remove "allow apps downloaded from app store" setting

docs/basics/vpn-overview.md

@@ -5,41 +5,19 @@ icon: material/vpn
 description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind.
 ---
 
-Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. Originally, they were designed so that you could securely connect to a network even if you weren't *physically* there; you're *virtually* on a *private network*.
+Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem).
 
-## How do VPNs work?
+Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns).
 
-VPNs encrypt your traffic between your device and a server owned by your VPN provider. From the perspective of anyone between you and the VPN server, it looks like you're connecting to the VPN server. From the perspective of anyone between the VPN server and your destination site, all they can see is the VPN server connecting to the website.
+A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it.
 
-``` mermaid
-flowchart TD
-    server== VPN encryption ===infra(Outside Infrastructure)== VPN encryption ===local[Local Network]== VPN encryption ===device[Your Device]
-    server{VPN Server}-. No VPN encryption .--infr(Outside Infrastructure)-. No VPN encryption .--site[Destination Website]
-```
+## Should I use a VPN?
 
-## When should I use a VPN?
+**Yes**, unless you are already using Tor. A VPN does two things: shifting the risks from your Internet Service Provider to itself and hiding your IP from a third-party service.
 
-### Hiding browsing habits from your ISP
+VPNs cannot encrypt data outside of the connection between your device and the VPN server. VPN providers can see and modify your traffic the same way your ISP could. And there is no way to verify a VPN provider's "no logging" policies in any way.
 
-An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem).
-
-They usually can't see the content of your traffic since encryption protocols such as HTTPS are commonly used on the internet, but they can see the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN will prevent your ISP from seeing what domains you connect to, although the VPN provider is still able to see all your traffic.
-
-==VPNs can't encrypt data outside of the connection between your device and the VPN server.== VPN providers can see and modify your traffic the same way your ISP could. And there is no way to verify a VPN provider's "no logging" policies in any way.
-
-### Hiding your IP address from third parties
-
-Any website you connect to will see the VPN provider's IP address instead of yours. This can be useful if you want to avoid leaking your IP address to outside parties if you are worried about a DDoS or other attack against your network.
-
-For example, a VPN can also protect you from your ISP or anti-piracy organizations while torrenting.
-
-### Preventing tracking
-
-A VPN can't prevent tracking all on its own, but it can offer a few benefits.
-
-You can connect to a server in a different city or country than you live in, making it appear like you're somwhere you're not. This is easily circumvented using things like your browser's language and timezone settings, so this shouldn't be relied on.
-
-Because you share a pool of IP addresses with many other users, it becomes more difficult to track you. Do note that most people do not have static IP addresses, so even without a VPN your IP address will change even without a VPN.
+However, they do hide your actual IP from a third-party service, provided that there are no IP leaks. They help you blend in with others and mitigate IP based tracking.
 
 ## When shouldn't I use a VPN?
 
@@ -47,72 +25,54 @@ Using a VPN in cases where you're using your [known identity](common-threats.md#
 
 Doing so may trigger spam and fraud detection systems, such as if you were to log into your bank's website.
 
-### For anonymity
+## What about encryption?
 
-VPNs can't provide anonymity. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You can't rely on "no logging" policies to protect your data. Use [Tor](https://www.torproject.org/) instead.
+Encryption offered by VPN providers are between your devices and their servers. It guarantees that this specific link is secure. This is a step up from using unencrypted proxies where an adversary on the network can intercept the communications between your devices and said proxies and modify them. However, encryption between your apps or browsers with the service providers are not handled by this encryption.
 
-### For E2EE
-
-Encryption offered by VPN providers is between your devices and their servers. It guarantees that this specific link is secure. This is a step up from using unencrypted proxies where an adversary on the network can intercept the communications between your devices and said proxies and modify them. However, encryption between your apps or browsers with the service providers are not handled by this encryption.
-
-In order to keep what you actually do on the websites you visit private and secure, you must use HTTPS. This will keep your passwords, session tokens, and queries safe from the VPN provider. You can enable HTTPS-only mode in your browser (if it's supported) to mitigate downgrade attacks like [SSL Strip](https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf).
+In order to keep what you actually do on the websites you visit private and secure, you must use HTTPS. This will keep your passwords, session tokens, and queries safe from the VPN provider. Consider enabling "HTTPS everywhere" in your browser to mitigate downgrade attacks like [SSL Strip](https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf).
 
 ## Should I use encrypted DNS with a VPN?
 
-Unless your VPN provider hosts the encrypted DNS servers, **no**. Using DOH/DOT (or any other form of encrypted DNS) with third-party servers will simply add more entities to trust and does **absolutely nothing** to improve your privacy/security. Your VPN provider can still see which websites you visit based on the IP addresses and other methods. Instead of trusting only your VPN provider, you are now trusting both the VPN provider **and** the DNS provider.
+Unless your VPN provider hosts the encrypted DNS servers, **no**. Using DOH/DOT (or any other form of encrypted DNS) with third-party servers will simply add more entities to trust and does **absolutely nothing** to improve your privacy/security. Your VPN provider can still see which websites you visit based on the IP addresses and other methods. Instead of just trusting your VPN provider, you are now trusting both the VPN provider and the DNS provider.
 
 A common reason to recommend encrypted DNS is that it helps against DNS spoofing. However, your browser should already be checking for [TLS certificates](https://en.wikipedia.org/wiki/Transport_Layer_Security#Digital_certificates) with **HTTPS** and warn you about it. If you are not using **HTTPS**, then an adversary can still just modify anything other than your DNS queries and the end result will be little different.
 
-**You shouldn't use encrypted DNS with Tor**. This will direct all of your DNS requests through a single circuit and allow the encrypted DNS provider to deanonymize you.
+Needless to say, **you shouldn't use encrypted DNS with Tor**. This would direct all of your DNS requests through a single circuit and would allow the encrypted DNS provider to deanonymize you.
 
 ## Should I use Tor *and* a VPN?
 
-By using a VPN with Tor, you're essentially creating a permanent entry node, often with a money trail attached. This provides zero additional benefits to you, while increasing the attack surface of your connection dramatically. If you wish to hide your Tor usage from your ISP or your government, Tor has a built-in solution for that: **Tor bridges**. [Read more about Tor bridges and why using a VPN is not necessary](../advanced/tor-overview.md).
+By using a VPN with Tor, you're creating essentially a permanent entry node, often with a money trail attached. This provides zero additional benefits to you, while increasing the attack surface of your connection dramatically. If you wish to hide your Tor usage from your ISP or your government, Tor has a built-in solution for that: Tor bridges. [Read more about Tor bridges and why using a VPN is not necessary](../advanced/tor-overview.md).
+
+## What if I need anonymity?
+
+VPNs cannot provide anonymity. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on "no logging" policies to protect your data. Use [Tor](https://www.torproject.org/) instead.
 
 ## What about VPN providers that provide Tor nodes?
 
-Do not use that feature. The point of using Tor is that you ==don't have to trust it==, unlike VPNs which require you to trust your provider. Currently Tor only supports the [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) protocol. [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (used in [WebRTC](https://en.wikipedia.org/wiki/WebRTC) for voice and video sharing, the new [HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) protocol, etc.), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) and other packets will be dropped. To compensate for this, VPN providers typically will route all non-TCP packets through their VPN server (your first hop). This is the case with [ProtonVPN](https://protonvpn.com/support/tor-vpn/). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://www.whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit).
+Do not use that feature. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) protocol. [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (used in [WebRTC](https://en.wikipedia.org/wiki/WebRTC) for voice and video sharing, the new [HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) protocol, etc.), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) and other packets will be dropped. To compensate for this, VPN providers typically will route all non-TCP packets through their VPN server (your first hop). This is the case with [ProtonVPN](https://protonvpn.com/support/tor-vpn/). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://www.whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit).
 
 The feature should be viewed as a convenient way to access the Tor Network, not to stay anonymous. For proper anonymity, use the Tor Browser, TorSocks, or a Tor gateway.
 
-## VPN Ownership
+## When are VPNs useful?
 
-Most VPN services are owned by the same [few companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/). These shady companies run lots of smaller VPN services to create the illusion that you have more choice than you actually do and to maximize profit. Typically, these providers that feed into their shell company have terrible privacy policies and shouldn't be trusted with your internet traffic. You should be very strict about which provider you decide to use. 
+A VPN may still be useful to you in a variety of scenarios, such as:
 
-You should also be wary that many VPN review sites are merely advertising vehicles open to the highest bidder; a paid review can't possibly be impartial. ==Privacy Guides never accepts payment or affiliate programs for our content.==
+1. Hiding your traffic from **only** your Internet Service Provider.
+1. Hiding your downloads (such as torrents) from your ISP and anti-piracy organizations.
+1. Hiding your IP from third-party websites and services, preventing IP based tracking.
 
-[Our VPN Recommendations](../vpn.md){ .md-button }
+For situations like these, or if you have another compelling reason, the VPN providers we listed above are who we think are the most trustworthy. However, using a VPN provider still means you're *trusting* the provider. In pretty much any other scenario you should be using a secure**-by-design** tool such as Tor.
 
-## Multi-Party Relays
+## Sources and Further Reading
 
-Multi-Party Relays use multiple nodes owned by different parties, such that no individual party knows both who you are **and** what you're connecting to. This is the idea behind Tor, but now there are some paid services that try to emulate this model.
+1. [VPN - a Very Precarious Narrative](https://schub.io/blog/2019/04/08/very-precarious-narrative.html) by Dennis Schubert
+1. [Tor Network Overview](../advanced/tor-overview.md)
+1. [IVPN Privacy Guides](https://www.ivpn.net/privacy-guides)
+1. ["Do I need a VPN?"](https://www.doineedavpn.com), a tool developed by IVPN to challenge aggressive VPN marketing by helping individuals decide if a VPN is right for them.
 
-MPRs seek to solve a problem inherent to VPNs: the fact that you must trust them completely.
+## Related VPN Information
 
-MPRs typically have ways of protecting your DNS traffic. Apple's Private Relay uses ODoH, INVISV uses Obvlivious DNS, and Tor lets the exit node do the DNS lookup for you.
-
-Speeds are comparable to non-proxied speeds using these services due to the [MASQUE](https://datatracker.ietf.org/wg/masque/about/) protocol, which is not present on Tor or VPNs.
-
-## Decentralized VPNs
-
-Another attempt at solving the issues with centralized VPN services are dVPNs. These are based on blockchain technology and claim to eliminiate trust in a single party by distributing the nodes across lots of different people. However, many times a dVPN will default to a single node, meaning you need to trust that node completely, just like a traditional VPN. Unlike a traditional VPN, this one node that can see all your traffic is a random person instead of your VPN provider that can be audited and has legal responsiblities to uphold their privacy policy. Multi-hop is needed to solve this, but that comes with a stability and performance cost.
-
-Another consideration is legal liability; the exit node will need to deal with legal problems from misuse of the network, an issue that the Tor network has contended with for its entire existence. This disincentivizes regular people from running nodes and makes it more attractive for a malicious actor with lots of resources to host one. This is a big problem is the service is single-node, as the potentially malicious exit node can see who you are and what you're connecting to.
-
-dVPNs are closed networks many times. They might not be able to access the regular web.
-
-Many are used to push a cryptocurrency rather than to make the best service.
-
-They tend to be smaller networks with fewer nodes, making them more vulnerable to sybil attacks.
-
-## Sources
-
-- [VPN - a Very Precarious Narrative](https://schub.io/blog/2019/04/08/very-precarious-narrative.html) by Dennis Schubert
-- [IVPN Privacy Guides](https://www.ivpn.net/privacy-guides)
-- ["Do I need a VPN?"](https://www.doineedavpn.com), a tool developed by IVPN to challenge aggressive VPN marketing by helping individuals decide if a VPN is right for them.
+- [The Trouble with VPN and Privacy Review Sites](https://blog.privacyguides.org/2019/11/20/the-trouble-with-vpn-and-privacy-review-sites/)
 - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/)
 - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/)
 - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/)
-- [The Trouble with VPN and Privacy Review Sites](https://blog.privacyguides.org/2019/11/20/the-trouble-with-vpn-and-privacy-review-sites/)
-- [Why VPNs are Wrong and MPRs are Right](https://invisv.com/articles/relay.html)
-- [Comparing dVPNs and centralized VPNs for privacy protection](https://www.ivpn.net/privacy-guides/comparing-dvpns-centralized-vpns-privacy-protection/)

docs/os/macos-overview.md

@@ -7,22 +7,6 @@ description: macOS is Apple's desktop operating system that works with their har
 
 Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/en-us/HT211814).
 
-## Privacy Notes
-
-There are a few notable privacy concerns with macOS that you should consider. These pertain to the operating system itself, and not Apple's other apps and services.
-
-### Activation Lock
-
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
-
-### App Revocation Checks
-
-macOS performs online checks when you open an app to verify whether an app contains known malware, and whether the developer’s signing certificate is revoked.
-
-Previously, these checks were performed via an unencrypted OCSP protocol which could leak information about the apps you ran to your network. Apple upgraded their OCSP service to use HTTPS encryption in 2021, and [posted information](https://support.apple.com/HT202491) about their logging policy for this service. They additionally promised to add a mechanism for people to opt-out of this online check, but this has not been added to macOS as of July 2023.
-
-While you [can](https://eclecticlight.co/2021/02/23/how-to-run-apps-in-private/) manually opt out of this check relatively easily, we recommend against doing so unless you would be badly compromised by the revocation checks performed by macOS, because they serve an important role in ensuring compromised apps are blocked from running.
-
 ## Recommended Configuration
 
 Your account when you first set up your Mac will be an Administrator account, which has higher privileges than a Standard user account. macOS has a number of protections which prevent malware and other programs from abusing your Administrator privileges, so it is generally safe to use this account.
@@ -31,8 +15,6 @@ However, exploits in protective utilities like `sudo` have been [discovered in t
 
 If you do use a second account, it is not strictly required to ever log in to your original Administrator account from the macOS login screen. When you are doing something as a Standard user which requires Administrator permissions, the system should prompt you for authentication, where you can enter your Administrator credentials as your Standard user on a one-time basis. Apple provides [guidance](https://support.apple.com/HT203998) on hiding your Administrator account if you prefer to only see a single account on your login screen.
 
-Alternatively, you can use a utility like [macOS Enterprise Privileges](https://github.com/SAP/macOS-enterprise-privileges) to escalate to Administrator rights on-demand, but this may be vulnerable to some undiscovered exploit, like all software-based protections.
-
 ### iCloud
 
 The majority of privacy and security concerns with Apple products are related to their *cloud services*, not their hardware or software. When you use Apple services like iCloud, most of your information is stored on their servers and secured with keys *which Apple has access to* by default. This level of access has occasionally been abused by law enforcement to get around the fact that your data is otherwise securely encrypted on your device, and of course Apple is vulnerable to data breaches like any other company.
@@ -117,12 +99,6 @@ Decide whether you want personalized ads based on your usage.
 
 - [ ] Uncheck **Personalized Ads**
 
-##### Security
-
-Apps from the App Store are subject to stricter security guidelines, such as stricter sandboxing. If the only apps you need are available from the App Store, change the **Allow applications downloaded from** setting to **App Store** to prevent accidentally running other apps. This is a good option particularly if you are configuring a machine for other, less technical users such as children.
-
-If you choose to also allow applications from identified developers, be careful about the apps you run and where you obtain them.
-
 ##### FileVault
 
 On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling FileVault additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
@@ -137,20 +113,6 @@ On older Intel-based Mac computers, FileVault is the only form of disk encryptio
 
 - [x] Click **Turn On**
 
-### MAC Address Randomization
-
-Unlike iOS, macOS doesn't give you an option to randomize your MAC address in the settings, so you'll need to do it with a command or a script.
-
-You open up your Terminal and enter this command to randomize your MAC address:
-
-``` zsh
-openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//' | xargs sudo ifconfig en1 ether 
-```
-
-en1 is the name of the interface you're changing the MAC address for. This might not be the right one on every Mac, so to check you can hold the option key and click the Wi-Fi symbol at the top right of your screen.
-
-This will be reset on reboot.
-
 ## Security Protections
 
 macOS employs defense in depth by relying on multiple layers of software and hardware-based protections, with different properties. This ensures that a failure in one layer does not compromise the system's overall security.
@@ -175,20 +137,19 @@ System Integrity Protection makes critical file locations read-only to protect a
 
 #### Application Security
 
+### App Revocation Checks
+
+macOS performs online OCSP checks using HTTPS encryption when you open an app to verify whether an app contains known malware, and whether the developer’s signing certificate is revoked.
+
+We recommend against blocking these checks.
+
 ##### App Sandbox
 
-macOS apps downloaded from the App Store are required to be sandboxed usng the [App Sandbox](https://developer.apple.com/documentation/security/app_sandbox).
-
-!!! warning
-
-    Software downloaded from outside the official App Store is not required to be sandboxed. You should avoid non-App Store software as much as possible.
+macOS apps downloaded from the App Store are required to use the [App Sandbox](https://developer.apple.com/documentation/security/app_sandbox). You should avoid non-App Store software as much as possible.
 
 ##### Antivirus
 
-macOS comes with two forms of malware defense:
-
-1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run.
-2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
+Protection against malware on your system is provided by *XProtect*, an antivirus program built-in to macOS.
 
 We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.