├── CNAME
├── .github
├── PULL_REQUEST_TEMPLATE.md
├── ISSUE_TEMPLATE
│ ├── bug_report.md
│ ├── addition-to-list.md
│ └── removal-from-list.md
├── CODE_OF_CONDUCT.md
└── CONTRIBUTING.md
├── ARTICLES
└── Secure-Messaging.md
├── 0_Why_It_Matters.md
├── ATTRIBUTIONS.md
├── LICENSE.md
├── 2_TLDR_Short_List.md
├── 6_Privacy_and-Security_Gadgets.md
└── 4_Privacy_And_Security_Links.md
/CNAME:
--------------------------------------------------------------------------------
1 | security-list.js.org
--------------------------------------------------------------------------------
/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | ````
2 | 🙌 Thanks for contributing 🙌
3 |
4 | Jut briefly describe what you've added/ modified, and why, then delete these guidelines 🙂
5 |
6 | If you are adding to the software list, ensure that:
7 | - It is open source or results of an independent audited have been published
8 | - You have used the application or service personally, and would recommend
9 | - You've done a quick search to ensure there are no majour or current vulnerabilities
10 | - You've include a link to project page for download or use, and if applicable the repository
11 | - If you are adding your own project or your companies product, mention this in the PR description
12 | ````
13 | ^^ Delete the Above 😉
14 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bug report
3 | about: Create a report to help us improve
4 | title: "[BUG]"
5 | labels: bug
6 | assignees: Lissy93
7 |
8 | ---
9 |
10 | **Describe the bug**
11 | A clear and concise description of what the bug is.
12 |
13 | **To Reproduce**
14 | Steps to reproduce the behavior:
15 | 1. Go to '...'
16 | 2. Click on '....'
17 | 3. Scroll down to '....'
18 | 4. See error
19 |
20 | **Expected behavior**
21 | A clear and concise description of what you expected to happen.
22 |
23 | **Screenshots**
24 | If applicable, add screenshots to help explain your problem.
25 |
26 | **Desktop (please complete the following information):**
27 | - OS: [e.g. iOS]
28 | - Browser [e.g. chrome, safari]
29 | - Version [e.g. 22]
30 |
31 | **Smartphone (please complete the following information):**
32 | - Device: [e.g. iPhone6]
33 | - OS: [e.g. iOS8.1]
34 | - Browser [e.g. stock browser, safari]
35 | - Version [e.g. 22]
36 |
37 | **Additional context**
38 | Add any other context about the problem here.
39 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/addition-to-list.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Addition to List
3 | about: Suggest a point to be added to the list
4 | title: "[CONTENT-CHANGE]"
5 | labels: enhancement
6 | assignees: Lissy93
7 |
8 | ---
9 |
10 | ### Put "Add ____" as Title
11 |
12 | ### Explain why it should be added
13 | [A clear and concise description of the point and why it should be added to the list.]
14 |
15 | ### Additional Context
16 | [Provide some context, with a bit of detail. Specify which of the 10 categories this point should be listed under]
17 |
18 | ### Content (optional)
19 | [Suggest some content, including links, written in clear English for the point you'd like added]
20 |
21 | ---
22 |
23 | ### NOTES:
24 | - Before submitting, check that there isn't a similar open issue already
25 | - Please create a new issue for each separate/ stand-alone point you'd like added to the list
26 | - If you are confident in your abilities, you can also write the point yourself, and submit it as a PR
27 | - Thank you for your suggestion, it's because of contributors like yourself that this project can exist
28 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/removal-from-list.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Removal from List
3 | about: Suggest a point specified should be edited or removed from the list
4 | title: "[CONTENT-CHANGE]"
5 | labels: enhancement
6 | assignees: Lissy93
7 |
8 | ---
9 |
10 | ### State which point should be edited or removed. Put "Remove/ Edit ____" as Title
11 |
12 | ### Justification
13 | [A clear and concise justification of why this point is incorrect/ no longer relevant]
14 | or
15 | [A clear and concise explanation of what is not right, and suggest how it should be amended]
16 |
17 | ### Additional Context (optional)
18 | [Provide some context, with a bit of detail, and if it is for an edit, you can suggest the new text]
19 |
20 | ---
21 |
22 | ### NOTES:
23 | - Before submitting, check that there isn't a similar open issue already
24 | - Please create a new issue for each separate/ stand-alone point you'd like edited/ removed from the list
25 | - If you are confident in your abilities, you can also make the changes yourself, and submit it as a PR
26 | - Thank you for your suggestion, it's because of contributors like yourself that this project can exist
27 |
--------------------------------------------------------------------------------
/.github/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
1 | # Contributor Covenant Code of Conduct
2 |
3 | ## Our Pledge
4 |
5 | In the interest of fostering an open and welcoming environment, we as
6 | contributors and maintainers pledge to making participation in our project and
7 | our community a harassment-free experience for everyone, regardless of age, body
8 | size, disability, ethnicity, sex characteristics, gender identity and expression,
9 | level of experience, education, socio-economic status, nationality, personal
10 | appearance, race, religion, or sexual identity and orientation.
11 |
12 | ## Our Standards
13 |
14 | Examples of behavior that contributes to creating a positive environment
15 | include:
16 |
17 | * Using welcoming and inclusive language
18 | * Being respectful of differing viewpoints and experiences
19 | * Gracefully accepting constructive criticism
20 | * Focusing on what is best for the community
21 | * Showing empathy towards other community members
22 |
23 | Examples of unacceptable behavior by participants include:
24 |
25 | * The use of sexualized language or imagery and unwelcome sexual attention or
26 | advances
27 | * Trolling, insulting/derogatory comments, and personal or political attacks
28 | * Public or private harassment
29 | * Publishing others' private information, such as a physical or electronic
30 | address, without explicit permission
31 | * Other conduct which could reasonably be considered inappropriate in a
32 | professional setting
33 |
34 | ## Our Responsibilities
35 |
36 | Project maintainers are responsible for clarifying the standards of acceptable
37 | behavior and are expected to take appropriate and fair corrective action in
38 | response to any instances of unacceptable behavior.
39 |
40 | Project maintainers have the right and responsibility to remove, edit, or
41 | reject comments, commits, code, wiki edits, issues, and other contributions
42 | that are not aligned to this Code of Conduct, or to ban temporarily or
43 | permanently any contributor for other behaviors that they deem inappropriate,
44 | threatening, offensive, or harmful.
45 |
46 | ## Scope
47 |
48 | This Code of Conduct applies both within project spaces and in public spaces
49 | when an individual is representing the project or its community. Examples of
50 | representing a project or community include using an official project e-mail
51 | address, posting via an official social media account, or acting as an appointed
52 | representative at an online or offline event. Representation of a project may be
53 | further defined and clarified by project maintainers.
54 |
55 | ## Enforcement
56 |
57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be
58 | reported by contacting the project team at alicia@as93.net. All
59 | complaints will be reviewed and investigated and will result in a response that
60 | is deemed necessary and appropriate to the circumstances. The project team is
61 | obligated to maintain confidentiality with regard to the reporter of an incident.
62 | Further details of specific enforcement policies may be posted separately.
63 |
64 | Project maintainers who do not follow or enforce the Code of Conduct in good
65 | faith may face temporary or permanent repercussions as determined by other
66 | members of the project's leadership.
67 |
68 | ## Attribution
69 |
70 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71 | available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
72 |
73 | [homepage]: https://www.contributor-covenant.org
74 |
75 | For answers to common questions about this code of conduct, see
76 | https://www.contributor-covenant.org/faq
77 |
--------------------------------------------------------------------------------
/.github/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # Contributing
2 |
3 | > **Working on your first Pull Request?** You can learn how from this *free* series [How to Contribute to an Open Source Project on GitHub](https://egghead.io/series/how-to-contribute-to-an-open-source-project-on-github)
4 |
5 | ## Intro
6 |
7 | Like most open source projects, this list exists because of contributer like yourself.
8 | I would like to personally thank you for taking the time to further this list, and also for checking the contributing policy.
9 |
10 | If you would like something added, ammended or removed from this list, you can either raise an issue, or submit a pull request.
11 | When submitting a PR to this repository, it's best to first discuss the changes with another contributor.
12 |
13 | We have a code of conduct (see below), that is adapted from [Contributor Covenant](https://www.contributor-covenant.org/),
14 | please follow it in all your interactions with the project.
15 |
16 | ----
17 |
18 | ## Code of Conduct
19 |
20 | ### Our Pledge
21 |
22 | In the interest of fostering an open and welcoming environment, we as
23 | contributors and maintainers pledge to making participation in our project and
24 | our community a harassment-free experience for everyone, regardless of any personal factors.
25 |
26 | ### Our Standards
27 |
28 | Examples of behavior that contributes to creating a positive environment
29 | include:
30 |
31 | * Using welcoming and inclusive language
32 | * Being respectful of differing viewpoints and experiences
33 | * Gracefully accepting constructive criticism
34 | * Focusing on what is best for the community
35 | * Showing empathy towards other community members
36 |
37 | Examples of unacceptable behavior by participants include:
38 |
39 | * The use of sexualized language or imagery and unwelcome sexual attention or
40 | advances
41 | * Trolling, insulting/derogatory comments, and personal or political attacks
42 | * Public or private harassment
43 | * Publishing others' private information, such as a physical or electronic
44 | address, without explicit permission
45 | * Other conduct which could reasonably be considered inappropriate in a
46 | professional setting
47 |
48 | ### Our Responsibilities
49 |
50 | Project maintainers are responsible for clarifying the standards of acceptable
51 | behavior and are expected to take appropriate and fair corrective action in
52 | response to any instances of unacceptable behavior.
53 |
54 | Project maintainers have the right and responsibility to remove, edit, or
55 | reject comments, commits, code, wiki edits, issues, and other contributions
56 | that are not aligned to this Code of Conduct, or to ban temporarily or
57 | permanently any contributor for other behaviors that they deem inappropriate,
58 | threatening, offensive, or harmful.
59 |
60 | ### Scope
61 |
62 | This Code of Conduct applies both within project spaces and in public spaces
63 | when an individual is representing the project or its community. Examples of
64 | representing a project or community include using an official project e-mail
65 | address, posting via an official social media account, or acting as an appointed
66 | representative at an online or offline event. Representation of a project may be
67 | further defined and clarified by project maintainers.
68 |
69 | ### Enforcement
70 |
71 | Instances of abusive, harassing, or otherwise unacceptable behavior may be
72 | reported by contacting the project team at [alicia at as93 dot net](mailto:alicia@as93.net).
73 | All complaints will be reviewed and investigated and will result in a response that
74 | is deemed necessary and appropriate to the circumstances. The project team is
75 | obligated to maintain confidentiality with regard to the reporter of an incident.
76 | Further details of specific enforcement policies may be posted separately.
77 |
78 | Project maintainers who do not follow or enforce the Code of Conduct in good
79 | faith may face temporary or permanent repercussions as determined by other
80 | members of the project's leadership.
81 |
82 | ### Attribution
83 |
84 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
85 | available at [http://contributor-covenant.org/version/1/4][version]
86 |
87 | [homepage]: http://contributor-covenant.org
88 | [version]: http://contributor-covenant.org/version/1/4/
89 |
--------------------------------------------------------------------------------
/ARTICLES/Secure-Messaging.md:
--------------------------------------------------------------------------------
1 | # Choosing a Secure Messenging Platform
2 |
3 | This article explains the considerations you should be aware of when selecting a secure messenger.
4 |
5 | **TLDR;** Opting for a secure messaging app can prevent any third-parties accessing your private conversions. Choose a platform that is E2E encrypted, open source and actively maintained. Advanced security features can harden defenses further, such as self-destructing messages, contact verification, forward secrecy, the ability to sign up with an aliases (instead of phone number or email) and a decentralized P2P network sending content over Tor.
6 |
7 | ## Considerations
8 |
9 | ### End-to-end Encryption
10 | End-to-end encryption means that messages are encrypted locally on your device, before being sent to your recipient(s). Neither the service provider, nor any actor who intercepts messages can ever decrypt the content. This is important since your data is safe from a data breach, law enforcement warrant, rogue employee or a malicious actor. Avoid apps that offer E2E encryption as an optional feature, as this could increase the chance of a plain text accidentally message being sent. Be aware that some providers offer weak or backdore'd encryption- (often called [Snake Oil Encryption](https://en.wikipedia.org/wiki/Snake_oil_(cryptography))), if the platform is not open source, then there is no way of verifying weather this is the case.
11 |
12 | ### Open Source
13 | The most secure designs, are the ones you do not have to trust. Without an app being open source, we can not verify that it is truly secure. It may have backdoors, weak cryptography or security vulnerabilities. This is one reason why apps which has fully-open and public source code can be more trustworthy But don't be fooled by false advertising; just because an app uses open source cryptography, does not mean it is fully open source, and hence cannot be verified. The published source code must be complete, and the security design system must be thoroughly documented.
14 |
15 | ### Code Audit
16 | As well as encryption, the developers need to take care of code quality, user experience, and service availability. The math behind the cryptography may be flawless, but a small mistake in the implementation, can result in serious consequences for security. Therefore the code base should be regularly audited by independant security specialists, and the report published publicly.
17 |
18 | ### Active Maintenance
19 | Pushing well tested security updates in a timely manner is of prime importance to security. New bugs, vulnerabilities and issues are being discovered all the time, and without being patched they may be exploited by an adversary. For a messenger to be secure, a public stable (non-beta) release needs to be available, and there needs to be secure auto-updating mechanisms to quickly mitigate security problems. It should be clear to the user which version they are running, and if a newer version is available
20 |
21 | ### Reproducible Builds
22 | Most apps are distributed in a pre-compiled form, making it very difficult to verify that the version you downloaded is authentic and the same as that in the open source repository. [Binary Transparency](https://wiki.mozilla.org/Security/Binary_Transparency) allows third parties to verify that the binaries are built directly from the public source code. [Reproducible builds](https://reproducible-builds.org) is the practice of verifying the build are authentic, and do not contain backdoors. This is done with a pre-defined build environment and a fully deterministic build process - transforming a given set of source code must always output the same result. The user can then, if they desire build the app themselves and validate that the output matches the original build.
23 |
24 | ### Additional Features
25 | Some messaging platforms have additional features, that can be enticing to users, but it critical that these features do not undermine the goals of security. For example, cloud backups should be off by default, and if exported data will be decrypted the user must be made aware of this. Avoid platforms that priorities feature development over security
26 |
27 | ### Meta Data
28 | Sending and receiving messages generates meta data, and this can reveal a lot of information: Who do you talk to, how often/ for how long, when, where, how etc. Not all messaging platforms automatically encrypt this, so it is important to check: What is collected, how long is it stored, with whom is it shared for and for what purposes. In general, the best meta data policies are the shortest: We do not collect any user meta data.
29 |
30 | ### Stability
31 | The app should be usable, salable and reliable. One of the biggest dangers is that if the platform fails to reliably deliver messages, users may be forced to fall back to less secure channels. Some smaller messaging services may not have the resources required to build a robust and reliable messaging platform, yet this is essential for security.
32 |
33 | ### Financing
34 | Building apps and maintaining servers is expensive. Ask yourself - who is paying for all that? Because usually, if a service is free- you're the product. This isn't always the case, as some open source apps are funded by non-profit organisations, who receive donations and sponsorship. But if you cannot easily find out who is behind the app, this should be a red flag.
35 |
36 | ### Reputable Developers
37 | Developers should have a solid history of responding to technical problems and legal threats with the platform, as well as a realistic and transparent attitude toward government and law enforcement
38 |
39 |
40 | ### Jurisdiction
41 | The location of where the company is legally registered, where they run operations from and where they host user data plays a big role in security. In some countries or states, organisations are forced to comply with local government regulations, which can often require the organisation log all their users data, or hand over any encryption keys. Generally, it's better to avoid companies from within the [Five Eyes](https://en.wikipedia.org/wiki/Five_Eyes) Alliance.
42 |
43 | ### Anonymity
44 | If the app asks for a phone number, email address or name, then you are not anonymous. For vulnerable users, the ability to sign up anonymously is critical, as a major identifier like a phone number is private information, and could be risky if they are being targeted by someone who knows their identity, (such as a government, stalker or criminal adversary). This may not be needed for everyone, but if you believe you may be targeted, then opt for an anonymous messaging app, download it over Tor, outside of Google Play / Apple App Store, create an anonymous identity ant only run the app while connected through Tor.
45 |
46 | ### Contact Verification
47 | Your communications can only be as secure as the weakest link, and if you cannot verify your contacts identity, you cannot be sure that their account has not been taken over, or even that you are communicating with the intended entity. In the same way, if your recipient has been compromised, your messages are not safe at all. Contact fingerprint verification is a powerful feature, enabling users to trust the destination, and preventing hackers from hijacking the conversation. It usually takes the form of comparing fingerprint codes, even over a phone call or in real life via a QR code. A secure messenger should provide reliable indicators of compromise that are recognizable to an end-user, so if someone has logged on from a new device, both parties should be notified.
48 |
49 | ### Ephemeral Messages
50 | You cannot always rely on the physical security of your device. Self-destructing messages is a really neat feature the causes your messages to automatically delete after a set amount of time. This means that if your device is lost or stolen, an adversary will only have access to the most recent communications. Unlike remote erase, disappearing messages does not require your device to be remotely accessible or have signal. You are able to vary this time frame from weeks all the way down to just a few seconds, depending on your threat model.
51 |
52 | ### Forward Secrecy
53 | Opt for a platform that implements [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy). This is where your app generates a new encryption key for every message, then even if your adversary has obtained your device and extracted the private encryption key, they will not be able to use it to decrypt any previously captured messages. This means that even if a key from one party is compromised, it will not be possible to decrypt the remainder of the session with this key.
54 |
55 | ### Decentralization
56 | Without freedom, your app will have a single point of failure. If all data flows through a central provider, then you have to trust them with your meta-data. And if that provider ceases to operate, the entire network will be unavailable for that duration. Whereas with a decentralized system, you have the freedom to delegate trust to someone else, in another jurisdiction. With a fully peer-to-peer app, there are no central servers to compromise, and there is no single point of failure.
57 |
58 | ## Additional Settings
59 | Your choose an application that allows you to disable optional non-security features such as read receipt, last online and typing notification. If the app supports cloud sync either for backup or for access through a web app companion, this increases the attack surface and so should be disabled also.
60 |
61 | ## Final Considerations
62 | The weakest point in any system is the user. If you or your recipient is compromised, then even the most advanced security features will become obsolete. Follow good security practices, and ensure the contact you are communicating with also does so. It's important to remember that new vulnerabilities are being discovered and exploited all the time, and the most secure messaging app of today could become compromised in the future
63 |
64 |
--------------------------------------------------------------------------------
/0_Why_It_Matters.md:
--------------------------------------------------------------------------------
1 | # Digital Privacy and Security- Why is Matters
2 |
3 |
4 | **TLDR;** Privacy is a fundamental right, and essential to democracy, liberty, and freedom of speech. Our privacy is being abused by governments (with mass-surveillance), corporations (profiting from selling personal data), and cyber criminals (stealing our poorly-secured personal data and using it against us). Security is needed in order to keep your private data private, and good digital security is critical to stay protected from the growing risks associated with the war on data.
5 |
6 | ----
7 |
8 | ## What is Personal Data?
9 | Personal data is any information that relates to an identified or identifiable living individual. Even data that has been de-identified or anonymized can often still be used to re-identify a person, especially when combined with a secondary data set.
10 |
11 | This could be sensitive documents (such as medical records, bank statements, card numbers, etc), or user-generated content (messages, emails, photos, search history, home CCTV, etc) or apparently trivial metadata (such as mouse clicks, typing patterns, time spent on each web page, etc)
12 |
13 | ## How is Data Collected?
14 | One of the most common data collection methods is web tracking. This is when websites use cookies, device fingerprints, and other methods to identify you, and follow you around the web. It is often done for advertising, analytics, and personalization. When aggregated together, this data can paint a very detailed picture of who you are.
15 |
16 | ## How is Data Stored?
17 | Data that has been collected is typically stored in databases on a server. These servers are rarely owned by the companies managing them, [56% of servers](https://www.canalys.com/newsroom/global-cloud-market-Q3-2019) are owned by Amazon AWS, Google Cloud, and Microsoft Azure. If stored correctly the data will be encrypted, and authentication required to gain access. However that usually isn't the case, and large data leaks [occour almost dailey](https://selfkey.org/data-breaches-in-2019/). As well as that data breaches occur, when an adversary compromises a database storing personal data. In fact, you've probably already been caught up in a data breach (check your email, at [have i been pwned](https://haveibeenpwned.com))
18 |
19 | ## What is Personal Data Used For?
20 |
21 | Data is collected, stored and used by governments, law enforcement, corporations and sometimes criminals:
22 |
23 | ### Government Mass Surveillance
24 | Intelligence and law enforcement agencies need surveillance powers to tackle serious crime and terrorism. However, since the Snowden revelations, we now know that this surveillance is not targeted at those suspected of wrongdoing- but instead the entire population. All our digital interactions are being logged and tracked by our very own governments.
25 |
26 | Mass surveillance is a means of control and suppression, it takes away our inerrant freedoms and breeds conformity. When we know we are being watched, we subconsciously change your behavior. A society of surveillance is just 1 step away from a society of submission.
27 |
28 | ### Corporations
29 | On the internet the value of data is high. Companies all want to know exactly who you are and what you are doing. They collect data, store it, use it and sometimes sell it on.
30 |
31 | Everything that each of us does online leaves a trail of data. These traces make up a goldmine of information full of insights into people on a personal level as well as a valuable read on larger cultural, economic and political trends. Tech giants (such as Google, Facebook, Apple, Amazon, and Microsoft) are leveraging this, building billion-dollar businesses out of the data that are interactions with digital devices create. We, as users have no guarantees that what is being collected is being stored securely, we often have no way to know for sure that it is deleted when we request so, and we don't have access to what their AI systems have refered from our data.
32 |
33 | Our computers, phones, wearables, digital assistants and IoT have been turned into tracking bugs that are plugged into a vast corporate-owned surveillance network. Where we go, what we do, what we talk about, who we talk to, and who we see – everything is recorded and, at some point, leveraged for value. They know us intimately, even the things that we hide from those closest to us. In our modern internet ecosystem, this kind of private surveillance is the norm.
34 |
35 | ### Cybercriminals
36 | Hackers and cybercriminals pose an ongoing and constantly evolving threat. With the ever-increasing amount of our personal data being collected and logged - we are more vulnerable to data breaches and identity fraud than ever before.
37 |
38 | In the same way, criminals will go to great lengths to use your data against you: either through holding it ransom, impersonating you, stealing money or just building up a profile on you and selling it on, to another criminal entity.
39 |
40 | ---
41 |
42 | ## Why Data Privacy Matters
43 |
44 | #### Data Privacy and Freedom of Speech
45 | Privacy is a fundamental right, and you shouldn't need to prove the necessity of fundamental right to anyone. As Edward Snowden said, "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say". There are many scenarios in which privacy is crucial and desirable like intimate conversations, medical procedures, and voting. When we know we are being watched, our behavior changes, which in turn suppresses things like free speech.
46 |
47 | #### Data Can Have Control Over You
48 | Knowledge is power; Knowledge about you is power over you. Your information will be used to anticipate your actions and manipulate the way you shop, vote, and think. When you know you are being watched, you subconsciously change your behavior. Mass surveillance is an effective, means of fostering compliance with social norms or with social orthodoxy. Without privacy, you might be afraid of being judged by others, even if you're not doing anything wrong. It can be a heavy burden constantly having to wonder how everything we do will be perceived by others.
49 |
50 | #### Data Can Be Used Against You
51 | Your personal information and private communications can be "cherry-picked" to paint a certain one-sided picture. It can make you look like a bad person, or criminal, even if you are not. Data often results in people not being judged fairly- standards differ between cultures, organisations, and generations. Since data records are permanent, behavior that is deemed acceptable today, may be held against you tomorrow. Further to this, even things we don't think are worth hiding today, may later be used against us in unexpected ways.
52 |
53 | #### Data Collection Has No Respect For Boundaries
54 | Data collection has no respect for social boundaries, you may wish to prevent some people (such as employers, family or former partners) from knowing certain things about you. Once you share personal data, even with a party you trust, it is then out of your control forever, and at risk of being hacked, leaked or sold. An attack on our privacy, also hurts the privacy of those we communicate with.
55 |
56 | #### Data Discriminates
57 | When different pieces of your data is aggregated together, it can create a very complete picture of who you are. This data profile, is being used to influence decisions made about you: from insurance premiums, job prospects, bank loan eligibility and license decisions. It can determine whether we are investigated by the government, searched at the airport, or blocked from certain services. Even what content you see on the internet is affected by our personal data. This typically has a bigger impact on minority groups, who are unfairly judged the most. Without having the ability to know or control what, how, why and when our data is being used, we loose a level of control. One of the hallmarks of freedom is having autonomy and control over our lives, and we can’t have that if so many important decisions about us are being made in the dark, without our awareness or participation.
58 |
59 | #### The "I Have Nothing to Hide" Argument
60 | Privacy isn’t about hiding information; privacy is about protecting information, and everyone has information that they’d like to protect. Even with nothing to hide, you still put blinds on your window, locks on your door, and passwords on your email account.- Nobody would want their search history, bank statements, photos, notes or messages to be publicly available to the world.
61 |
62 | #### Data Privacy needs to be for Everyone
63 | For online privacy to be effective, it needs to be adopted my the masses, and not just the few. By exercising your right to privacy, you make it easier for others, such as activists and journalists, to do so without sticking out.
64 |
65 | ----
66 |
67 | ## So What Should we Do?
68 |
69 | - Educate yourself about what's going on and why it matters
70 | - Be aware of changes to policies, revelations, recent data breaches and related news
71 | - Take steps to secure your online accounts and protect your devices
72 | - Understand how to communicate privately, and how use the internet anonymously
73 | - Use software and services that respect your privacy, and keep your data safe
74 | - Support organisations that fight for your privacy and internet freedom
75 | - Find a way to make your voice heard, and stand up for what you believe in
76 |
77 | ----
78 |
79 | ## Further Links
80 | - [Ultimate Personal Security Checklist](/README.md)
81 | - [Privacy-Respecting Software](/5_Privacy_Respecting_Software.md)
82 | - [Privacy & Security Gadgets](/6_Privacy_and-Security_Gadgets.md)
83 | - [Further Links + More Awesome Stuff](/4_Privacy_And_Security_Links.md)
84 |
85 | ----
86 |
87 | #### Notes
88 |
89 | *Thanks for visiting, hope you found something useful here :) Contributions are welcome, and much appreciated - to propose an edit [raise an issue](https://github.com/Lissy93/personal-security-checklist/issues/new/choose), or [open a PR](https://github.com/Lissy93/personal-security-checklist/pull/new/master). See: [`CONTRIBUTING.md`](/.github/CONTRIBUTING.md).*
90 |
91 | *I owe a lot of thanks others who've conducted research, written papers, developed software all in the interest of privacy and security. Full attributions and references found in [`ATTRIBUTIONS.md`](/ATTRIBUTIONS.md).*
92 |
93 |
94 | *Licensed under [Creative Commons, CC BY 4.0](https://creativecommons.org/licenses/by/4.0/), © [Alicia Sykes](https://aliciasykes.com) 2020*
95 |
96 | [](https://github.com/Lissy93/personal-security-checklist/blob/master/LICENSE.md)
97 |
98 | ----
99 |
100 | Found this helpful? Consider sharing it with others, to help them also improve their digital security 😇
101 |
102 | [](http://twitter.com/share?text=Check%20out%20the%20Personal%20Cyber%20Security%20Checklist-%20an%20ultimate%20list%20of%20tips%20for%20protecting%20your%20digital%20security%20and%20privacy%20in%202020%2C%20with%20%40Lissy_Sykes%20%F0%9F%94%90%20%20%F0%9F%9A%80&url=https://github.com/Lissy93/personal-security-checklist)
103 | [](
104 | http://www.linkedin.com/shareArticle?mini=true&url=https://github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=https://github.com/Lissy93)
105 | [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A//github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=)
106 | [](https://mastodon.social/web/statuses/new?text=Check%20out%20the%20Ultimate%20Personal%20Cyber%20Security%20Checklist%20by%20%40Lissy93%20on%20%23GitHub%20%20%F0%9F%94%90%20%E2%9C%A8)
107 |
--------------------------------------------------------------------------------
/ATTRIBUTIONS.md:
--------------------------------------------------------------------------------
1 |
2 | ## Contributors 🙌
3 |
4 | Thanks goes to these wonderful people
5 |
6 |
7 |
8 |
9 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 | *This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification.*
35 |
36 | [Contributions](/CONTRIBUTING.md) of any kind welcome!
37 |
38 | Special Thanks to [Stefan Keim](https://github.com/indus) and [Matt (IPv4) Cowley](https://github.com/MattIPv4) from [JS.org](https://js.org), for providing the domain used for our GitHub Page ([security-list.js.org](https://security-list.js.org)).
39 |
40 | And of course, and huge thank you to the awesome developers behind the projects listed in the [Privacy-Respecting Software list](/5_Privacy_Respecting_Software.md). The effort, time and love they've put into each one of those applications is immediately apparent, they've done an amazing job 💞
41 |
42 |
43 | ## References 📝
44 |
45 |
46 |
47 | "2019 Data Breach Investigations Report - EMEA", Verizon Enterprise Solutions, 2020. [Online]. Available: https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report-emea.pdf. [Accessed: 25- Apr- 2020]
48 |
49 | "Web Browser Privacy: What Do Browsers Say When They Phone Home?", Feb 2020. [Online].
50 | Available: https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf. [Accessed: 27- Apr- 2020]
51 |
52 | "Comments on the Competition and Markets Authority’s interim report on online platforms and digital advertising", Privacyinternational.org, Jan 2020. [Online].
53 | Available: https://privacyinternational.org/sites/default/files/2020-04/20.02.12_CMA_PI_Comments_Interim_Report_FINAL.pdf. [Accessed: 02- May- 2020]
54 |
55 | "Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design", 1998. [Online].
56 | Available: https://dl.packetstormsecurity.net/cracked/des/cracking-des.htm. [Accessed: 25- Apr- 2020]
57 |
58 | "Digital Identity Guidelines", 2020. [Online].
59 | Available: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-3.pdf. [Accessed: 25- Apr- 2020]
60 |
61 | "DNS Security - Getting it Right", Open Rights Group, 2020. [Online].
62 | Available: https://www.openrightsgroup.org/about/reports/dns-security-getting-it-right. [Accessed: 25- Apr- 2020]
63 |
64 | "DNS-over-HTTPS performance | SamKnows", Samknows.com, 2020. [Online].
65 | Available: https://www.samknows.com/blog/dns-over-https-performance. [Accessed: 25- Apr- 2020]
66 |
67 | J. Eckenrode and S. Friedman, "The state of cybersecurity at financial institutions", 2018. [Online].
68 | Available: https://www2.deloitte.com/us/en/insights/industry/financial-services/state-of-cybersecurity-at-financial-institutions.html. [Accessed: 25- Apr- 2020]
69 |
70 | E. Foundation, "Cracking DES", Shop.oreilly.com, 1998. [Online].
71 | Available: http://shop.oreilly.com/product/9781565925205.do. [Accessed: 25- Apr- 2020]
72 |
73 | "Google data collection, research and findings", Digital Content Next, 2020. [Online].
74 | Available: https://digitalcontentnext.org/blog/2018/08/21/google-data-collection-research/. [Accessed: 25- Apr- 2020]
75 |
76 | S. Lekies, B. Stock, M. Wentzel and M. Johns, "The Unexpected Dangers of Dynamic JavaScript", UseNix & SAP, 2020. [Online]. Available: https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-lekies.pdf. [Accessed: 25- Apr- 2020]
77 |
78 | "Privacy concerns with social networking services", 2020. [Online]. Available: https://en.wikipedia.org/wiki/Privacy_concerns_with_social_networking_services. [Accessed: 25- Apr- 2020]
79 |
80 | D. Tian, G. Hernandez, J. Choi, V. Frost, C. Ruales, P. Traynor, H. Vijayakumar, L. Harrison, A. Rahmati, M. Grace and K. Butler, "Vulnerability Analysis of AT Commands Within the Android Ecosystem", Cise.ufl.edu, 2020. [Online].
81 | Available: https://www.cise.ufl.edu/~butler/pubs/usenix18-atcmd.pdf. [Accessed: 25- Apr- 2020]
82 |
83 | S. Topuzov, "Phone hacking through SS7 is frighteningly easy and effective", Blog.securegroup.com, 2020. [Online].
84 | Available: https://blog.securegroup.com/phone-hacking-through-ss7-is-frighteningly-easy-and-effective. [Accessed: 25- Apr- 2020]
85 |
86 | J. Heidemann, Y. Pradkin, R. Govindan, C. Papadopoulos and J. Bannister, "Exploring Visible Internet Hosts through Census and Survey", Isi.edu, 2020. [Online].
87 | Available: https://www.isi.edu/~johnh/PAPERS/Heidemann07c.pdf. [Accessed: 10- May- 2020]
88 |
89 | Michalevsky, Y., Boneh, D. and Nakibly, G., 2014. Recognizing Speech From Gyroscope Signals. [online] Usenix.org. Available at: [Accessed 26 May 2020].
90 |
91 | Favaretto, M., Clercq, E. and Simone Elger, B., 2019. Big Data And Discrimination: Perils, Promises And Solutions. A Systematic Review. [online] springeropen. Available at: [Accessed 26 May 2020].
92 |
93 | Web Browser Privacy: What Do Browsers Say When They Phone Home?, n.d. https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf.
94 |
95 | A Comprehensive Evaluation of Third-Party Cookie Policies, n.d. https://wholeftopenthecookiejar.com/static/tpc-paper.pdf.
96 |
97 | A Study of Scripts Accessing Smartphone Sensors, n.d. https://sensor-js.xyz/webs-sixth-sense-ccs18.pdf.
98 |
99 | Acar, Abbas, Wenyi Liu, Raheem Beyah, Kemal Akkaya, and Arif Selcuk Uluagac. “A Privacy‐Preserving Multifactor Authentication System.” Security and
100 | Privacy 2, no. 6 (2019). https://doi.org/10.1002/spy2.94.
101 |
102 | Afzal, Waseem. “Rethinking Information Privacy-Security: Does It Really Matter?” Proceedings of the American Society for Information Science and
103 | Technology 50, no. 1 (2013): 1–10. https://doi.org/10.1002/meet.14505001095.
104 |
105 | Battery Status Not Included, Assessing Privacy in Web Standards, n.d. https://www.cs.princeton.edu/~arvindn/publications/battery-status-case-study.pdf.
106 | Christl, Wolfie. Corporate Surveillance in Everyday Life, How Companies Collect, Combine, Analyze, Trade, and Use Personal Data on Billions, n.d.
107 | https://crackedlabs.org/dl/CrackedLabs_Christl_CorporateSurveillance.pdf.
108 |
109 | Das, Anupam, Gunes Acar, Nikita Borisov, and Amogh Pradeep. “The Webs Sixth Sense.” Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018. https://doi.org/10.1145/3243734.3243860.
110 |
111 | Englehardt, Steven, Dillon Reisman, Christian Eubank, Peter Zimmerman, Jonathan Mayer, Arvind Narayanan, and Edward W. Felten. “Cookies That Give You Away.” Proceedings of the 24th International Conference on World Wide Web - WWW 15, 2015. https://doi.org/10.1145/2736277.2741679.
112 |
113 | Englehardt, Steven, Jeffrey Han, and Arvind Narayanan. “I Never Signed up for This! Privacy Implications of Email Tracking.” Proceedings on Privacy Enhancing Technologies 2018, no. 1 (January 2018): 109–26. https://doi.org/10.1515/popets-2018-0006.
114 |
115 | Ferra, Fenia, Isabel Wagner, Eerke Boiten, Lee Hadlington, Ismini Psychoula, and Richard Snape. “Challenges in Assessing Privacy Impact: Tales from the Front Lines.” Security and Privacy 3, no. 2 (2019). https://doi.org/10.1002/spy2.101.
116 |
117 | hmathur, arunes. Characterizing the Use of Browser-Based Blocking Extensions To Prevent Online Tracking, n.d. http://aruneshmathur.co.in/files/publications/SOUPS18_Tracking.pdf.
118 |
119 | Lebeck, Kiron, Kimberly Ruth, Tadayoshi Kohno, and Franziska Roesner. “Towards Security and Privacy for Multi-User Augmented Reality: Foundations with End Users.” 2018 IEEE Symposium on Security and Privacy (SP), 2018. https://doi.org/10.1109/sp.2018.00051.
120 |
121 | Location Tracking using Mobile Device Power Analysis, n.d. https://www.scribd.com/doc/256304846/PowerSpy-Location-Tracking-using-Mobile-Device-Power-Analysis.
122 |
123 | Online Tracking, A 1-million-site Measurement and Analysis, n.d. https://www.cs.princeton.edu/~arvindn/publications/OpenWPM_1_million_site_tracking_measurement.pdf.
124 |
125 | Pixel Perfect, Fingerprinting Canvas in HTML5, n.d. https://hovav.net/ucsd/dist/canvas.pdf.
126 |
127 | Recognizing Speech From Gyroscope Signals, n.d. https://crypto.stanford.edu/gyrophone/.
128 |
129 | Roesner, Franziska. Detecting and Defending Against Third-Party Tracking on the Web, n.d. http://www.franziroesner.com/pdf/webtracking-NSDI2012.pdf.
130 |
131 | Schneider, Christian. Cross-Site WebSocket Hijacking, n.d. http://www.christian-schneider.net/CrossSiteWebSocketHijacking.html.
132 |
133 | Seb, Crypto. Crypto Paper: Privacy, Security, and Anonymity For Every Internet User, n.d. https://github.com/cryptoseb/cryptopaper.
134 |
135 | Shining the Floodlights on Mobile Web Tracking — A Privacy Survey, n.d. https://pdfs.semanticscholar.org/80bb/5c9119ff4fc2374103b4f3d6a8f614b3c2ed.pdf.
136 |
137 | Su, Jessica, Ansh Shukla, Sharad Goel, and Arvind Narayanan. “De-Anonymizing Web Browsing Data with Social Networks.” Proceedings of the 26th International Conference on World Wide Web, March 2017. https://doi.org/10.1145/3038912.3052714.
138 |
139 | The Surveillance Implications of Web Tracking, n.d. https://senglehardt.com/papers/www15_cookie_surveil.pdf.
140 |
141 | Trackers Vs Firefox, Comparing different blocking utilities, n.d. https://github.com/jawz101/TrackersVsFirefox.
142 |
143 | Understanding Facebook Connect login permissions, n.d. http://jbonneau.com/doc/RB14-fb_permissions.pdf.
144 |
145 | Vines, Paul, Franziska Roesner, and Tadayoshi Kohno. “Exploring ADINT.” Proceedings of the 2017 on Workshop on Privacy in the Electronic Society - WPES 17, 2017. https://doi.org/10.1145/3139550.3139567.
146 |
147 | Yelp, Luca Wu. Is Google degrading search? Consumer Harm from Universal Search, n.d. https://www.law.berkeley.edu/wp-content/uploads/2015/04/Luca-Wu-Yelp-Is-Google-Degrading-Search-2015.pdf.
148 |
149 |
150 |
151 | **Above References apply to the Content in the Following Files**:
152 | [TLDR](/2_TLDR_Short_List.md) | [Intro](/0_Why_It_Matters.md) | [The Personal Security Checklist](/README.md) | [Privacy-Respecting Software](/5_Privacy_Respecting_Software.md) | [Security Hardware](/6_Privacy_and-Security_Gadgets.md) | [Further Links](/4_Privacy_And_Security_Links.md)
153 |
154 | ## Stars 🌟
155 |
156 | [](https://star-history.t9t.io/#Lissy93/personal-security-checklist)
157 |
158 | Thank you [@caarlos0](https://github.com/caarlos0) for the above [Star Chart](https://github.com/caarlos0/starcharts) ☺️
159 |
160 |
161 | ---
162 |
163 | Licensed under [Creative Commons, CC BY 4.0](/LICENSE.md), © [Alicia Sykes](https://aliciasykes.com) 2020
164 |
165 |
--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
1 | # Creative Commons Attribution 4.0 International Public License ("CC BY 4.0")
2 |
3 | > © [Alicia Sykes](http://aliciasykes.com/legal) 2020, Licensed under [Creative Commons Attribution 4.0](https://creativecommons.org/licenses/by/4.0/)
4 |
5 | Creative Commons Corporation (“Creative Commons”) is not a law firm and does not
6 | provide legal services or legal advice. Distribution of Creative Commons public
7 | licenses does not create a lawyer-client or other relationship. Creative Commons
8 | makes its licenses and related information available on an “as-is” basis.
9 | Creative Commons gives no warranties regarding its licenses, any material
10 | licensed under their terms and conditions, or any related information. Creative
11 | Commons disclaims all liability for damages resulting from their use to the
12 | fullest extent possible.
13 |
14 | ## USING CREATIVE COMMONS PUBLIC LICENSES
15 |
16 | Creative Commons public licenses provide a standard set of terms and conditions
17 | that creators and other rights holders may use to share original works of
18 | authorship and other material subject to copyright and certain other rights
19 | specified in the public license below. The following considerations are for
20 | informational purposes only, are not exhaustive, and do not form part of our
21 | licenses.
22 |
23 | ### Considerations for licensors:
24 |
25 | Our public licenses are intended for use by those authorized to give the public
26 | permission to use material in ways otherwise restricted by copyright and certain
27 | other rights. Our licenses are irrevocable. Licensors should read and understand
28 | the terms and conditions of the license they choose before applying it.
29 | Licensors should also secure all rights necessary before applying our licenses
30 | so that the public can reuse the material as expected. Licensors should clearly
31 | mark any material not subject to the license. This includes other CC-licensed
32 | material, or material used under an exception or limitation to copyright.
33 |
34 | ### Considerations for the public:
35 |
36 | By using one of our public licenses, a licensor grants the public permission to
37 | use the licensed material under specified terms and conditions. If the
38 | licensor’s permission is not necessary for any reason–for example, because of
39 | any applicable exception or limitation to copyright–then that use is not
40 | regulated by the license. Our licenses grant only permissions under copyright
41 | and certain other rights that a licensor has authority to grant. Use of the
42 | licensed material may still be restricted for other reasons, including because
43 | others have copyright or other rights in the material. A licensor may make
44 | special requests, such as asking that all changes be marked or described.
45 | Although not required by our licenses, you are encouraged to respect those
46 | requests where reasonable.
47 |
48 | ---
49 |
50 | ## Creative Commons Attribution 4.0 International Public License
51 |
52 | By exercising the Licensed Rights (defined below), You accept and agree to be
53 | bound by the terms and conditions of this Creative Commons Attribution 4.0
54 | International Public License ("Public License"). To the extent this Public
55 | License may be interpreted as a contract, You are granted the Licensed Rights in
56 | consideration of Your acceptance of these terms and conditions, and the Licensor
57 | grants You such rights in consideration of benefits the Licensor receives from
58 | making the Licensed Material available under these terms and conditions.
59 |
60 | ### Section 1 – Definitions.
61 |
62 | a. Adapted Material means material subject to Copyright and Similar Rights
63 | that is derived from or based upon the Licensed Material and in which the
64 | Licensed Material is translated, altered, arranged, transformed, or
65 | otherwise modified in a manner requiring permission under the Copyright
66 | and Similar Rights held by the Licensor. For purposes of this Public
67 | License, where the Licensed Material is a musical work, performance, or
68 | sound recording, Adapted Material is always produced where the Licensed
69 | Material is synched in timed relation with a moving image.
70 |
71 | b. Adapter's License means the license You apply to Your Copyright and
72 | Similar Rights in Your contributions to Adapted Material in accordance
73 | with the terms and conditions of this Public License.
74 |
75 | c. Copyright and Similar Rights means copyright and/or similar rights closely
76 | related to copyright including, without limitation, performance,
77 | broadcast, sound recording, and Sui Generis Database Rights, without
78 | regard to how the rights are labeled or categorized. For purposes of this
79 | Public License, the rights specified in Section 2(b)(1)-(2) are not
80 | Copyright and Similar Rights.
81 |
82 | d. Effective Technological Measures means those measures that, in the absence
83 | of proper authority, may not be circumvented under laws fulfilling
84 | obligations under Article 11 of the WIPO Copyright Treaty adopted on
85 | December 20, 1996, and/or similar international agreements.
86 |
87 | e. Exceptions and Limitations means fair use, fair dealing, and/or any other
88 | exception or limitation to Copyright and Similar Rights that applies to
89 | Your use of the Licensed Material.
90 |
91 | f. Licensed Material means the artistic or literary work, database, or other
92 | material to which the Licensor applied this Public License.
93 |
94 | g. Licensed Rights means the rights granted to You subject to the terms and
95 | conditions of this Public License, which are limited to all Copyright and
96 | Similar Rights that apply to Your use of the Licensed Material and that
97 | the Licensor has authority to license.
98 |
99 | h. Licensor means the individual(s) or entity(ies) granting rights under this
100 | Public License.
101 |
102 | i. Share means to provide material to the public by any means or process that
103 | requires permission under the Licensed Rights, such as reproduction,
104 | public display, public performance, distribution, dissemination,
105 | communication, or importation, and to make material available to the
106 | public including in ways that members of the public may access the
107 | material from a place and at a time individually chosen by them.
108 |
109 | j. Sui Generis Database Rights means rights other than copyright resulting
110 | from Directive 96/9/EC of the European Parliament and of the Council of 11
111 | March 1996 on the legal protection of databases, as amended and/or
112 | succeeded, as well as other essentially equivalent rights anywhere in the
113 | world.
114 |
115 | k. You means the individual or entity exercising the Licensed Rights under
116 | this Public License. Your has a corresponding meaning.
117 |
118 | ### Section 2 – Scope.
119 |
120 | a. License grant
121 |
122 | 1. Subject to the terms and conditions of this Public License, the
123 | Licensor hereby grants You a worldwide, royalty-free,
124 | non-sublicensable, non-exclusive, irrevocable license to exercise the
125 | Licensed Rights in the Licensed Material to:
126 |
127 | A. reproduce and Share the Licensed Material, in whole or in part; and
128 |
129 | B. produce, reproduce, and Share Adapted Material.
130 |
131 | 2. Exceptions and Limitations. For the avoidance of doubt, where
132 | Exceptions and Limitations apply to Your use, this Public License does
133 | not apply, and You do not need to comply with its terms and conditions.
134 |
135 | 3. Term. The term of this Public License is specified in Section 6(a).
136 |
137 | 4. Media and formats; technical modifications allowed. The Licensor
138 | authorizes You to exercise the Licensed Rights in all media and formats
139 | whether now known or hereafter created, and to make technical
140 | modifications necessary to do so. The Licensor waives and/or agrees not
141 | to assert any right or authority to forbid You from making technical
142 | modifications necessary to exercise the Licensed Rights, including
143 | technical modifications necessary to circumvent Effective Technological
144 | Measures. For purposes of this Public License, simply making
145 | modifications authorized by this Section 2(a)(4) never produces Adapted
146 | Material.
147 |
148 | 5. Downstream recipients.
149 |
150 | A. Offer from the Licensor – Licensed Material. Every recipient of the
151 | Licensed Material automatically receives an offer from the Licensor
152 | to exercise the Licensed Rights under the terms and conditions of
153 | this Public License.
154 |
155 | B. No downstream restrictions. You may not offer or impose any
156 | additional or different terms or conditions on, or apply any
157 | Effective Technological Measures to, the Licensed Material if doing
158 | so restricts exercise of the Licensed Rights by any recipient of the
159 | Licensed Material.
160 |
161 | 6. No endorsement. Nothing in this Public License constitutes or may be
162 | construed as permission to assert or imply that You are, or that Your
163 | use of the Licensed Material is, connected with, or sponsored,
164 | endorsed, or granted official status by, the Licensor or others
165 | designated to receive attribution as provided in Section 3(a)(1)(A)(i).
166 |
167 | b. Other rights
168 |
169 | 1. Moral rights, such as the right of integrity, are not licensed under
170 | this Public License, nor are publicity, privacy, and/or other similar
171 | personality rights; however, to the extent possible, the Licensor
172 | waives and/or agrees not to assert any such rights held by the Licensor
173 | to the limited extent necessary to allow You to exercise the Licensed
174 | Rights, but not otherwise.
175 |
176 | 2. Patent and trademark rights are not licensed under this Public License.
177 |
178 | 3. To the extent possible, the Licensor waives any right to collect
179 | royalties from You for the exercise of the Licensed Rights, whether
180 | directly or through a collecting society under any voluntary or
181 | waivable statutory or compulsory licensing scheme. In all other cases
182 | the Licensor expressly reserves any right to collect such royalties.
183 |
184 | ### Section 3 – License Conditions.
185 |
186 | Your exercise of the Licensed Rights is expressly made subject to the following conditions.
187 |
188 | a. Attribution
189 |
190 | 1. If You Share the Licensed Material (including in modified form), You
191 | must:
192 |
193 | A. retain the following if it is supplied by the Licensor with the
194 | Licensed Material:
195 |
196 | i. identification of the creator(s) of the Licensed Material and any
197 | others designated to receive attribution, in any reasonable
198 | manner requested by the Licensor (including by pseudonym if
199 | designated);
200 |
201 | ii. a copyright notice;
202 |
203 | iii. a notice that refers to this Public License;
204 |
205 | iv. a notice that refers to the disclaimer of warranties;
206 |
207 | v. a URI or hyperlink to the Licensed Material to the extent
208 | reasonably practicable;
209 |
210 | B. indicate if You modified the Licensed Material and retain an
211 | indication of any previous modifications; and
212 |
213 | C. indicate the Licensed Material is licensed under this Public
214 | License, and include the text of, or the URI or hyperlink to, this
215 | Public License.
216 |
217 | 2. You may satisfy the conditions in Section 3(a)(1) in any reasonable
218 | manner based on the medium, means, and context in which You Share the
219 | Licensed Material. For example, it may be reasonable to satisfy the
220 | conditions by providing a URI or hyperlink to a resource that includes
221 | the required information.
222 |
223 | 3. If requested by the Licensor, You must remove any of the information
224 | required by Section 3(a)(1)(A) to the extent reasonably practicable.
225 |
226 | 4. If You Share Adapted Material You produce, the Adapter's License You
227 | apply must not prevent recipients of the Adapted Material from
228 | complying with this Public License.
229 |
230 | ### Section 4 – Sui Generis Database Rights.
231 |
232 | Where the Licensed Rights include Sui Generis Database Rights that apply to Your
233 | use of the Licensed Material:
234 |
235 | a. for the avoidance of doubt, Section 2(a)(1) grants You the right to
236 | extract, reuse, reproduce, and Share all or a substantial portion of the
237 | contents of the database;
238 |
239 | b. if You include all or a substantial portion of the database contents in a
240 | database in which You have Sui Generis Database Rights, then the database
241 | in which You have Sui Generis Database Rights (but not its individual
242 | contents) is Adapted Material; and
243 |
244 | c. You must comply with the conditions in Section 3(a) if You Share all or a
245 | substantial portion of the contents of the database.
246 |
247 | For the avoidance of doubt, this Section 4 supplements and does not replace Your
248 | obligations under this Public License where the Licensed Rights include other
249 | Copyright and Similar Rights.
250 |
251 | ### Section 5 – Disclaimer of Warranties and Limitation of Liability.
252 |
253 | a. Unless otherwise separately undertaken by the Licensor, to the extent
254 | possible, the Licensor offers the Licensed Material as-is and
255 | as-available, and makes no representations or warranties of any kind
256 | concerning the Licensed Material, whether express, implied, statutory, or
257 | other. This includes, without limitation, warranties of title,
258 | merchantability, fitness for a particular purpose, non-infringement,
259 | absence of latent or other defects, accuracy, or the presence or absence
260 | of errors, whether or not known or discoverable. Where disclaimers of
261 | warranties are not allowed in full or in part, this disclaimer may not
262 | apply to You.
263 |
264 | b. To the extent possible, in no event will the Licensor be liable to You on
265 | any legal theory (including, without limitation, negligence) or otherwise
266 | for any direct, special, indirect, incidental, consequential, punitive,
267 | exemplary, or other losses, costs, expenses, or damages arising out of
268 | this Public License or use of the Licensed Material, even if the Licensor
269 | has been advised of the possibility of such losses, costs, expenses, or
270 | damages. Where a limitation of liability is not allowed in full or in
271 | part, this limitation may not apply to You.
272 |
273 | c. The disclaimer of warranties and limitation of liability provided above
274 | shall be interpreted in a manner that, to the extent possible, most
275 | closely approximates an absolute disclaimer and waiver of all liability.
276 |
277 | ### Section 6 – Term and Termination.
278 |
279 | a. This Public License applies for the term of the Copyright and Similar
280 | Rights licensed here. However, if You fail to comply with this Public
281 | License, then Your rights under this Public License terminate
282 | automatically.
283 |
284 | b. Where Your right to use the Licensed Material has terminated under
285 | Section 6(a), it reinstates:
286 |
287 | 1. automatically as of the date the violation is cured, provided it is
288 | cured within 30 days of Your discovery of the violation; or
289 |
290 | 2. upon express reinstatement by the Licensor.
291 |
292 | For the avoidance of doubt, this Section 6(b) does not affect any right
293 | the Licensor may have to seek remedies for Your violations of this Public
294 | License.
295 |
296 | c. For the avoidance of doubt, the Licensor may also offer the Licensed
297 | Material under separate terms or conditions or stop distributing the
298 | Licensed Material at any time; however, doing so will not terminate this
299 | Public License.
300 |
301 | d. Sections 1, 5, 6, 7, and 8 survive termination of this Public License.
302 |
303 | ### Section 7 – Other Terms and Conditions.
304 |
305 | a. The Licensor shall not be bound by any additional or different terms or
306 | conditions communicated by You unless expressly agreed.
307 |
308 | b. Any arrangements, understandings, or agreements regarding the Licensed
309 | Material not stated herein are separate from and independent of the terms
310 | and conditions of this Public License.
311 |
312 | ### Section 8 – Interpretation.
313 |
314 | a. For the avoidance of doubt, this Public License does not, and shall not be
315 | interpreted to, reduce, limit, restrict, or impose conditions on any use
316 | of the Licensed Material that could lawfully be made without permission
317 | under this Public License.
318 |
319 | b. To the extent possible, if any provision of this Public License is deemed
320 | unenforceable, it shall be automatically reformed to the minimum extent
321 | necessary to make it enforceable. If the provision cannot be reformed, it
322 | shall be severed from this Public License without affecting the
323 | enforceability of the remaining terms and conditions.
324 |
325 | c. No term or condition of this Public License will be waived and no failure
326 | to comply consented to unless expressly agreed to by the Licensor.
327 |
328 | d. Nothing in this Public License constitutes or may be interpreted as a
329 | limitation upon, or waiver of, any privileges and immunities that apply to
330 | the Licensor or You, including from the legal processes of any
331 | jurisdiction or authority.
332 |
333 | Creative Commons is not a party to its public licenses. Notwithstanding,
334 | Creative Commons may elect to apply one of its public licenses to material it
335 | publishes and in those instances will be considered the “Licensor.” The text of
336 | the Creative Commons public licenses is dedicated to the public domain under the
337 | CC0 Public Domain Dedication. Except for the limited purpose of indicating that
338 | material is shared under a Creative Commons public license or as otherwise
339 | permitted by the Creative Commons policies published at
340 | creativecommons.org/policies, Creative Commons does not authorize the use of the
341 | trademark “Creative Commons” or any other trademark or logo of Creative Commons
342 | without its prior written consent including, without limitation, in connection
343 | with any unauthorized modifications to any of its public licenses or any other
344 | arrangements, understandings, or agreements concerning use of licensed material.
345 | For the avoidance of doubt, this paragraph does not form part of the public
346 | licenses.
347 |
348 | Creative Commons may be contacted at creativecommons.org.
349 |
--------------------------------------------------------------------------------
/2_TLDR_Short_List.md:
--------------------------------------------------------------------------------
1 | # Personal Cyber Security | TLDR [](https://awesome.re) [](http://makeapullrequest.com) [](https://creativecommons.org/licenses/by/4.0/)[](/ATTRIBUTIONS.md#contributors-)
2 |
3 | #### Contents
4 | - [Personal Security Checklist](#personal-security-checklist)
5 | - [Privacy-focused Software](#open-source-privacy-focused-software)
6 | - [Security Hardware](#security-hardware)
7 |
8 | ## PERSONAL SECURITY CHECKLIST
9 |
10 | > This checklist of privacy and security tips, is a summarized version of [The Complete Personal Security Checklist](https://github.com/Lissy93/personal-security-checklist/blob/master/README.md). It lays out the most essential steps you should take to protect your digital life.
11 |
12 | ### Authentication
13 | - Use a long, strong and unique password for each of your accounts (see [HowSecureIsMyPassword.net](https://howsecureismypassword.net))
14 | - Use a secure [password manager](/5_Privacy_Respecting_Software.md#password-managers), to encrypt, store and fill credentials, such as [BitWarden](https://bitwarden.com) or [KeePass](https://keepass.info) / [KeePassXC](https://keepassxc.org)
15 | - Enable 2-Factor authentication where available, and use an [authenticator app](/5_Privacy_Respecting_Software.md#2-factor-authentication) or [hardware token](/6_Privacy_and-Security_Gadgets.md#fido-u2f-keys)
16 | - Sign up for breach alerts (with [Firefox Monitor](https://monitor.firefox.com) or [HaveIBeenPwned](https://haveibeenpwned.com)), and update passwords of compromised accounts
17 |
18 |
19 | ### Browsing
20 | - Use a Privacy-Respecting Browser, [Brave](https://brave.com) and [Firefox](https://www.mozilla.org/en-US/exp/firefox/new) are good options. Set your default search to a non-tracking engine, such as [DuckDuckGo](https://duckduckgo.com)
21 | - Do not enter any information on a non-HTTPS website (look for the lock icon), consider using [HTTPS-Everywhere](https://www.eff.org/https-everywhere) to make this easier
22 | - Block invasive 3rd-party trackers and ads using an extension like [Privacy Badger](https://privacybadger.org) or [uBlock](https://github.com/gorhill/uBlock)
23 | - Keep your browser up-to-date, explore the privacy settings and remove unnecessary add-ons/ extensions
24 | - Consider using compartmentalization to separate different areas of your browsing (such as work, social, shopping etc), in order to reduce tracking. This can be done with [Firefox Containers](https://support.mozilla.org/en-US/kb/containers), or by using separate browsers or browser profiles
25 | - Don't allow your browser to save your passwords or auto-fill personal details (instead use a [password manager](/5_Privacy_Respecting_Software.md#password-managers), and [disable your browsers own auto-fill](https://www.computerhope.com/issues/ch001377.htm))
26 | - Clear your cookies, session data and cache regularly. An extension such as [Cookie-Auto-Delete](https://github.com/Cookie-AutoDelete/Cookie-AutoDelete) to automate this
27 | - Don't sign into your browser, as it can link further data to your identity. If you need to, you can use an open source [bookmark sync](/5_Privacy_Respecting_Software.md#browser-sync) app
28 | - Consider using [Decentraleyes](https://decentraleyes.org) to decrease the number of trackable CDN requests your device makes
29 | - Test your browser using a tool like [Panopticlick](https://panopticlick.eff.org) to ensure there are no major issues. [BrowserLeaks](https://browserleaks.com) and [Am I Unique](https://amiunique.org/fp) are also useful for exploring what device info your exposing to websites
30 | - For anonymous browsing use [The Tor Browser](https://www.torproject.org/), and avoid logging into any of your personal accounts
31 |
32 |
33 | ### Phone
34 | - Set a device PIN, ideally use a long passcode. If supported, configure fingerprint authentication, but avoid face unlock
35 | - Encrypt your device, in order to keep your data safe from physical access. To enable, for Android: `Settings --> Security --> Encryption`, or for iOS: `Settings --> TouchID & Passcode --> Data Protection`
36 | - Keep device up-to-date. System updates often contain patches for recently-discovered security vulnrabilities. You should install updates when prompted
37 | - Review application permissions. Don't grant access permissions to apps that do not need it. (For Android, see also [Bouncer](https://play.google.com/store/apps/details?id=com.samruston.permission&hl=en_US) - an app that allows you to grant temporary permissions)
38 | - Disable connectivity features that aren't being used, and 'forget' WiFi networks that you no longer need
39 | - Disable location tracking. By default, both Android and iOS logs your GPS location history. You can disable this, for Android: `Maps --> Settings --> Location History`, and iOS: `Settings --> Privacy --> Location Services --> System Services --> Places`. Be aware that third-party apps may still log your position, and there are other methods of determining your location other than GPS (Cell tower, WiFi, Bluetooth etc)
40 | - Use an application firewall to block internet connectivity for apps that shouldn't need it. Such as [NetGuard](https://www.netguard.me/) (Android) or [Lockdown](https://apps.apple.com/in/app/lockdown-apps/id1469783711) (iOS)
41 | - Understand that apps contain trackers, that collect, store and sometimes share your data. For Android, you could use [Exodus](https://exodus-privacy.eu.org/en/page/what/) to reveal which trackers your installed apps are using.
42 |
43 |
44 | ### Email
45 | It's important to protect your email account, as if a hacker gains access to it they will be able to pose as you, and reset the passwords for your other online accounts. One of the biggest threats to digital security is still phishing, and it can sometimes be incredibly convincing, so remain vigilant, and understand [how to spot malicious emails](https://heimdalsecurity.com/blog/abcs-detecting-preventing-phishing), and avoid publicly sharing your email address
46 |
47 | - Use a long, strong and unique password and enable 2FA
48 | - Consider switching to a secure and encrypted mail provider using, such as [ProtonMail](https://protonmail.com) or [Tutanota](https://tutanota.com)
49 | - Use email aliasing to protect your real mail address, with a provider such as [Anonaddy](https://anonaddy.com) or [SimpleLogin](https://simplelogin.io/?slref=bridsqrgvrnavso). This allows you to keep your real address private, yet still have all messages land in your primary inbox
50 | - Disable automatic loading of remote content, as it is often used for detailed tracking but can also be malicious
51 | - Using a custom domain, will mean you will not loose access to your email address if your current provider disappears. If you need to back up messages, use a secure IMAP client [Thuderbird](https://www.thunderbird.net)
52 |
53 |
54 | ### Secure Messaging
55 | - Use a [secure messaging app](/5_Privacy_Respecting_Software.md#encrypted-messaging) that is both fully open source and end-to-end encrypted with perfect forward secrecy (e.g. [Signal](https://www.signal.org/))
56 | - Ensure that both your device, and that of your recipient(s) is secure (free from malware, encrypted and has a strong password)
57 | - Disable cloud services, such as web app companion or cloud backup feature, both of which increases attack surface
58 | - Strip meta data from media before sharing, as this can lead to unintentionally revealing more data than you intended
59 | - Verify your recipient is who they claim to be, either physically or cryptographically by using an app that offers contact verification
60 | - Avoid SMS, but if you must use it then encrypt your messages, e.g. using the [Silence](https://silence.im/) app
61 | - Opt for a stable and actively maintained messaging platform, that is backed by reputable developers and have a transparent revenue model or are able to account for where funding has originated from. It should ideally be based in a friendly jurisdiction and have undergone an independent security audit.
62 | - In some situations, it may be appropriate to use an app that supports disappearing messages, and/ or allows for anonymous sign up (without any PII: phone number, email address etc). A [decentralized platform](/5_Privacy_Respecting_Software.md#p2p-messaging) can offer additional security and privacy benefits in some circumstances, as there is no single entity governing it, e.g. [Matrix](https://matrix.org/), [Session](https://getsession.org/), [Tox](https://tox.chat/) or [Briar](https://briarproject.org/)
63 |
64 |
65 | ### Networking
66 | - Use a reputable VPN to keep your IP protected and reduce the amount of browsing data your ISP can log, but understand their [limitations](5_Privacy_Respecting_Software.md#word-of-warning-4). Good options include [ProtonVPN](https://protonvpn.com) and [Mullvad](https://mullvad.net), see [thatoneprivacysite.net](https://thatoneprivacysite.net/) for detailed comparisons
67 | - Change your routers default password. Anyone connected to your WiFi is able to listen to network traffic, so in order to prevent people you don't know from connecting, use WPA2 and set a strong password.
68 | - Use a [secure DNS](/5_Privacy_Respecting_Software.md#dns) provider, (such as [Cloudflare's 1.1.1.1](https://1.1.1.1/dns/) to reduce tracking. Ideally configure this on your router, but if that's not possible, then it can be done on each device.
69 |
70 |
71 | **📜 See More**: [The Complete Personal Security Checklist](https://github.com/Lissy93/personal-security-checklist/blob/master/README.md)
72 |
73 | ----
74 |
75 |
76 | ## OPEN-SOURCE, PRIVACY-FOCUSED SOFTWARE
77 | Switch to alternative open-source, privacy-respecting apps and services, which won't collect your data, track you or show targetted ads.
78 |
79 | #### Security
80 | - Password Managers: [BitWarden] | [1Password] *(proprietary)* | [KeePassXC] *(offline)* | [LessPass] *(stateless)*
81 | - 2-Factor Authentication: [Aegis] *(Android)* | [Authenticator] *(iOS)* | [AndOTP] *(Android)*
82 | - File Encryption: [VeraCrypt] | [Cryptomator] *(for cloud)*
83 | - Encrypted Messaging: [Signal] | [KeyBase] *(for groups/ communities)*
84 | - Encrypted Email: [ProtonMail] | [MailFence] | [Tutanota] | (+ also [33Mail] | [anonaddy] for aliasing)
85 | - Private Browsers: [Brave Browser] | [Firefox] *with [some tweaks](https://restoreprivacy.com/firefox-privacy/)* | [Tor]
86 | - Non-Tracking Search Engines: [DuckDuckGo] | [StartPage] | [SearX] *(self-hosted)* | [Quant]
87 | - VPN: [Mullvad] | [ProtonVPN] | [Windscribe] | [IVPN] *(better still, use [Tor])*
88 | - App Firewall: [NetGuard] (Android) | [Lockdown] (iOS) | [OpenSnitch] (Linux) | [LuLu] (MacOS)
89 |
90 | #### Browser Extensions
91 | [Privacy Badger] - Blocks trackers. [HTTPS Everywhere] - Upgrates requests to HTTPS. [uBlock Origin] - Blocks ads, trackers and malwares. [ScriptSafe] - Block execution of certain scripts. [WebRTC Leak Prevent] - Prevents IP leaks. [Vanilla Cookie Manager] - Auto-removes unwanted cookies. [Privacy Essentials] - Shows which sites are insecure
92 |
93 | #### Mobile Apps
94 | [Exodus] - Shows which trackers are on your device. [Orbot]- System-wide Tor Proxy. [Island] - Sand-box environment for apps. [NetGuard] - Controll which apps have network access. [Bouncer] - Grant temporary permissions. [Greenify] - Controll which apps can run in the background. [1.1.1.1] - Use CloudFlares DNS over HTTPS. [Fing App] - Monitor your home WiFi network for intruders
95 |
96 | #### Online Tools
97 | [εxodus] - Shows which trackers an app has. [';--have i been pwned?] - Check if your details have been exposed in a breach. [EXIF Remover] - Removes meta data from image or file. [Redirect Detective] - Shows where link redirects to. [Virus Total] - Scans file or URL for malware. [Panopticlick], [Browser Leak Test] and [IP Leak Test] - Check for system and browser leaks
98 |
99 | #### Productivity Tools
100 | File Storage: [NextCloud]. File Sync: [Syncthing]. File Drop: [Firefox Send]. Notes: [Standard Notes], [Cryptee], [Joplin]. Blogging: [Write Freely]. Calendar/ Contacts Sync: [ETE Sync]
101 |
102 | 📜 **See More**: [Complete List of Privacy-Respecing Sofware](/5_Privacy_Respecting_Software.md)
103 |
104 | ----
105 |
106 | ## SECURITY HARDWARE
107 |
108 | There are also some gadgets that can help improve your physical and digital security.
109 |
110 | - **Blockers & Shields**: [PortaPow] - USB Data Blocker | [Mic Block] - Physically disables microphone | [Silent-Pocket] - Signal-blocking faraday pouches | [Lindy] - Physical port blockers | [RFID Shields] | [Webcam Covers] | [Privacy Screen]
111 | - **Crypto Wallets**: [Trezor] - Hardware wallet | [CryptoSteel] - Indestructible steel crypto wallet
112 | - **FIDO U2F Keys**: [Solo Key] | [Nitro Key] | [Librem Key]
113 | - **Data Blockers**: [PortaPow] - Blocks data to protect against malware upload attacks, enables FastCharge.
114 | - **Hardware-encrypted storage**: [iStorage]- PIN-authenticated 256-bit hardware encrypted storage | [Encrypted Drive Enclosure]
115 | - **Networking**: [Anonabox] - Plug-and-play Tor router | [FingBox] - Easy home network automated security monitoring
116 | - **Paranoid Gadgets!** [Orwl]- Self-destroying PC | [Hunter-Cat]- Card-skim detector | [Adversarial Fashion]- Anti-facial-recognition clothing | [DSTIKE Deauth Detector] - Detect deauth attacks, from [Spacehuhn] | [Reflectacles]- Anti-surveillance glasses | [Armourcard]- Active RFID jamming | [Bug-Detector]- Check for RF-enabled eavesdropping equipment | [Ultrasonic Microphone Jammer] - Emits signals thats silent to humans, but interfere with recording equipment.
117 |
118 |
119 | There's no need to spend money- Most of these products can be made at home with open source software. Here's a list of [DIY Security Gadgets](/6_Privacy_and-Security_Gadgets.md#diy-security-products).
120 |
121 | 📜 **See More**: [Privacy and Security Gadgets](/6_Privacy_and-Security_Gadgets.md)
122 |
123 | ----
124 |
125 | *Thanks for visiting, hope you found something useful here :) Contributions are welcome, and much appreciated - to propose an edit [raise an issue](https://github.com/Lissy93/personal-security-checklist/issues/new/choose), or [open a PR](https://github.com/Lissy93/personal-security-checklist/pull/new/master). See: [`CONTRIBUTING.md`](/.github/CONTRIBUTING.md).*
126 |
127 | ----
128 |
129 | Found this helpful? Consider sharing, to help others improve their digital security 😇
130 |
131 | [](http://twitter.com/share?text=Check%20out%20the%20Personal%20Cyber%20Security%20Checklist-%20an%20ultimate%20list%20of%20tips%20for%20protecting%20your%20digital%20security%20and%20privacy%20in%202020%2C%20with%20%40Lissy_Sykes%20%F0%9F%94%90%20%20%F0%9F%9A%80&url=https://github.com/Lissy93/personal-security-checklist)
132 | [](
133 | http://www.linkedin.com/shareArticle?mini=true&url=https://github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=https://github.com/Lissy93)
134 | [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A//github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=)
135 | [](https://mastodon.social/web/statuses/new?text=Check%20out%20the%20Ultimate%20Personal%20Cyber%20Security%20Checklist%20by%20%40Lissy93%20on%20%23GitHub%20%20%F0%9F%94%90%20%E2%9C%A8)
136 |
137 |
138 |
139 |
140 |
141 | *Licensed under [Creative Commons, CC BY 4.0](https://creativecommons.org/licenses/by/4.0/), © [Alicia Sykes](https://aliciasykes.com) 2020*
142 |
143 |
144 | 
145 |
146 |
147 |
148 | [//]: # (SECURITY SOFTWARE LINKS)
149 | [BitWarden]: https://bitwarden.com
150 | [1Password]: https://1password.com
151 | [KeePassXC]: https://keepassxc.org
152 | [LessPass]: https://lesspass.com
153 | [Aegis]: https://getaegis.app
154 | [AndOTP]: https://github.com/andOTP/andOTP
155 | [Authenticator]: https://mattrubin.me/authenticator
156 | [VeraCrypt]: https://www.veracrypt.fr
157 | [Cryptomator]: https://cryptomator.org
158 | [Tor]: https://www.torproject.org
159 | [Pi-Hole]: https://pi-hole.net
160 | [Mullvad]: https://mullvad.net
161 | [ProtonVPN]: https://protonvpn.com
162 | [Windscribe]: https://windscribe.com/?affid=6nh59z1r
163 | [IVPN]: https://www.ivpn.net
164 | [NetGuard]: https://www.netguard.me
165 | [Lockdown]: https://lockdownhq.com
166 | [OpenSnitch]: https://github.com/evilsocket/opensnitch
167 | [LuLu]: https://objective-see.com/products/lulu.html
168 | [SimpleWall]: https://github.com/henrypp/simplewall
169 | [33Mail]: http://33mail.com/Dg0gkEA
170 | [anonaddy]: https://anonaddy.com
171 | [Signal]: https://signal.org
172 | [KeyBase]: https://keybase.io
173 | [ProtonMail]: https://protonmail.com
174 | [MailFence]: https://mailfence.com
175 | [Tutanota]: https://tutanota.com
176 | [Brave Browser]: https://brave.com/?ref=ali721
177 | [Firefox]: https://www.mozilla.org/
178 | [DuckDuckGo]: https://duckduckgo.com
179 | [StartPage]: https://www.startpage.com
180 | [Quant]: https://www.qwant.com
181 | [SearX]: https://asciimoo.github.io/searx
182 |
183 | [//]: # (PRODUCTIVITY SOFTWARE LINKS)
184 | [NextCloud]: https://nextcloud.com
185 | [Standard Notes]: https://standardnotes.org/?s=chelvq36
186 | [Cryptee]: https://crypt.ee
187 | [Joplin]: https://joplinapp.org
188 | [ETE Sync]: https://www.etesync.com/accounts/signup/?referrer=QK6g
189 | [Firefox Send]: https://send.firefox.com
190 | [Syncthing]: https://syncthing.net
191 | [Write Freely]: https://writefreely.org
192 |
193 | [//]: # (BROWSER EXTENSION LINKS)
194 | [Privacy Badger]: https://www.eff.org/privacybadger
195 | [HTTPS Everywhere]: https://eff.org/https-everywhere
196 | [uBlock Origin]: https://github.com/gorhill/uBlock
197 | [ScriptSafe]: https://github.com/andryou/scriptsafe
198 | [WebRTC Leak Prevent]: https://github.com/aghorler/WebRTC-Leak-Prevent
199 | [Vanilla Cookie Manager]: https://github.com/laktak/vanilla-chrome
200 | [Privacy Essentials]: https://duckduckgo.com/app
201 |
202 | [//]: # (ONLINE SECURITY TOOLS)
203 | [';--have i been pwned?]: https://haveibeenpwned.com
204 | [εxodus]: https://reports.exodus-privacy.eu.org
205 | [Panopticlick]: https://panopticlick.eff.org
206 | [Browser Leak Test]: https://browserleaks.com
207 | [IP Leak Test]: https://ipleak.net
208 | [EXIF Remover]: https://www.exifremove.com
209 | [Redirect Detective]: https://redirectdetective.com
210 | [Virus Total]: https://www.virustotal.com
211 |
212 | [//]: # (ANDROID APP LINKS)
213 | [Island]: https://play.google.com/store/apps/details?id=com.oasisfeng.island
214 | [Orbot]: https://play.google.com/store/apps/details?id=org.torproject.android
215 | [Orbot]: https://play.google.com/store/apps/details?id=org.torproject.android
216 | [Bouncer]: https://play.google.com/store/apps/details?id=com.samruston.permission
217 | [Crypto]: https://play.google.com/store/apps/details?id=com.kokoschka.michael.crypto
218 | [Cryptomator]: https://play.google.com/store/apps/details?id=org.cryptomator
219 | [Daedalus]: https://play.google.com/store/apps/details?id=org.itxtech.daedalus
220 | [Brevent]: https://play.google.com/store/apps/details?id=me.piebridge.brevent
221 | [Greenify]: https://play.google.com/store/apps/details?id=com.oasisfeng.greenify
222 | [Secure Task]: https://play.google.com/store/apps/details?id=com.balda.securetask
223 | [Tor Browser]: https://play.google.com/store/apps/details?id=org.torproject.torbrowser
224 | [PortDroid]: https://play.google.com/store/apps/details?id=com.stealthcopter.portdroid
225 | [Packet Capture]: https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
226 | [SysLog]: https://play.google.com/store/apps/details?id=com.tortel.syslog
227 | [Dexplorer]: https://play.google.com/store/apps/details?id=com.dexplorer
228 | [Check and Test]: https://play.google.com/store/apps/details?id=com.inpocketsoftware.andTest
229 | [Tasker]: https://play.google.com/store/apps/details?id=net.dinglisch.android.taskerm
230 | [Haven]: https://play.google.com/store/apps/details?id=org.havenapp.main
231 | [NetGaurd]: https://www.netguard.me/
232 | [Exodus]: https://exodus-privacy.eu.org/en/page/what/#android-app
233 | [XUMI Security]: https://xumi.ca/xumi-security/
234 | [Fing App]: https://www.fing.com/products/fing-app
235 | [FlutterHole]: https://github.com/sterrenburg/flutterhole
236 | [1.1.1.1]: https://1.1.1.1/
237 | [The Guardian Project]: https://play.google.com/store/apps/dev?id=6502754515281796553
238 | [The Tor Project]: https://play.google.com/store/apps/developer?id=The+Tor+Project
239 | [Oasis Feng]: https://play.google.com/store/apps/dev?id=7664242523989527886
240 | [Marcel Bokhorst]: https://play.google.com/store/apps/dev?id=8420080860664580239
241 |
242 | [//]: # (SECURITY HARDWARE LINKS)
243 | [Encrypted Drive Enclosure]: https://www.startech.com/HDD/Enclosures/encrypted-sata-enclosure-2-5in-hdd-ssd-usb-3~S2510BU33PW
244 | [iStorage]: https://istorage-uk.com
245 | [PortaPow]: https://portablepowersupplies.co.uk/product/usb-data-blocker
246 | [Lindy]: https://lindy.com/en/technology/port-blockers
247 | [Mic Block]: https://www.aliexpress.com/item/4000542324471.html
248 | [RFID Shields]: https://www.aliexpress.com/item/32976382478.html
249 | [Webcam Covers]: https://www.aliexpress.com/item/4000393683866.html
250 | [Privacy Screen]: https://www.aliexpress.com/item/32906889317.html
251 | [Trezor]: https://trezor.io
252 | [CryptoSteel]: https://cryptosteel.com/product/cryptosteel/?v=79cba1185463
253 | [Solo Key]: https://solokeys.com
254 | [Nitro Key]: https://www.nitrokey.com
255 | [Librem Key]: https://puri.sm/products/librem-key
256 | [Anonabox]: https://www.anonabox.com
257 | [FingBox]: https://www.fing.com/products/fingbox
258 | [Orwl]: https://orwl.org
259 | [Hunter-Cat]: https://lab401.com/products/hunter-cat-card-skimmer-detector
260 | [DSTIKE Deauth Detector]: https://www.tindie.com/products/lspoplove/dstike-deauth-detector-pre-flashed-with-detector
261 | [Bug-Detector]: https://www.brickhousesecurity.com/counter-surveillance/multi-bug
262 | [Ultrasonic Microphone Jammer]: https://uspystore.com/silent-ultrasonic-microphone-defeater
263 | [Silent-Pocket]: https://silent-pocket.com
264 | [Armourcard]: https://armourcard.com
265 | [Adversarial Fashion]: https://adversarialfashion.com
266 | [Reflectacles]: https://www.reflectacles.com
267 | [Spacehuhn]: https://github.com/spacehuhn/DeauthDetector
268 |
269 |
--------------------------------------------------------------------------------
/6_Privacy_and-Security_Gadgets.md:
--------------------------------------------------------------------------------
1 | [](https://awesome.re)
2 | [](http://makeapullrequest.com)
3 | [](https://creativecommons.org/licenses/by/4.0/)
4 |
5 | # Hardware for Protecting Privacy and Security
6 | A curated list of (DIY and pre-built) devices, to help preserve privacy and improve physical cyber security 🔐
7 |
8 | **Too long? 🦒** See the [TLDR version](/2_TLDR_Short_List.md#security-hardware) instead.
9 |
10 | **Note**: This section is intended just to be a bit of fun, it is entirely possible to stay secure and anonymous, without having to build or buy anything. Now that more devices have been added, it's not been possible to test everything here, so these products should not be taken as recommendations, just interesting ideas, and a bit of fun
11 |
12 |
13 | ---
14 |
15 | #### Contents
16 | - [Basics](#basics)
17 | - [DIY Security Products](#diy-security-products)
18 | - [Paranoid Security Gadgets](#paranoid-security-gadgets)
19 | - [Network Security](#network-security)
20 | - [Secure Computing Devices](#secure-computing-devices)
21 | - [Hardware Encrypted Storage](#hardware-encrypted-storage)
22 | - [USB Data Blockers](#usb-data-blockers)
23 | - [FIDO U2F Keys](#fido-u2f-keys)
24 | - [Crypto Wallets](#crypto-wallets)
25 |
26 |
27 | ## Basics
28 | (All products in this section have been tested.)
29 |
30 | **Item** | **Description**
31 | --- | ---
32 | **USB Data Blocker**
[](https://amzn.to/2HDArRP) | There are many exploits that allow an attacker to infect your device with malware and/ or steal data, when you plug it in to what appears to be a USB power outlet. If you are charging your phone while travelling, a USB data blocker will prevent anything other than power from getting to your device, by removing the connection between the 2 data wires. The PortaPower brand, also comes with a fast charging chip, since without the data connection your device would otherwise charge at minimum speed
33 | **Microphone Blocker**
[](https://amzn.to/2uQ3r5L) | A microphone blocker is a device that prohibits audio hacking, in the form of a hardware accessory for a smartphones, laptops etc. It functions as a dummy mic jack, so the device thinks it has a microphone plugged in, and hence disables the internal one
34 | **Faraday Pouch**
[](https://amzn.to/3bIkfw4) | [Faraday Shield](https://en.wikipedia.org/wiki/Faraday_cage) is an enclosure that blocks electromagnetic fields. It is useful to keep any device which could be hacked through sending or receiving signals in such a case, such as car keys, or a smart phone. [Larger](https://amzn.to/2UTZOGM) versions are availible for tablets and latops.
35 | **RFID Blocking Cards**
[](https://amzn.to/38ycMxN) | If you are concerned about card skimming, you can use an RFID blocking sleeve to protect your contactless payment and identity cards. However there are proportionately very few RFID-skimmer crimes reported, and most credit cards have a low contactless limit
36 | **Web Cam Covers**
[](https://amzn.to/2uEz16H) | Web cam covers are quite self-exoplanetary, they physically conceal the lenses on your laptop or phone camera, to prevent a malicious actor (hacker, government, corporation etc) from watching you through the camera. It may sound paranoid, but unfortunately it happens, and it is a relatively simply process for someone to gain remote access to a webcam. Even Mark Zuckerberg [covers his webcam](https://www.geek.com/tech/mark-zuckerberg-tapes-up-his-webcam-and-snowden-says-you-should-too-1659083/)! Of course you could just use some tape, rather than buying a cover
37 | **Port Blockers**
[](https://amzn.to/327Yn9n) | There are many attacks that involve an attacker inserting a USB device (such as a BadUSB/ Rubber Ducky/ Malduino) to an open USB port. Adding a port blocker doesn't render you safe from this, since the attacker could take the time to try and remove it, but it could protect you for an opportunistic attack
38 | **Privacy Filter**
[](https://amzn.to/3bAa9xv) | Privacy filters are polarized sheets of plastic, that when placed over a computer screen prevent screen visibility from any angle other than straight on. They make it harder for anyone to look over your shoulder and see your data confidential
39 | **YubiKey**
[](https://amzn.to/38wcG9R) | The YubiKey is a small hardware device used to secure access on mobile devices, computers, and servers to all of your online accounts. It allows for second-factor authentication, hence protecting anyone other than you from logging in. It is said to be more convenient and more secure than using a mobile authenticator, but there are reasons for and against
40 | **Encrypted Kingston Data Traveler**
[](https://amzn.to/38xsnO5) | Good value, easy-to-use with no installation required. Built-in hardware encryption and high password protection. Also optionally allows for automatic cloud backup option to protect against data loss (which doesn't say much about their faith in this USB device, but jokes aside-) this is a very affordable and well rated little device
41 | **Hardware Encrypted USB 3.0 Drive**
[](https://amzn.to/2vD32Ug) | OS & Platform independent, with 100% hardware encryption, so it works perfectly with all operating systems. USB 3.0 with Read/Write Speeds of 116/43 MBps. GDPR complient and FIPS 140-2 Level 3, NLNCSA DEP-V & NATO Restricted Level Certified with real time military grade AES-XTS 256-bit hardware encryption
42 | **Hardware Encrypted External Hard Drive**
[](https://amzn.to/37pTmK8) | Similar to the iStorage hardware encrypted USB 3.1 drive, this external hard drive has high capacity and strong hardware encryption. Data is encrypted with FIPS PUB 197 Validated Encryption Algorithm, and against a 7 - 15 digit alpha-numeric pin, with erasing capabilities for multiple failed login attempts
43 | **Fingbox - Home Network Monitoring**
[](https://amzn.to/2V5gATx) | Fing Box is an optional companion to the [Fing App](https://www.fing.com/products/fing-app). It provides network monitoring and security capabilities, to protect your home/ work network. As well as the functionality of the app, the FingBox allows you to block intruders and notify you about unknown devices as well as analyse your network for vulnerabilities, such as open ports. You can also see which devises are near your home at what time (even if they're not connected to your WiFi), and improve network speed with scheduled analysis and bandwidth allocation. Best to try out the Fing app alone, before buying the FindBox, but both are great products for netowrk monitoring and security
44 | **Bootable Drive Eraser**
[](https://amzn.to/2SsL67Y) | Easy-to-use bootable USB will completely erase your hard drive with military grade destruction, making it near-impossible for any files or personal data to be recovered. This should be done before you sell, or dispose of any hard drive. Of course there are various .ISOs you can download and flash to a USB yourself if you do not want to spend money, but this USB supports all devices and is quick and easy to use, with excellent results
45 | **Mobile Privacy Screen**
[](https://amzn.to/2OZO3Lc) | Similar to the laptop/ monitor privacy filter, this screen protector will prevent anyone from seeing what is on your screen when reading from an angle
46 | **Kensington Lock**
[](https://amzn.to/38zu0e2) | Quite self-explanatory, this lock will make it harder for someone to steal your laptop, and get to your data. Of course it does require that your laptop has the [Kensington Security Slot](https://en.wikipedia.org/wiki/Kensington_Security_Slot), which many do
47 | **Anti-Surveillance Clothing**
[](https://adversarialfashion.com) | Facial recognition is being rolled out in most countries now, the patterns on these clothes, will confuse facial, object and number plate recognition, injecting junk data in to the systems, hence making it harder for automated systems to monitor and track you
48 | **Solo Key**
[](https://amzn.to/37CsOpj) | Another FIDO2 physical security key for 2-facto authentication and storing encryption keys. SoloKeys have both open source hardware and software, they are easy to use out of the box, but can also be used for developers and makers, since there is a well documented CLI
49 | **Nano Ledger**
[](https://amzn.to/37q1cn6) | If you are in possession of BitCoin or other crypto then one of the most secure ways to store, send and receive coins is with a hardware wallet. Ledger has a solid reputation when it comes to hardware encryption, and the main principle behind their wallets is to provide full isolation between the private keys and your easy-to-hack computer or smartphone
50 | **Cold Storage**
[](https://amzn.to/2HqVy9x) | If you are not planning on spending your crypto any time soon, and do not want to trust a tech-based solution, then consider this metal cold storage wallet. Unlike writing your private key down on paper, this will not fade, and cannot be destroyed by water, fire of other environmental circumstances. Of course you could just engrave your key on a small sheet of aluminium
51 | **Anonabox**
[](https://amzn.to/2UWtP8E) | Plug-and-play Tor router, that can be used with public WiFi while travelling, or at home. Anonabox provides easy access to the deep web and lets you bypass censorship, protect your location, deter data collection and more. It can also be used with a VPN, or for online hosting. Of course you could build a similar product your self using a Raspberry Pi and a WiFi range extender
52 | **Deauth Detector**
[](https://amzn.to/2HtUy4B) | Most WiFi hacks begin by sending deauth packets, so that connected clients will briefly be disconnected to the network. This [ESP8266](https://en.wikipedia.org/wiki/ESP8266) comes pre-flashed with [@SpaceHuhn's](https://github.com/spacehuhn) deauth detector (which you can view [here, on GitHub](https://github.com/spacehuhn/DeauthDetector)). Once it detects [deauthentication or disassociation frames](https://mrncciew.com/2014/10/11/802-11-mgmt-deauth-disassociation-frames), it will activate a speaker to notify you
53 | **Librem 5**
[](https://shop.puri.sm/shop/librem-5/) | Security and Privacy focused smart phone by Purism. With hardware kill switches and specially designed software, this device runs Linux, and does not track you. It Separates CPU from Cellular Baseband, uses IP-Native Communication First and Decentralized Communication by Default. The source code is user-controlled, and has layered security protection. Purism also have [other security-focused products](https://puri.sm/products)
54 | **Slate Travel Router**
[](https://www.gl-inet.com/products/gl-ar750s/) | The GL-AR750S-Ext can serve as a Wi-Fi access point, a pfSense firewall or a portable router with always-on VPN connectivity. It's great for controlling your network (firewall, VPN, ad-block, web filtering, data limits and more) when traveling or away from home
55 |
56 |
57 |
58 |
59 |
60 | ## DIY Security Products
61 |
62 | Don't want to spend money? Most of the products above, plus some that wearn't included can be built at home with some pretty simple hardware and open source software. The following list will point you in the right direction to start making!
63 |
64 | See Also [DIY Networking Hardware](#diy-networking-hardware)
65 |
66 | - **Network-wide add-block** - [Pi Hole](https://pi-hole.net) is a simple yet powerful app, that can be installed on a [Raspberry Pi](https://amzn.to/36GNpsm), and once you've updated your routers DNS servers to point to it, all resources on the blacklist will be blocked, at the point of origin. This makes it much more powerful than a browser add-on, and will also speed your internet up
67 | - **USB Sanitiser** - [CIRCLean](https://www.circl.lu/projects/CIRCLean) is a hardware solution to clean documents from untrusted (obtained) USB drives. It automatically converts untrusted documents into a readable but disarmed format and stores these clean files on a trusted (user owned) USB key/stick.
68 | - **Bootable Drive Eraser** - You can flash the [DBAN](https://dban.org) or [KillDisk](https://www.killdisk.com/bootablecd.htm) ISO file onto a USB, boot from it and securly, fully wipe your hard drives. This is useful to do before selling or disposing of a PC.
69 | - **Deauth Detector** - Since most wireless attacked begin by sending out deauthentication packets, you can flash SpaceHuhns [DeatuhDetector](https://github.com/spacehuhn/DeauthDetector), onto a standard [ESP8266 NodeMCU](https://amzn.to/2v5grV0), plug it in, and wait to be notified of wireless deauth attacks
70 | - **AI Assistant Mod** - [Project Alias](https://github.com/bjoernkarmann/project_alias) runs on a Pi, and gives you more control and increased privacy for both Google Home and Alexa, through intercepting voice commands, emitting noise interference + lots more. If your interested in voice assistants, then also check out [Mycroft](https://mycroft.ai)- an open source, Pi-based alternative to Google Home/ Alexa
71 | - **Tor WiFi Network** - Using [OnionPi](https://github.com/breadtk/onion_pi), you can create a second wireless network, that routed traffic through Tor. This is very light-weight so can be done with just a [Pi Zero W](https://amzn.to/2Urc0hM). Here is a configuration [guide](https://www.sbprojects.net/projects/raspberrypi/tor.php)
72 | - **Credential Recall Card** - A password card is a unique grid of random letters and digits, that lets you generate, store and recall unique and strong passwords for your accounts. Generate your own unique password card, and read more via: [PasswordCard.org](https://www.passwordcard.org/en)
73 | - **Faraday Case** - If you want to block signals for devices such as car keys, smart phone, laptop or even just RFID-enabled cards and passports, you can line a box or pouch with [Faraday Fabric](https://amzn.to/2ORKtTr)
74 | - **Hardware Wallet** - Using the Trezor Shield or [Trezor Core](https://github.com/trezor/trezor-firmware) and a Raspberry Pi, you can create your own hardware wallet for safley storing your crypto currency private keys offline. See [this guide](https://github.com/Multibit-Legacy/multibit-hardware/wiki/Trezor-on-Raspberry-Pi-from-scratch) for building. If you enjoyed that, you can also run your own BitCoin and Lightning Node [Raspiblitz](https://github.com/rootzoll/raspiblitz)
75 | - **Encrypted USB** - You can use [VeraCrypt](https://www.veracrypt.fr/en/Home.html) to create an encrypted USB drive, using any off-the shelf [USB drive](https://amzn.to/2RykcLD)
76 | - **Home VPN** - [Pi_VPN](https://www.pivpn.io) lets you use [OpenVPN](https://openvpn.net) to connect to your home network from anywhere, through your [Pi](https://amzn.to/2uniPqa). See [this guide](https://pimylifeup.com/raspberry-pi-vpn-server) for set-up instructions. This will work particularly well in combination with Pi Hole.
77 | - **USB Password Manager** - Storing your passwords in the cloud may be convinient, but you cannot ever be certain they won't be breached. [KeePass](https://keepass.info/help/v2/setup.html) is an offline password manager, with a portable ddition that can run of a USB. There's also an [app](https://play.google.com/store/apps/details?id=com.korovan.kpass). See also [KeePassX](https://www.keepassx.org) and [KeePassXC](https://keepassxc.org) which are popular communnity forks with additional functionality
78 | - **Secure Chat Platform** Tinfoil Chat (TFC) is an onion-routed, endpoint secure messaging system, that relies on high assurance hardware architecture to protect users from passive collection, MITM attacks and most importantly, remote key exfiltration. See [TFC](https://github.com/maqp/tfc)
79 | - **Automated Backups** - [Syncthing](https://syncthing.net) is a privacy-focused continuous file synchronization program. You can use it to make on-site backups as well as encrypted and sync your data with your chosen cloud storage provider
80 | - **GPS Spoofer** - If you don't want to be tracked with GPS, then using a SDR you can send out spoof GPS signals, making near-by GPS-enabled devices think that they are in a totally different location. (Wouldn't recommend using this while on an airplane though!). You can use [gps-sdr-sim](https://github.com/osqzss/gps-sdr-sim) by [@osqzss](https://github.com/osqzss), and run it on a [Hacker RF](https://greatscottgadgets.com/hackrf) or similar SDR. Here's a [guide](https://www.rtl-sdr.com/tag/gps-spoofing) outlineing how to get started, you'll also need a [NooElec HackRF One](https://amzn.to/2Ta1s5J) or similar [SDR](https://amzn.to/39cLiOx). Check your local laws first, you may need a radio license.
81 | - **No-Mic Laptop** - You can go one step further than using a mic-blcoker, and physically remove the microphone from your laptop. (And then use a removable external mic when needed). See how, for [Apple MacBook and iPhone](https://www.wired.com/story/remove-the-mic-from-your-phone/) | [Video Guide](https://www.youtube.com/watch?v=Eo-IwQMeVLc). If that seems to extreme, there are [other options](https://security.stackexchange.com/a/130402)
82 |
83 | If you are confident with electronics, then you could also make:
84 | - **USB Data Blocker** - By simple removing the data wires from a USB adapter, you can create a protector to keep you safe while charing your device in public spaces. See [this guide](https://www.instructables.com/id/Making-a-USB-Condom) for more info (note: fast charge will not work)
85 | - **Hardware Encrypted Password Manager** - Even better than a software-encrypted password manager, is the [hardpass0.2](https://bit.ly/3bg4Xi4) which is a very simple hardware-encrypted USB store, using [GnuPG Smart card](https://www.g10code.com/p-card.html), [GNU Password Standard](https://www.passwordstore.org/) and this [source code](https://github.com/girst/hardpass-passwordmanager) all running on a [Pi Zero](https://amzn.to/2Sz0vU4). See also the [Zamek Project](https://bit.ly/36ZJrec), using this [source code](https://github.com/jareklupinski/zamek) to achive a similar functioning hardware-password manager
86 | - **U2F USB Token** - Similar to the FIDO2 2-factor authentication USB keys, [U2f-Zero](https://github.com/conorpp/u2f-zero) by Conor Patrick, lets you turn a Pi Zero into a second-factor auth method. Note: project no longer activley maintained, see [NitroKey](https://github.com/nitrokey) instead
87 | - **True Random Number Generator- Standalone** - The [FST-01](https://www.gniibe.org/FST-01/fst-01.html) is an open source hardware RNG with good documentation, and see the [neug source code](https://salsa.debian.org/gnuk-team/gnuk/neug)
88 | - **PC auto-lock Flash Drive** - Turn a flash drive into a lock/ unlock key for your PC, allowing you to quickly lock your device when needed [deprecated]
89 | - **Headless Pi Zero SSH server** - Create an small test server, that you can SSH into for development, in order to not have to run risky or potentially dangerous code or software directly on your PC, see [this artticle](https://openpunk.com/post/5) for getting started
90 |
91 |
92 | ## Paranoid Security Gadgets
93 |
94 | We can go even further, these products are far from essential and are maybe a little over-the-top. But fun to play around with, if you really want to avoid being tracked!
95 |
96 | - **Self-Destroying PC** - The ORWL PC will wipe all data if it is compromised, and has many other safeguards to ensure no one other than you can access anything from your drive. Comes with QubeOS, Windows or Linux, and requires both a password and fob to log in. See more: [orwl.org](https://orwl.org)
97 | - **Tor Travel-Router** - Plug-and-play travel router, providing WiFi with VPN or Tor for more private internet access, also has Wi-Fi uplink and range extender with a clear user interface. See more: [Anonabox.com](https://www.anonabox.com) | [Amazon](https://amzn.to/2HHV0fG) | [shop.itsfoss.com](https://shop.itsfoss.com/sales/anonabox-pro)
98 | - **Hardware Data Encryption Token** - Savvi Solutions Purrtec Encryption Keys provide an extra layer of protection for ofline data encryption, requiring the USB to be inserted as well as the password, in order to encrypt or decrypt files and data. [Purrtec.com](http://www.purrtec.com/) | [shop.itsfoss.com](https://shop.itsfoss.com/sales/purrtec-encryption-keys-2-pack)
99 | - **Active RFID Jamming** - Armour Card is a slim credit-card shaped device, which when in contact with any readers creates an electronic force field, strong enough to "jam" and readings from being taken by emmiting arbitrary data. Aimed at protecting cred cards, identity documents, key cards and cell phones. [US](https://amzn.to/38bJxB9) | [ArmourCard Website](https://armourcard.com)
100 | - **Ultra-Sonic Microphone Jammer** - Blocks phones, dictaphones, voice assistants and other recording devices. Uses built-in transducers to generate ultrasonic signals that can not be heard by humans, but cause indistinct noise, on redording devices, making it impossible to distinguish any details of the conversations. See more [UK](https://amzn.to/2Hnk63s) | [US](https://amzn.to/2v2fwVG)
101 | - **GPS Jammer** - In the DIY list, there was a link to how to build a GPS spoof device using an SDR. But you can also buy a GPS jammer, which may be useful if you fear that you are being tracked. They are aimed at preventing UAVs from operating in your area, but can also be used to confuse other tracking devices near by, there's a variety of models with varying power and range availible from $50 - $500. [AliExpress](https://www.aliexpress.com/item/4000214903055.html)
102 | - **Audio Jammer/ White Noise Generator** - protects your private room conversations by generating a un-filterable masking sound which desensitizes any near-by microphones. Sounds like random static to your ears but it is a variable oscillating frequency that masks your in person conversations. via [SpyGadgets.com](https://www.spygadgets.com/rechargeable-audio-jammer-white-noise-generator-aj-40/)
103 | - **LibremKey: USB Token** - A USB security token to make encryption, key management, and tamper detection convenient and secure. [Purism](https://puri.sm/products/librem-key/)
104 | - **Secalot: All-in-one Security Key** - An open source, small USB, that functions as a hardware Hardware cryptocurrency wallet, OpenPGP smart card, U2F authenticator, and one-time password generator. via [Secalot](https://www.secalot.com/)
105 | - **Slim Hardware OTP Generator** - A reprogrammable TOTP hardware token authenticator. Unlike USB security keys, this does not need to be connected, and instead is used like a mobile OTP generator, where you enter the 6-digit code. Useful as a backup, in case your phone is not accessible. Via [Protectimus](https://www.protectimus.com/protectimus-slim-mini/)
106 | - **p@ss™ Bracelet** - Fun password generator wristband, allowing you to generate hard to guess, unique passwords for each of your online accounts, and not have to remember them. [Tindie](https://www.tindie.com/products/russtopia/psstm-bracelet/)
107 | - **Credential Recall Cards** - An easy method for generating and recalling secure passwords. You could [make your own](https://www.passwordcard.org/en), or buy one such as the C@RD™ Mark II, available via: [Tindie](https://www.tindie.com/products/russtopia/crdtm-mark-ii-credential-ccess-recall-device/)
108 | - **Card Skimmer Detector** - Ensure an ATM or card reader does not have an integrated skimming device. See more at [Lab401](https://lab401.com/products/hunter-cat-card-skimmer-detector)
109 | - **Deauth Detector** - Most WiFi-based attacks involve sending deauth packets at some point, a deauth-detector will notify you whenever these packets are detected. This particular model uses SpaceHuhns code, running on an ESP8266. via: [Tindie](https://www.tindie.com/products/lspoplove/dstike-deauth-detector-pre-flashed-with-detector/) | [Amazon](https://www.amazon.com/MakerFocus-ESP8266-Detector-Pre-flashed-Deauther/dp/B07WKDPBRY)
110 | - **Bug Detector** - Able to detect radio waves, magnetic fields, in order to find hidden wired or wireless recording or camera equipment and transmitting devices, Note: has limited accuracy. See more: [UK](https://amzn.to/2V8z8C1) | [US](https://amzn.to/2V9AnkI)
111 | - **Advanced Multi-Frequency RF Detector** - Get instantly notified whenever a threat enters your environment. Detects the following frequencies: CDMA (824–849MHz), GSM(880-920MHz), GS-DCS(1710–1790MHz), WCDMA, 3G, GSM-PCS, DECT(1920–2480MHz), Bluetooth, WiFi(2400–2480MHz), Wi-Max(3000–7000MHz). via [spygadgets.com](https://www.spygadgets.com/1207i-multi-frequency-rf-bug-detector-cdma-gsm-bluetooth-wimax/)
112 | - **Laser Surveillance Defeater** - Sophisticated spies could potentially use a laser microphone, which bounces an invisible infrared laser off of a window and back to a light sensor. By measuring any interference in that reflected light, the laser microphone can detect vibrations in the window pane and reconstruct sound on the other side of the glass. A laser surveillance defeater creates small in-audible vibrations, which can stop all vibration-based evesdropping. [shomer-tec](https://www.shomer-tec.com/laser-surveillance-defeater.html) | [Amazon](https://www.amazon.com/Surveillance-Defeater-Countermeasure-Protection-Device/dp/B00383Z5L0)
113 | - **Voice Changer** - Useful to disguise voice, while chatting online. See more: [UK](https://amzn.to/3bXqpsn) | [US](https://amzn.to/2PqUEyz)
114 | - **Anti-Facial Recognition Clothing** - Carefully printed patterns that confuse common facial recognition algorithms. See more: [Amazon UK](https://amzn.to/32dnYgO) | [Redbubble](https://www.redbubble.com/people/naamiko/works/24714049-anti-surveillance-clothing?p=mens-graphic-t-shirt) | [Monoza](https://www.monoza.mobi/hyperface-anti-surveillance-shirt/?sku=1045-19321-423696-174028)
115 | - **Reflective Glasses** - Blocks faces from most CCTV and camera footage, and stops facial recognition from being able to map your face. See more: [Reflectacles](https://www.reflectacles.com)
116 | - **Hardware Password Manager** - MooltiPass is an offline, hardware encrypted USB password manager, with desktop and mobile browser integrations. You can export your KeePass database onto it, for secure authentication on the road, and the hardware is open source. See More: [TheMooltiPass.com](https://www.themooltipass.com) | [Hackaday](https://hackaday.com/tag/mooltipass/)
117 | - **QUANTUM** - Multifunctional crypto device, is an open source secure, reliable and simple cross-platform cryptocurrency wallet and password manager. See more: [crypto-arts.com](https://security-arts.com/) | [Tindie](https://www.tindie.com/products/security-arts/quantum-multifunctional-crypto-device/)
118 | - **Faraday Cases** - A Faraday cage or Faraday shield is an enclosure used to block electromagnetic fields. Useful for electronics, since many devices are constantly transmitting and recieving, which is the worst when you are trying to avoid being tracked. Their have been numerous reportings that governments can apparently track phones, even when they are [powered off](https://slate.com/technology/2013/07/nsa-can-reportedly-track-cellphones-even-when-they-re-turned-off.html), and since smart phones often do not have removable batteries, the only option is often to shield them from any em waves. See [SilentPocket.com](https://silent-pocket.com/collections/all-products) | [Faraday Box](https://amzn.to/3cj9z7r) | [Faraday Phone Pouch](https://amzn.to/38faum5)
119 | - **DNA Invisble** - An open source recipe that erases and deletes 99.5% of DNA left behind, and obfuscates the remaining 0.5%. You leave your DNA behind all the time, once analysed this is able to say a lot about your genetic makeup, and who you are. Learn more about this threat in [this video](https://youtu.be/MoX_BDWZUG0), See [DNA Invisible](http://biogenfutur.es)
120 | - **Forensic bridge kit** - Allows for write blocking to prevent unauthorized writing to a device, and for crating images with out modifying data. See more: [Amazon](https://www.amazon.com/dp/B00Q76XG5W)
121 | - **Firewalla** - Tiny open source smart firewall. Has many useful features: VPN Server, Ad-blocker, powerful monitoring, security analysis and family controls. [Firewalla.com](https://firewalla.com) | [Tindie](https://www.tindie.com/products/firewallallc/firewalla-smart-internet-security-for-your-home/)
122 | - **IoTMATE v2b-CL** - Plug-and-play open source home automation module, does not require internet access and has some good privacy controls, making it a more secure alternative to big-name IoT hubs (Note: requires technical and electrical knowledge to install and configure). [Tindie](https://www.tindie.com/products/iotmate/iotmate-v2b-cl-home-automation-with-alexa-support/)
123 | - **Stand-alone Drive Eraser** - Allows you to erase drives, without connecting them to your PC. Availible in different modesls for different needs. See More: [Amazon](https://www.amazon.com/StarTech-com-Hard-Drive-Eraser-Standalone/dp/B073X3YZNL)
124 | - **Shredder** - It is important to safely dispose of any documents that contain personal information. This is a very affordable shredder - it cuts pieces into security level P-4 sizes (5/32" by 15/32"). It also shreds credit cards into the same size. [Amazon](https://www.amazon.com/AmazonBasics-6-Sheet-High-Security-Micro-Cut-Shredder/dp/B00Q3KFX8U)
125 | - **Device Timer** - This non-smart device can be used to turn various devices (such as lights or radio) on or off at certain times. It's useful to deter people when you are away. [Amazon](https://www.amazon.com/Century-Digital-Programmable-Packaging-Security/dp/B00MVF16JG)
126 | - **SurfEasy Key** - A portable web browser you can carry in your pocket for private and secure browsing on the go. Provides encrypted storage and anonymous browsing features. Again, you can make your own version with an encrypted USB, and a portable executable. [fightforthefuture.org](https://shop.fightforthefuture.org/products/surfeasy-key)
127 | - **Private Texting LoRa Transceivers** | A pack of 2 private texting unit, which are small companion radios for a smartphone, allowing you to communicate independently from celluar networks, great for privacy, security and when you have no service. [Tindie](https://www.tindie.com/products/DLSpectrum/two-private-texting-lora-transceivers/)
128 | - **TrueRNG** - Generates a stream of True Random Numbers for use in Simulations, Security, and Gaming. [Tindie](https://www.tindie.com/products/ubldit/truerng-v3/)
129 | - **Wire Tap Detector** - Easily check both single and multi-line phone systems for series and parallel taps. Via [BrickHouseSecurity](https://www.brickhousesecurity.com/counter-surveillance/wiretap/)
130 | - **True Random Number Generator** - FST-01SZ is a tiny stand alone USB 32-bit computer based on a free hardware design. (NeuG is an implementation of a TRNG for GD32F103 MCU). See More: [Free Software Foundation: Shop](https://shop.fsf.org/storage-devices/neug-usb-true-random-number-generator)
131 |
132 |
133 | ## Network Security
134 |
135 | Gadgets that help protect and anonamise your internet, detect & prevent intrusions and provide additional network controlls, both at home and while traveling. There are many products like this availible, some of them are over-priced for what they are, others provide some really essential network security features. It is possible to re-create some of these solutions yourself, to save money [above](#diy-security-products).
136 |
137 | - **Anonabox** - Plug-and-play Tor router. Wi-Fi uplink and range extender with user interface, also has VPN options and USB ports for local file sharing. [Amazon](https://amzn.to/38bwZIA) | [Anonabox.com](anonabox.com) | [shop.itsfoss.com](https://shop.itsfoss.com/sales/anonabox-pro)
138 | - **Turris Omnia Router** - Open source wireless router, running OpenWrt. Above average specs, and useful features including automatic updates, distributed adaptive firewall and virtual server. Via [turris.com](https://www.turris.com/en/omnia/overview/) | [Amazon](https://www.amazon.com/Turris-hi-Performance-printserver-Virtual-Dual-core/dp/B07XCKK146)
139 | - **FingBox** - Network monitoring and security, for what it offers Fing is very affordable, and there is a free [app](https://www.fing.com/products/fing-app) that you can use before purchasing the hardware to get started. [Fing.com](https://www.fing.com/products/fingbox) | [US](https://amzn.to/2wlXfCT) | [UK](https://amzn.to/2I63hKP)
140 | - **BitdefenderBox** - Cybersecurity home firewall hub, for protecting IoT and other devices. Has other features such as parental controlls and is easy to set up. [US](https://amzn.to/2vrurZJ) | [UK](https://amzn.to/34Ul54w)
141 | - **Flashed-Routers** - Pre-configured branded routers, flashed with custom open source firmware, for better security, privacy and performance. [flashrouters.com](https://www.flashrouters.com/routers)
142 | - **Firewalla** - Tiny open source smart firewall. Has many useful features: VPN Server, Ad-blocker, powerful monitoring, security analysis and family controls. [Firewalla.com](https://firewalla.com) | [Tindie](https://www.tindie.com/products/firewallallc/firewalla-smart-internet-security-for-your-home/)
143 | - **Trend Micro Box** - Protect home networks from external and internal cyber attacks. Detects intrusions, vulnrabbilities, remote access, web threats and provides other security features. [US](https://amzn.to/2wk3Y0s) | [US](https://amzn.to/2uqX4Wv)
144 | - **AlwaysHome Duo** - USB VPN with accelerated virtual networking to your home or office network, crossing geo-blocking and firewall mechanisms. [US](https://amzn.to/2Ts6oSn) | [UK](https://amzn.to/3bi4cF0)
145 | - **Firewalla Red** - An intrusion detection and intrusion prevention system, with a web and mobile interface. Also has Ad-block, VPN, internet controll features and insights. [US](https://amzn.to/388BlAw) | [Firewalla.com](https://firewalla.com)
146 | - **LibertyShield** - Pre-configured, plug-and-play multi-country VPN router, note that after 1 year there is a monthly subscription. [US](https://amzn.to/2T89vzU) | [UK](https://amzn.to/2twJlwM)
147 | - **Gigabit Travel AC VPN Router** - A fully-featured dual-band travel router with VPN capabilities. [US](https://amzn.to/32HD1zU) | [UK](https://amzn.to/2SkUxFg)
148 | - **Helios 64** - ARM-powered fully open source NAS. Using a local backup solution mitigates a lot of the privacy concerns of popular cloud storage providers, and Kobol's Helios 64 is a great option in terms of cost, reliability, functionality and security. High capacity (up to 80TB across 5-bays), with good network throughput (2.5GB multi-Gigabit Ethernet and dual LAN), adequate computing power and memory, great reliability, (with a built-in UPS, dual DC input). [Kobol.io](https://kobol.io/)
149 | - **InvizBox** - Tor router, that provides speed, privacy and security for all devices connected to it. [Invizbox.com](https://www.invizbox.com) | [Amazon](https://amzn.to/2w4v7V3)
150 | - **InviziBox Go** - Portable VPN: https://amzn.to/386ikPT
151 | - **WatchGuard Firebox** - Business-grade network firewall. [US](https://amzn.to/2VF0MqR) | [UK](https://amzn.to/2VF12WR)
152 |
153 | #### DIY Networking Hardware
154 | - **[Pi-Hole](https://pi-hole.net)** - Network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole. Pi-Hole can significantly speed up your internet, remove ads and block malware. It comes with a nice web interface and a mobile app with monitoring features, it's open source, easy to install and very widley used
155 | - **[IPFire](https://www.ipfire.org)** - A hardened, versatile, state-of-the-art open source firewall based on Linux. Its ease of use, high performance and extensibility make it usable for everyone
156 | - **[PiVPN](https://pivpn.io)** - A simple way to set up a home VPN on a any Debian server. Supports OpenVPN and WireGuard with elliptic curve encryption keys up to 512 bit. Supports multiple DNS providers and custom DNS provividers- works nicley along-side PiHole
157 | - **[E2guardian](http://e2guardian.org)** - Powerful open source web content filter
158 | - **[OpenWRT](https://openwrt.org)** Powerful custom router firmware, with great security, performance and customization features. See more [custom router firmware](/5_Privacy_Respecting_Software.md#router-firmware)
159 | - **[SquidGuard](http://www.squidguard.org)** - A URL redirector software, which can be used for content control of websites users can access. It is written as a plug-in for Squid and uses blacklists to define sites for which access is redirected
160 | - **[PF Sense](https://www.pfsense.org)** - Widley used, open source firewall/router
161 | - **[Zeek](https://www.zeek.org)** - Detect if you have a malware-infected computer on your network, and powerful network analysis framework and monitor
162 |
163 | [See more](https://geekflare.com/best-open-source-firewall) open source firewall apps
164 |
165 | For most projects, a Raspberry Pi 3 or 4 is more than enough. You could also build your own hardware, see [this guide](https://www.instructables.com/id/Build-your-own-gateway-firewall) on constructing a gateware firewall yourself.
166 |
167 |
168 | ## Secure Computing Devices
169 |
170 | - **ORWL PC** - A self-destroying PC, that will wipe all data if it is compromised, and has many other safeguards to ensure no one other than you can access anything from your drive. Comes with QubeOS, Windows or Linux, and requires both a password and fob to log in. See more: [orwl.org](https://orwl.org)
171 | - **Librem 5** - An open source security and privacy-focused phone, running PureOS, built by Prism. See More: [puri.sm/products/librem-5](https://puri.sm/products/librem-5)
172 | - **Armadillo Phones** - Encrypted phones, SIMs and Networks, provide zero-trust communications and pro-active defences. Their keychain software is open source, and they also provide encrypted SIMs, and servers.
173 | See More: [ArmadilloPhone.com](https://www.armadillophone.com/store#diamond)
174 | - **KryptAll** - Provides secure mobile networking, for encrypted celluar calling. However without being open source, these devices are harder to verify. See More: [KryptAll.com](https://www.kryptall.com)
175 | - **Ano-Phone** - Android devices loaded with additional security defences. Not open source.
176 | See More: [ano-phone.com](https://ano-phone.com)
177 | - **Secure Group** - Hardware-encrypted smart phones, for privacy and security. See more: [SecureGroup.com](https://securegroup.com/hardware)
178 | - **Librem Laptop** - The Librem 13, Librem 15 and Librem Mini are well-speced, open source hardware-encrypted computing devices by Purism. They have several hardware features, like physical connectivity switches, and tamper-proof hardware. See More [puri.sm](https://puri.sm/products)
179 |
180 |
181 |
182 | ## Hardware Encrypted Storage
183 |
184 | Hardware-based encryption uses a device’s on-board security to perform encryption and decryption. It is self-contained and does not require the help of any additional software. Therefore, it is essentially free from the possibility of contamination, malicious code infection, or vulnerability, and able to be used on any platform.
185 |
186 | If the device itself becomes compromised, your data will remain safe. Really useful backing up, transporting and sharing personal data safely. For maximum security, you can combine hardware encryption with software encryption.
187 |
188 | Reliable options include:
189 |
190 | - AES Hardware encrypted USB 3.0 external hard drive enclosure for HDD or SSD: [US]() | [UK](https://amzn.to/2GM3GkB)
191 | - Integral 256-bit AES USB 3.0 (Software required), 16GB, 32GB, 64GB. [US]() | [UK](https://amzn.to/37vpyNb)
192 | - iStorage 256-bit AES USB 3.0 Pro (Hardware Encrypted), with keypad, 8GB, 16GB, 32GB, 64GB. [US](https://amzn.to/2T9wTgo) | [UK](https://amzn.to/2O1OPXu)
193 | - IornKey Rugged Enterprise-grade encrypted USB Pen, 4GB, 8GB, 16GB, 32GB, 64GB, 128GB. [US](https://amzn.to/2wYWQH2) | [UK](https://amzn.to/3cjsnUi)
194 | - iStorage 256-bit AES USB 3.0 Personal (Hardware Encrypted), with keypad, 8GB, 16GB, 32GB, 64GB. [US](https://amzn.to/2I99c1G) | [UK](https://amzn.to/38GzHqo)
195 | - Lexar JumpDrive Fingerprint USB 3.0 (Software required), 32GB, 64GB, 128GB, 256GB. [US](https://amzn.to/38b0eeP) | [UK](https://amzn.to/2GtipRC)
196 | - iStorage 256-bit Hardware Encrypted external USB 3.1 SSD Drive. 128GB, 256GB, 512GB, 1TB. [UK](https://amzn.to/37wkhVA)
197 | - iStorage 256-bit Hardware Encrypted external USB 3.1 HDD Drive. 1TB, 2TB, 3TB, 4TB. [US](https://amzn.to/32DI4RA) | [UK](https://amzn.to/37vpFYN)
198 |
199 |
200 | *Alternatively, a cheaper option would be a software-encrypted USB. [VeraCrypt](https://www.veracrypt.fr/en/Home.html) is cross-platform open source encryption application. It's surprisingly simple (see [this how-to guide](https://www.howtogeek.com/108501/the-how-to-geek-guide-to-getting-started-with-truecrypt)), and very secure. Combine this with an ordinary USB drive, this [high-speed (300mb/s) 256GB flash drive](https://amzn.to/2RykcLD) is a great option*
201 |
202 | *For encryption your boot drive, you can use [BitLocker](https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview) (Windows), [FileVault](https://support.apple.com/en-us/HT204837) (OSX), or any of these [options](https://www.tecmint.com/file-and-disk-encryption-tools-for-linux) for Linux.*
203 |
204 |
205 |
206 | ## USB Data Blockers
207 |
208 | Small, low-cost but essential devise. It attaches inbetween your USB cable and the charging socket, and will physically block data transfer and syncing while charging. Totally mitigates the risk of being hacked via a USB exploit, and stops anything being uploaded to your device.
209 |
210 | - PortaPow 3rd Gen, USB A, 2-Pack. [Red](https://amzn.to/39aStqE) | [White](https://amzn.to/2TqXl4i) | [Black](https://amzn.to/38imYd2)
211 | - PortaPow Dual USB Power Monitor with Data Blocker, usful for monitoring power consumption and managing which devices are allowed data connections. [US](https://amzn.to/2I7HT7J) | [UK](https://amzn.to/3chnWcJ)
212 | - Privise USB A Data Blocker. [US](https://amzn.to/3cig0rr) | [UK](https://amzn.to/2VAbX3K)
213 | - Data-only Micro-USB cable. Be sure that it is actually data-only, you can count the pins at each end. Again PortaPow make a legitimate safe-charge cable. [US](https://amzn.to/2Tq09ys) | [UK](https://amzn.to/38chHDF)
214 | - USB-C ondom. An open source power-with-no-data USB-C data blocker. [Tindie](https://www.tindie.com/products/CrowbarTech/usb-c-ondom/)
215 |
216 | PortaPow (3rd gen) is one of the best options, since it has a SmartCharge chip (which isn't usually possible without the data wire).
217 |
218 | You can also build your own very easily, [here is a schematic](https://www.electroschematics.com/diy-usb-condom-circuit).
219 |
220 | Word of Warning: Sometimes the cable itself can be dangerous. See [O.M.G Cable](https://shop.hak5.org/products/o-mg-cable), it looks like a totally authentic phone cable, but is actually able to deploy advanced exploits often without you being able to identify. It is always best label your cables, to ensure you are using your own, safe wire.
221 |
222 |
223 | ## FIDO U2F Keys
224 |
225 | Physical 2-factor authentication keys are a secure and convinient method of authentication. See [twofactorauth.org](https://twofactorauth.org) for a list of websites that provide 2FA.
226 | - **[Solo Key](https://solokeys.com)** - An open source U2F and FIDO2 key, with NFC. via [SoloKeys.com](https://solokeys.com)
227 | - **[LibremKey](https://puri.sm/products/librem-key/)** - A USB security token to make encryption, key management, and tamper detection convenient and secure. via [Puri.sm](https://puri.sm/products/librem-key/)
228 | - **[OnlyKey](onlykey.io/alicia)** - A pin-protected open source hardware password manager with FIDO2/ U2F. It's very affordable, considering the broad feature set, but initial setup is a little complex. Via [OnlyKey.com](onlykey.io/alicia)
229 | - **[NitroKey](https://www.nitrokey.com/)** - An open source secure USB, providing authentication (OTP, U2F and static passwords), email encryption (GnuPG, OpenGPG, S/MIME etc), file encryption (with VeraCrypt, GnuPG and more), key and certificate management and SSH keys for server administration. via [NitroKey.com](https://www.nitrokey.com/)
230 | - **[Secalot](https://www.secalot.com/)** - A small open source USB, that functions as a hardware Hardware crypto wallet, OpenPGP smart card, U2F authenticator, and one-time password generator. via [Secalot.com](https://www.secalot.com/)
231 | - **[Protectimus](https://www.protectimus.com/protectimus-slim-mini/)** - A credit-card sized, slim TOTP hardware token. Allows you to generate 6-digit OTP codes, without the need for a mobile device. Useful as a backup, in case your phone is not accessible. Via [Protectimus.com](https://www.protectimus.com/protectimus-slim-mini/)
232 | - **[Yubikey](https://www.yubico.com/products/)** - Extremely popular, easy-to-use and reliable authentication keys, availible in a variety of form factors- from Micro keys, USB-C, Slim USB-A, and dual lightning + USB. Note, that neither the hardware, nor software is open source. Via [yubico.com](https://www.yubico.com/products/)
233 | - **[Thetis](https://thetis.io)** - Extremely durable, mobile-friendly USB-A FIDO U2F Key. via [Thetis.io](https://thetis.io)
234 | - **[U2F Zero](https://u2fzero.com/)** - Simple, open source U2F token, with write-only keys, tamper-resistance and hardware true random number generator to ensure high entropy.
235 |
236 | You can also build your own key, see [U2f-Zero](https://github.com/conorpp/u2f-zero) by Conor Patrick, lets you turn a Pi Zero into a second-factor auth method. Or check out [NitroKey](https://github.com/nitrokey), for a guide on building U2F with an ESP-8266, see [this Hackaday article](https://hackaday.com/2018/01/04/two-factor-authentication-with-the-esp8266/)
237 |
238 |
239 |
240 | ## Crypto Wallets
241 |
242 | The most secure medium to store your currency is cold (offline) wallets, since they cannot be hacked. Of course it is vital that you keep your private keys somewhere that they cannot be stolen, and cannot be lost or destroyed. Electronic devices can make it easy to securely store and spend crypto currency. Choose a wallet that is open source, and with a good reputation. Ensure you backup your seed, and keep it somewhere safe.
243 |
244 | - Trezor is fully open source and implements a firmware-based security on top of known hardware. [Trezor.com](https://trezor.io)
245 | - Ledger takes a more black box approach, but their devices are very well tested and secure. They are also easy to use and durable, with good support for a range of crypto. [Ledger.com](https://shop.ledger.com/pages/hardware-wallets-comparison)
246 | - Indestructible Steel Wallet, for private key. [US](https://amzn.to/2Px0EFV) | [UK](https://amzn.to/2VLeVmr)
247 | - QUANTUM is a Multifunctional crypto device, that is an open source secure, reliable and simple cross-platform cryptocurrency wallet and password manager. [crypto-arts.com](https://security-arts.com/) | [Tindie](https://www.tindie.com/products/security-arts/quantum-multifunctional-crypto-device/)
248 |
249 | Always ensure the packaging has not been tampered with, buy direct from the manufacturer when possible.
250 |
251 | ---
252 |
253 | ## See Also
254 |
255 | - [Awesome Privacy-Respecting Software](/5_Privacy_Respecting_Software.md)
256 | - [Ultimate Personal Security Checklist](/README.md)
257 | - [Why Privacy and Security Matters](/0_Why_It_Matters.md)
258 | - [Further Links + More Awesome Stuff](/4_Privacy_And_Security_Links.md)
259 |
260 |
261 | Contributions welcome and appreciated - to propose an edit [raise an issue](https://github.com/Lissy93/personal-security-checklist/issues/new/choose) or [open a PR](https://github.com/Lissy93/personal-security-checklist/pull/new/master). See: [`CONTRIBUTING.md`](/.github/CONTRIBUTING.md)
262 |
263 | *Licensed under [Creative Commons, CC BY 4.0](https://creativecommons.org/licenses/by/4.0/), © [Alicia Sykes](https://aliciasykes.com) 2020*
264 |
265 | [](https://github.com/Lissy93/personal-security-checklist/blob/master/LICENSE.md)
266 |
267 | ---
268 |
269 | Found this helpful? Consider sharing it with others, to help them also improve their digital security 😇
270 |
271 | [](http://twitter.com/share?text=Check%20out%20the%20Personal%20Cyber%20Security%20Checklist-%20an%20ultimate%20list%20of%20tips%20for%20protecting%20your%20digital%20security%20and%20privacy%20in%202020%2C%20with%20%40Lissy_Sykes%20%F0%9F%94%90%20%20%F0%9F%9A%80&url=https://github.com/Lissy93/personal-security-checklist)
272 | [](
273 | http://www.linkedin.com/shareArticle?mini=true&url=https://github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=https://github.com/Lissy93)
274 | [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A//github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=)
275 | [](https://mastodon.social/web/statuses/new?text=Check%20out%20the%20Ultimate%20Personal%20Cyber%20Security%20Checklist%20by%20%40Lissy93%20on%20%23GitHub%20%20%F0%9F%94%90%20%E2%9C%A8)
276 |
--------------------------------------------------------------------------------
/4_Privacy_And_Security_Links.md:
--------------------------------------------------------------------------------
1 | # Awesome Privacy & Securty [](https://awesome.re) [](http://makeapullrequest.com) [](https://creativecommons.org/licenses/by/4.0/) [](https://github.com/Lissy93/personal-security-checklist/graphs/contributors)
2 |
3 | *A curated list of notable guides, articles, tools and media - relating to digital security, internet freedom and online privacy*
4 |
5 | **See also**: [Personal Security Checklist](https://github.com/Lissy93/personal-security-checklist/blob/master/README.md) | [Privacy-Respecting Software](https://github.com/Lissy93/personal-security-checklist/blob/master/5_Privacy_Respecting_Software.md) | [Security Gadgets](/6_Privacy_and-Security_Gadgets.md) | [Why Privacy Matters](/0_Why_It_Matters.md) | [TLDR](/2_TLDR_Short_List.md)🔐
6 |
7 |
8 | - **Information and Guides**
9 | - [How-To Guides](#how-to-guides)
10 | - [Articles](#articles)
11 | - [Blogs](#blogs)
12 | - **Media**
13 | - [Books](#books)
14 | - [Podcasts](#podcasts)
15 | - [Videos](#videos)
16 | - **Security Tools & Services**
17 | - [Online Tools](#online-tools)
18 | - Privacy-Respecting Software, moved to [here](/5_Privacy_Respecting_Software.md)
19 | - Security Hardware, moved to [here](/6_Privacy_and-Security_Gadgets.md)
20 | - **Research**
21 | - [Data and API's](#data-apis-and-visualisations)
22 | - [Academic](#academic)
23 | - **Organisations**
24 | - [Foundations](#foundations)
25 | - [Government and Independant Organisations](#governance)
26 | - **More Lists**
27 | - [Mega Guides](#mega-guides)
28 | - [Other GitHub Security Lists](#more-awesome-github-lists)
29 |
30 |
31 | ## How-To Guides
32 |
33 | - **Threat Protection**
34 | - Protect against SIM-swap scam: via [wired](https://www.wired.com/story/sim-swap-attack-defend-phone)
35 | - How to spot a phishing attack: via [EFF](https://ssd.eff.org/en/module/how-avoid-phishing-attacks)
36 | - Protection from Identity Theft: via [Restore Privacy](https://restoreprivacy.com/identity-theft-fraud)
37 | - Harden your MacOS Security: via [@drduh on GitHub](https://github.com/drduh/macOS-Security-and-Privacy-Guide)
38 | - Protecting from key-stroke-logging, with KeyScrambler: via [TechRepublic](https://www.techrepublic.com/blog/it-security/keyscrambler-how-keystroke-encryption-works-to-thwart-keylogging-threats)
39 | - Guide to Hash Checks, to ensure a program has not been tampered with: via [ProPrivacy](https://proprivacy.com/guides/how-why-and-when-you-should-hash-check)
40 | - Permanently and Securely Delete ‘Files and Directories’ in Linux: via [TechMint](https://www.tecmint.com/permanently-and-securely-delete-files-directories-linux/)
41 | - **Netowkring**
42 | - How to enable DNS over HTTPS: via [geekwire](https://geekwire.co.uk/privacy-and-security-focused-dns-resolver)
43 | - How to resolve DNS leak issue: via [DNSLeakTest](https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html)
44 | - Protect against WebRTC Leaks: via [Restore Privacy](https://restoreprivacy.com/webrtc-leaks)
45 | - ISP and DNS privacy tips: via [bluz71](https://bluz71.github.io/2018/06/20/digital-privacy-tips.html)
46 | - Beginners guide on getting started with Tor: via [ProPrivacy](https://proprivacy.com/privacy-service/guides/ultimate-tor-browser-guide)
47 | - Beginners guide to I2P: via [The Tin Hat](https://thetinhat.com/tutorials/darknets/i2p.html)
48 | - How to Use a VPN and Tor together: via [ProPrivacy](https://proprivacy.com/vpn/guides/using-vpn-tor-together)
49 | - How to use `__nomap`, to reduce public exposure of SSID: via [ghacks](https://www.ghacks.net/2014/10/29/add-_nomap-to-your-routers-ssid-to-have-it-ignored-by-google-and-mozilla/)
50 | - Detailed guide, outlining up-to-date router configurations for ultimate security: via [RouterSecurity.org](https://routersecurity.org/)
51 | - **Communication**
52 | - Email Self-Defense, Configure your mail client securly, from scratch - via [FSF.org](https://emailselfdefense.fsf.org)
53 | - How to avoid Phishing Attacks: via [EFF](https://ssd.eff.org/en/module/how-avoid-phishing-attacks)
54 | - How to use PGP: Via EFF - [Windows](https://ssd.eff.org/en/module/how-use-pgp-windows), [MacOS](https://ssd.eff.org/en/module/how-use-pgp-mac-os-x) and [Linux](https://ssd.eff.org/en/module/how-use-pgp-linux)
55 | - A Step-by-Step Guide to Generating More Secure GPG Keys: via [spin.atomicobject.com](https://spin.atomicobject.com/2013/11/24/secure-gpg-keys-guide/)
56 | - How to Maintain Anonyimity in BitCoin Transactions: [coinsutra.com](https://coinsutra.com/anonymous-bitcoin-transactions/)
57 | - Beginners Guide to Signal (secure messaging app): via [Freedom of the Press Foundation](https://freedom.press/news/signal-beginners/)
58 | - How to use OTR messaging with Adium (MacOS): via [CalyxiIstitute.org](https://calyxinstitute.org/docs/howto-encrypted-instant-messaging-with-osx-adium-and-otr)
59 | - **Devices**
60 | - How to Enable Encryption on your Devices: via [SpreadPrivacy.com](https://spreadprivacy.com/how-to-encrypt-devices/)
61 | - How to Delete your Data Securely: Via EFF - [Windows](https://ssd.eff.org/en/module/how-delete-your-data-securely-windows), [MacOS](https://ssd.eff.org/en/module/how-delete-your-data-securely-macos) and [Linux](https://ssd.eff.org/en/module/how-delete-your-data-securely-linux)
62 | - Layers of Personal Tech Security: via [The Wire Cutter](https://thewirecutter.com/blog/internet-security-layers)
63 | - Device-Specific Privacy Guides: via [SpreadPrivacy](https://spreadprivacy.com/tag/device-privacy-tips/)
64 | - For: [Windows 10](https://spreadprivacy.com/windows-10-privacy-tips/), [MacOS](https://spreadprivacy.com/mac-privacy-tips/), [Linux](https://spreadprivacy.com/linux-privacy-tips/), [Android](https://spreadprivacy.com/android-privacy-tips/) and [iOS](https://spreadprivacy.com/iphone-privacy-tips/)
65 | - Guide to scrubbing Windows OSs from forensic investigation: by u/moschles, via [Reddit](https://www.reddit.com/r/security/comments/32fb1l/open_guide_to_scrubbing_windows_oss_from_forensic)
66 | - A curated list of Windows Domain Hardening techniques: by @PaulSec, via: [GitHub](https://github.com/PaulSec/awesome-windows-domain-hardening)
67 | - Configuring Gboard for better Privacy: via [Ghacks](https://www.ghacks.net/2016/12/21/configure-gboard-privacy-google-keyboard/)
68 | - Settings to update on iPhone, for better privacy: via [lifehacker](https://lifehacker.com/the-privacy-enthusiasts-guide-to-using-an-iphone-1792386831)
69 | - How to check App Permissions (Android, iOS, Mac & Windows): via [Wired](https://www.wired.com/story/how-to-check-app-permissions-ios-android-macos-windows/)
70 | - How to manage Self-Encrypting Drives: via [TechSpot](https://www.techspot.com/guides/869-self-encrypting-drives/)
71 | - **Software**
72 | - Complete guide to configuring Firefox for Privacy + Speed: via [12bytes](https://12bytes.org/7750)
73 | - Firefox Configuration Guide for Beginners: via [12bytes](https://12bytes.org/articles/tech/firefox/the-firefox-privacy-guide-for-dummies)
74 | - How to use Vera Crypt: via [howtogeek](https://www.howtogeek.com/108501/the-how-to-geek-guide-to-getting-started-with-truecrypt)
75 | - How to use KeePassXC: via [EFF](https://ssd.eff.org/en/module/how-use-keepassxc)
76 | - How to use uMatrix browser addon to block trackers: via [ProPrivacy](https://proprivacy.com/privacy-service/guides/lifehacks-setup-umatrix-beginners)
77 | - How to set up 2-Factor Auth on common websites: via [The Verge](https://www.theverge.com/2017/6/17/15772142/how-to-set-up-two-factor-authentication)
78 | - How to use DuckDuckGo advanced search features: via [Ghacks](https://www.ghacks.net/2013/03/24/duckduckgo-another-bag-of-tricks-to-get-the-most-out-of-it/)
79 | - How to use Cryptomator (encrypt files on cloud storage): via [It's Foss](https://itsfoss.com/cryptomator/)
80 | - **Physical Security**
81 | - Guide to Living Anonymously, Personal Data Removal and Credit Freeze: via [IntelTechniques.com](https://inteltechniques.com/data/workbook.pdf)
82 | - Hiding from Physical Surveillance: via [Snallabolaget](http://snallabolaget.com/hiding-from-surveillance-how-and-why)
83 | - Guide to opting-out of public data listings and marketing lists: via [World Privacy Forum](https://www.worldprivacyforum.org/2015/08/consumer-tips-top-ten-opt-outs)
84 | - **Enterprise**
85 | - A basic checklist to harden GDPR compliancy: via [GDPR Checklist](https://gdprchecklist.io)
86 | - **Reference Info**
87 | - A direcory of websites, apps and services supporting 2FA: via [TwoFactorAuth.org](https://twofactorauth.org)
88 | - A directory of direct links to delete your account from web services: via [JustDeleteMe.xyz](https://justdeleteme.xyz)
89 | - Impartial VPN Comparison Data: via [ThatOnePrivacySite](https://thatoneprivacysite.net/#detailed-vpn-comparison)
90 | - Terms of Service; Didn't Read - Vital resource that summarizes and extracts the key details from Privacy Policies/ Terms of Services, aiming to fix the issues caused by blindly agreeing to these Terms: via [tosdr.org](https://tosdr.org/)
91 | - Free, open-source and privacy-respecting alternatives to popular software: via [Switching.Software](https://switching.software/)
92 | - Product reviews from a privacy perspective, by Mozilla: via [Privacy Not Included](https://foundation.mozilla.org/en/privacynotincluded)
93 | - Surveillance Catalogue - Database of secret government surveillance equipment, Snowden: via [The Intercept](https://theintercept.com/surveillance-catalogue)
94 | - See also: The source code, on WikiLeaks [Vault7](https://wikileaks.org/vault7) and [Vault8](https://wikileaks.org/vault8), and the accompanying [press release](https://wikileaks.org/ciav7p1)
95 | - Who Has Your Back? - Which companies hand over your comply with Government Data Requests 2019: via [EFF](https://www.eff.org/wp/who-has-your-back-2019)
96 | - Check who your local and government representatives in your local area are [WhoAreMyRepresentatives.org](https://whoaremyrepresentatives.org)
97 | - Open project to rate, annotate, and archive privacy policies: via [PrivacySpy.org](https://privacyspy.org)
98 | - Hosts to block: via [someonewhocares/ hosts](https://someonewhocares.org/hosts) / [StevenBlack/ hosts](https://github.com/StevenBlack/hosts)
99 | - Magic Numbers - Up-to-date file signature table, to identify / verify files have not been tampered with: via [GaryKessler](https://www.garykessler.net/library/file_sigs.html)
100 | - List of IP ranges per country: via [Nirsoft](https://www.nirsoft.net/countryip)
101 | - Database of default passwords for various devices by manufacturer and model: via [Default-Password.info](https://default-password.info)
102 |
103 |
104 | ## Articles
105 | - **General**
106 | - 8-point manifesto, of why Privacy Matters: via [whyprivacymatters.org](https://whyprivacymatters.org)
107 | - Rethinking Digital Ads: via [TheInternetHealthReport](https://internethealthreport.org/2019/rethinking-digital-ads)
108 | - **Encryption**
109 | - Overview of projects working on next-generation secure email: via [OpenTechFund](https://github.com/OpenTechFund/secure-email)
110 | - Anatomy of a GPG Key: via [@DaveSteele](https://davesteele.github.io/gpg/2014/09/20/anatomy-of-a-gpg-key/)
111 | - **Surveillance**
112 | - Twelve Million Phones, One Dataset, Zero Privacy: via [NY Times](https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html)
113 | - Windows data sending: via [The Hacker News](https://thehackernews.com/2016/02/microsoft-windows10-privacy.html)
114 | - Is your Anti-Virus spying on you: via [Restore Privacy](https://restoreprivacy.com/antivirus-privacy)
115 | - What does your car know about you?: via [Washington Post](https://www.washingtonpost.com/technology/2019/12/17/what-does-your-car-know-about-you-we-hacked-chevy-find-out)
116 | - Turns Out Police Stingray Spy Tools Can Indeed Record Calls: via [Wired](https://www.wired.com/2015/10/stingray-government-spy-tools-can-record-calls-new-documents-confirm)
117 | - UK Police Accessing Private Phone Data Without Warrant: via [Restore Privacy](https://restoreprivacy.com/uk-police-accessing-phone-data)
118 | - Rage Against Data Dominance: via [Privacy International](https://privacyinternational.org/long-read/3734/rage-against-data-dominance-new-hope)
119 | - NSA Files Decoded, What the revelations mean for you: via [The Guardian](https://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa-files-surveillance-revelations-decoded)
120 | - How to Track a Cellphone Without GPS—or Consent: via [Gizmodo](https://gizmodo.com/how-to-track-a-cellphone-without-gps-or-consent-1821125371)
121 | - Apps able to track device location, through power manager: via [Wired](https://www.wired.com/2015/02/powerspy-phone-tracking/)
122 | - Hackers and governments can see you through your phone’s camera: via [Business Insider](https://www.businessinsider.com/hackers-governments-smartphone-iphone-camera-wikileaks-cybersecurity-hack-privacy-webcam-2017-6)
123 | - How a highly targeted ad can track your precise movements: via [Wired](https://www.wired.com/story/track-location-with-mobile-ads-1000-dollars-study/)
124 | - Based on the paper, Using Ad Targeting for Surveillance on a Budget: via [Washington.edu](https://adint.cs.washington.edu/ADINT.pdf)
125 | - Law Enforcement Geo-Fence Data Requests- How an Innocent cyclist became a suspect when cops accessed his Google location data: via [Daily Mail](https://www.dailymail.co.uk/news/article-8086095/Police-issue-warrant-innocent-mans-Google-information.html)
126 | - IBM Used NYPD Surveillance Footage to Develop Technology That Lets Police Search by Skin Color: via [TheIntercept](https://theintercept.com/2018/09/06/nypd-surveillance-camera-skin-tone-search/)
127 | - **Threats**
128 | - 23 reasons not to reveal your DNA: via [Internet Health Report](https://internethealthreport.org/2019/23-reasons-not-to-reveal-your-dna)
129 | - Security of Third-Party Keyboard Apps on Mobile Devices: via [Lenny Zelster](https://zeltser.com/third-party-keyboards-security)
130 | - Mobile Websites Can Tap Into Your Phone's Sensors Without Asking: via [Wired](https://www.wired.com/story/mobile-websites-can-tap-into-your-phones-sensors-without-asking)
131 | - Non-admin accounts mitigate 94% of critical Windows vulnerabilities: via [ghacks](https://www.ghacks.net/2017/02/23/non-admin-accounts-mitigate-94-of-critical-windows-vulnerabilities/)
132 | - Android Apps are able to monitor screen state, data usage, installed app details and more without any permissions: by @databurn-in, via [GitHub](https://github.com/databurn-in/Android-Privacy-Issues)
133 | - See also, [PrivacyBreacher](https://github.com/databurn-in/PrivacyBreacher) - an app developed by @databurn-in, which demonstrates these issues
134 | - How URL Previews in Apps can Leak Personal Info: via [hunch.ly](https://hunch.ly/osint-articles/osint-article-how-to-blow-your-online-cover)
135 | - Big data privacy risks: via [CSO Online](https://www.csoonline.com/article/2855641/the-5-worst-big-data-privacy-risks-and-how-to-guard-against-them.html)
136 | - Anti-Doxing Guide (For Activists Facing Attacks): via [Equality Labs](https://medium.com/@EqualityLabs/anti-doxing-guide-for-activists-facing-attacks-from-the-alt-right-ec6c290f543c)
137 | - **Breaches**
138 | - Wired guide to data breaches- past, present and future: via [Wired](https://www.wired.com/story/wired-guide-to-data-breaches/)
139 | - Grindr and OkCupid Spread Personal Details Study Says: via [NY Times](https://www.nytimes.com/2020/01/13/technology/grindr-apps-dating-data-tracking.html)
140 | - The Asia-Pacific Cyber Espionage Campaign that Went Undetected for 5 Years: via [TheHackerNews](https://thehackernews.com/2020/05/asia-pacific-cyber-espionage.html)
141 | - ClearView AI Data Breach - 3 Billion Faces: via [Forbes](https://www.forbes.com/sites/kateoflahertyuk/2020/02/26/clearview-ai-the-company-whose-database-has-amassed-3-billion-photos-hacked/)
142 | - The MongoDB hack and the importance of secure defaults: via [Synk](https://snyk.io/blog/mongodb-hack-and-secure-defaults/)
143 | - Truecaller Data Breach – 47.5 Million Indian Truecaller Records On Sale: via [GBHackers](https://gbhackers.com/truecaller-data-breach/)
144 | - Hundreds of millions of Facebook user records were exposed on Amazon cloud server: via [CBS News](https://www.cbsnews.com/news/millions-facebook-user-records-exposed-amazon-cloud-server/)
145 | - Microsoft data breach exposes 250 million customer support records: via [Graham Cluley](https://www.grahamcluley.com/microsoft-data-breach/)
146 | - **Data Collection**
147 | - Ring Doorbell App Packed with Third-Party Trackers: via [EFF](https://www.eff.org/deeplinks/2020/01/ring-doorbell-app-packed-third-party-trackers)
148 | - How websites can see your full personal details, from your phone contract info: via [Medium/@philipn](https://medium.com/@philipn/want-to-see-something-crazy-open-this-link-on-your-phone-with-wifi-turned-off-9e0adb00d024)
149 | - Facebook and America’s largest companies give worker data to Equifax: via [FastCompany](https://www.fastcompany.com/40485634/equifax-salary-data-and-the-work-number-database)
150 | - Exfiltration of personal data by session-replay scripts: via [Freedom-to-Tinker](https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/)
151 | - Apple's iTerm2 Leaks Everything You Hover in Your Terminal via DNS Requests: via [BleepingComputer](https://www.bleepingcomputer.com/news/security/iterm2-leaks-everything-you-hover-in-your-terminal-via-dns-requests/)
152 | - Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking: via [propublica.org](https://www.propublica.org/article/google-has-quietly-dropped-ban-on-personally-identifiable-web-tracking)
153 |
154 |
155 | ## Blogs
156 | - **Security Reserachers**
157 | - [Krebs on Security](https://krebsonsecurity.com/) - Lots of up-to-date, in-depth interesting cyber security news and investigations, by a true legend in the field and NY Times Bestseller, Brian Krebs. [RSS](https://krebsonsecurity.com/feed/)
158 | - [Schneier on Security](https://www.schneier.com/) - Commentary, news, essays and more all about cryptography, cyber security and privacy. New posts are written almost daily, and this is also home to the famous [Crypto Gram](https://www.schneier.com/crypto-gram/) weekly newsletter, that's been popular since 1994. By the world-renowned security professional, and serial bestselling author, Bruce Schneier. [RSS](https://www.schneier.com/blog/atom.xml)
159 | - [Troy Hunt](https://www.troyhunt.com/) - Security researcher and data breach collector. [RSS](https://feeds.feedburner.com/TroyHunt)
160 | - [Graham Cluley](https://www.grahamcluley.com/) - Security news, advise and opinion. From Graham Cluley, co-host of Smashing Security.
161 | - [The Last Watch Dog](https://www.lastwatchdog.com/) - Privacy and Security articles, opinion and media by Byron Acohido
162 | - [Daniel Miessler](https://danielmiessler.com/) - Summaries recent news and events, and focuses on security, technology and people. [RSS](https://danielmiessler.com/feed/)
163 | - [Errata Security](https://blog.erratasec.com/) - Covers latest interesting news, and explains concepts clearly. By Robert Graham and David Maynor. [RSS](https://blog.erratasec.com/feeds/posts/default?alt=rss)
164 | - [Underground Tradecraft](https://gru.gq/blog-feed/) - Counterintelligence, OPSEC and Tradecraft for everyone
165 | - **Cyber Security News**
166 | - [Dark Reading](https://www.darkreading.com/) - Well-known cyber security news site, with articles on a range of topics, ranging from data breaches, IoT, cloud security and threat intelligence. [RSS](https://www.darkreading.com/rss_simple.asp)
167 | - [Threat Post](https://threatpost.com/) - News and Articles Cloud Security, Malware, Vulnerabilities, Waterfall Security and Podcasts. [RSS](https://threatpost.com/feed/)
168 | - [We Live Security](https://www.welivesecurity.com/) - Security news, views, and insight, by ESET + Community. [RSS](https://www.welivesecurity.com/rss-configurator/)
169 | - [The Hacker News](https://thehackernews.com/) - News and info covering Data Breaches, Cyber Attacks, Vulnerabilities, Malware. [RSS](https://feeds.feedburner.com/TheHackersNews)
170 | - [Sophos: Naked Security](https://nakedsecurity.sophos.com/) - Security news and updates, presented in an easy-to-digest format. [RSS](https://nakedsecurity.sophos.com/feed/)
171 | - [IT Security Guru](https://www.itsecurityguru.org/) - Combines top cyber security news from multiple sites, easier to stay up-to-date
172 | - [FOSS Bytes- Cyber Security](https://fossbytes.com/category/security) - News about the latest exploits and hacks
173 | - **Cyber Security Infomation**
174 | - [Heimdal](https://heimdalsecurity.com/blog) - Personal Cyber Security Tutorials and Articles
175 | - [Tech Crunch](https://techcrunch.com/tag/cybersecurity-101) - Cyber Security 101
176 | - [Email Self-Defense](https://emailselfdefense.fsf.org) - Complete guide to secure email
177 | - [Security Planner](https://securityplanner.org) - Great advise for beginners
178 | - [My Shaddow](https://myshadow.org) - Resources and guides, to help you take controll of your data
179 | - **Privacy**
180 | - [EFF SSD](https://ssd.eff.org) - Tips for safer online communications
181 | - [Spread Privacy](https://spreadprivacy.com) - Raising the standard of trust online, by DuckDuckGo
182 | - [Restore Privacy](https://restoreprivacy.com) - Tools and guides about privacy and security
183 | - [That One Privacy Site](https://thatoneprivacysite.net) - impartial comparisons and discussions
184 | - [The Hated One](https://www.youtube.com/channel/UCjr2bPAyPV7t35MvcgT3W8Q) - Privacy and security videos
185 | - [12Bytes](https://12bytes.org/articles/tech) - Opinion Articles about Tech, Privacy and more
186 | - [Pixel Privacy](https://pixelprivacy.com/resources) - Online privacy guides
187 | - [The Tin Hat](https://thetinhat.com) - Tutorials and Articles for Online Privacy
188 | - [PrivacyTools.io]( https://www.privacytools.io) - Tools to protect against mass surveillance
189 | - [PrismBreak](https://prism-break.org/en/all) - Secure app alternatives
190 | - [The VERGE guide to privacy](https://bit.ly/2ptl4Wm) - Guides for securing mobile, web and home tech
191 | - [BringBackPrivacy](https://bringingprivacyback.com) - Easy-reading, sharable privacy articles
192 | - [The Privacy Project](https://www.nytimes.com/interactive/2019/opinion/internet-privacy-project.html) - Articles and reporting on Privacy, by the NYT
193 | - **Internet Freedom**
194 | - [OONI](https://ooni.org/post), Internet freedom and analysis on blocked sites
195 | - [Internet Health Report](https://foundation.mozilla.org/en/internet-health-report) - Mozilla is documenting and explaining what’s happening to openness and freedom on the Internet
196 | - [Worth Hiding](https://worthhiding.com) - Posts about privacy, politics and the law
197 |
198 | ## Books
199 | - [Permanent Record](https://www.amazon.co.uk/Permanent-Record-Edward-Snowden/dp/1529035651) by Edward Snowden
200 | - [Sandworm](https://www.amazon.co.uk/Sandworm-Cyberwar-Kremlins-Dangerous-Hackers/dp/0385544405) by Andy Greenberg: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers
201 | - [Extreme Privacy](https://www.amazon.co.uk/Extreme-Privacy-Takes-Disappear-America/dp/1093757620) by Michael Bazzell: Thoroughly detailed guide for protecting your privacy both electronically and physically
202 | - [Ghost in the Wires](https://www.amazon.co.uk/gp/product/B00FOQS8D6) by Kevin Mitnick: Kevin tells his story of being the world's most wanted hacker
203 | - [The Art of Invisibility](https://www.amazon.com/Art-Invisibility-Worlds-Teaches-Brother/dp/0316380504), by Kevin Mitnick: You How to Be Safe in the Age of Big Brother
204 | - [Eyes in the Sky](https://www.goodreads.com/book/show/40796190-eyes-in-the-sky): The Secret Rise of Gorgon Stare and How It Will Watch Us All, by Arthur Holla Michel: Outlines the capabilities of the digital imaging in continuous aerial and satellite surveillance, and discusses both the current systems that are deployed, and the technical feasibility of future plans
205 |
206 | ## Podcasts
207 | - [Darknet Diaries] by Jack Rhysider: Stories from the dark sides of the internet.
208 | [][da-stitch]
209 | [][da-itunes]
210 | [][da-spotify]
211 | [][da-google]
212 | [][cy-pocketcasts]
213 | - [CYBER] by Motherboard: News and analysis about the latest cyber threats
214 | [][cy-stitch]
215 | [][cy-itunes]
216 | [][cy-spotify]
217 | [][cy-soundcloud]
218 | [][cy-pocketcasts]
219 | - [The Privacy, Security, & OSINT Show] by Michael Bazzell: Comprehensive guides on Privacy and OSINT
220 | [][tp-stitch]
221 | [][tp-itunes]
222 | [][tp-spotify]
223 | [][tp-soundcloud]
224 | [][tp-pocketcasts]
225 | - [Smashing Security] by Graham Cluley and Carole Theriault: Casual, opinionated and humerous chat about current cybersecurity news
226 | [][sm-stitch]
227 | [][sm-itunes]
228 | [][sm-spotify]
229 | [][sm-google]
230 | [][sm-pocketcasts]
231 | - [IRL Podcast] by Mozilla: Online Life is Real Life, Stories about the future of the Web
232 | [][irl-stitch]
233 | [][irl-itunes]
234 | [][irl-spotify]
235 | [][irl-google]
236 | [][irl-pocketcasts]
237 | - [Random but Memorable] by 1Password - A Security advice podcast
238 | [][rbm-stitch]
239 | [][rbm-itunes]
240 | [][rbm-spotify]
241 | [][rbm-google]
242 | [][rbm-pocketcasts]
243 |
244 |
245 |
246 | More Security Podcasts on [player.fm](https://player.fm/featured/security)
247 |
248 | More Podcasts (Verification Required): [Naked Security](https://nakedsecurity.sophos.com) | [Open Source Security Podcast](opensourcesecuritypodcast.com) | [Defensive Security Podcast](https://defensivesecurity.org) | [Malicious Life](https://malicious.life) | [Down the Security Rabbit Hole](http://podcast.wh1t3rabbit.net) | [Cyber Wire](https://thecyberwire.com/podcasts/daily-podcast) | [Hacking Humans](https://thecyberwire.com/podcasts/hacking-humans) | [Security Now](https://twit.tv/shows/security-now) | [Cyber Security Interviews](https://cybersecurityinterviews.com) | [Security Weekly](https://securityweekly.com) | [The Shared Security Podcast](https://sharedsecurity.net) | [Risky Business](https://risky.biz/netcasts/risky-business) | [Crypto-Gram Security Podcast](https://crypto-gram.libsyn.com) | [Off the Hook](https://player.fm/series/off-the-hook-84511)
249 |
250 |
251 | [Darknet Diaries]: https://darknetdiaries.com
252 | [da-stitch]: https://www.stitcher.com/podcast/darknet-diaries
253 | [da-itunes]: https://podcasts.apple.com/us/podcast/darknet-diaries/id1296350485
254 | [da-spotify]: https://open.spotify.com/show/4XPl3uEEL9hvqMkoZrzbx5
255 | [da-pocketcasts]: https://pca.st/darknetdiaries
256 | [da-google]: https://podcasts.google.com/?feed=aHR0cHM6Ly9mZWVkcy5tZWdhcGhvbmUuZm0vZGFya25ldGRpYXJpZXM%3D
257 |
258 | [CYBER]: https://www.vice.com/en_us/article/59vpnx/introducing-cyber-a-hacking-podcast-by-motherboard
259 | [cy-stitch]: https://www.stitcher.com/podcast/vice-2/cyber
260 | [cy-soundcloud]: https://soundcloud.com/motherboard
261 | [cy-itunes]: https://podcasts.apple.com/us/podcast/cyber/id1441708044
262 | [cy-spotify]: https://open.spotify.com/show/3smcGJaAF6F7sioqFDQjzn
263 | [cy-pocketcasts]: https://pca.st/z7m3
264 |
265 | [The Privacy, Security, & OSINT Show]: https://inteltechniques.com/podcast.html
266 | [tp-stitch]: https://www.stitcher.com/podcast/michael-bazzell/the-complete-privacy-security-podcast
267 | [tp-soundcloud]: https://soundcloud.com/user-98066669
268 | [tp-itunes]: https://podcasts.apple.com/us/podcast/complete-privacy-security/id1165843330
269 | [tp-spotify]: https://open.spotify.com/show/6QPWpZJ6bRTdbkI7GgLHBM
270 | [tp-pocketcasts]: https://pca.st/zdIq
271 |
272 | [Smashing Security]: https://www.smashingsecurity.com
273 | [sm-stitch]: https://www.stitcher.com/podcast/smashing-security
274 | [sm-itunes]: https://podcasts.apple.com/gb/podcast/smashing-security/id1195001633
275 | [sm-spotify]: https://open.spotify.com/show/3J7pBxEu43nCnRTSXaan8S
276 | [sm-pocketcasts]: https://pca.st/47UH
277 | [sm-google]: https://podcasts.google.com/?feed=aHR0cHM6Ly93d3cuc21hc2hpbmdzZWN1cml0eS5jb20vcnNz
278 |
279 | [IRL Podcast]: https://irlpodcast.org
280 | [irl-stitch]: https://www.stitcher.com/podcast/smashing-security
281 | [irl-itunes]: https://geo.itunes.apple.com/podcast/us/id1247652431?mt=2&at=1010lbVy
282 | [irl-spotify]: https://open.spotify.com/show/0vT7LJMeVDxyQ2ZamHKu08
283 | [irl-pocketcasts]: https://pca.st/irl
284 | [irl-google]: https://www.google.com/podcasts?feed=aHR0cHM6Ly9mZWVkcy5tb3ppbGxhLXBvZGNhc3RzLm9yZy9pcmw
285 |
286 | [Random but Memorable]: https://blog.1password.com/random-but-memorable-the-security-advice-podcast-from-1password
287 | [rbm-stitch]: https://www.stitcher.com/podcast/1password/random-but-memorable
288 | [rbm-itunes]: https://podcasts.apple.com/us/podcast/random-but-memorable/id1435486599
289 | [rbm-pocketcasts]: https://pca.st/43AW
290 | [rbm-spotify]: https://open.spotify.com/show/5Sa3dy0xDvMT0h3O5MGMOr
291 | [rbm-google]: https://podcasts.google.com/?feed=aHR0cHM6Ly9mZWVkcy5zaW1wbGVjYXN0LmNvbS9lRVpIazJhTA
292 |
293 |
294 | ## Videos
295 | - **General**
296 | - [You are being watched](https://youtu.be/c8jDsg-M6qM) by The New York Times
297 | - [The Power of Privacy](https://youtu.be/KGX-c5BJNFk) by The Guardian
298 | - [Why Privacy matters, even if you have nothing to hide](https://youtu.be/Hjspu7QV7O0) by The Hated One
299 | - [The Unhackable Email Service](https://youtu.be/NM8fAnEqs1Q) by Freethink
300 | - [NSA Whistleblower: Government Collecting Everything You Do](https://youtu.be/SjHs-E2e2V4) by Empire Files
301 | - **Cryptography**
302 | - [Advanced Into to GnuPGP](https://begriffs.com/posts/2016-11-05-advanced-intro-gnupg.html) by Neal Walfield ([walfield.org](http://walfield.org/))
303 | - **TED Talks**
304 | - [How Online Trackers Track You, and What To Do About It](https://youtu.be/jVeqAemtC6w) by Luke Crouch
305 | - [Why you should switch off your home WiFi](https://youtu.be/2GpNhYy2l08) by Bram Bonné
306 | - [Why Privacy Matters](https://www.ted.com/talks/glenn_greenwald_why_privacy_matters), by Glenn Greenwald
307 | - [Fighting viruses, defending the net](https://www.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net), by Mikko Hypponen
308 | - [The 1s and 0s behind cyber warfare](https://www.ted.com/talks/chris_domas_the_1s_and_0s_behind_cyber_warfare), by Chris Domas
309 | - [State Sanctioned Hacking - The Elephant in the Room](https://youtu.be/z-A2MxHmnU4) - Historic, economic and demographic overview of the growing threat to the U.S. from Chinese cyber invasions, by Frank Heidt
310 | - [How the IoT is Making Cybercrime Investigation Easier](https://youtu.be/9CemONO6vrY) - How our data is changing the nature of "evidence" in digital forensics, by Jonathan Rajewski
311 | - [Online Privacy Doesn't Exist](https://youtu.be/LgWrD3EJ1Do) - The unexpected dangers our digital breadcrumbs can lead to, by Denelle Dixon
312 | - [Data is the new gold, who are the new thieves?](https://youtu.be/XNF-rGiGb50) - Introduction and demonstration of the power of data, by Tijmen Schep
313 | - **Conferences**
314 | - [DEF CON 27](https://www.youtube.com/playlist?list=PL9fPq3eQfaaA4qJEQQyXDYtTIfxCNA0wB) - Collection of talks from DEF CON 2019, Vegas
315 | - [RSA Conference](https://www.youtube.com/user/RSAConference) - Collection of security talks from the RSA conferences
316 | - [Administraitor.video](https://administraitor.video) - A regularly updated collection of new and interesting security confrence talks
317 | - **Misc**
318 | - [Through a PRISM, Darkly](https://youtu.be/e4woRYs0mM4) - Everything we know about NSA spying, by Kurt Opsahl
319 | - [What it REALLY takes to have True Privacy in the 21st Cen](https://youtu.be/bxQSu06yuZc) by @MalcomVetter
320 |
321 | See also: [awesome-sec-talks](https://github.com/PaulSec/awesome-sec-talks) by @PaulSec
322 |
323 |
324 | ## Online Tools
325 |
326 | - **Check and Test**
327 | - [εxodus](https://reports.exodus-privacy.eu.org) - Check which trackers any app on the Play Store has
328 | - [Have I been Pwned](https://haveibeenpwned.com) and [Dehashed](https://www.dehashed.com) - Check if your details have been compromised
329 | - [Redirect Detective](https://redirectdetective.com) - Check where a suspicious URL redirects to
330 | - [Botometer](https://botometer.iuni.iu.edu/) - An AI script to check if a certain username is a bot
331 | - **Utilities**
332 | - [ExifRemove](https://www.exifremove.com) - Remove Meta/ EXIF data online
333 | - [Secure Password Check](https://password.kaspersky.com) - Fun little tool, to demonstrate how long it could take to crack a password
334 | - [33Mail](http://33mail.com/Dg0gkEA) or [Anonaddy](https://anonaddy.com) or [SimpleLogin](https://simplelogin.io?slref=bridsqrgvrnavso) Protect your email address, by auto-generating unique permeant aliases for each account, so all emails land in your primary inbox
335 | - [Deseat Me](https://www.deseat.me) - Clean up your online presence
336 | - **Anti-Tracking Analysis**
337 | - [Panopticlick](https://panopticlick.eff.org) - Check if, and how your browser is tracking you
338 | - [Browser Leaks](https://browserleaks.com) - Check which information is being leaked by your browser
339 | - [DNSLeakTest](https://www.dnsleaktest.com) - Check for and fix a DNS leak
340 | - [IP Leak](https://ipleak.net) - IP Leak test
341 | - [Am I Unique?](http://amiunique.org) - If your fingerprint is unique, then websites can track you
342 | - [Qualys SSL Client Test](https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html) - Check the SSL/TLS capabilities of your browser
343 | - **Phishing, Hacking and Abuse**
344 | - [VirusTotal](https://www.virustotal.com) - Analyse a suspicious web resource for malware
345 | - [ScamAdviser](https://www.scamadviser.com) - Check if a website is a scam, before buying from it
346 | - [Abuse IP DB](https://www.abuseipdb.com) - Report an IP address for abuse, spam or attacks, and check the status of any IP
347 | - [Phish Tank](https://www.phishtank.com) - Check if a link is a known phishing URL, Submit a phishing URL, browse recent phishing URLs
348 | - [Is It Hacked?](http://www.isithacked.com) - Check if a website or page appears to be hacked, hijacked or generally suspicious
349 | - **IP Tools**
350 | - [I Know What You Download](https://iknowwhatyoudownload.com) - Shows torrents that have been downloaded or distributed from your IP address
351 | - [Hetrix Tools - Blacklist Check](https://hetrixtools.com/blacklist-check/) - Check if your Domain or IP appears on any common blacklists
352 | - [Check: The Tor Project](https://check.torproject.org/) - Check if your connected via Tor, and diagnose issues
353 | - **Public Domain and Website Scanning Tools**
354 | - [URL Scan](https://urlscan.io) - Scan and analyse websites, shows IP, DNS, domain and host data, as well as info about resources and requests
355 | - [Security Trails](https://securitytrails.com/#search) - Shows all DNS records, historical DNS data and sub domains
356 | - [crt.sh](https://crt.sh) - Shows current and previous SSL/ TLS certificates for a given domain, has advanced search option
357 | - [Virus Total](https://www.virustotal.com) - Scans any URL, web asset or file for malware
358 | - [DomainTools WhoIs](https://whois.domaintools.com) - Who Is Lookup. Check who registered a domain name, and find contact details
359 | - [Pentest Tools Vulnerability Scanner](https://pentest-tools.com/website-vulnerability-scanning/website-scanner) - Light scan searches for client and server-side vulnerabilities and missing HTTP security headers
360 | - [Qualys SSL Server Test](https://www.ssllabs.com/ssltest) - Perform a deep analysis of the configuration of any SSL web server on the public Internet
361 | - [Abuse IP DB](https://www.abuseipdb.com) - Check if an IP or domain has been reported for abuse, or file a report
362 | - [RIPEstat](https://stat.ripe.net) - Detailed analysis of IP Addresses (Routing, DNS, Abuse History, Activity etc)
363 | - [Multirbl](http://multirbl.valli.org) - Complete IP check for sending Mailservers
364 | - [IPVoid](https://www.ipvoid.com) - Full suit of Domain, IP, and DNS tools for Tracing, Lookup, Checking and Pinging
365 | - **Net Neutrality**
366 | - [Blocked by ORG](https://www.blocked.org.uk) - Check if your website is blocked by certain ISPs
367 | - [Data Rights Finder](https://www.datarightsfinder.org) - Find, understand and use information from privacy policies
368 | - [Down For Everyone Or Just Me](https://downforeveryoneorjustme.com) - Quickly determine if a website is down, or just unavailable for you
369 | - **Anonymous Services** - The following sites host a veriety of anonymous online services
370 | - [NixNet](https://nixnet.services)
371 | - [Snopyta](https://snopyta.org)
372 | - [Disroot](https://disroot.org)
373 | - **Archives**
374 | - [The Way Back Machine](https://archive.org/web/web.php) - See previous versions of any website. An archive of 431 billion snapshots over 20 years
375 | - [PolitiTweet](https://polititweet.org) - Archives Tweets from powerful public figures, and records silent retractions and deleted tweets
376 | - [Internet Archive Software Collection](https://archive.org/details/software) - The largest vintage and historical software library
377 | - [OpenLibrary](https://openlibrary.org) - A free, digital library of over 2 million eBooks, and information on over 20 million books
378 | - [Archive-It](https://archive-it.org) - Collecting and accessing cultural heritage on the web
379 |
380 |
381 | ## Privacy-Respecting Software
382 |
383 | This section has moved to [here](/5_Privacy_Respecting_Software.md). Complete list of privacy-respecting software and services
384 |
385 | ## Security Hardware
386 |
387 | This section has moved to [here](/6_Privacy_and-Security_Gadgets.md). Products, gadgets and DIY projects to help improve security
388 |
389 | ## Data, API's and Visualisations
390 |
391 | - **Research Results**
392 | - [Internet Census Data](https://ant.isi.edu/datasets) - Includes data on address space allocation, traffic, DNS, service enumeration, internet outages and other internet topology data
393 | - [Web Tracking Data](https://webtransparency.cs.princeton.edu/webcensus/#data) by Princeton University - This is the largest and most detailed analysis of online tracking to date, and measures both stateful (cookie-based) and stateless (fingerprinting-based) tracking. The crawls were made with [OpenWPM](https://github.com/mozilla/OpenWPM)
394 | - [Who has your Back?](https://www.eff.org/files/2019/06/11/whyb_2019_report.pdf) by EFF - Anual report assessing how companies handle personal data
395 | - Historic Reports: [2012](https://www.eff.org/files/who-has-your-back-2012_0.pdf) | [2013](https://www.eff.org/sites/default/files/who-has-your-back-2013-report-20130513.pdf) | [2014](https://www.eff.org/files/2014/05/15/who-has-your-back-2014-govt-data-requests.pdf) | [2015](https://www.eff.org/files/2015/06/18/who_has_your_back_2015_protecting_your_data_from_government_requests_20150618.pdf) | [2016](https://www.eff.org/files/2016/05/04/who-has-your-back-2016.pdf) | [2017](https://www.eff.org/files/2017/07/08/whohasyourback_2017.pdf) | [2018](https://www.eff.org/files/2018/05/31/whyb_2018_report.pdf) | [2019](https://www.eff.org/files/2019/06/11/whyb_2019_report.pdf)
396 | - [Lists of Websites Abusing Session Replay](https://webtransparency.cs.princeton.edu/no_boundaries/session_replay_sites.html) - Third-party sesssion replay scripts, record all your acions and allow them to be watched by a human. This list of websites include this
397 | - See also, the accompaniing [blog post](https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/) and the [WebTAP](https://webtap.princeton.edu/) project
398 | - [Sensor Access Data](https://databank.illinois.edu/datasets/IDB-9213932) - A Crawl of the Mobile Web Measuring Sensor Accesses, Illinois
399 | - [Canalys Newsroom](https://www.canalys.com/newsroom) - Research Studies on Security, Privacy, Technology and Finance
400 | - [Data Never Sleeps](https://web-assets.domo.com/blog/wp-content/uploads/2019/07/data-never-sleeps-7-896kb.jpg) - An infographic visualizing how much data is generated every minute (2019)
401 | - [What they Know about You](https://external-preview.redd.it/KU3pS4LIhLWqeYSluiYyJMhLQW1fEjTdh8lEKL2jafc.png?auto=webp&s=fe015c1e32731bc61cd0d57313f5a261173846ca) - An Infographic showing what information are Giant Tech Companies collecting from you (2020)
402 | - **Databases**
403 | - [Exodus](https://reports.exodus-privacy.eu.org/en/trackers/stats) - Trackers in Android Apps
404 | - [Exploit Database](https://www.exploit-db.com) - A database or Current software vulnerabilities
405 | - [URLScan](https://urlscan.io) - Service scanning for malicious domains, with historical results
406 | - [Dehashed](https://www.dehashed.com/breach) - Data Breaches and Credentials
407 | - [VirusTotal](https://developers.virustotal.com/v3.0/reference) - Detailed virus scans of software
408 | - [Abuse IP DB](https://www.abuseipdb.com) - Database of IPs reported for abuse
409 | - [SnusBase](https://snusbase.com) - Long standing database hosting breached data
410 | - [OpenPhish](https://openphish.com) - A feed of current phishing endpoints
411 | - [HashToolkit](http://hashtoolkit.com) - Database of 'cracked' hashes
412 | - [SecLists](https://github.com/danielmiessler/SecLists) - Starter list of leaked databases, passwords, usernames etc (Great for programming)
413 | - [Qualys SSL Pulse](https://www.ssllabs.com/ssl-pulse) - A continuous and global dashboard for monitoring the quality of SSL / TLS support over time across 150,000 SSL- and TLS-enabled websites, based on Alexa’s list of the most popular sites in the world
414 | - [Tor Bulk Exit List](https://check.torproject.org/torbulkexitlist) - List of all exit nodes (IP) in use on the Tor network
415 | - **Fun with Live Data** 🌠
416 | - **Internet**
417 | - [Tor Flow](https://torflow.uncharted.software) - Real-time data flow between Tor nodes
418 | - [Internet Census](http://census2012.sourceforge.net/images/geovideo.gif) - 24-hour world map of average utilization of IPv4 addresses
419 | - ICMP ping requests were sent out via the Carna botnet. Read how this was done on the [Official Site](http://census2012.sourceforge.net) or download similar [datasets](https://ant.isi.edu/datasets/all.html)
420 | - [Map of Mobile Internet](https://labs.mapbox.com/labs/twitter-gnip/brands/) - Shows world data coverage, according to Twitter data
421 | - [DomainTools Statistics](https://research.domaintools.com/statistics) - Domain registration Numbers and Charts
422 | - [Insecam](http://www.insecam.org) - A directory and feed of insecure or public live webcams
423 | - [IKnow](https://iknowwhatyoudownload.com/en/stat/GB/daily) - Live data showing what content is being downloaded + distributed via torrents
424 | - [Semantic Internet Map](http://internet-map.net) - Shows how different websites link together
425 | - **Unrelated, but Awesome Data**
426 | - [BGP Stream](https://bgpstream.com) - Shows all current outages
427 | - [Submarine Cable Map](https://www.submarinecablemap.com) - An up-to-date map of major global internet cables (see also [he.net globe](https://he.net/3d-map) and [this map](https://submarine-cable-map-2016.telegeography.com))
428 | - [FlightRadar24](https://www.flightradar24.com) - World-wide map of live aircraft positions
429 | - [Airport WiFi Map](https://www.google.com/maps/d/u/0/viewer?mid=1Z1dI8hoBZSJNWFx2xr_MMxSxSxY) - Shows WiFi networks and their passwords for airports around the world
430 | - [Stuff in Space](http://stuffin.space) - Shows objects orbiting Earth
431 | - [Grid Watch](https://www.gridwatch.templar.co.uk/) - Realtime energy ussage and demand
432 | - [Wiggle](https://wigle.net) - Worlds largest WiFi Map showing personal hotspot statistics geographically
433 | - **Threat Maps** - Real-time hack attempts (malware, phishing, exploit and spam), visualised geographically
434 | - [Checkpoint](https://threatmap.checkpoint.com)
435 | - [FortiGuard](https://threatmap.fortiguard.com)
436 | - [Fire Eye](https://www.fireeye.com/cyber-map/threat-map.html)
437 | - [Kaspersky](https://cybermap.kaspersky.com)
438 | - [BitDefender](https://threatmap.bitdefender.com)
439 | - [ESET](https://www.virusradar.com)
440 | - [Threat But Map](https://threatbutt.com/map)
441 | - [Looking Glass Cyber Map](https://map.lookingglasscyber.com)
442 | - [Digital Attack Map](https://www.digitalattackmap.com)
443 | - [Kaspersky LogBook](https://apt.securelist.com) - Historic Threat Time Line
444 |
445 |
446 | ## Academic
447 |
448 | - **Journals**
449 | - Rethinking information privacy‐security: Does it really matter? By Waseem Afzal: via [Wiley](https://asistdl.onlinelibrary.wiley.com/doi/10.1002/meet.14505001095)
450 | - Crypto Paper: Privacy, Security, and Anonymity For Every Internet User, by Crypto Seb: via [GitHub](https://github.com/cryptoseb/cryptopaper)
451 | - Challenges in assessing privacy impact, Tales from the Front Line: via [Wiley](https://onlinelibrary.wiley.com/doi/10.1002/spy2.101)
452 | - A privacy‐preserving multifactor authentication system: via [Wiley](https://onlinelibrary.wiley.com/doi/10.1002/spy2.88)
453 | - Web Browser Privacy: What Do Browsers Say When They Phone Home?: via [scss.tcd.ie](https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf)
454 | - Online Tracking, A 1-million-site Measurement and Analysis: via [Princeton University](https://www.cs.princeton.edu/~arvindn/publications/OpenWPM_1_million_site_tracking_measurement.pdf)
455 | - Detecting and Defending Against Third-Party Tracking on the Web: via [Franziska Roesner](http://www.franziroesner.com/pdf/webtracking-NSDI2012.pdf)
456 | - Is Google degrading search? Consumer Harm from Universal Search: via [law.berkeley.edu](https://www.law.berkeley.edu/wp-content/uploads/2015/04/Luca-Wu-Yelp-Is-Google-Degrading-Search-2015.pdf)
457 | - A Comprehensive Evaluation of Third-Party Cookie Policies: via [WhoLeftOpenTheCookieJar.com](https://wholeftopenthecookiejar.com/static/tpc-paper.pdf)
458 | - The Dangers of Surveillance: via [Harvard Law Review](https://harvardlawreview.org/wp-content/uploads/pdfs/vol126_richards.pdf)
459 | - Recognizing Speech From Gyroscope Signals: via [Stanford](https://crypto.stanford.edu/gyrophone/)
460 | - A Study of Scripts Accessing Smartphone Sensors: via [sensor-js.xyz](https://sensor-js.xyz/webs-sixth-sense-ccs18.pdf)
461 | - Pixel Perfect, Fingerprinting Canvas in HTML5: [hovav.net](https://hovav.net/ucsd/dist/canvas.pdf)
462 | - Shining the Floodlights on Mobile Web Tracking — A Privacy Survey: via [semanticscholar.org](https://pdfs.semanticscholar.org/80bb/5c9119ff4fc2374103b4f3d6a8f614b3c2ed.pdf)
463 | - Characterizing the Use of Browser-Based Blocking Extensions To Prevent Online Tracking: via [aruneshmathur.co.in](http://aruneshmathur.co.in/files/publications/SOUPS18_Tracking.pdf)
464 | - Privacy implications of email tracking: via [senglehardt.com](https://senglehardt.com/papers/pets18_email_tracking.pdf)
465 | - Battery Status Not Included, Assessing Privacy in Web Standards: via [princeton.edu](https://www.cs.princeton.edu/~arvindn/publications/battery-status-case-study.pdf)
466 | - Achieving Anonymity Against Major Face Recognition Algorithms: via [ruhr-uni-bochum.de](https://www.mobsec.ruhr-uni-bochum.de/media/ei/veroeffentlichungen/2016/01/15/2013-cms-face-recognition.pdf)
467 | - De-anonymizing Web Browsing Data with Social Networks: via [princeton.edu](https://www.cs.princeton.edu/~arvindn/publications/browsing-history-deanonymization.pdf)
468 | - The Surveillance Implications of Web Tracking: via [senglehardt.com](https://senglehardt.com/papers/www15_cookie_surveil.pdf)
469 | - Understanding Facebook Connect login permissions: via [jbonneau.com](http://jbonneau.com/doc/RB14-fb_permissions.pdf)
470 | - Corporate Surveillance in Everyday Life, How Companies Collect, Combine, Analyze, Trade, and Use Personal Data on Billions: By Wolfie Christl, via [crackedlabs.org](https://crackedlabs.org/dl/CrackedLabs_Christl_CorporateSurveillance.pdf)
471 | - Using Ad Targeting for Surveillance on a Budget: via [washington.edu](https://adint.cs.washington.edu/ADINT.pdf)
472 | - Cross-Site WebSocket Hijacking: via [christian-schneider.net](http://www.christian-schneider.net/CrossSiteWebSocketHijacking.html)
473 | - Location Tracking using Mobile Device Power Analysis: [scribd.com](https://www.scribd.com/doc/256304846/PowerSpy-Location-Tracking-using-Mobile-Device-Power-Analysis)
474 | - HORNET, High-speed Onion Routing at the Network Layer: via [arxiv.org](https://arxiv.org/pdf/1507.05724v1.pdf)
475 | - Decoy Routing: Toward Unblockable Internet Communication: via [usenix.org](https://www.usenix.org/legacy/events/foci11/tech/final_files/Karlin.pdf)
476 | - Trackers Vs Firefox, Comparing different blocking utilities: via [GitHub- @jawz101](https://github.com/jawz101/TrackersVsFirefox)
477 | - 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy: via [ssrn.com](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565&)
478 |
479 |
480 | - **Implementations and Standards**
481 | - [The GNU Privacy Guard](https://www.gnupg.org)
482 | - [OpenPGP JavaScript Implementation](https://openpgpjs.org)
483 | - [WireGuard](https://www.wireguard.com/papers/wireguard.pdf)
484 | - [Nym](https://as93.link/nym-blog-post) - Next Generation of Privacy infrastructure
485 | - [REC-X.509](https://www.itu.int/rec/T-REC-X.509) - The standard defining the format of public key certificates, used across most internet protocols and applications
486 | - [obfs4-spec](https://gitweb.torproject.org/pluggable-transports/obfs4.git/tree/doc/obfs4-spec.txt) & [obfs3-protocol-spec](https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/tree/doc/obfs3/obfs3-protocol-spec.txt) - The Tor obfourscator and Pluggable transport for obfuscated traffic
487 |
488 |
489 |
490 |
491 |
492 | ## Foundations
493 |
494 | - [Contract for the Web](https://contractfortheweb.org)
495 | - [Electronic Frountier Foundation](https://www.eff.org) - Defending digital privacy + more
496 | - [OWASP Foundation](https://www.owasp.org)
497 | - [Freedom House](https://freedomhouse.org) - Fighting for freedom on the net
498 | - [Privacy International](https://privacyinternational.org)
499 | - [Open Tech Fund](https://www.opentech.fund)
500 | - [Freedom of the Press Foundation](https://freedom.press)
501 | - [Open Rights Group](https://www.openrightsgroup.org)
502 | - [LEAP Encryption Access Project](https://leap.se)
503 | - [The Guardian Project](https://guardianproject.info)
504 | - [Foundation for Applied Privacy](https://applied-privacy.net)
505 | - [Safe + Secure](https://safeandsecure.film) - advise for journalists and film makers
506 | - [Citizen Lab](https://citizenlab.ca)
507 | - [Electronic Privacy Information Center](https://epic.org)
508 | - [American Civil Liberties Union](https://www.aclu.org/issues/privacy-technology)
509 | - [Free Software Foundation](https://www.fsf.org)
510 | - [Calyx Institute](https://calyxinstitute.org/) - Brooklyn-based organisation, aiming to educate the public about privacy in digital communications
511 | - [Courage Foundation](https://www.couragefound.org) - Supports those who risk life / liberty to make significant contributions to the historical record
512 | - [Fight for the Future](https://www.fightforthefuture.org) - Fighting for a future where technology liberates
513 | - [Public Citizen](https://www.citizen.org) - Standing up to corporate power and hold the government accountable
514 |
515 |
516 |
517 | ## Governance
518 |
519 | - **Citizen/ Small business Advice and Infrormation**
520 | - [UK National Cyber Security Center](https://www.ncsc.gov.uk)
521 | - [US Cybersecurity - NIST](https://www.nist.gov/topics/cybersecurity)
522 | - [Stay Safe Online](https://staysafeonline.org) - US government-backed project, aimed to inform and educate individuals and small businesses about basic digital security
523 | - [Annual Credit Report](https://www.annualcreditreport.com) - US Free Credit Reports
524 | - **Cybercrime**
525 | - [Consumer Fraud Reporting](http://consumerfraudreporting.org) - US's Catalogue of online scams currently circulating, and a means to report cases
526 | - [Action Fraud](https://www.actionfraud.police.uk) - UK’s national reporting centre for fraud and cyber crime
527 | - [Crime Stoppers](https://crimestoppers-uk.org/) - UK Independent Charity, for reporting crimes anonymously
528 | - **Fact Checkling**
529 | - [Full Fact](https://fullfact.org) - UK independent fact checking charity, campaigning to expose bad information, and the harm it does
530 | - [Snopes](https://www.snopes.com/) - Transparent fact checking service, with documented sources. Their investigative reporting uses evidence-based and contextualized analysis
531 | - [FactCheck.org](https://www.factcheck.org/fake-news/) - US Site debunking misinformation shared on social media
532 | - [Media Bias Fact Check](https://mediabiasfactcheck.com/) - Focusing on media bias, and comparing different view points on each story from over 3000 sources
533 | - [AP Fact Check](https://apnews.com/APFactCheck) - Fact checking service provided by AP News
534 | - **CERT** - Your local jurisdiction will likely have a Computer emergency response team (historically known as [CERT](https://online.norwich.edu/academic-programs/resources/how-computer-emergency-response-teams-and-computer-security-incident-response-teams-combat-cyber-threats)). Who is in charge of handline handles domestic and international computer security incidents.
535 | - **A-C** - Australia: [auscert.org.au](https://www.auscert.org.au) | Austria: [cert.at](https://www.cert.at) | Bangladesh: [cirt.gov.bd](https://www.cirt.gov.bd) | Bolivia: [cgii.gob.bo](https://cgii.gob.bo) | Brazil: [cert.br](https://www.cert.br) | Canada: [cyber.gc.ca](https://cyber.gc.ca/en/about-cyber-centre) | China: [cert.org.cn](https://www.cert.org.cn) | Columbia: [colcert.gov.co](http://www.colcert.gov.co) | Croatia: [carnet.hr](https://www.carnet.hr) | Czech Republic: [csirt.cz](https://csirt.cz)
536 | - **D-G** - Denmark: [cert.dk](https://www.cert.dk) | Ecuador: [ecucert.gob.ec](https://www.ecucert.gob.ec) | Egypt: [egcert.eg](https://www.egcert.eg) | Estonia: [ria.ee / CERT-EE](https://ria.ee/en/cyber-security/cert-ee.html) | Finland: [kyberturvallisuuskeskus.fi](https://www.kyberturvallisuuskeskus.fi/en/homepage) | France: [cert.ssi.gouv.fr](https://www.cert.ssi.gouv.fr) | Germany: [cert-bund.de](https://www.cert-bund.de) | Ghana: [nca-cert.org.gh](https://nca-cert.org.gh)
537 | - **H-M** - Hong Kong: [hkcert.org](https://www.hkcert.org) | Iceland: [cert.is](https://www.cert.is) | India: [CERT-IN](https://www.cert-in.org.in) | Indonesia: [idsirtii.or.id](https://idsirtii.or.id) | Iran: [cert.ir](https://cert.ir) | Italy: [cert-pa.it](https://www.cert-pa.it) | Japan: [JPCERT](https://www.jpcert.or.jp) | Kyrgyzstan: [cert.gov.kg](http://cert.gov.kg) | Luxembourg: [circl.lu](https://circl.lu) | Macau: [mocert.org](www.mocert.org) | Malaysia: [mycert.org.my](http://www.mycert.org.my) | Morocco: [educert.ma](http://www.educert.ma)
538 | - **N-P** - Netherlands: [ncsc.nl](https://www.ncsc.nl) | New Zealand: [cert.govt.nz](https://www.cert.govt.nz) | Nigeria: [cert.gov.ng](https://cert.gov.ng) | Norway: [norcert](https://www.nsm.stat.no/norcert) | Pakistan: [pakcert.org](http://www.pakcert.org) | Papua New Guinea: [pngcert.org.pg](https://www.pngcert.org.pg) | Philippines: [cspcert.ph](https://cspcert.ph) | Poland: [cert.pl](https://www.cert.pl) | Portugal: [cncs.gov.pt/certpt](https://www.cncs.gov.pt/certpt)
539 | - **Q-S** - Qatar: [qcert.org](https://qcert.org) | Rep of Ireland: [ncsc.gov.ie](https://www.ncsc.gov.ie) | Romania: [cert.ro](https://www.cert.ro) | Russia: [gov-cert.ru](http://www.gov-cert.ru) / [cert.ru](https://www.cert.ru) | Singapore: [csa.gov.sg/singcert](https://www.csa.gov.sg/singcert) | Slovenia: [sk-cert.sk](https://www.sk-cert.sk) | South Korea: [krcert.or.kr](https://www.krcert.or.kr) | Spain: [incibe.es](https://www.incibe.es) | Sri Lanka - [cert.gov.lk](https://www.cert.gov.lk) | Sweden: [cert.se](https://www.cert.se) | Switzerland: [govcert.ch]
540 | - **T-Z** - Taiwan: [twcert.org.tw](https://www.twcert.org.tw) | Thailand: [thaicert.or.th](https://www.thaicert.or.th) | Tonga: [cert.to](https://www.cert.to) | Ukraine:[cert.gov.ua](https://cert.gov.ua) | UAE: [tra.gov.ae/aecert](https://www.tra.gov.ae/aecert) | United Kingdom: [ncsc.gov.uk](https://www.ncsc.gov.uk) | United States: [us-cert.gov](https://www.us-cert.gov)
541 | - **Global**: [first.org](https://www.first.org) - The global Forum of Incident Response and Security Teams
542 |
543 | ## Mega Guides
544 | - Trusted software reccomendations and avice for privacy: [privacytools.io](https://www.privacytools.io/)
545 | - Tips and tricks, for internet freedom, data health and privacy: [datadetoxkit.org](https://datadetoxkit.org/)
546 | - Digital security tools and tactics: [securityinabox.org](https://securityinabox.org/)
547 | - Online privacy guide, and software reccomendations: via [Fried](https://fried.com/privacy)
548 | - Guide to security through encryption: via [ProPrivacy](https://proprivacy.com/guides/the-ultimate-privacy-guide)
549 | - Large collection of beginner security guides: [Heimdal Security](https://heimdalsecurity.com/blog/cyber-security-mega-guide)
550 | - The Motherboard guide to not getting hacked: via [Vice](https://www.vice.com/en_us/article/d3devm/motherboard-guide-to-not-getting-hacked-online-safety-guide)
551 | - Online anonimity, and Tor + VPN tutorials: via [ivpn](https://www.ivpn.net/privacy-guides)
552 |
553 |
554 | ## More Awesome GitHub Lists
555 |
556 | - **Awesome Open Source Apps**
557 | - [awesome-windows-apps](https://github.com/Awesome-Windows/Awesome) by 'many'
558 | - [awesome-macOS-apps](https://github.com/iCHAIT/awesome-macOS) by @iCHAIT
559 | - [awesome-linux-software](https://github.com/luong-komorebi/Awesome-Linux-Software) by @luong-komorebi
560 | - [open-source-ios-apps](https://github.com/dkhamsing/open-source-ios-apps) by @dkhamsing
561 | - [open-source-android-apps](https://github.com/pcqpcq/open-source-android-apps) by @pcqpcq
562 | - [awesome-selfhosted](https://github.com/awesome-selfhosted/awesome-selfhosted) by 'many'
563 | - [privacy-respecting](https://github.com/nikitavoloboev/privacy-respecting) by @nikitavoloboev
564 | - [awesome-privacy](https://github.com/KevinColemanInc/awesome-privacy) by @KevinColemanInc
565 | - [privacy-respecting-software](https://github.com/Lissy93/personal-security-checklist/blob/master/5_Privacy_Respecting_Software.md) by @lissy93
566 | - **Guides**
567 | - [MacOS-Security-and-Privacy-Guide](https://github.com/drduh/macOS-Security-and-Privacy-Guide) by @drduh
568 | - [YubiKey-Guide](https://github.com/drduh/YubiKey-Guide) by @drduh
569 | - [Debian-Privacy-Server-Guide](https://github.com/drduh/Debian-Privacy-Server-Guide) by @drduh
570 | - [personal-security-checklist](https://github.com/Lissy93/personal-security-checklist) by @lissy93
571 | - **Security Links (Hacking / Pen Testing / Threat Inteligence / CFTs)**
572 | - [Security_list](https://github.com/zbetcheckin/Security_list) by @zbetcheckin
573 | - [awesome-security](https://github.com/sbilly/awesome-security) by @sbilly
574 | - [awesome-sec-talks](https://github.com/PaulSec/awesome-sec-talks) by @PaulSec
575 | - [awesome-threat-intelligence](https://github.com/hslatman/awesome-threat-intelligence) by @hslatman
576 | - [awesome-incident-response](https://github.com/meirwah/awesome-incident-response) by @meirwah
577 | - [awesome-anti-forensic](https://github.com/remiflavien1/awesome-anti-forensic) by @remiflavien1
578 | - [awesome-malware-analysis](https://github.com/rshipp/awesome-malware-analysis) by @rshipp
579 | - [awesome-lockpicking](https://github.com/fabacab/awesome-lockpicking) by @fabacab
580 | - [awesome-hacking](https://github.com/carpedm20/awesome-hacking) by @carpedm20
581 | - [awesome-honeypots](https://github.com/paralax/awesome-honeypots) by @paralax
582 | - [awesome-forensics](https://github.com/Cugu/awesome-forensics) by @cugu
583 | - [awesome-pentest](https://github.com/enaqx/awesome-pentest) by @enaqx
584 | - [awesome-ctf](https://github.com/apsdehal/awesome-ctf) by @apsdehal
585 | - [awesome-osint](https://github.com/jivoi/awesome-osint) by @jivoi
586 | - [SecLists](https://github.com/danielmiessler/SecLists) by @danielmiessler
587 | - [Infosec_Reference](https://github.com/rmusser01/Infosec_Reference) by @rmusser01
588 | - **Misc**
589 | - [awesome-crypto-papers](https://github.com/pFarb/awesome-crypto-papers) by @pFarb
590 | - **Awesome Lists of Awesome Lists**
591 | - [awesome]( https://github.com/sindresorhus/awesome) by @sindresorhus
592 | - [lists](https://github.com/jnv/lists) by @jnv
593 | - **More In This Repo**
594 | - [Personal Security Checklist](/README.md) by @lissy93
595 | - [Privacy-Respecting Software](/5_Privacy_Respecting_Software.md)
596 | - [Importance of Privacy & Security](/0_Why_It_Matters.md)
597 | - [Digital Security Gadgets / DIY hardware](/6_Privacy_and-Security_Gadgets.md)
598 | - [TLDR - Condensed Summary of this Repo](/2_TLDR_Short_List.md)
599 |
600 | ---
601 |
602 | *Thanks for visiting, hope you found something useful here :) Contributions are welcome, and much appreciated - to propose an edit [raise an issue](https://github.com/Lissy93/personal-security-checklist/issues/new/choose), or [open a PR](https://github.com/Lissy93/personal-security-checklist/pull/new/master). See: [`CONTRIBUTING.md`](/.github/CONTRIBUTING.md).*
603 |
604 | *Licensed under [Creative Commons, CC BY 4.0](https://creativecommons.org/licenses/by/4.0/), © [Alicia Sykes](https://aliciasykes.com) 2020*
605 |
606 | [](https://github.com/Lissy93/personal-security-checklist/blob/master/LICENSE.md)
607 |
608 |
609 | ----
610 |
611 | Found this helpful? Consider sharing it with others, to help them also improve their digital security 😇
612 |
613 | [](http://twitter.com/share?text=Check%20out%20the%20Personal%20Cyber%20Security%20Checklist-%20an%20ultimate%20list%20of%20tips%20for%20protecting%20your%20digital%20security%20and%20privacy%20in%202020%2C%20with%20%40Lissy_Sykes%20%F0%9F%94%90%20%20%F0%9F%9A%80&url=https://github.com/Lissy93/personal-security-checklist)
614 | [](
615 | http://www.linkedin.com/shareArticle?mini=true&url=https://github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=https://github.com/Lissy93)
616 | [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A//github.com/Lissy93/personal-security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=)
617 | [](https://mastodon.social/web/statuses/new?text=Check%20out%20the%20Ultimate%20Personal%20Cyber%20Security%20Checklist%20by%20%40Lissy93%20on%20%23GitHub%20%20%F0%9F%94%90%20%E2%9C%A8)
618 |
619 |
--------------------------------------------------------------------------------
