1
0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-10-24 16:22:10 +00:00

Compare commits

...

2 Commits

Author SHA1 Message Date
Kevin Pham
b5da4264d7 Update publishing.md
Signed-off-by: Kevin Pham <123699355+kpham42@users.noreply.github.com>
2025-05-02 15:43:11 -04:00
b88588bda4 update!: Add "Getting Started" section 2025-02-26 12:56:54 -06:00
10 changed files with 348 additions and 0 deletions

View File

@@ -0,0 +1,4 @@
---
title: Avoiding Big Tech
icon: material/domain
---

View File

@@ -0,0 +1,4 @@
---
title: Bypassing Censorship
icon: material/eye-off
---

View File

@@ -0,0 +1,4 @@
---
title: Digital Rights and Freedoms
icon: material/horse-human
---

View File

@@ -0,0 +1,4 @@
---
title: Cybersecurity
icon: material/lock
---

View File

@@ -0,0 +1,256 @@
---
title: "Getting Started"
hide:
- navigation
---
You've probably encountered this website because you are interested in improving your digital privacy and security.
It's easy to feel overwhelmed. Many YouTubers make money from fearmongering and selling incomplete solutions, and many blogs on this subject are overwhelmingly long, narrowly-focused, and give "recommendations" based on whichever VPN company is paying them the most for referrals that week.
Our approach is different. We are going to *guide* you through every step, and our community is here to provide help along the way.
The effort to protect your rights can feel futile at first, but it **is** important. You are doing a great thing, both for yourself and for others who benefit from everyone caring about privacy.
Let's get started.
## Why this matters
> Much like the right to interracial marriage, woman's suffrage, freedom of speech, and many others, our right to privacy hasn't always been upheld. In several dictatorships, it still isn't.
>
> Generations before ours fought for our right to privacy. ==Privacy is a human right, inherent to all of us==, that we are entitled to (without discrimination).
Unfortunately, governments and corporations have always tried to erode this right wherever they can, and the frequency of these attacks on your personal privacy and freedom has been increasing at an astounding rate, especially since the advent of social media.
In an ideal world, you would have legal protections from this overreach, and it is important to support the people and organizations who are fighting to get these rights enshrined in law. However, in the meantime it is just as important to take personal action, both to protect yourself and to demonstrate to others that this is something worth caring about.
> A common counter-argument to pro-privacy movements is the notion that one doesn't need privacy if they have **"nothing to hide."** This is a dangerous misconception, because it creates a sense that people who demand privacy must be deviant, criminal, or wrong.
>
> ==You shouldn't confuse privacy with secrecy.== We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. There are always certain facts about us—say, personal health information, or sexual behavior—that we wouldn't want the whole world to know, and that's okay. The need for privacy is legitimate, and that's what makes us human. Privacy is about empowering your rights over your own information, not about hiding secrets.
Throughout our *Getting Started* section, we are going to link out to other guides on the website, like so:
[:material-book-outline: Why Privacy Matters](../basics/why-privacy-matters.md){ class="md-button" }
Feel free to read these articles and then return here, or simply note them for reference later. It is not critical to learn everything right off the bat, but they may answer lingering questions or provide more insight if you are interested in the details.
## First steps
Digital privacy is built on a foundation of best security practices. We are going to dive into more specific scenarios in a bit, but the following are things that **everyone** should do:
### :material-numeric-1-box: Use a password manager
<div class="grid" markdown>
<div markdown>
The single best thing you can do to protect yourself from hackers is to stop reusing the same password.
Unfortunately, just changing a few characters in your "usual password" for different sites is not enough, and it's hard to keep track of as well!
The best way to be secure is to have a **completely random and unique** password for every website.
We aren't good at creating random passwords ourselves though, and this is where a [password manager](../passwords.md) comes in.
A good password manager will give you a button to generate a new password whenever you make a new account, and then save that password in its database. **You never even need to know what the password is** (although you can always look if you need to).
Gone are the days of writing down all your passwords in a notebook or trying to remember what variations of your old password you used on which websites.
If we're being honest, this may be the most challenging thing we will ever recommend you do. To secure all your existing accounts, there is no getting around the fact that you will need to log in to each of them and change your password to one generated by your new password manager.
This will take time, but know that it is well worth the trouble, and the time you'll save in the future by just hitting a button to log in to your accounts and never having to go through the "Forgot Password?" rigmarole again will more than make up for it.
Just get it out of the way now, update your accounts, and come back here when you're finished.
</div>
<div markdown>
<div class="admonition tip" markdown>
<p class="admonition-title">Password manager recommendations</p>
Almost any password manager from a reputable company is better than none, but the best will support multiple platforms (so you aren't locked into a single operating system or walled garden), have a long track record of proven security and audits, and be conscientious about the data they collect.
We've made a list of our favorites, but if you still want us to pick for you, we think ![Bitwarden logo](../assets/img/password-management/bitwarden.svg){ .twemoji loading=lazy } [**Bitwarden**](../passwords.md#bitwarden) is best suited for most people, and ![KeePassXC logo](../assets/img/password-management/keepassxc.svg){ .twemoji loading=lazy } [**KeePassXC**](../passwords.md#keepassxc) is a great alternative if you feel more "techy."
[:material-form-textbox-password: All Recommendations](../passwords.md){ class="md-button" }
</div>
</div>
</div>
### :material-numeric-2-box: Update your software
<div class="grid" markdown>
<div markdown>
We know, software updates are annoying. They are time-consuming, and sometimes they break things that you've been using for years.
They are also **critical** for keeping you safe from malware and vulnerabilities.
Check your operating system for updates now, and install them if you're behind. You should also enable automatic updates, to keep you protected going forward.
Your operating system is the interface between the hardware you own and the software you run, meaning it requires a massive amount of trust to keep both of these things safe.
If it is compromised, it's game-over for your security, regardless of any [secure, private, and encrypted software](../tools.md) you run on it.
</div>
<div markdown>
<div class="admonition tip" markdown>
<p class="admonition-title">Operating system recommendations</p>
Updates *can* be inconvenient, but this is often a matter of your operating system not respecting you and your workflows.
Later in this guide, we are going to talk about alternative operating systems for PCs and mobile devices that *are* more respectful of you and your time. Switching to one of those will likely make updates a breeze, because they care more about security and stability than pushing whatever the latest AI copilot product they've just released is.
Even if you never end up switching though, automatic updates are still a necessity, and we strongly recommend enabling them on any platform.
[:material-tape-drive: Other Operating Systems](../desktop.md){ class="md-button" }
</div>
</div>
</div>
### :material-numeric-3-box: Install an ad blocker
<div class="grid" markdown>
<div markdown>
Advertisements aren't just annoying, they are one of the most prevalent attack vectors on the internet.
Internet advertisements are commonly used to deliver malware straight to your devices, or to trick you into giving away your personal or financial information.
This is **not** simply a matter of being gullible or not. Some of these advertisements are completely indistinguishable from legitimate sources. Google allows advertisers to [create fake search results](https://www.bleepingcomputer.com/news/security/google-ad-for-gimporg-served-info-stealing-malware-via-lookalike-site/) that completely match the website you're looking for, including the official domain name.
Even ignoring the advertisements that try to trick you, it is a massive security risk to run any "untrusted code" on your computer at all, which is exactly what JavaScript-based advertisements do.
Minimizing the amount of content you are downloading and running makes you much safer, and it speeds up your browsing at the same time! This is especially true if you have strict data caps on your internet plan, and can't afford to waste valuable megabytes on massive banner ad images.
</div>
<div markdown>
<div class="admonition tip" markdown>
<p class="admonition-title">Content blocking recommendations</p>
In most web browsers, you can install ![uBlock Origin Lite logo](../assets/img/browsers/ublock_origin_lite.svg){ .twemoji loading=lazy } [**uBlock Origin Lite**](../browser-extensions.md#ublock-origin-lite) for decent protection against these threats.
In later parts of this guide we are going to talk about alternative browsers and ad blocking extensions which might provide you with even more protections, but until then you should just install this on the browser you're using right now.
[:material-puzzle-outline: All Recommendations](../browser-extensions.md){ class="md-button" }
</div>
</div>
</div>
## What next?
Everyone likes a simple checklist, but here's the thing: Everyone's situation is different, and the solutions you're looking for will differ accordingly.
This is the most common pitfall we see people fall into. They will ask online communities about the best things to do to protect their privacy, and receive countless conflicting and unrealistic recommendations. This happens because everyone has a different idea of what's best, and they're not wrong! However, what's best for them isn't necessarily what's best for you.
Deciding what risks you want to protect against and finding protections against those risks is called **threat modeling**, and it's an important skill when it comes to protecting your privacy and security. We've written a more detailed guide on threat modeling, which you can read now or come back to later, but in the meantime you should think about what you *really* care about. **Why did you come to *privacyguides.org* in the first place?**
[:material-book-outline: Threat Modeling](../basics/threat-modeling.md){ class="md-button" }
To move on to the next part of this guide, you should choose the **most** important thing to you from the options below. You aren't meant to follow **all** of these guides, they are tailored to your specific situation.
<div class="grid cards" markdown>
- :material-domain:{ .lg .middle } I want to avoid ***Big Tech* tracking**
---
It's right to worry about companies like Facebook and Google siphoning your data to make a quick buck off you.
The societal dangers of hyper-targeted advertising is well known now, and really it's just plain creepy. These companies are less sophisticated than you might think though, and there *are* ways to avoid them.
[Big Tech :material-arrow-right:](big-tech.md)
- :material-bank-outline:{ .lg .middle } I'm worried about **mass surveillance** programs
---
Government mass surveillance programs have been extensively proven and documented, and there is no debate that they still exist. However, they are typically easy to thwart, because they rely on simple data collection programs that can be applied to massive populations at once.
Note that this guide is **not** intended for people who might be specifically targeted by their government. There is a huge difference between being caught up in dragnet mass surveillance programs, and actually being a person of interest.
[Mass Surveillance :material-arrow-right:](mass-surveillance.md)
- :material-eye-off:{ .lg .middle } I need to bypass **censorship**
---
todo
[Censorship Avoidance :material-arrow-right:](censorship-avoidance.md)
- :material-lock:{ .lg .middle } I am worried about my **security** and vulnerabilities
---
todo
[Digital Security :material-arrow-right:](digital-security.md)
- :material-book:{ .lg .middle } I need to safely **publish information anonymously**
---
todo
[Publishing :material-arrow-right:](publishing.md)
- :material-account-search:{ .lg .middle } I need to protect myself from **stalkers** or the public
---
todo
[Stalking/Abuse :material-arrow-right:](stalking-abuse.md)
- :material-target-account:{ .lg .middle } I may be the victim of a **targeted hack**/attack
---
todo
[Targeted Attacks :material-arrow-right:](targeted-attacks.md)
- :material-horse-human:{ .lg .middle } I want to defend my rights and freedoms
---
Maybe you aren't worried about a specific threat at all. You could be perfectly safe, but still deeply care about your rights to privacy and advocacy for digital rights and freedoms.
That's awesome! People like you who demand and promote privacy even when your immediate personal gain might be small are crucial for making companies make more privacy-conscious decisions in future products, in stopping the erosion of our liberties by governments, and in helping keep other people who need privacy *immediately* safe and protected.
[Digital Rights and Freedoms :material-arrow-right:](digital-rights.md)
</div>
We know it will be tempting to say that you care about all of these things. They are indeed all legitimate problems! We still really encourage you to truly consider what you *most* care about and go from there. We will set you up to consider other scenarios afterward :slight_smile:
## Further questions
Do you not think any of our pre-made guides are right for you? That is all right, we've created a general [knowledge base](../basics/why-privacy-matters.md) to help you understand privacy and security concepts more generally, and then apply those skills to any situation.
If you run into any problems or questions, you should ask us on our forum. We can't make a starter guide for everyone, but we can help guide you in the best way forward. When asking a question on our forum, it's important to include the following details:
1. **What is your goal?** Tell us why you joined and what you are trying to do.
2. **What have you already tried?** We don't want to waste your time if you already know something won't work. Tell us what you've encountered already and **why** it didn't work for you.
3. **Be sure to ask a specific question.** We can't read minds, so ask us what you're wondering directly, not just for general and generic advice. If your post doesn't have a question mark in it, it might not be something we can help with.
Also, if you think we should add a guide to this page, suggest one on our forum too! If you have a general idea of what we should cover that we aren't already, we can look into it and publish a guide for the benefit of future readers.
[:simple-discourse: Join our community forum](https://discuss.privacyguides.net){ class="md-button md-button--primary" }

View File

@@ -0,0 +1,4 @@
---
title: Mass Surveillance Programs
icon: material/bank-outline
---

View File

@@ -0,0 +1,54 @@
---
title: Publishing Information
icon: material/book
---
---
title: Publishing Information
icon: material/book
---
In 2021, a whistleblower named Frances Haugen leaked internal documents from Facebook, revealing how the company knowingly allowed misinformation and assisted in state-sponsored censorship. Known as the [Facebook Files](https://www.wsj.com/articles/the-facebook-files-11631713039), this leak was notable in how successful it was in preventing retaliation before Haugen publicly identified herself. While not confirmed, she most likely shared documents with the Wall Street Journal through [SecureDrop](https://securedrop.org/).
Her case is not unique. Whether you are a whistleblower, an investigative journalist, or an amateur blogger, the ability to publish safely is essential to a transparent society.
## Why Publish Anonymously?
In some countries, simply speaking out can result in criminal charges or loss-of-life. Even in relatively "free" societies, publishing critical information can attract legal threats, online harassment, or unwanted media attention. For example, [this hobbyist security researcher was sued](https://arstechnica.com/security/2024/08/city-of-columbus-sues-man-after-he-discloses-severity-of-ransomware-attack/) for documenting a ransomware attack on his own blog!
Anonymity enables freedom of speech by separating your voice from your identity. It helps protect you from retaliation while keeping the focus on the message.
## Best Practices
### 1. Use a Pseudonym
A pseudonym empowers you to maintain a consistent identity while separating your real-world persona from your published work. Choose a name (or Username) that has not been linked to you and use it exclusively for anonymous publishing.
Register [new accounts](https://www.privacyguides.org/en/basics/account-creation/) and [email](https://www.privacyguides.org/en/email/) addresses from devices and internet connections not associated with your identity. Avoid using the same writing style, login behavior, or online habits that could de-anonymize you. Remember that a pseudonym is only as strong as your ability to keep it separate.
In some cases, like in large newsrooms, you may need a public identity to establish credibility. If that is the case, shift your focus toward secure communication with confidential sources and protecting your operational security. Consider setting up a secure tipline instance for your organization.
### 2. Find a Platform
Where and how you publish matters. Here are a few options:
#### Create your Blog
Depending on your situation, you may be deciding between creating a website or using a third party platform like Substack or Medium. If you go with the former, [Ghost](https://ghost.org/) is an excellent open-source alternative to Substack. You can also create your own website through services like Wix or SquareSpace if your threat model allows it.
You can also consider running a Tor hidden service for an informal blog. This gives you control over hosting and minimizes reliance on third-party platforms. See [self-hosting resources](PLACEHOLDER) for guidance.
#### Use Alternative Social Media
[Social networks](https://www.privacyguides.org/en/social-networks/) can help you connect with a potential audience and gather feedback. Instead of X or Facebook, a decentralized and federated alternative like [Mastodon](https://joinmastodon.org/) can resist censorship from government actors. If you need help creating your first Mastodon account, read this resource here.
### Seek External Publishers
Many media outlets accept tips through a tipline, a system designed to receive anonymous submissions via Tor. This can be safer than publishing independently if you are sharing sensitive documents or exposing wrongdoing.
### 3. Compartmentalization
Compartmentalization involves isolating your publishing work from everything else. Whether youre using a pseudonym or your real name, never mix your activities. Instead of using apersonal laptop, purchase a dedicated laptop for your publishing work. When you decide to publish your final draft or upload your documents, do not log in from home or work networks. Instead, use an anonymous network like [Tor](https://www.privacyguides.org/en/tor/) over public wifi.
Furthermore, you should also install a anonymity or security-focused operatin system. When doing sensitive activities, boot from [Tails OS](https://www.privacyguides.org/en/desktop/#tails), an amnesiac Linux distribution that leaves no trace. For high-security daily usage, [Qubes OS](https://www.privacyguides.org/en/desktop/qubes) lets you compartmentalize your personal and work tasks in isolated virtual machines called qubes. If one of these virtual machines becomes compromised, you can always dispose of them.
Do not reuse passwords, emails, or browsing habits across different identities. Each project or pseudonym should exist in its own bubble. Compartmentalization ensures that you can safely publish your work without endangering your safety.

View File

@@ -0,0 +1,4 @@
---
title: Stalking / Abuse
icon: material/account-search
---

View File

@@ -0,0 +1,4 @@
---
title: Targeted Attacks
icon: material/target-account
---

View File

@@ -366,6 +366,16 @@ markdown_extensions:
nav:
- !ENV [NAV_HOME, "Home"]: "index.md"
- !ENV [NAV_GETTING_STARTED, "Getting Started"]:
- "getting-started/index.md"
- "getting-started/big-tech.md"
- "getting-started/mass-surveillance.md"
- "getting-started/censorship-avoidance.md"
- "getting-started/digital-security.md"
- "getting-started/publishing.md"
- "getting-started/stalking-abuse.md"
- "getting-started/targeted-attacks.md"
- "getting-started/digital-rights.md"
- !ENV [NAV_KNOWLEDGE_BASE, "Knowledge Base"]:
- "basics/why-privacy-matters.md"
- "basics/threat-modeling.md"