- SnowHaze - - An open source web browser with built-in ad, tracker, cookie, and fingerprint blocking, all customizable on a per-site basis. + - An open-source web browser with built-in ad, tracker, cookie, and fingerprint blocking, all customizable on a per-site basis.
If you want to make sure every single WebRTC related setting is really disabled change these settings:
+If you want to make sure every single WebRTC-related setting is really disabled change these settings:
- media.peerconnection.turn.disable = true @@ -40,7 +40,7 @@
- - fruux - a unified contacts/calendaring system that works across platforms and devices. + fruux - A unified contacts/calendaring system that works across platforms and devices.
- - cloud backups - consider regularly exporting your calendar and or contacts and backing them up on a separate storage drive or uploading them to cloud storage (ideally after encrypting them). + cloud backups - Consider regularly exporting your calendar and or contacts and backing them up on a separate storage drive or uploading them to cloud storage (ideally after encrypting them).
- croc - Easily and securely send things from one computer to another. -
- FreedomBox - Designed to be your own inexpensive server at home. It runs free software and offers an increasing number of services ranging from a calendar or jabber server to a wiki or VPN. +
- FreedomBox - Designed to be your own inexpensive server at home. It runs free software and offers an increasing number of services ranging from a calendar or Jabber server to a wiki or VPN.
- OpenBSD BSD - A project that produces a free, multi-platform 4.4BSD-based UNIX-like operating system. Emphasizes portability, standardization, correctness, proactive security and integrated cryptography. -
- DD-WRT Linux contrib - A is Linux-based firmware for wireless routers and wireless access points. It is compatible with several models of routers and access points. +
- DD-WRT Linux contrib - A Linux-based firmware for wireless routers and wireless access points. It is compatible with several models of routers and access points.
- Microsoft Privacy Statement - Microsoft collects, uses and discloses personal information as described here. This allows One Drive data, Cortana searches and MS browser history to be sold to third parties. +
- Microsoft Privacy Statement - Microsoft collects, uses and discloses personal information as described here. This allows OneDrive data, Cortana searches, and MS browser history to be sold to third parties.
- Cortana and privacy - To personalize your experience and provide the best possible suggestions, Cortana accesses your email and other communications and collects data about your contacts (People), like their title, suffix, first name, last name, middle name, nicknames, and company name. If you call, email, or text someone or they call, email, or text you, Cortana collects that person’s email address or phone number.
- WindowsSpyBlocker - Open source tool that blocks data collection. +
- WindowsSpyBlocker - Open-source tool that blocks data collection.
- Comparison of Windows 10 Privacy tools - ghacks.net
- OpenVPN and Wireguard support. -
- Kill-switch with highly configurable options (enable/disable on certain networks, on boot, etc.) +
- OpenVPN and WireGuard support. +
- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Easy-to-use mobile clients, especially open-source.
- Strongest Encryption: RSA-4096.
- Perfect Forward Secrecy (PFS).
- Comprehensive published security audits from a reputable third-party firm. -
- Bug-bounty programs and/or a coordinated vulnerability-disclosure process +
- Bug-bounty programs and/or a coordinated vulnerability-disclosure process.
- Hiding your traffic from only your Internet Service Provider. -
- Hiding your downloads (such as Torrents) from your ISP and anti-piracy organizations. +
- Hiding your downloads (such as torrents) from your ISP and anti-piracy organizations.
- VPN - a Very Precarious Narrative by Dennis Schubert
- Don't use VPN services by Sven Slootweg -
- Self-contained networks on privacytools.io are able to replace a VPN that allows access to services on local area network +
- The self-contained networks recommended on privacytools.io are able to replace a VPN that allows access to services on local area network
- Slicing Onions: Part 1 – Myth-busting Tor by blacklight447
- Slicing Onions: Part 2 – Onion recipes; VPN not required by blacklight447
How to fix the WebRTC Leak in Google Chrome?
-WebRTC cannot be fully disabled in Chrome, however it is possible to change its routing settings (and prevent leaks) using an extension. Two open source solutions include WebRTC Leak Prevent (options may need to be changed depending on the scenario), and uBlock Origin (select "Prevent WebRTC from leaking local IP addresses" in Settings).
+WebRTC cannot be fully disabled in Chrome; however, it is possible to change its routing settings (and prevent leaks) using an extension. Two open-source solutions include WebRTC Leak Prevent (options may need to be changed depending on the scenario), and uBlock Origin (select "Prevent WebRTC from leaking local IP addresses" in Settings).
What about other browsers?
diff --git a/_includes/sections/calendar-contacts-sync.html b/_includes/sections/calendar-contacts-sync.html index 9d12ec3b..ddfd63cc 100644 --- a/_includes/sections/calendar-contacts-sync.html +++ b/_includes/sections/calendar-contacts-sync.html @@ -50,10 +50,10 @@
-The UKUSA Agreement is an agreement between the United Kingdom, United States, Australia, Canada, and New Zealand to cooperatively collect, analyze, and share intelligence. Members of this group, known as the Five Eyes, focus on gathering and analyzing intelligence from different parts of the world. While Five Eyes countries have agreed to not spy on each other as adversaries, leaks by Snowden have revealed that some Five Eyes members monitor each other's citizens and share intelligence to avoid breaking domestic laws that prohibit them from spying on their own citizens. The Five Eyes alliance also cooperates with groups of third-party countries to share intelligence (forming the Nine Eyes and Fourteen Eyes), however Five Eyes and third-party countries can and do spy on each other.
+The UKUSA Agreement is an agreement between the United Kingdom, United States, Australia, Canada, and New Zealand to cooperatively collect, analyze, and share intelligence. Members of this group, known as the Five Eyes, focus on gathering and analyzing intelligence from different parts of the world. While Five Eyes countries have agreed to not spy on each other as adversaries, leaks by Snowden have revealed that some Five Eyes members monitor each other's citizens and share intelligence to avoid breaking domestic laws that prohibit them from spying on their own citizens. The Five Eyes alliance also cooperates with groups of third-party countries to share intelligence (forming the Nine Eyes and Fourteen Eyes); however, Five Eyes and third-party countries can and do spy on each other.
-Services based in the United States are not recommended because of the country's surveillance programs, use of National Security Letters (NSLs) and accompanying gag orders, which forbid the recipient from talking about the request. This combination allows the government to secretly force companies to grant complete access to customer data and transform the service into a tool of mass surveillance.
+Services based in the United States are not recommended because of the country's surveillance programs and use of National Security Letters (NSLs) with accompanying gag orders, which forbid the recipient from talking about the request. This combination allows the government to secretly force companies to grant complete access to customer data and transform the service into a tool of mass surveillance.
An example of this is Lavabit – a secure email service created by Ladar Levison. The FBI requested Snowden's records after finding out that he used the service. Since Lavabit did not keep logs and email content was stored encrypted, the FBI served a subpoena (with a gag order) for the service's SSL keys. Having the SSL keys would allow them to access communications (both metadata and unencrypted content) in real time for all of Lavabit's customers, not just Snowden's.
diff --git a/_includes/sections/live-operating-systems.html b/_includes/sections/live-operating-systems.html index d718ece0..f02b4872 100644 --- a/_includes/sections/live-operating-systems.html +++ b/_includes/sections/live-operating-systems.html @@ -3,7 +3,7 @@ {% include cardv2.html title="Tails" image="/assets/img/tools/Tails.png" -description='Tails is a live operating system, that starts on almost any computer from a DVD, USB stick, or SD card. It aims at preserving privacy and anonymity, and helps to: Use the Internet anonymously and circumvent censorship; Internet connections go through the Tor network; leave no trace on the computer; use state-of-the-art cryptographic tools to encrypt files, emails and instant messaging.' +description='Tails is a live operating system that starts on almost any computer from a DVD, USB stick, or SD card. It aims at preserving privacy and anonymity, and helps you to use the Internet anonymously and circumvent censorship by forcing Internet connections to go through the Tor network; leave no trace on the computer; and use state-of-the-art cryptographic tools to encrypt files, emails and instant messaging.' badges="info:GNU/Linux" labels="warning:contrib:This software may depend on or recommend non-free software." website="https://tails.boum.org/" diff --git a/_includes/sections/router-firmware.html b/_includes/sections/router-firmware.html index 1f785d5e..01360ed3 100644 --- a/_includes/sections/router-firmware.html +++ b/_includes/sections/router-firmware.html @@ -33,5 +33,5 @@ git="https://gogs.librecmc.org/libreCMC/libreCMC"Mullvad EUR €60/Year
-Mullvad is a fast and inexpensive VPN with a serious focus on transparency and security, they have been in operation since 2009. It is the only VPN provider that currently meets our criteria for recommendation. Mullvad is based in Sweden and does not have a free trial. Visit mullvad.net to create an account.
+Mullvad is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. It is the only VPN provider that currently meets our criteria for recommendation. Mullvad is based in Sweden and does not have a free trial. Visit mullvad.net to create an account.
409+ Servers
Mullvad has 409 servers in 38 countries at the time of writing this page. Typically the more servers a provider offers, the better: With hundreds of servers in operation, you are far more likely to find a fast connection and a server geographically closest to you.
WireGuard Support
-In addition to standard OpenVPN connections, Mullvad supports Wireguard. Wireguard is an experimental protocol with theoretically better security and higher reliability, although it is not currently recommended for production use.
+In addition to standard OpenVPN connections, Mullvad supports WireGuard. WireGuard is an experimental protocol with theoretically better security and higher reliability, although it is not currently recommended for production use.
Independently Audited
Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report published at cure53.de. The security researchers concluded:
@@ -58,7 +58,7 @@442+ Servers
ProtonVPN has 442 servers in 33 countries at the time of writing this page. Typically the more servers a provider offers, the better: With hundreds of servers in operation, you are far more likely to find a fast connection and a server geographically closest to you.
Accepts Bitcoin
-ProtonVPN does technically accept Bitcoin payments, however you either need to have an existing account, or contact their support team in advance to register with Bitcoin.
+ProtonVPN does technically accept Bitcoin payments; however, you either need to have an existing account, or contact their support team in advance to register with Bitcoin.
Mobile Clients
In addition to providing standard OpenVPN configuration files, ProtonVPN has mobile clients for iOS or Android allowing for easy connections to their servers.
Extra Functionality
@@ -72,7 +72,7 @@
IVPN USD $100/Year
-IVPN is another strong premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar and offers a 3 day free trial. Unfortunately due to its lack of an independent security audit it does not meet the complete criteria for recommendation, see our notes below.
+IVPN is another strong premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar and offers a 3 day free trial. Unfortunately, due to its lack of an independent security audit, it does not meet the complete criteria for recommendation, see our notes below.
No Security Audit
IVPN has undergone a no-logging audit from Cure53 which concluded in agreement with IVPN's no-logging claim. However, IVPN has not undergone a more comprehensive security audit by an independent third party, and therefore cannot be strongly recommended at this time. We have still chosen to list it on this page with the assumption that an audit will be published soon: The IVPN team reportedly plans to begin the process in September.
We will reevaluate this listing at the end of 2019 or when the aforementioned report has been published, whichever is sooner. diff --git a/_includes/sections/windows10.html b/_includes/sections/windows10.html index 8ea3cc88..6d4987b4 100644 --- a/_includes/sections/windows10.html +++ b/_includes/sections/windows10.html @@ -80,7 +80,7 @@
Related Information
-
-
Some good news
-
-
Technology
-We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. If a VPN provides their own custom client, we require a kill-switch to block network data leaks when disconnected.
+We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. If a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
Minimum to Qualify:
@@ -59,8 +59,8 @@ description: "Find a no-logging VPN operator who isn't out to sell or read yourBest Case:
-
-
Security
-A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security. Ideally in a very comprehensive manner and on a repeated (yearly) basis.
+A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
Minimum to Qualify:
@@ -102,7 +102,7 @@ description: "Find a no-logging VPN operator who isn't out to sell or read yourIn most cases, most of your traffic is already encrypted! Over 98% of the top 3000 websites offer HTTPS, meaning your non-DNS traffic is safe regardless of using a VPN. It is incredibly rare for applications that handle personal data to not support HTTPS in 2019, especially with services like Let's Encrypt offering free HTTPS certificates to any website operator.
Even if a site you visit doesn't support HTTPS, a VPN will not protect you, because a VPN cannot magically encrypt the traffic between the VPN's servers and the website's servers. Installing an extension like HTTPS Everywhere and making sure every site you visit uses HTTPS is far more helpful than using a VPN.
Should I use encrypted DNS with a VPN?
-The answer to this question is also the not very helpful: it depends. Your VPN provider may have their own DNS servers, but if they don't, the traffic between your VPN provider and the DNS server isn't encrypted. You need to trust the encrypted DNS provider in addition to the VPN provider and unless your client and target server support encrypted SNI, the VPN provider can still see which domains you are visiting.
+The answer to this question is also not very helpful: it depends. Your VPN provider may have their own DNS servers, but if they don't, the traffic between your VPN provider and the DNS server isn't encrypted. You need to trust the encrypted DNS provider in addition to the VPN provider and unless your client and target server support encrypted SNI, the VPN provider can still see which domains you are visiting.
However you shouldn't use encrypted DNS with Tor. This would direct all of your DNS requests through a single circuit, and would allow the encrypted DNS provider to deanonymize you.
What if I need anonymity?
VPNs cannot provide strong anonymity. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on "no logging" policies to protect your data.
@@ -159,9 +159,9 @@ description: "Find a no-logging VPN operator who isn't out to sell or read yourA VPN may still be useful to you in a variety of scenarios, such as:
For use-cases like these, or if you have another compelling reason, the VPN providers we listed above are who we think are the most trustworthy. However, using a VPN provider still means you're trusting the provider. In pretty much any other scenario you should be using a secure-by-design tool such as Tor.
+For use cases like these, or if you have another compelling reason, the VPN providers we listed above are who we think are the most trustworthy. However, using a VPN provider still means you're trusting the provider. In pretty much any other scenario you should be using a secure-by-design tool such as Tor.