1
0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-10-26 01:02:10 +00:00

Compare commits

..

10 Commits

Author SHA1 Message Date
mfwmyfacewhen
d746fd7fe3 remove "allow apps downloaded from app store" setting 2023-08-09 18:04:21 -05:00
mfwmyfacewhen
6259f964f4 move app revocation checks 2023-08-09 04:29:21 -05:00
mfwmyfacewhen
e0d81ac98b remove privacy notes 2023-08-09 04:26:03 -05:00
mfwmyfacewhen
cfe6bd7959 consolidate information on app revocation checks 2023-08-09 03:41:58 -05:00
mfwmyfacewhen
91ac91be42 remove third party software recommendation 2023-08-09 03:32:49 -05:00
mfwmyfacewhen
f96d54e89d remove notarization in antivirus section 2023-08-09 03:18:37 -05:00
mfwmyfacewhen
10d317809b more accurate wording for app sandbox 2023-08-09 03:13:43 -05:00
mfwmyfacewhen
8d1083ecc5 remove mac address randomization 2023-08-09 03:10:43 -05:00
mfwmyfacewhen
07c3434915 change allow applications downloaded from setting to be more accurate 2023-08-09 03:09:40 -05:00
mfwmyfacewhen
330f6f9b20 remove activation lock 2023-08-09 03:00:55 -05:00
19 changed files with 48 additions and 104 deletions

View File

@@ -36,10 +36,10 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v3
- name: crowdin action - name: crowdin action
uses: crowdin/github-action@v1.13.1 uses: crowdin/github-action@v1.12.0
with: with:
upload_sources: true upload_sources: true
upload_sources_args: '--auto-update --delete-obsolete' upload_sources_args: '--auto-update --delete-obsolete'

View File

@@ -40,7 +40,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v3
with: with:
fetch-depth: '0' fetch-depth: '0'
ssh-key: ${{ secrets.ACTIONS_SSH_KEY }} ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
@@ -56,7 +56,7 @@ jobs:
cache: 'pipenv' cache: 'pipenv'
- name: Cache files - name: Cache files
uses: actions/cache@v3.3.2 uses: actions/cache@v3.3.1
with: with:
key: ${{ github.ref }} key: ${{ github.ref }}
path: .cache path: .cache

View File

@@ -34,7 +34,7 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v3
with: with:
fetch-depth: '0' fetch-depth: '0'
ssh-key: ${{ secrets.ACTIONS_SSH_KEY }} ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
@@ -50,7 +50,7 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v3
with: with:
fetch-depth: '0' fetch-depth: '0'
ssh-key: ${{ secrets.ACTIONS_SSH_KEY }} ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
@@ -63,7 +63,7 @@ jobs:
cache: 'pipenv' cache: 'pipenv'
- name: Cache files - name: Cache files
uses: actions/cache@v3.3.2 uses: actions/cache@v3.3.1
with: with:
key: ${{ github.ref }} key: ${{ github.ref }}
path: .cache path: .cache

View File

@@ -72,7 +72,14 @@ So far in 2023 we've launched international translations of our website in [Fren
- [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/freddy) - [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/freddy)
- [:simple-github: GitHub](https://github.com/freddy-m "@freddy-m") - [:simple-github: GitHub](https://github.com/freddy-m "@freddy-m")
- [:simple-mastodon: Mastodon](https://social.lol/@freddy "@freddy@social.lol"){rel=me} - [:simple-mastodon: Mastodon](https://social.lol/@freddy "@freddy@social.lol"){rel=me}
- [:fontawesome-solid-house: Homepage](https://freddy.lol) - [:fontawesome-solid-envelope: Email](mailto:freddy@privacyguides.org)
- [:fontawesome-solid-house: Homepage](https://freddy.omg.lol)
??? person "@mfwmyfacewhen"
- [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/mfwmyfacewhen)
- [:simple-github: GitHub](https://github.com/mfwmyfacewhen "@mfwmyfacewhen")
- [:fontawesome-solid-house: Homepage](https://mfw.omg.lol)
??? person "@olivia" ??? person "@olivia"

View File

@@ -39,7 +39,7 @@ Calendars contain some of your most sensitive data; use products that implement
![Proton](assets/img/calendar/proton-calendar.svg){ align=right } ![Proton](assets/img/calendar/proton-calendar.svg){ align=right }
**Proton Calendar** is an encrypted calendar service available to Proton members via web or mobile clients. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide). Those on the free tier get access to 3 calendars, whereas paid subscribers can create up to 25 calendars. Extended sharing functionality is also limited to paid subscribers. **Proton Calendar** is an encrypted calendar service available to Proton members via web or mobile clients. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide). Those on the free tier get access to a single calendar, whereas paid subscribers can create up to 20 calendars. Extended sharing functionality is also limited to paid subscribers.
[:octicons-home-16: Homepage](https://proton.me/calendar){ .md-button .md-button--primary } [:octicons-home-16: Homepage](https://proton.me/calendar){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" } [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }

View File

@@ -30,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into using encr
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851)
- [:simple-windows11: Windows](https://proton.me/drive/download)
The Proton Drive web application has been independently audited by Securitum in [2021](https://proton.me/blog/security-audit-all-proton-apps), full details were not made available, but Securitum's letter of attestation states: The Proton Drive web application has been independently audited by Securitum in [2021](https://proton.me/blog/security-audit-all-proton-apps), full details were not made available, but Securitum's letter of attestation states:

View File

@@ -275,7 +275,7 @@ An email aliasing service allows you to easily generate a new email address for
<div class="grid cards" markdown> <div class="grid cards" markdown>
- ![addy.io logo](assets/img/email/mini/addy.svg){ .twemoji } [addy.io](email.md#addyio) - ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy)
- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) - ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin)
</div> </div>
@@ -297,36 +297,36 @@ Our email aliasing recommendations are providers that allow you to create aliase
Using an aliasing service requires trusting both your email provider and your aliasing provider with your unencrypted messages. Some providers mitigate this slightly with automatic PGP encryption, which reduces the number of parties you need to trust from two to one by encrypting incoming emails before they are delivered to your final mailbox provider. Using an aliasing service requires trusting both your email provider and your aliasing provider with your unencrypted messages. Some providers mitigate this slightly with automatic PGP encryption, which reduces the number of parties you need to trust from two to one by encrypting incoming emails before they are delivered to your final mailbox provider.
### addy.io ### AnonAddy
!!! recommendation !!! recommendation
![addy.io logo](assets/img/email/addy.svg#only-light){ align=right } ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ align=right }
![addy.io logo](assets/img/email/addy-dark.svg#only-dark){ align=right } ![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ align=right }
**addy.io** lets you create 10 domain aliases on a shared domain for free, or unlimited "standard" aliases which are less anonymous. **AnonAddy** lets you create 20 domain aliases on a shared domain for free, or unlimited "standard" aliases which are less anonymous.
[:octicons-home-16: Homepage](https://addy.io){ .md-button .md-button--primary } [:octicons-home-16: Homepage](https://anonaddy.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://addy.io/privacy){ .card-link title="Privacy Policy" } [:octicons-eye-16:](https://anonaddy.com/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://app.addy.io/docs){ .card-link title=Documentation} [:octicons-info-16:](https://app.anonaddy.com/docs/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/anonaddy){ .card-link title="Source Code" } [:octicons-code-16:](https://github.com/anonaddy){ .card-link title="Source Code" }
[:octicons-heart-16:](https://addy.io/donate){ .card-link title=Contribute } [:octicons-heart-16:](https://anonaddy.com/donate/){ .card-link title=Contribute }
??? downloads ??? downloads
- [:simple-android: Android](https://addy.io/faq/#is-there-an-android-app) - [:simple-android: Android](https://anonaddy.com/faq/#is-there-an-android-app)
- [:material-apple-ios: iOS](https://addy.io/faq/#is-there-an-ios-app) - [:material-apple-ios: iOS](https://anonaddy.com/faq/#is-there-an-ios-app)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/addy_io/) - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/en-GB/firefox/addon/anonaddy/)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/addyio-anonymous-email-fo/iadbdpnoknmbdeolbapdackdcogdmjpe) - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/anonaddy-anonymous-email/iadbdpnoknmbdeolbapdackdcogdmjpe)
The number of shared aliases (which end in a shared domain like @addy.io) that you can create is limited to 10 on addy.io's free plan, 50 on their $1/month plan and unlimited on the $4/month plan (billed $3 for a year). You can create unlimited standard aliases (which end in a domain like @[username].addy.io or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. They are useful where a shared domain might be blocked by a service. The number of shared aliases (which end in a shared domain like @anonaddy.me) that you can create is limited to 20 on AnonAddy's free plan and 50 on their $12/year plan. You can create unlimited standard aliases (which end in a domain like @[username].anonaddy.com or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. Unlimited shared aliases are available for $36/year.
Notable free features: Notable free features:
- [x] 10 Shared Aliases - [x] 20 Shared Aliases
- [x] Unlimited Standard Aliases - [x] Unlimited Standard Aliases
- [ ] No Outgoing Replies - [ ] No Outgoing Replies
- [x] 1 Recipient Mailboxes - [x] 2 Recipient Mailboxes
- [x] Automatic PGP Encryption - [x] Automatic PGP Encryption
### SimpleLogin ### SimpleLogin
@@ -347,7 +347,7 @@ Notable free features:
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.simplelogin.android) - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.simplelogin.android)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1494359858) - [:simple-appstore: App Store](https://apps.apple.com/app/id1494359858)
- [:simple-github: GitHub](https://github.com/simple-login/Simple-Login-Android/releases) - [:simple-github: GitHub](https://github.com/simple-login/Simple-Login-Android/releases)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/simplelogin/) - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/en-US/firefox/addon/simplelogin/)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/dphilobhebphkdjbpfohgikllaljmgbn) - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/dphilobhebphkdjbpfohgikllaljmgbn)
- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff) - [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff)
- [:simple-safari: Safari](https://apps.apple.com/app/id1494051017) - [:simple-safari: Safari](https://apps.apple.com/app/id1494051017)

View File

@@ -44,8 +44,6 @@ Privacy.com gives information about the merchants you purchase from to your bank
[:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation}
MySudo's virtual cards are currently only available via their iOS app.
### Criteria ### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

View File

@@ -36,7 +36,7 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
**Feeder** is a modern RSS client for Android that has many [features](https://gitlab.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed). **Feeder** is a modern RSS client for Android that has many [features](https://gitlab.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
[:octicons-repo-16: Repository](https://gitlab.com/spacecowboy/Feeder){ .md-button .md-button--primary } [:octicons-repo-16: Repository](https://gitlab.com/spacecowboy/Feeder){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/spacecowboy/Feeder){ .card-link title="Source Code" } [:octicons-code-16:](https://gitlab.com/spacecowboy/Feeder){ .card-link title="Source Code" }
[:octicons-heart-16:](https://ko-fi.com/spacecowboy){ .card-link title=Contribute } [:octicons-heart-16:](https://ko-fi.com/spacecowboy){ .card-link title=Contribute }
??? downloads ??? downloads

View File

@@ -23,7 +23,7 @@ The only source for apps on iOS is Apple's App Store, which requires an Apple ID
Apple has historically had problems with properly anonymizing their telemetry on iOS. [In 2019](https://www.theguardian.com/technology/2019/jul/26/apple-contractors-regularly-hear-confidential-details-on-siri-recordings), Apple was found to transmit Siri recordings—some containing highly confidential information—to their servers for manual review by third-party contractors. While they temporarily stopped that program after that practice was [widely reported on](https://www.theverge.com/2019/8/23/20830120/apple-contractors-siri-recordings-listening-1000-a-day-globetech-microsoft-cortana), the problem wasn't completely resolved [until 2021](https://www.theguardian.com/technology/2021/jun/07/apple-overhauls-siri-to-address-privacy-concerns-and-improve-performance). Apple has historically had problems with properly anonymizing their telemetry on iOS. [In 2019](https://www.theguardian.com/technology/2019/jul/26/apple-contractors-regularly-hear-confidential-details-on-siri-recordings), Apple was found to transmit Siri recordings—some containing highly confidential information—to their servers for manual review by third-party contractors. While they temporarily stopped that program after that practice was [widely reported on](https://www.theverge.com/2019/8/23/20830120/apple-contractors-siri-recordings-listening-1000-a-day-globetech-microsoft-cortana), the problem wasn't completely resolved [until 2021](https://www.theguardian.com/technology/2021/jun/07/apple-overhauls-siri-to-address-privacy-concerns-and-improve-performance).
More recently, Apple has been found to [transmit analytics even when analytics sharing is disabled](https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558) on iOS, and this data [appears](https://twitter.com/mysk_co/status/1594515229915979776) to be easily linked to unique iCloud account identifiers despite supposedly being anonymous. More recently, Apple has been found to [transmit analytics even when analytics sharing is disabled](https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558) on iOS, and this data [appears](https://twitter.com/mysk_co/status/1594515229915979776) to be easily linked to unique iCloud account identifiers despite supposedly being anonymous. Apple has not fixed [these problems](https://gizmodo.com/clarence-thomas-aide-venmo-laywers-supreme-court-1850631585) as of July 2023.
## Recommended Configuration ## Recommended Configuration

View File

@@ -1,5 +1,5 @@
--- ---
title: MacOS Overview title: macOS Overview
icon: material/apple-finder icon: material/apple-finder
description: macOS is Apple's desktop operating system that works with their hardware to provide strong security. description: macOS is Apple's desktop operating system that works with their hardware to provide strong security.
--- ---
@@ -7,22 +7,6 @@ description: macOS is Apple's desktop operating system that works with their har
Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/en-us/HT211814). Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/en-us/HT211814).
## Privacy Notes
There are a few notable privacy concerns with macOS that you should consider. These pertain to the operating system itself, and not Apple's other apps and services.
### Activation Lock
Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
macOS performs online checks when you open an app to verify whether an app contains known malware, and whether the developers signing certificate is revoked.
Previously, these checks were performed via an unencrypted OCSP protocol which could leak information about the apps you ran to your network. Apple upgraded their OCSP service to use HTTPS encryption in 2021, and [posted information](https://support.apple.com/HT202491) about their logging policy for this service. They additionally promised to add a mechanism for people to opt-out of this online check, but this has not been added to macOS as of July 2023.
While you [can](https://eclecticlight.co/2021/02/23/how-to-run-apps-in-private/) manually opt out of this check relatively easily, we recommend against doing so unless you would be badly compromised by the revocation checks performed by macOS, because they serve an important role in ensuring compromised apps are blocked from running.
## Recommended Configuration ## Recommended Configuration
Your account when you first set up your Mac will be an Administrator account, which has higher privileges than a Standard user account. macOS has a number of protections which prevent malware and other programs from abusing your Administrator privileges, so it is generally safe to use this account. Your account when you first set up your Mac will be an Administrator account, which has higher privileges than a Standard user account. macOS has a number of protections which prevent malware and other programs from abusing your Administrator privileges, so it is generally safe to use this account.
@@ -31,8 +15,6 @@ However, exploits in protective utilities like `sudo` have been [discovered in t
If you do use a second account, it is not strictly required to ever log in to your original Administrator account from the macOS login screen. When you are doing something as a Standard user which requires Administrator permissions, the system should prompt you for authentication, where you can enter your Administrator credentials as your Standard user on a one-time basis. Apple provides [guidance](https://support.apple.com/HT203998) on hiding your Administrator account if you prefer to only see a single account on your login screen. If you do use a second account, it is not strictly required to ever log in to your original Administrator account from the macOS login screen. When you are doing something as a Standard user which requires Administrator permissions, the system should prompt you for authentication, where you can enter your Administrator credentials as your Standard user on a one-time basis. Apple provides [guidance](https://support.apple.com/HT203998) on hiding your Administrator account if you prefer to only see a single account on your login screen.
Alternatively, you can use a utility like [macOS Enterprise Privileges](https://github.com/SAP/macOS-enterprise-privileges) to escalate to Administrator rights on-demand, but this may be vulnerable to some undiscovered exploit, like all software-based protections.
### iCloud ### iCloud
The majority of privacy and security concerns with Apple products are related to their *cloud services*, not their hardware or software. When you use Apple services like iCloud, most of your information is stored on their servers and secured with keys *which Apple has access to* by default. This level of access has occasionally been abused by law enforcement to get around the fact that your data is otherwise securely encrypted on your device, and of course Apple is vulnerable to data breaches like any other company. The majority of privacy and security concerns with Apple products are related to their *cloud services*, not their hardware or software. When you use Apple services like iCloud, most of your information is stored on their servers and secured with keys *which Apple has access to* by default. This level of access has occasionally been abused by law enforcement to get around the fact that your data is otherwise securely encrypted on your device, and of course Apple is vulnerable to data breaches like any other company.
@@ -117,12 +99,6 @@ Decide whether you want personalized ads based on your usage.
- [ ] Uncheck **Personalized Ads** - [ ] Uncheck **Personalized Ads**
##### Security
Apps from the App Store are subject to stricter security guidelines, such as stricter sandboxing. If the only apps you need are available from the App Store, change the **Allow applications downloaded from** setting to **App Store** to prevent accidentally running other apps. This is a good option particularly if you are configuring a machine for other, less technical users such as children.
If you choose to also allow applications from identified developers, be careful about the apps you run and where you obtain them.
##### FileVault ##### FileVault
On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling FileVault additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on. On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling FileVault additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
@@ -137,20 +113,6 @@ On older Intel-based Mac computers, FileVault is the only form of disk encryptio
- [x] Click **Turn On** - [x] Click **Turn On**
### MAC Address Randomization
Unlike iOS, macOS doesn't give you an option to randomize your MAC address in the settings, so you'll need to do it with a command or a script.
You open up your Terminal and enter this command to randomize your MAC address:
``` zsh
openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//' | xargs sudo ifconfig en1 ether
```
en1 is the name of the interface you're changing the MAC address for. This might not be the right one on every Mac, so to check you can hold the option key and click the Wi-Fi symbol at the top right of your screen.
This will be reset on reboot.
## Security Protections ## Security Protections
macOS employs defense in depth by relying on multiple layers of software and hardware-based protections, with different properties. This ensures that a failure in one layer does not compromise the system's overall security. macOS employs defense in depth by relying on multiple layers of software and hardware-based protections, with different properties. This ensures that a failure in one layer does not compromise the system's overall security.
@@ -175,20 +137,19 @@ System Integrity Protection makes critical file locations read-only to protect a
#### Application Security #### Application Security
### App Revocation Checks
macOS performs online OCSP checks using HTTPS encryption when you open an app to verify whether an app contains known malware, and whether the developers signing certificate is revoked.
We recommend against blocking these checks.
##### App Sandbox ##### App Sandbox
macOS apps downloaded from the App Store are required to be sandboxed usng the [App Sandbox](https://developer.apple.com/documentation/security/app_sandbox). macOS apps downloaded from the App Store are required to use the [App Sandbox](https://developer.apple.com/documentation/security/app_sandbox). You should avoid non-App Store software as much as possible.
!!! warning
Software downloaded from outside the official App Store is not required to be sandboxed. You should avoid non-App Store software as much as possible.
##### Antivirus ##### Antivirus
macOS comes with two forms of malware defense: Protection against malware on your system is provided by *XProtect*, an antivirus program built-in to macOS.
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer. We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.

View File

@@ -74,7 +74,7 @@ When you are using a SearXNG instance, be sure to go read their privacy policy.
![Startpage logo](assets/img/search-engines/startpage.svg#only-light){ align=right } ![Startpage logo](assets/img/search-engines/startpage.svg#only-light){ align=right }
![Startpage logo](assets/img/search-engines/startpage-dark.svg#only-dark){ align=right } ![Startpage logo](assets/img/search-engines/startpage-dark.svg#only-dark){ align=right }
**Startpage** is a private search engine known for serving [Google and Bing](https://support.startpage.com/hc/en-us/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing-) search results. One of Startpage's unique features is the [Anonymous View](https://www.startpage.com/en/anonymous-view/), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/en-us/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead. **Startpage** is a private search engine known for serving Google search results. One of Startpage's unique features is the [Anonymous View](https://www.startpage.com/en/anonymous-view/), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/en-us/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead.
[:octicons-home-16: Homepage](https://www.startpage.com){ .md-button .md-button--primary } [:octicons-home-16: Homepage](https://www.startpage.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" } [:octicons-eye-16:](https://www.startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }

View File

@@ -130,7 +130,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
<div class="grid cards" markdown> <div class="grid cards" markdown>
- ![addy.io logo](assets/img/email/mini/addy.svg){ .twemoji } [addy.io](email.md#addyio) - ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy)
- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) - ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin)
</div> </div>

File diff suppressed because one or more lines are too long

Before

Width:  |  Height:  |  Size: 5.2 KiB

File diff suppressed because one or more lines are too long

Before

Width:  |  Height:  |  Size: 5.2 KiB

View File

@@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 91 62"><g fill="none" fill-rule="nonzero"><path fill="#3AE7E1" d="M11.36 28.163a2.704 2.704 0 0 1-2.085-4.799l7.492-5.85a2.704 2.704 0 0 1 3.786.465 2.704 2.704 0 0 1-.466 3.786l-7.491 5.852c-.365.304-.79.486-1.235.546Z"/><path fill="#F5F7FA" d="M4.092 33.873a2.736 2.736 0 0 1-2.551-.992 2.704 2.704 0 0 1 .466-3.786l.708-.547a2.704 2.704 0 0 1 3.787.466 2.704 2.704 0 0 1-.466 3.786l-.709.547c-.364.283-.79.465-1.235.526Z"/><path fill="#3AE7E1" d="M3.12 49.24a2.704 2.704 0 0 1-2.085-4.799l16.44-12.836c1.175-.91 2.875-.708 3.787.466a2.704 2.704 0 0 1-.466 3.786L4.356 48.714c-.385.284-.81.466-1.236.527Z"/><path fill="#F5F7FA" d="M26.546 31.018a2.704 2.704 0 0 1-2.085-4.799l2.611-2.044a2.704 2.704 0 0 1 3.787.466 2.704 2.704 0 0 1-.466 3.786l-2.612 2.045c-.385.283-.81.465-1.235.546Z"/><path fill="#3AE7E1" d="M25.108 46.71a2.704 2.704 0 0 1-2.085-4.799l13.484-10.528c1.175-.911 2.876-.709 3.787.465a2.704 2.704 0 0 1-.466 3.787L26.344 46.163c-.365.304-.79.486-1.236.547Z"/><path fill="#F5F7FA" d="M17.739 52.561a2.706 2.706 0 0 1-2.552-1.012c-.91-1.175-.708-2.875.466-3.786l.952-.75c1.174-.91 2.875-.708 3.786.466s.709 2.875-.466 3.786l-.951.75a2.59 2.59 0 0 1-1.235.546Z"/><path fill="#3AE7E1" d="M85.708 0H23.185c-2.328 0-4.495 1.438-5.183 3.665a5.014 5.014 0 0 0 0 3.037 5.21 5.21 0 0 0 1.761 2.53S43.715 27.84 49.587 31.89c2.106 1.356 4.15.89 5.365-.04L85.343 8.2v40.879a7.232 7.232 0 0 1-7.228 7.228h-57.44a2.67 2.67 0 0 0-2.673 2.672 2.713 2.713 0 0 0 2.713 2.713h57.38c6.965 0 12.614-5.649 12.614-12.613V5C90.729 2.247 88.48 0 85.708 0ZM52.239 27.151 24.4 5.386H80.18L52.24 27.15Z"/></g></svg>

After

Width:  |  Height:  |  Size: 1.6 KiB

View File

@@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 91 62"><g fill="none" fill-rule="nonzero"><path fill="#3AE7E1" d="M11.36 28.163a2.704 2.704 0 0 1-2.085-4.799l7.492-5.85a2.704 2.704 0 0 1 3.786.465 2.704 2.704 0 0 1-.466 3.786l-7.491 5.852c-.365.304-.79.486-1.235.546Z"/><path fill="#7B8794" d="M4.092 33.873a2.736 2.736 0 0 1-2.551-.992 2.704 2.704 0 0 1 .466-3.786l.708-.547a2.704 2.704 0 0 1 3.787.466 2.704 2.704 0 0 1-.466 3.786l-.709.547c-.364.283-.79.465-1.235.526Z"/><path fill="#3AE7E1" d="M3.12 49.24a2.704 2.704 0 0 1-2.085-4.799l16.44-12.836c1.175-.91 2.875-.708 3.787.466a2.704 2.704 0 0 1-.466 3.786L4.356 48.714c-.385.284-.81.466-1.236.527Z"/><path fill="#7B8794" d="M26.546 31.018a2.704 2.704 0 0 1-2.085-4.799l2.611-2.044a2.704 2.704 0 0 1 3.787.466 2.704 2.704 0 0 1-.466 3.786l-2.612 2.045c-.385.283-.81.465-1.235.546Z"/><path fill="#3AE7E1" d="M25.108 46.71a2.704 2.704 0 0 1-2.085-4.799l13.484-10.528c1.175-.911 2.876-.709 3.787.465a2.704 2.704 0 0 1-.466 3.787L26.344 46.163c-.365.304-.79.486-1.236.547Z"/><path fill="#7B8794" d="M17.739 52.561a2.706 2.706 0 0 1-2.552-1.012c-.91-1.175-.708-2.875.466-3.786l.952-.75c1.174-.91 2.875-.708 3.786.466s.709 2.875-.466 3.786l-.951.75a2.59 2.59 0 0 1-1.235.546Z"/><path fill="#3AE7E1" d="M85.708 0H23.185c-2.328 0-4.495 1.438-5.183 3.665a5.014 5.014 0 0 0 0 3.037 5.21 5.21 0 0 0 1.761 2.53S43.715 27.84 49.587 31.89c2.106 1.356 4.15.89 5.365-.04L85.343 8.2v40.879a7.232 7.232 0 0 1-7.228 7.228h-57.44a2.67 2.67 0 0 0-2.673 2.672 2.713 2.713 0 0 0 2.713 2.713h57.38c6.965 0 12.614-5.649 12.614-12.613V5C90.729 2.247 88.48 0 85.708 0ZM52.239 27.151 24.4 5.386H80.18L52.24 27.15Z"/></g></svg>

After

Width:  |  Height:  |  Size: 1.6 KiB

View File

@@ -1 +0,0 @@
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><defs><linearGradient id="SVGID_1_" x1="42.708" x2="130.68" y1="135.75" y2="47.776" gradientTransform="matrix(.25025 0 0 -.25025 -11.762 42.835)" gradientUnits="userSpaceOnUse"><stop stop-color="#3AE7E1" offset="0"/><stop stop-color="#1993D2" offset=".9481"/></linearGradient><linearGradient id="SVGID_00000133497581833190088830000011359831797951217313_" x1="67.759" x2="155.73" y1="160.8" y2="72.827" gradientTransform="matrix(.25025 0 0 -.25025 -11.762 42.835)" gradientUnits="userSpaceOnUse"><stop stop-color="#3AE7E1" offset="0"/><stop stop-color="#1993D2" offset=".9481"/></linearGradient><linearGradient id="SVGID_00000095339857216016244530000015244439318020201364_" x1="42.676" x2="130.65" y1="135.72" y2="47.744" gradientTransform="matrix(.25025 0 0 -.25025 -11.762 42.835)" gradientUnits="userSpaceOnUse"><stop stop-color="#3AE7E1" offset="0"/><stop stop-color="#1993D2" offset=".9481"/></linearGradient></defs><g transform="matrix(1.2083 0 0 1.2083 4.2637 -3.528)" stroke-width=".25025"><path class="st0" d="m17.492 18.685c0 1.3013-0.7007 2.4274-1.7518 3.028v2.2272c0 0.97598-0.77578 1.7518-1.7518 1.7518 1.2262 0 2.3774-0.32532 3.3784-0.87588 0.07507-0.27528 0.12512-0.57558 0.12512-0.87588z" fill="#2d7aae"/><path class="st1" d="m13.989 15.182h-6.982c-0.97598 0-1.7518 0.77578-1.7518 1.7518v7.007c0 0.97598 0.77578 1.7518 1.7518 1.7518h7.007c0.97598 0 1.7518-0.77578 1.7518-1.7518v-7.007c-0.02502-0.97598-0.8008-1.7518-1.7768-1.7518zm-1.7518 7.007h-3.4785v-3.5035h3.5035z" fill="url(#SVGID_1_)"/><path d="m7.4822 8.175c0.6006-1.051 1.7267-1.7518 3.028-1.7518s2.4274 0.7007 3.028 1.7518h0.47548c1.1762 0 2.3273 0.25025 3.4034 0.7007-0.5005-3.3534-3.4034-5.956-6.9069-5.956s-6.4064 2.5776-6.9069 5.956c1.0761-0.45045 2.2272-0.7007 3.4034-0.7007z" fill="url(#SVGID_00000133497581833190088830000011359831797951217313_)"/><path class="st0" d="m3.5032 10.878c1.026-0.6006 2.2272-0.95095 3.5035-0.95095 0-0.62562 0.17518-1.2262 0.47548-1.7518h-0.47548c-1.1762 0-2.3273 0.25025-3.4034 0.7007-0.05005 0.35035-0.075075 0.7007-0.075075 1.051v0.95095z" fill="#2d7aae"/><path class="st0" d="m13.513 8.175c0.3003 0.52552 0.47548 1.1011 0.47548 1.7518 1.2763 0 2.4775 0.35035 3.5035 0.95095v-0.95095c0-0.35035-0.02503-0.7007-0.07508-1.051-1.0761-0.45045-2.2272-0.7007-3.4034-0.7007z" fill="#2d7aae"/><path d="m17.492 23.941c0 0.3003-0.05005 0.6006-0.12512 0.87588 2.1522-1.2012 3.6036-3.4785 3.6036-6.1311v-1.7518c0-2.5776-1.4014-4.8548-3.5035-6.056-1.026-0.6006-2.2272-0.95095-3.5035-0.95095h-6.957c-1.2763 0-2.4775 0.35035-3.5035 0.95095-2.1021 1.2012-3.5035 3.4534-3.5035 6.056v7.007c0 3.8538 3.1281 7.007 7.007 7.007h7.007c0-1.9269-1.5766-3.5035-3.5035-3.5035h-3.5035c-1.9269 0-3.5035-1.5766-3.5035-3.5035v-7.007c0-1.9269 1.5766-3.5035 3.5035-3.5035h7.007c1.9269 0 3.5035 1.5766 3.5035 3.5035v1.7518z" fill="url(#SVGID_00000095339857216016244530000015244439318020201364_)"/></g></svg>

Before

Width:  |  Height:  |  Size: 2.9 KiB

View File

@@ -101,7 +101,6 @@
border-radius: 6px; border-radius: 6px;
box-shadow: rgba(0, 0, 0, 0) 0px 0px 0px 0px, rgba(0, 0, 0, 0) 0px 0px 0px 0px, rgba(0, 0, 0, 0.05) 0px 1px 3px 0px, rgba(0, 0, 0, 0.05) 0px 1px 2px -1px; box-shadow: rgba(0, 0, 0, 0) 0px 0px 0px 0px, rgba(0, 0, 0, 0) 0px 0px 0px 0px, rgba(0, 0, 0, 0.05) 0px 1px 3px 0px, rgba(0, 0, 0, 0.05) 0px 1px 2px -1px;
transition: none; transition: none;
position: relative;
} }
.md-typeset .grid.cards>:-webkit-any(ul,ol)>li, .md-typeset .grid>.card { /* Webkit */ .md-typeset .grid.cards>:-webkit-any(ul,ol)>li, .md-typeset .grid>.card { /* Webkit */
@@ -111,7 +110,6 @@
border-radius: 6px; border-radius: 6px;
box-shadow: rgba(0, 0, 0, 0) 0px 0px 0px 0px, rgba(0, 0, 0, 0) 0px 0px 0px 0px, rgba(0, 0, 0, 0.05) 0px 1px 3px 0px, rgba(0, 0, 0, 0.05) 0px 1px 2px -1px; box-shadow: rgba(0, 0, 0, 0) 0px 0px 0px 0px, rgba(0, 0, 0, 0) 0px 0px 0px 0px, rgba(0, 0, 0, 0.05) 0px 1px 3px 0px, rgba(0, 0, 0, 0.05) 0px 1px 2px -1px;
transition: none; transition: none;
position: relative;
} }
.md-typeset .grid.cards > :is(ul, ol) > li:is(:focus-within, :hover), .md-typeset .grid > .card:is(:focus-within, :hover) { /* Firefox */ .md-typeset .grid.cards > :is(ul, ol) > li:is(:focus-within, :hover), .md-typeset .grid > .card:is(:focus-within, :hover) { /* Firefox */
@@ -124,24 +122,6 @@
border-color: var(--md-accent-fg-color); border-color: var(--md-accent-fg-color);
} }
.md-typeset .grid.cards > :is(ul, ol) > li > a::after, .md-typeset .grid>.card a::after { /* Firefox */
content: "";
position: absolute;
top: 0;
bottom: 0;
left: 0;
right: 0;
}
.md-typeset .grid.cards>:-webkit-any(ul, ol)>li > a::after, .md-typeset .grid>.card a::after { /* Webkit */
content: "";
position: absolute;
top: 0;
bottom: 0;
left: 0;
right: 0;
}
/* header font */ /* header font */
.md-header__topic:first-child { .md-header__topic:first-child {