject",
|
||||
"name": "{{ page.title }}",
|
||||
"description": "{{ page.meta.description }}",
|
||||
"thumbnailUrl": [
|
||||
"{{ page.meta.thumbnail }}"
|
||||
],
|
||||
"uploadDate": "{{ page.meta.date.created }}Z",
|
||||
"embedUrl": "{{ page.meta.embed }}"
|
||||
}
|
||||
</script>
|
||||
<link rel="alternate" type="application/json+oembed" href="https://neat.tube/services/oembed?url={{ page.meta.peertube | urlencode |replace('/', '%2F')}}" title="It's time to stop using SMS, here's why!" />
|
||||
{% endblock %}
|
||||
|
||||
<!-- Page content -->
|
||||
{% block container %}
|
||||
<div class="md-content md-content--post" data-md-component="content">
|
||||
|
||||
<!-- Sidebar -->
|
||||
<div
|
||||
class="md-sidebar md-sidebar--post"
|
||||
data-md-component="sidebar"
|
||||
data-md-type="navigation"
|
||||
>
|
||||
<div class="md-sidebar__scrollwrap">
|
||||
<div class="md-sidebar__inner md-post">
|
||||
<nav class="md-nav md-nav--primary">
|
||||
|
||||
<!-- Back to overview link -->
|
||||
<div class="md-post__back">
|
||||
<div class="md-nav__title md-nav__container">
|
||||
<a href="{{ page.parent.url | url }}" class=" md-nav__link">
|
||||
{% include ".icons/material/arrow-left.svg" %}
|
||||
<span class="md-ellipsis">
|
||||
{{ lang.t("blog.index") }}
|
||||
</span>
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- Post authors -->
|
||||
{% if page.authors %}
|
||||
<ul class="md-post__meta md-nav__list">
|
||||
<li class="md-nav__item md-nav__item--section">
|
||||
<div class="md-post__title">
|
||||
<span class="md-ellipsis">
|
||||
Host
|
||||
</span>
|
||||
</div>
|
||||
</li>
|
||||
</ul>
|
||||
<div class="md-post__authors md-typeset">
|
||||
{% for author in page.authors %}
|
||||
<div class="md-profile md-post__profile">
|
||||
<span class="md-author md-author--long">
|
||||
<img src="{{ author.avatar | url }}" alt="{{ author.name }}" />
|
||||
</span>
|
||||
<span class="md-profile__description">
|
||||
<strong>
|
||||
{% if author.url %}
|
||||
<a href="{{ author.url }}">{{ author.name }}</a>
|
||||
{% else %}
|
||||
{{ author.name }}
|
||||
{% endif %}
|
||||
</strong>
|
||||
<br />
|
||||
{{ author.description }}
|
||||
</span>
|
||||
</div>
|
||||
{% endfor %}
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
<!-- Post metadata -->
|
||||
<ul class="md-post__meta md-nav__list">
|
||||
<li class="md-nav__item md-nav__item--section">
|
||||
<div class="md-post__title">
|
||||
<span class="md-ellipsis">
|
||||
{{ lang.t("blog.meta") }}
|
||||
</span>
|
||||
</div>
|
||||
<nav class="md-nav">
|
||||
<ul class="md-nav__list">
|
||||
|
||||
<!-- Post date -->
|
||||
<li class="md-nav__item">
|
||||
<div class="md-nav__link">
|
||||
{% include ".icons/material/calendar.svg" %}
|
||||
<time
|
||||
datetime="{{ page.config.date.created }}"
|
||||
class="md-ellipsis"
|
||||
>
|
||||
{{- page.config.date.created | date -}}
|
||||
</time>
|
||||
</div>
|
||||
</li>
|
||||
|
||||
<!-- Post date updated -->
|
||||
{% if page.config.date.updated %}
|
||||
<li class="md-nav__item">
|
||||
<div class="md-nav__link">
|
||||
{% include ".icons/material/calendar-clock.svg" %}
|
||||
<time
|
||||
datetime="{{ page.config.date.updated }}"
|
||||
class="md-ellipsis"
|
||||
>
|
||||
{{- page.config.date.updated | date -}}
|
||||
</time>
|
||||
</div>
|
||||
</li>
|
||||
{% endif %}
|
||||
|
||||
<!-- Post categories -->
|
||||
{% if page.categories %}
|
||||
<li class="md-nav__item">
|
||||
<div class="md-nav__link">
|
||||
{% include ".icons/material/bookshelf.svg" %}
|
||||
<span class="md-ellipsis">
|
||||
{{ lang.t("blog.categories.in") }}
|
||||
{% for category in page.categories %}
|
||||
<a href="{{ category.url | url }}">
|
||||
{{- category.title -}}
|
||||
</a>
|
||||
{%- if loop.revindex > 1 %}, {% endif -%}
|
||||
{% endfor -%}
|
||||
</span>
|
||||
</div>
|
||||
</li>
|
||||
{% endif %}
|
||||
|
||||
<!-- Post readtime -->
|
||||
{% if page.config.readtime %}
|
||||
{% set time = page.config.readtime %}
|
||||
<li class="md-nav__item">
|
||||
<div class="md-nav__link">
|
||||
{% include ".icons/material/clock-outline.svg" %}
|
||||
<span class="md-ellipsis">
|
||||
{{ "# minute watch" | replace("#", time) }}
|
||||
</span>
|
||||
</div>
|
||||
</li>
|
||||
{% endif %}
|
||||
</ul>
|
||||
</nav>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
||||
<!-- Table of contents, if integrated -->
|
||||
{% if "toc.integrate" in features %}
|
||||
{% include "partials/toc.html" %}
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- Page content ?title=0&warningTitle=0 -->
|
||||
<article class="md-content__inner md-typeset">
|
||||
{% block content %}
|
||||
<!-- Tags -->
|
||||
{% include "partials/tags.html" %}
|
||||
|
||||
<!-- Actions -->
|
||||
{% include "partials/actions.html" %}
|
||||
|
||||
{% if "\x3ch1" not in page.content and not page.meta.cover %}
|
||||
<h1>{{ page.title | d(config.site_name, true)}}</h1>
|
||||
{% endif %}
|
||||
|
||||
<div>
|
||||
<div style="position: relative; padding-top: 56.25%;">
|
||||
<iframe width="100%" height="100%" src="{{ page.meta.embed }}?autoplay=1&title=0" allow="autoplay" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups allow-forms" style="position: absolute; inset: 0px;"></iframe>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<p>
|
||||
<a class="md-button md-button--primary" href="{{ page.meta.youtube }}">
|
||||
<span class="twemoji">
|
||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M23.498 6.186a3.02 3.02 0 0 0-2.122-2.136C19.505 3.545 12 3.545 12 3.545s-7.505 0-9.377.505A3.02 3.02 0 0 0 .502 6.186C0 8.07 0 12 0 12s0 3.93.502 5.814a3.02 3.02 0 0 0 2.122 2.136c1.871.505 9.376.505 9.376.505s7.505 0 9.377-.505a3.02 3.02 0 0 0 2.122-2.136C24 15.93 24 12 24 12s0-3.93-.502-5.814M9.545 15.568V8.432L15.818 12z"/></svg>
|
||||
</span>
|
||||
Watch on YouTube</a>
|
||||
<a class="md-button md-button--primary" href="{{ page.meta.peertube }}">
|
||||
<span class="twemoji">
|
||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 6.545v10.91L20.727 12M3.273 12v12L12 17.455M3.273 0v12L12 6.545"/></svg>
|
||||
</span>
|
||||
Watch on PeerTube</a>
|
||||
</p>
|
||||
|
||||
<!-- Page content -->
|
||||
<div>
|
||||
{{ page.content }}
|
||||
</div>
|
||||
|
||||
<!-- Source file information -->
|
||||
{% include "partials/source-file.html" %}
|
||||
|
||||
<!-- Was this page helpful? -->
|
||||
{% include "partials/feedback.html" %}
|
||||
{% endblock %}
|
||||
</article>
|
||||
</div>
|
||||
{% endblock %}
|
||||
@@ -1,26 +0,0 @@
|
||||
{% extends "main.html" %}
|
||||
|
||||
<!-- Page content -->
|
||||
{% block container %}
|
||||
<div class="md-content" data-md-component="content">
|
||||
<div class="md-content__inner">
|
||||
|
||||
<!-- Header -->
|
||||
<header class="md-typeset">
|
||||
{{ page.content }}
|
||||
</header>
|
||||
|
||||
<!-- Posts -->
|
||||
{% for post in posts %}
|
||||
{% include "partials/video.html" %}
|
||||
{% endfor %}
|
||||
|
||||
<!-- Pagination -->
|
||||
{% if pagination %}
|
||||
{% block pagination %}
|
||||
{% include "partials/pagination.html" %}
|
||||
{% endblock %}
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
{% endblock %}
|
||||
@@ -1,17 +0,0 @@
|
||||
authors:
|
||||
jordan:
|
||||
name: Jordan Warne
|
||||
description: Video Producer
|
||||
avatar: https://forum-cdn.privacyguides.net/user_avatar/discuss.privacyguides.net/jordan/288/7793_2.png
|
||||
mastodon:
|
||||
username: jw
|
||||
instance: social.lol
|
||||
jonah:
|
||||
name: Jonah Aragon
|
||||
description: Project Director
|
||||
avatar: https://github.com/jonaharagon.png
|
||||
mastodon:
|
||||
username: jonah
|
||||
instance: neat.computer
|
||||
twitter: jonaharagon
|
||||
bluesky: jonaharagon.com
|
||||
@@ -1,13 +0,0 @@
|
||||
---
|
||||
description: Privacy-related news stories, product reviews, opinion pieces, and other important articles from Privacy Guides contributors.
|
||||
template: video.html
|
||||
hide:
|
||||
- footer
|
||||
---
|
||||
|
||||
# Latest Videos
|
||||
|
||||
This is our home for the latest video content from the Privacy Guides team. Be sure you are subscribed to find out about our latest uploads, and share these videos with your family and friends if you find them helpful!
|
||||
|
||||
[:simple-youtube: Subscribe on YouTube](https://www.youtube.com/@privacyguides){ .md-button .md-button--primary }
|
||||
[:simple-peertube: Subscribe on PeerTube](https://neat.tube/c/privacyguides){ .md-button .md-button--primary }
|
||||
@@ -1,5 +0,0 @@
|
||||
template: video-post.html
|
||||
hide:
|
||||
- toc
|
||||
social:
|
||||
cards_layout: video
|
||||
@@ -1,17 +0,0 @@
|
||||
---
|
||||
title: Do you need a VPN?
|
||||
date:
|
||||
created: 2024-12-12T20:00:00
|
||||
authors:
|
||||
- jordan
|
||||
description: Commercial Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. This can have substantial privacy benefits, but not all VPNs are created equal.
|
||||
readtime: 6
|
||||
thumbnail: https://neat.tube/lazy-static/previews/3f9c497c-d0f1-4fe8-8ac5-539f0f5e40ed.jpg
|
||||
embed: https://neat.tube/videos/embed/2e4e81e8-f59e-4eab-be4d-8464a4a83328
|
||||
peertube: https://neat.tube/w/6HDQH1wnTACKFHh2u1CRQ5
|
||||
youtube: https://www.youtube.com/watch?v=XByp-F8FXtg
|
||||
---
|
||||
|
||||
Commercial Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. This can have substantial privacy benefits, but not all VPNs are created equal. More information about VPNs can be found on our website: <https://www.privacyguides.org/en/basics/vpn-overview/>
|
||||
|
||||
Sources: <https://drive.proton.me/urls/XVRKJXFHM8#8HR0OD293SaW>
|
||||
@@ -1,17 +0,0 @@
|
||||
---
|
||||
title: It's time to stop using SMS, here's why!
|
||||
date:
|
||||
created: 2025-01-24T20:00:00
|
||||
authors:
|
||||
- jordan
|
||||
description: Text messaging has been a staple of communication for decades, but it's time to move on. In this video, we'll explore why SMS is an outdated and insecure technology and discuss better alternatives.
|
||||
readtime: 7
|
||||
thumbnail: https://neat.tube/lazy-static/previews/f3b63055-e1b3-4691-8687-4a838738141b.jpg
|
||||
embed: https://neat.tube/videos/embed/7887f661-541c-4bff-9f69-2b7dd81622ca
|
||||
peertube: https://neat.tube/w/fTfKp1tatNnGTtfP3SwbXu
|
||||
youtube: https://www.youtube.com/watch?v=B9BWXvn-rB4s
|
||||
---
|
||||
|
||||
Text messaging has been a staple of communication for decades, but it's time to move on. In this video, we'll explore why SMS is an outdated and insecure technology and discuss better alternatives.
|
||||
|
||||
Sources: <https://drive.proton.me/urls/E4SPHHZYE4#qEwowuoIaVKI>
|
||||