nihilist/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org synced 2024-09-19 20:36:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat!: Add blog back to main repository (#2704)

Browse Source 
Signed-off-by: kimg45 <138676274+kimg45@users.noreply.github.com>
Signed-off-by: blacklight447 <niek@privacyguides.org>
Signed-off-by: redoomed1 <161974310+redoomed1@users.noreply.github.com>
This commit is contained in:
Jonah Aragon 2024-08-07 22:30:58 -05:00
parent 95d6ec9fd4
commit 1496586617
No known key found for this signature in database
68 changed files with 2986 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
.github/workflows/build-blog.yml vendored Normal file
View File

@ -0,0 +1,88 @@
name: 🛠️ Build Blog
on:
workflow_call:
inputs:
ref:
required: true
type: string
repo:
required: true
type: string
context:
type: string
default: deploy-preview
continue-on-error:
type: boolean
default: true
privileged:
type: boolean
default: true
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
continue-on-error: ${{ inputs.continue-on-error }}
permissions:
contents: read
steps:
- name: Add GitHub Token to Environment
run: |
echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
- name: Download Repository
uses: actions/checkout@v4
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.ref }}
persist-credentials: "false"
fetch-depth: 0
- name: Download Submodules
uses: actions/download-artifact@v4
with:
pattern: repo-*
path: modules
- name: Move mkdocs-material-insiders to mkdocs-material
if: inputs.privileged
run: |
rmdir modules/mkdocs-material
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
- name: Move brand submodule to theme/assets/brand
run: |
rmdir theme/assets/brand
mv modules/repo-brand theme/assets/brand
- name: Install Python (pipenv)
if: inputs.privileged
uses: actions/setup-python@v5
with:
cache: "pipenv"
- name: Install Python Dependencies
if: inputs.privileged
run: |
pip install pipenv
pipenv install
sudo apt install pngquant
- name: Build Website
run: |
pipenv run mkdocs build --config-file mkdocs.blog.yml
- name: Package Website
run: |
tar -czf site-build-blog.tar.gz site
- name: Upload Site
uses: actions/upload-artifact@v4
with:
name: site-build-blog.tar.gz
path: site-build-blog.tar.gz
retention-days: 1

17
.github/workflows/build-pr.yml vendored
View File

@ -87,12 +87,23 @@ jobs:
privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}
strict: true
build_blog:
if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:build blog') }}
needs: [submodule, metadata]
uses: ./.github/workflows/build-blog.yml
with:
ref: ${{github.event.pull_request.head.ref}}
repo: ${{github.event.pull_request.head.repo.full_name}}
continue-on-error: true
privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}
combine_build:
needs: [build_english, build_i18n]
needs: [build_english, build_i18n, build_blog]
if: |
(always() && !cancelled() && !failure()) &&
needs.build_english.result == 'success' &&
(needs.build_i18n.result == 'success' || needs.build_i18n.result == 'skipped')
(needs.build_i18n.result == 'success' || needs.build_i18n.result == 'skipped') &&
(needs.build_blog.result == 'success' || needs.build_blog.result == 'skipped')
runs-on: ubuntu-latest
steps:
@ -114,5 +125,5 @@ jobs:
cleanup:
if: ${{ always() }}
needs: [build_english, build_i18n]
needs: [build_english, build_i18n, build_blog]
uses: privacyguides/.github/.github/workflows/cleanup.yml@main

1
Pipfile
View File

@ -29,6 +29,7 @@ mkdocs-git-revision-date-localized-plugin = "~=1.2"
mkdocs-git-authors-plugin = "~=0.8"
mkdocs-macros-plugin = "~=1.0"
jieba = "~=0.42"
mkdocs-rss-plugin = "*"
[dev-packages]
scour = "~=0.38"

320
Pipfile.lock generated
View File

@ -1,7 +1,7 @@
{
"_meta": {
"hash": {
"sha256": "ea18b0cfbbad56281087e2422684e4943753ad503e1319ef1f2f054b7a05f608"
"sha256": "0d44b05fce332feadac5f751987ba261ffa2aa8c851364ef94fc1bd91c6feb77"
},
"pipfile-spec": 6,
"requires": {
@ -24,6 +24,17 @@
"markers": "python_version >= '3.8'",
"version": "==2.15.0"
},
"cachecontrol": {
"extras": [
"filecache"
],
"hashes": [
"sha256:7db1195b41c81f8274a7bbd97c956f44e8348265a1bc7641c37dfebc39f0c938",
"sha256:f5bf3f0620c38db2e5122c0726bdebb0d16869de966ea6a2befe92470b740ea0"
],
"markers": "python_version >= '3.7'",
"version": "==0.14.0"
},
"cairocffi": {
"hashes": [
"sha256:2e48ee864884ec4a3a34bfa8c9ab9999f688286eb714a15a43ec9d068c36557b",
@ -49,61 +60,76 @@
},
"cffi": {
"hashes": [
"sha256:0c9ef6ff37e974b73c25eecc13952c55bceed9112be2d9d938ded8e856138bcc",
"sha256:131fd094d1065b19540c3d72594260f118b231090295d8c34e19a7bbcf2e860a",
"sha256:1b8ebc27c014c59692bb2664c7d13ce7a6e9a629be20e54e7271fa696ff2b417",
"sha256:2c56b361916f390cd758a57f2e16233eb4f64bcbeee88a4881ea90fca14dc6ab",
"sha256:2d92b25dbf6cae33f65005baf472d2c245c050b1ce709cc4588cdcdd5495b520",
"sha256:31d13b0f99e0836b7ff893d37af07366ebc90b678b6664c955b54561fc36ef36",
"sha256:32c68ef735dbe5857c810328cb2481e24722a59a2003018885514d4c09af9743",
"sha256:3686dffb02459559c74dd3d81748269ffb0eb027c39a6fc99502de37d501faa8",
"sha256:582215a0e9adbe0e379761260553ba11c58943e4bbe9c36430c4ca6ac74b15ed",
"sha256:5b50bf3f55561dac5438f8e70bfcdfd74543fd60df5fa5f62d94e5867deca684",
"sha256:5bf44d66cdf9e893637896c7faa22298baebcd18d1ddb6d2626a6e39793a1d56",
"sha256:6602bc8dc6f3a9e02b6c22c4fc1e47aa50f8f8e6d3f78a5e16ac33ef5fefa324",
"sha256:673739cb539f8cdaa07d92d02efa93c9ccf87e345b9a0b556e3ecc666718468d",
"sha256:68678abf380b42ce21a5f2abde8efee05c114c2fdb2e9eef2efdb0257fba1235",
"sha256:68e7c44931cc171c54ccb702482e9fc723192e88d25a0e133edd7aff8fcd1f6e",
"sha256:6b3d6606d369fc1da4fd8c357d026317fbb9c9b75d36dc16e90e84c26854b088",
"sha256:748dcd1e3d3d7cd5443ef03ce8685043294ad6bd7c02a38d1bd367cfd968e000",
"sha256:7651c50c8c5ef7bdb41108b7b8c5a83013bfaa8a935590c5d74627c047a583c7",
"sha256:7b78010e7b97fef4bee1e896df8a4bbb6712b7f05b7ef630f9d1da00f6444d2e",
"sha256:7e61e3e4fa664a8588aa25c883eab612a188c725755afff6289454d6362b9673",
"sha256:80876338e19c951fdfed6198e70bc88f1c9758b94578d5a7c4c91a87af3cf31c",
"sha256:8895613bcc094d4a1b2dbe179d88d7fb4a15cee43c052e8885783fac397d91fe",
"sha256:88e2b3c14bdb32e440be531ade29d3c50a1a59cd4e51b1dd8b0865c54ea5d2e2",
"sha256:8f8e709127c6c77446a8c0a8c8bf3c8ee706a06cd44b1e827c3e6a2ee6b8c098",
"sha256:9cb4a35b3642fc5c005a6755a5d17c6c8b6bcb6981baf81cea8bfbc8903e8ba8",
"sha256:9f90389693731ff1f659e55c7d1640e2ec43ff725cc61b04b2f9c6d8d017df6a",
"sha256:a09582f178759ee8128d9270cd1344154fd473bb77d94ce0aeb2a93ebf0feaf0",
"sha256:a6a14b17d7e17fa0d207ac08642c8820f84f25ce17a442fd15e27ea18d67c59b",
"sha256:a72e8961a86d19bdb45851d8f1f08b041ea37d2bd8d4fd19903bc3083d80c896",
"sha256:abd808f9c129ba2beda4cfc53bde801e5bcf9d6e0f22f095e45327c038bfe68e",
"sha256:ac0f5edd2360eea2f1daa9e26a41db02dd4b0451b48f7c318e217ee092a213e9",
"sha256:b29ebffcf550f9da55bec9e02ad430c992a87e5f512cd63388abb76f1036d8d2",
"sha256:b2ca4e77f9f47c55c194982e10f058db063937845bb2b7a86c84a6cfe0aefa8b",
"sha256:b7be2d771cdba2942e13215c4e340bfd76398e9227ad10402a8767ab1865d2e6",
"sha256:b84834d0cf97e7d27dd5b7f3aca7b6e9263c56308ab9dc8aae9784abb774d404",
"sha256:b86851a328eedc692acf81fb05444bdf1891747c25af7529e39ddafaf68a4f3f",
"sha256:bcb3ef43e58665bbda2fb198698fcae6776483e0c4a631aa5647806c25e02cc0",
"sha256:c0f31130ebc2d37cdd8e44605fb5fa7ad59049298b3f745c74fa74c62fbfcfc4",
"sha256:c6a164aa47843fb1b01e941d385aab7215563bb8816d80ff3a363a9f8448a8dc",
"sha256:d8a9d3ebe49f084ad71f9269834ceccbf398253c9fac910c4fd7053ff1386936",
"sha256:db8e577c19c0fda0beb7e0d4e09e0ba74b1e4c092e0e40bfa12fe05b6f6d75ba",
"sha256:dc9b18bf40cc75f66f40a7379f6a9513244fe33c0e8aa72e2d56b0196a7ef872",
"sha256:e09f3ff613345df5e8c3667da1d918f9149bd623cd9070c983c013792a9a62eb",
"sha256:e4108df7fe9b707191e55f33efbcb2d81928e10cea45527879a4749cbe472614",
"sha256:e6024675e67af929088fda399b2094574609396b1decb609c55fa58b028a32a1",
"sha256:e70f54f1796669ef691ca07d046cd81a29cb4deb1e5f942003f401c0c4a2695d",
"sha256:e715596e683d2ce000574bae5d07bd522c781a822866c20495e52520564f0969",
"sha256:e760191dd42581e023a68b758769e2da259b5d52e3103c6060ddc02c9edb8d7b",
"sha256:ed86a35631f7bfbb28e108dd96773b9d5a6ce4811cf6ea468bb6a359b256b1e4",
"sha256:ee07e47c12890ef248766a6e55bd38ebfb2bb8edd4142d56db91b21ea68b7627",
"sha256:fa3a0128b152627161ce47201262d3140edb5a5c3da88d73a1b790a959126956",
"sha256:fcc8eb6d5902bb1cf6dc4f187ee3ea80a1eba0a89aba40a5cb20a5087d961357"
"sha256:011aff3524d578a9412c8b3cfaa50f2c0bd78e03eb7af7aa5e0df59b158efb2f",
"sha256:0a048d4f6630113e54bb4b77e315e1ba32a5a31512c31a273807d0027a7e69ab",
"sha256:0bb15e7acf8ab35ca8b24b90af52c8b391690ef5c4aec3d31f38f0d37d2cc499",
"sha256:0d46ee4764b88b91f16661a8befc6bfb24806d885e27436fdc292ed7e6f6d058",
"sha256:0e60821d312f99d3e1569202518dddf10ae547e799d75aef3bca3a2d9e8ee693",
"sha256:0fdacad9e0d9fc23e519efd5ea24a70348305e8d7d85ecbb1a5fa66dc834e7fb",
"sha256:14b9cbc8f7ac98a739558eb86fabc283d4d564dafed50216e7f7ee62d0d25377",
"sha256:17c6d6d3260c7f2d94f657e6872591fe8733872a86ed1345bda872cfc8c74885",
"sha256:1a2ddbac59dc3716bc79f27906c010406155031a1c801410f1bafff17ea304d2",
"sha256:2404f3de742f47cb62d023f0ba7c5a916c9c653d5b368cc966382ae4e57da401",
"sha256:24658baf6224d8f280e827f0a50c46ad819ec8ba380a42448e24459daf809cf4",
"sha256:24aa705a5f5bd3a8bcfa4d123f03413de5d86e497435693b638cbffb7d5d8a1b",
"sha256:2770bb0d5e3cc0e31e7318db06efcbcdb7b31bcb1a70086d3177692a02256f59",
"sha256:331ad15c39c9fe9186ceaf87203a9ecf5ae0ba2538c9e898e3a6967e8ad3db6f",
"sha256:3aa9d43b02a0c681f0bfbc12d476d47b2b2b6a3f9287f11ee42989a268a1833c",
"sha256:41f4915e09218744d8bae14759f983e466ab69b178de38066f7579892ff2a555",
"sha256:4304d4416ff032ed50ad6bb87416d802e67139e31c0bde4628f36a47a3164bfa",
"sha256:435a22d00ec7d7ea533db494da8581b05977f9c37338c80bc86314bec2619424",
"sha256:45f7cd36186db767d803b1473b3c659d57a23b5fa491ad83c6d40f2af58e4dbb",
"sha256:48b389b1fd5144603d61d752afd7167dfd205973a43151ae5045b35793232aa2",
"sha256:4e67d26532bfd8b7f7c05d5a766d6f437b362c1bf203a3a5ce3593a645e870b8",
"sha256:516a405f174fd3b88829eabfe4bb296ac602d6a0f68e0d64d5ac9456194a5b7e",
"sha256:5ba5c243f4004c750836f81606a9fcb7841f8874ad8f3bf204ff5e56332b72b9",
"sha256:5bdc0f1f610d067c70aa3737ed06e2726fd9d6f7bfee4a351f4c40b6831f4e82",
"sha256:6107e445faf057c118d5050560695e46d272e5301feffda3c41849641222a828",
"sha256:6327b572f5770293fc062a7ec04160e89741e8552bf1c358d1a23eba68166759",
"sha256:669b29a9eca6146465cc574659058ed949748f0809a2582d1f1a324eb91054dc",
"sha256:6ce01337d23884b21c03869d2f68c5523d43174d4fc405490eb0091057943118",
"sha256:6d872186c1617d143969defeadac5a904e6e374183e07977eedef9c07c8953bf",
"sha256:6f76a90c345796c01d85e6332e81cab6d70de83b829cf1d9762d0a3da59c7932",
"sha256:70d2aa9fb00cf52034feac4b913181a6e10356019b18ef89bc7c12a283bf5f5a",
"sha256:7cbc78dc018596315d4e7841c8c3a7ae31cc4d638c9b627f87d52e8abaaf2d29",
"sha256:856bf0924d24e7f93b8aee12a3a1095c34085600aa805693fb7f5d1962393206",
"sha256:8a98748ed1a1df4ee1d6f927e151ed6c1a09d5ec21684de879c7ea6aa96f58f2",
"sha256:93a7350f6706b31f457c1457d3a3259ff9071a66f312ae64dc024f049055f72c",
"sha256:964823b2fc77b55355999ade496c54dde161c621cb1f6eac61dc30ed1b63cd4c",
"sha256:a003ac9edc22d99ae1286b0875c460351f4e101f8c9d9d2576e78d7e048f64e0",
"sha256:a0ce71725cacc9ebf839630772b07eeec220cbb5f03be1399e0457a1464f8e1a",
"sha256:a47eef975d2b8b721775a0fa286f50eab535b9d56c70a6e62842134cf7841195",
"sha256:a8b5b9712783415695663bd463990e2f00c6750562e6ad1d28e072a611c5f2a6",
"sha256:a9015f5b8af1bb6837a3fcb0cdf3b874fe3385ff6274e8b7925d81ccaec3c5c9",
"sha256:aec510255ce690d240f7cb23d7114f6b351c733a74c279a84def763660a2c3bc",
"sha256:b00e7bcd71caa0282cbe3c90966f738e2db91e64092a877c3ff7f19a1628fdcb",
"sha256:b50aaac7d05c2c26dfd50c3321199f019ba76bb650e346a6ef3616306eed67b0",
"sha256:b7b6ea9e36d32582cda3465f54c4b454f62f23cb083ebc7a94e2ca6ef011c3a7",
"sha256:bb9333f58fc3a2296fb1d54576138d4cf5d496a2cc118422bd77835e6ae0b9cb",
"sha256:c1c13185b90bbd3f8b5963cd8ce7ad4ff441924c31e23c975cb150e27c2bf67a",
"sha256:c3b8bd3133cd50f6b637bb4322822c94c5ce4bf0d724ed5ae70afce62187c492",
"sha256:c5d97162c196ce54af6700949ddf9409e9833ef1003b4741c2b39ef46f1d9720",
"sha256:c815270206f983309915a6844fe994b2fa47e5d05c4c4cef267c3b30e34dbe42",
"sha256:cab2eba3830bf4f6d91e2d6718e0e1c14a2f5ad1af68a89d24ace0c6b17cced7",
"sha256:d1df34588123fcc88c872f5acb6f74ae59e9d182a2707097f9e28275ec26a12d",
"sha256:d6bdcd415ba87846fd317bee0774e412e8792832e7805938987e4ede1d13046d",
"sha256:db9a30ec064129d605d0f1aedc93e00894b9334ec74ba9c6bdd08147434b33eb",
"sha256:dbc183e7bef690c9abe5ea67b7b60fdbca81aa8da43468287dae7b5c046107d4",
"sha256:dca802c8db0720ce1c49cce1149ff7b06e91ba15fa84b1d59144fef1a1bc7ac2",
"sha256:dec6b307ce928e8e112a6bb9921a1cb00a0e14979bf28b98e084a4b8a742bd9b",
"sha256:df8bb0010fdd0a743b7542589223a2816bdde4d94bb5ad67884348fa2c1c67e8",
"sha256:e4094c7b464cf0a858e75cd14b03509e84789abf7b79f8537e6a72152109c76e",
"sha256:e4760a68cab57bfaa628938e9c2971137e05ce48e762a9cb53b76c9b569f1204",
"sha256:eb09b82377233b902d4c3fbeeb7ad731cdab579c6c6fda1f763cd779139e47c3",
"sha256:eb862356ee9391dc5a0b3cbc00f416b48c1b9a52d252d898e5b7696a5f9fe150",
"sha256:ef9528915df81b8f4c7612b19b8628214c65c9b7f74db2e34a646a0a2a0da2d4",
"sha256:f3157624b7558b914cb039fd1af735e5e8049a87c817cc215109ad1c8779df76",
"sha256:f3e0992f23bbb0be00a921eae5363329253c3b86287db27092461c887b791e5e",
"sha256:f9338cc05451f1942d0d8203ec2c346c830f8e86469903d5126c1f0a13a2bcbb",
"sha256:ffef8fd58a36fb5f1196919638f73dd3ae0db1a878982b27a9a5a176ede4ba91"
],
"markers": "python_version >= '3.8'",
"version": "==1.16.0"
"version": "==1.17.0"
},
"charset-normalizer": {
"hashes": [
@ -233,6 +259,13 @@
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
"version": "==0.7.1"
},
"filelock": {
"hashes": [
"sha256:2207938cbc1844345cb01a5a95524dae30f0ce089eba5b00378295a17e3e90cb",
"sha256:6ca1fffae96225dab4c6eaf1c4f4f28cd2568d3ec2a44e15a08520504de468e7"
],
"version": "==3.15.4"
},
"ghp-import": {
"hashes": [
"sha256:8337dd7b50877f163d4c0289bc1f1c7f127550241988d568c1db512c4324a619",
@ -419,6 +452,77 @@
"markers": "python_version >= '3.8'",
"version": "==1.3.1"
},
"mkdocs-rss-plugin": {
"hashes": [
"sha256:7308ac13f0976c0479db5a62cb7ef9b10fdd74b6521e459bb66a13e2cfe69d4b",
"sha256:92995ed6c77b2ae1f5f2913e62282c27e50c35d618c4291b5b939e50badd7504"
],
"index": "pypi",
"markers": "python_version >= '3.8' and python_version < '4'",
"version": "==1.15.0"
},
"msgpack": {
"hashes": [
"sha256:00e073efcba9ea99db5acef3959efa45b52bc67b61b00823d2a1a6944bf45982",
"sha256:0726c282d188e204281ebd8de31724b7d749adebc086873a59efb8cf7ae27df3",
"sha256:0ceea77719d45c839fd73abcb190b8390412a890df2f83fb8cf49b2a4b5c2f40",
"sha256:114be227f5213ef8b215c22dde19532f5da9652e56e8ce969bf0a26d7c419fee",
"sha256:13577ec9e247f8741c84d06b9ece5f654920d8365a4b636ce0e44f15e07ec693",
"sha256:1876b0b653a808fcd50123b953af170c535027bf1d053b59790eebb0aeb38950",
"sha256:1ab0bbcd4d1f7b6991ee7c753655b481c50084294218de69365f8f1970d4c151",
"sha256:1cce488457370ffd1f953846f82323cb6b2ad2190987cd4d70b2713e17268d24",
"sha256:26ee97a8261e6e35885c2ecd2fd4a6d38252246f94a2aec23665a4e66d066305",
"sha256:3528807cbbb7f315bb81959d5961855e7ba52aa60a3097151cb21956fbc7502b",
"sha256:374a8e88ddab84b9ada695d255679fb99c53513c0a51778796fcf0944d6c789c",
"sha256:376081f471a2ef24828b83a641a02c575d6103a3ad7fd7dade5486cad10ea659",
"sha256:3923a1778f7e5ef31865893fdca12a8d7dc03a44b33e2a5f3295416314c09f5d",
"sha256:4916727e31c28be8beaf11cf117d6f6f188dcc36daae4e851fee88646f5b6b18",
"sha256:493c5c5e44b06d6c9268ce21b302c9ca055c1fd3484c25ba41d34476c76ee746",
"sha256:505fe3d03856ac7d215dbe005414bc28505d26f0c128906037e66d98c4e95868",
"sha256:5845fdf5e5d5b78a49b826fcdc0eb2e2aa7191980e3d2cfd2a30303a74f212e2",
"sha256:5c330eace3dd100bdb54b5653b966de7f51c26ec4a7d4e87132d9b4f738220ba",
"sha256:5dbf059fb4b7c240c873c1245ee112505be27497e90f7c6591261c7d3c3a8228",
"sha256:5e390971d082dba073c05dbd56322427d3280b7cc8b53484c9377adfbae67dc2",
"sha256:5fbb160554e319f7b22ecf530a80a3ff496d38e8e07ae763b9e82fadfe96f273",
"sha256:64d0fcd436c5683fdd7c907eeae5e2cbb5eb872fafbc03a43609d7941840995c",
"sha256:69284049d07fce531c17404fcba2bb1df472bc2dcdac642ae71a2d079d950653",
"sha256:6a0e76621f6e1f908ae52860bdcb58e1ca85231a9b0545e64509c931dd34275a",
"sha256:73ee792784d48aa338bba28063e19a27e8d989344f34aad14ea6e1b9bd83f596",
"sha256:74398a4cf19de42e1498368c36eed45d9528f5fd0155241e82c4082b7e16cffd",
"sha256:7938111ed1358f536daf311be244f34df7bf3cdedb3ed883787aca97778b28d8",
"sha256:82d92c773fbc6942a7a8b520d22c11cfc8fd83bba86116bfcf962c2f5c2ecdaa",
"sha256:83b5c044f3eff2a6534768ccfd50425939e7a8b5cf9a7261c385de1e20dcfc85",
"sha256:8db8e423192303ed77cff4dce3a4b88dbfaf43979d280181558af5e2c3c71afc",
"sha256:9517004e21664f2b5a5fd6333b0731b9cf0817403a941b393d89a2f1dc2bd836",
"sha256:95c02b0e27e706e48d0e5426d1710ca78e0f0628d6e89d5b5a5b91a5f12274f3",
"sha256:99881222f4a8c2f641f25703963a5cefb076adffd959e0558dc9f803a52d6a58",
"sha256:9ee32dcb8e531adae1f1ca568822e9b3a738369b3b686d1477cbc643c4a9c128",
"sha256:a22e47578b30a3e199ab067a4d43d790249b3c0587d9a771921f86250c8435db",
"sha256:b5505774ea2a73a86ea176e8a9a4a7c8bf5d521050f0f6f8426afe798689243f",
"sha256:bd739c9251d01e0279ce729e37b39d49a08c0420d3fee7f2a4968c0576678f77",
"sha256:d16a786905034e7e34098634b184a7d81f91d4c3d246edc6bd7aefb2fd8ea6ad",
"sha256:d3420522057ebab1728b21ad473aa950026d07cb09da41103f8e597dfbfaeb13",
"sha256:d56fd9f1f1cdc8227d7b7918f55091349741904d9520c65f0139a9755952c9e8",
"sha256:d661dc4785affa9d0edfdd1e59ec056a58b3dbb9f196fa43587f3ddac654ac7b",
"sha256:dfe1f0f0ed5785c187144c46a292b8c34c1295c01da12e10ccddfc16def4448a",
"sha256:e1dd7839443592d00e96db831eddb4111a2a81a46b028f0facd60a09ebbdd543",
"sha256:e2872993e209f7ed04d963e4b4fbae72d034844ec66bc4ca403329db2074377b",
"sha256:e2f879ab92ce502a1e65fce390eab619774dda6a6ff719718069ac94084098ce",
"sha256:e3aa7e51d738e0ec0afbed661261513b38b3014754c9459508399baf14ae0c9d",
"sha256:e532dbd6ddfe13946de050d7474e3f5fb6ec774fbb1a188aaf469b08cf04189a",
"sha256:e6b7842518a63a9f17107eb176320960ec095a8ee3b4420b5f688e24bf50c53c",
"sha256:e75753aeda0ddc4c28dce4c32ba2f6ec30b1b02f6c0b14e547841ba5b24f753f",
"sha256:eadb9f826c138e6cf3c49d6f8de88225a3c0ab181a9b4ba792e006e5292d150e",
"sha256:ed59dd52075f8fc91da6053b12e8c89e37aa043f8986efd89e61fae69dc1b011",
"sha256:ef254a06bcea461e65ff0373d8a0dd1ed3aa004af48839f002a0c994a6f72d04",
"sha256:f3709997b228685fe53e8c433e2df9f0cdb5f4542bd5114ed17ac3c0129b0480",
"sha256:f51bab98d52739c50c56658cc303f190785f9a2cd97b823357e7aeae54c8f68a",
"sha256:f9904e24646570539a8950400602d66d2b2c492b9010ea7e965025cb71d0c86d",
"sha256:f9af38a89b6a5c04b7d18c492c8ccf2aee7048aff1ce8437c4683bb5a1df893d"
],
"markers": "python_version >= '3.8'",
"version": "==1.0.8"
},
"packaging": {
"hashes": [
"sha256:026ed72c8ed3fcce5bf8950572258698927fd1dbda10a5e981cdf0ac37f4f002",
@ -576,60 +680,62 @@
},
"pyyaml": {
"hashes": [
"sha256:04ac92ad1925b2cff1db0cfebffb6ffc43457495c9b3c39d3fcae417d7125dc5",
"sha256:062582fca9fabdd2c8b54a3ef1c978d786e0f6b3a1510e0ac93ef59e0ddae2bc",
"sha256:0d3304d8c0adc42be59c5f8a4d9e3d7379e6955ad754aa9d6ab7a398b59dd1df",
"sha256:1635fd110e8d85d55237ab316b5b011de701ea0f29d07611174a1b42f1444741",
"sha256:184c5108a2aca3c5b3d3bf9395d50893a7ab82a38004c8f61c258d4428e80206",
"sha256:18aeb1bf9a78867dc38b259769503436b7c72f7a1f1f4c93ff9a17de54319b27",
"sha256:1d4c7e777c441b20e32f52bd377e0c409713e8bb1386e1099c2415f26e479595",
"sha256:1e2722cc9fbb45d9b87631ac70924c11d3a401b2d7f410cc0e3bbf249f2dca62",
"sha256:1fe35611261b29bd1de0070f0b2f47cb6ff71fa6595c077e42bd0c419fa27b98",
"sha256:28c119d996beec18c05208a8bd78cbe4007878c6dd15091efb73a30e90539696",
"sha256:326c013efe8048858a6d312ddd31d56e468118ad4cdeda36c719bf5bb6192290",
"sha256:40df9b996c2b73138957fe23a16a4f0ba614f4c0efce1e9406a184b6d07fa3a9",
"sha256:42f8152b8dbc4fe7d96729ec2b99c7097d656dc1213a3229ca5383f973a5ed6d",
"sha256:49a183be227561de579b4a36efbb21b3eab9651dd81b1858589f796549873dd6",
"sha256:4fb147e7a67ef577a588a0e2c17b6db51dda102c71de36f8549b6816a96e1867",
"sha256:50550eb667afee136e9a77d6dc71ae76a44df8b3e51e41b77f6de2932bfe0f47",
"sha256:510c9deebc5c0225e8c96813043e62b680ba2f9c50a08d3724c7f28a747d1486",
"sha256:5773183b6446b2c99bb77e77595dd486303b4faab2b086e7b17bc6bef28865f6",
"sha256:596106435fa6ad000c2991a98fa58eeb8656ef2325d7e158344fb33864ed87e3",
"sha256:6965a7bc3cf88e5a1c3bd2e0b5c22f8d677dc88a455344035f03399034eb3007",
"sha256:69b023b2b4daa7548bcfbd4aa3da05b3a74b772db9e23b982788168117739938",
"sha256:6c22bec3fbe2524cde73d7ada88f6566758a8f7227bfbf93a408a9d86bcc12a0",
"sha256:704219a11b772aea0d8ecd7058d0082713c3562b4e271b849ad7dc4a5c90c13c",
"sha256:7e07cbde391ba96ab58e532ff4803f79c4129397514e1413a7dc761ccd755735",
"sha256:81e0b275a9ecc9c0c0c07b4b90ba548307583c125f54d5b6946cfee6360c733d",
"sha256:855fb52b0dc35af121542a76b9a84f8d1cd886ea97c84703eaa6d88e37a2ad28",
"sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4",
"sha256:9046c58c4395dff28dd494285c82ba00b546adfc7ef001486fbf0324bc174fba",
"sha256:9eb6caa9a297fc2c2fb8862bc5370d0303ddba53ba97e71f08023b6cd73d16a8",
"sha256:a08c6f0fe150303c1c6b71ebcd7213c2858041a7e01975da3a99aed1e7a378ef",
"sha256:a0cd17c15d3bb3fa06978b4e8958dcdc6e0174ccea823003a106c7d4d7899ac5",
"sha256:afd7e57eddb1a54f0f1a974bc4391af8bcce0b444685d936840f125cf046d5bd",
"sha256:b1275ad35a5d18c62a7220633c913e1b42d44b46ee12554e5fd39c70a243d6a3",
"sha256:b786eecbdf8499b9ca1d697215862083bd6d2a99965554781d0d8d1ad31e13a0",
"sha256:ba336e390cd8e4d1739f42dfe9bb83a3cc2e80f567d8805e11b46f4a943f5515",
"sha256:baa90d3f661d43131ca170712d903e6295d1f7a0f595074f151c0aed377c9b9c",
"sha256:bc1bf2925a1ecd43da378f4db9e4f799775d6367bdb94671027b73b393a7c42c",
"sha256:bd4af7373a854424dabd882decdc5579653d7868b8fb26dc7d0e99f823aa5924",
"sha256:bf07ee2fef7014951eeb99f56f39c9bb4af143d8aa3c21b1677805985307da34",
"sha256:bfdf460b1736c775f2ba9f6a92bca30bc2095067b8a9d77876d1fad6cc3b4a43",
"sha256:c8098ddcc2a85b61647b2590f825f3db38891662cfc2fc776415143f599bb859",
"sha256:d2b04aac4d386b172d5b9692e2d2da8de7bfb6c387fa4f801fbf6fb2e6ba4673",
"sha256:d483d2cdf104e7c9fa60c544d92981f12ad66a457afae824d146093b8c294c54",
"sha256:d858aa552c999bc8a8d57426ed01e40bef403cd8ccdd0fc5f6f04a00414cac2a",
"sha256:e7d73685e87afe9f3b36c799222440d6cf362062f78be1013661b00c5c6f678b",
"sha256:f003ed9ad21d6a4713f0a9b5a7a0a79e08dd0f221aff4525a2be4c346ee60aab",
"sha256:f22ac1c3cac4dbc50079e965eba2c1058622631e526bd9afd45fedd49ba781fa",
"sha256:faca3bdcf85b2fc05d06ff3fbc1f83e1391b3e724afa3feba7d13eeab355484c",
"sha256:fca0e3a251908a499833aa292323f32437106001d436eca0e6e7833256674585",
"sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d",
"sha256:fd66fc5d0da6d9815ba2cebeb4205f95818ff4b79c3ebe268e75d961704af52f"
"sha256:01179a4a8559ab5de078078f37e5c1a30d76bb88519906844fd7bdea1b7729ff",
"sha256:0833f8694549e586547b576dcfaba4a6b55b9e96098b36cdc7ebefe667dfed48",
"sha256:0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086",
"sha256:0b69e4ce7a131fe56b7e4d770c67429700908fc0752af059838b1cfb41960e4e",
"sha256:0ffe8360bab4910ef1b9e87fb812d8bc0a308b0d0eef8c8f44e0254ab3b07133",
"sha256:11d8f3dd2b9c1207dcaf2ee0bbbfd5991f571186ec9cc78427ba5bd32afae4b5",
"sha256:17e311b6c678207928d649faa7cb0d7b4c26a0ba73d41e99c4fff6b6c3276484",
"sha256:1e2120ef853f59c7419231f3bf4e7021f1b936f6ebd222406c3b60212205d2ee",
"sha256:1f71ea527786de97d1a0cc0eacd1defc0985dcf6b3f17bb77dcfc8c34bec4dc5",
"sha256:23502f431948090f597378482b4812b0caae32c22213aecf3b55325e049a6c68",
"sha256:24471b829b3bf607e04e88d79542a9d48bb037c2267d7927a874e6c205ca7e9a",
"sha256:29717114e51c84ddfba879543fb232a6ed60086602313ca38cce623c1d62cfbf",
"sha256:2e99c6826ffa974fe6e27cdb5ed0021786b03fc98e5ee3c5bfe1fd5015f42b99",
"sha256:39693e1f8320ae4f43943590b49779ffb98acb81f788220ea932a6b6c51004d8",
"sha256:3ad2a3decf9aaba3d29c8f537ac4b243e36bef957511b4766cb0057d32b0be85",
"sha256:3b1fdb9dc17f5a7677423d508ab4f243a726dea51fa5e70992e59a7411c89d19",
"sha256:41e4e3953a79407c794916fa277a82531dd93aad34e29c2a514c2c0c5fe971cc",
"sha256:43fa96a3ca0d6b1812e01ced1044a003533c47f6ee8aca31724f78e93ccc089a",
"sha256:50187695423ffe49e2deacb8cd10510bc361faac997de9efef88badc3bb9e2d1",
"sha256:5ac9328ec4831237bec75defaf839f7d4564be1e6b25ac710bd1a96321cc8317",
"sha256:5d225db5a45f21e78dd9358e58a98702a0302f2659a3c6cd320564b75b86f47c",
"sha256:6395c297d42274772abc367baaa79683958044e5d3835486c16da75d2a694631",
"sha256:688ba32a1cffef67fd2e9398a2efebaea461578b0923624778664cc1c914db5d",
"sha256:68ccc6023a3400877818152ad9a1033e3db8625d899c72eacb5a668902e4d652",
"sha256:70b189594dbe54f75ab3a1acec5f1e3faa7e8cf2f1e08d9b561cb41b845f69d5",
"sha256:797b4f722ffa07cc8d62053e4cff1486fa6dc094105d13fea7b1de7d8bf71c9e",
"sha256:7c36280e6fb8385e520936c3cb3b8042851904eba0e58d277dca80a5cfed590b",
"sha256:7e7401d0de89a9a855c839bc697c079a4af81cf878373abd7dc625847d25cbd8",
"sha256:80bab7bfc629882493af4aa31a4cfa43a4c57c83813253626916b8c7ada83476",
"sha256:82d09873e40955485746739bcb8b4586983670466c23382c19cffecbf1fd8706",
"sha256:8388ee1976c416731879ac16da0aff3f63b286ffdd57cdeb95f3f2e085687563",
"sha256:8824b5a04a04a047e72eea5cec3bc266db09e35de6bdfe34c9436ac5ee27d237",
"sha256:8b9c7197f7cb2738065c481a0461e50ad02f18c78cd75775628afb4d7137fb3b",
"sha256:9056c1ecd25795207ad294bcf39f2db3d845767be0ea6e6a34d856f006006083",
"sha256:936d68689298c36b53b29f23c6dbb74de12b4ac12ca6cfe0e047bedceea56180",
"sha256:9b22676e8097e9e22e36d6b7bda33190d0d400f345f23d4065d48f4ca7ae0425",
"sha256:a4d3091415f010369ae4ed1fc6b79def9416358877534caf6a0fdd2146c87a3e",
"sha256:a8786accb172bd8afb8be14490a16625cbc387036876ab6ba70912730faf8e1f",
"sha256:a9f8c2e67970f13b16084e04f134610fd1d374bf477b17ec1599185cf611d725",
"sha256:bc2fa7c6b47d6bc618dd7fb02ef6fdedb1090ec036abab80d4681424b84c1183",
"sha256:c70c95198c015b85feafc136515252a261a84561b7b1d51e3384e0655ddf25ab",
"sha256:cc1c1159b3d456576af7a3e4d1ba7e6924cb39de8f67111c735f6fc832082774",
"sha256:ce826d6ef20b1bc864f0a68340c8b3287705cae2f8b4b1d932177dcc76721725",
"sha256:d584d9ec91ad65861cc08d42e834324ef890a082e591037abe114850ff7bbc3e",
"sha256:d7fded462629cfa4b685c5416b949ebad6cec74af5e2d42905d41e257e0869f5",
"sha256:d84a1718ee396f54f3a086ea0a66d8e552b2ab2017ef8b420e92edbc841c352d",
"sha256:d8e03406cac8513435335dbab54c0d385e4a49e4945d2909a581c83647ca0290",
"sha256:e10ce637b18caea04431ce14fabcf5c64a1c61ec9c56b071a4b7ca131ca52d44",
"sha256:ec031d5d2feb36d1d1a24380e4db6d43695f3748343d99434e6f5f9156aaa2ed",
"sha256:ef6107725bd54b262d6dedcc2af448a266975032bc85ef0172c5f059da6325b4",
"sha256:efdca5630322a10774e8e98e1af481aad470dd62c3170801852d752aa7a783ba",
"sha256:f753120cb8181e736c57ef7636e83f31b9c0d1722c516f7e86cf15b7aa57ff12",
"sha256:ff3824dc5261f50c9b0dfb3be22b4567a6f938ccce4587b38952d85fd9e9afe4"
],
"markers": "python_version >= '3.6'",
"version": "==6.0.1"
"markers": "python_version >= '3.8'",
"version": "==6.0.2"
},
"pyyaml-env-tag": {
"hashes": [

51
blog/.authors.yml Normal file
View File

@ -0,0 +1,51 @@
authors:
contributors:
type: Organization
name: Privacy Guides
description: Various Authors
avatar: https://github.com/privacyguides.png
danarel:
name: Dan Arel
description: Former Team Member
avatar: https://github.com/danarel.png
niek-de-wilde:
name: Niek de Wilde
description: Team Member
avatar: https://github.com/blacklight447.png
dngray:
name: Daniel Gray
description: Team Member
avatar: https://github.com/dngray.png
freddy-m:
name: Freddy
description: Team Member
avatar: https://github.com/freddy-m.png
description_long: |
<a href="https://freddy.lol">Freddy</a> is a founding member of Privacy Guides and the editor of its blog. He writes in American English reluctantly.
jonah:
name: Jonah Aragon
description: Team Member
avatar: https://github.com/jonaharagon.png
description_long: |
<a href="https://www.jonaharagon.com">Jonah Aragon</a> is creating educational resources for average people to understand the importance of privacy and security on the internet, and take back control over their digital lives.
He is known for his work on the Techlore YouTube channel, including the Techlore Talks podcast he co-hosts, and the Privacy Guides non-profit website.
kaitebay:
name: Kai Tebay
description: Former Team Member
avatar: https://github.com/kaitebay.png
matchboxbananasynergy:
name: mbananasynergy
description: Former Team Member
avatar: https://github.com/matchboxbananasynergy.png
mfwmyfacewhen:
name: mfwmyfacewhen
description: Former Team Member
avatar: https://github.com/ghost.png
natebartram:
name: Nate Bartram
description: Guest Contributor
avatar: https://gitlab.com/uploads/-/system/user/avatar/8993331/avatar.png
sam-howell:
name: Sam Howell
description: Guest Contributor
avatar: https://gitlab.com/uploads/-/system/user/avatar/5349522/avatar.png

3
blog/archive/2019.md Normal file
View File

@ -0,0 +1,3 @@
!!! danger "Old Content"
These posts are 5 years old. They may not accurately reflect the current opinion of our team.

3
blog/archive/2020.md Normal file
View File

@ -0,0 +1,3 @@
!!! danger "Old Content"
These posts are 4 years old. They may not accurately reflect the current opinion of our team.

3
blog/archive/2021.md Normal file
View File

@ -0,0 +1,3 @@
!!! danger "Old Content"
These posts are 3 years old. They may not accurately reflect the current opinion of our team.

3
blog/archive/2022.md Normal file
View File

@ -0,0 +1,3 @@
!!! danger "Old Content"
These posts are 2 years old. They may not accurately reflect the current opinion of our team.

BIN
blog/assets/images/choosing-the-right-messenger/cover.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1011 KiB

BIN
blog/assets/images/data-erasure/shredos.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.9 KiB

BIN
blog/assets/images/delisting-startpage/cover.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 607 KiB

BIN
blog/assets/images/delisting-wire/cover.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 415 KiB

BIN
blog/assets/images/firefox-privacy/cover.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 955 KiB

BIN
blog/assets/images/macos-ventura-privacy-security-updates/cover.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.0 MiB

BIN
blog/assets/images/merch-announcement/cover.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 488 KiB

BIN
blog/assets/images/metadata-removal/preview-ios.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 135 KiB

BIN
blog/assets/images/metadata-removal/preview-macos.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 590 KiB

BIN
blog/assets/images/metadata-removal/preview-windows.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 70 KiB

BIN
blog/assets/images/metadata-removal/shortcut-ios.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 114 KiB

BIN
blog/assets/images/metadata-removal/shortcut-macos.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 93 KiB

BIN
blog/assets/images/mozilla-disappoints-us-yet-again-2/cover.jpeg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 96 KiB

BIN
blog/assets/images/privacy-guides-partners-with-magic-grants-501-c-3/magicblog.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 240 KiB

BIN
blog/assets/images/relisting-startpage/cover.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 49 KiB

BIN
blog/assets/images/restrict-act/cover.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.4 MiB

BIN
blog/assets/images/security-privacy-anonymity/cover.jpeg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 144 KiB

2
blog/assets/images/signal-configuration/molly.svg Normal file
View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="127.99" height="128" version="1.1" viewBox="0 0 33.864 33.867" xmlns="http://www.w3.org/2000/svg"><g transform="translate(-48.383 -89.279)"><g transform="matrix(.083544 0 0 .083551 36.799 77.694)"><path d="m220.51 504.06 120.82 39.937 1.2e-4 4e-5 -143.92-5e-5zm323.49-162.73c0 111.93-90.737 202.67-202.67 202.67-111.93-1e-5 -202.67-90.737-202.67-202.67s90.737-202.67 202.67-202.67c111.93 0 202.67 90.737 202.67 202.67z" fill="#7663f0"/><g transform="translate(-5.1601e-6,-4.0973)"><circle cx="341" cy="433.47" r="23.536" fill="#f9f8fe" stroke-width=".64448"/><circle cx="439.19" cy="375.64" r="23.536" fill="#aaa4ce" stroke-width=".64448"/><circle cx="242.81" cy="375.64" r="23.536" fill="#cba1fe" stroke-width=".64447"/><g stroke-width=".64448"><circle cx="439.19" cy="433.47" r="23.536" fill="#f9f8fe"/><circle cx="439.19" cy="317.82" r="23.536" fill="#aacdf4"/><circle cx="242.81" cy="260" r="23.536" fill="#4b0f9f"/></g><circle cx="242.81" cy="317.82" r="23.536" fill="#aaa4ce" stroke-width=".64447"/><g stroke-width=".64448"><circle cx="242.81" cy="433.47" r="23.536" fill="#f9f8fe"/><circle cx="341" cy="317.82" r="23.536" fill="#4b0f9f"/><circle cx="341" cy="375.64" r="23.536" fill="#aacdf4"/></g><circle cx="439.19" cy="260" r="23.536" fill="#4b0f9f" stroke-width=".64447"/></g></g></g></svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.3 KiB

BIN
blog/assets/images/the-trouble-with-vpn-and-privacy-review-sites/cover.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 785 KiB

BIN
blog/assets/images/the-trouble-with-vpn-and-privacy-review-sites/image1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 202 KiB

BIN
blog/assets/images/threads-launch-twitter/cover.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.2 MiB

BIN
blog/assets/images/twitter-elon-takeover/cover.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 557 KiB

BIN
blog/assets/images/why-i-run-a-tor-relay/cover.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 369 KiB

5
blog/index.md Normal file
View File

@ -0,0 +1,5 @@
---
title: Latest Articles
hide:
- footer
---

1
blog/posts/.meta.yml Normal file
View File

@ -0,0 +1 @@
comments: true

115
blog/posts/choosing-the-right-messenger.md Normal file
View File

@ -0,0 +1,115 @@
---
date:
created: 2019-11-27
categories:
- Opinion
authors:
- danarel
links:
- Real Time Communication: https://www.privacyguides.org/real-time-communication/
- Types of Communication Networks: https://www.privacyguides.org/real-time-communication/communication-network-types/
tags:
- Instant Messengers
license: BY-SA
---
# Choosing the Right Messenger
!["Choosing The Right Messenger" cover image](../assets/images/choosing-the-right-messenger/cover.png)
One of the most common questions users have when it comes to privacy is about messaging services. It seems almost all of them mention some level of privacy or encryption to entice the user to sign up for their service, but how can you be sure youre using the most secure, privacy respecting platform?<!-- more -->
The answer actually lies in ones [threat model](https://www.privacyguides.org/basics/threat-modeling/), which is often an ignored step in choosing all privacy related apps and services, meaning a lot of users limit their internet and communication experience because they believe they need Edward Snowden level privacy settings.
The truth is, each user needs to decide what their privacy goals are. Is your goal to stop corporations from tracking you, targeting you, and profiting from your data? Or, are you are trying to hide communications from the government or law enforcement, which is common for journalists and activists who want to protect their sources or communications from government eyes?
Once you understand your goals you can start to look at messengers and their upsides and downsides, and its important to remember, there is no perfect solution. Each service, no matter how secure can be compromised, because at the end of the day, youre dealing with other humans who can screenshot, copy, or forward your messages to parties you did not intend to see them. So, its also important to know who you are messaging, verifying their keys, and ensuring that you place the utmost trust in them with the content you are sending.
If your goal is to simply avoid corporate tracking and the harvesting of your data from your communications, you can eliminate apps such as Facebook Messenger and WhatsApp, both services owned by Facebook and while offering encrypted messaging (optional in Messenger), Facebook [reads your non-encrypted messages](https://web.archive.org/web/20210729190737/https://www.digitaltrends.com/social-media/facebook-reads-messenger-messages/), and WhatsApp has [fallen victim](https://web.archive.org/web/20210729190737/https://www.forbes.com/sites/zakdoffman/2019/05/14/whatsapps-cybersecurity-breach-phones-hit-with-israeli-spyware-over-voice-calls/#734cec155549) to security breaches.
For this type of user, your options are much more wide as you may be more willing to share your email address or phone number at signup and can be less concerned with metadata (we will get to that shortly), and you want to look for a messenger that simply isnt scanning your content or behavior to sell it.
If your goal is to evade more massive state-sponsored surveillance programs, the aforementioned apps are out of the question, but so are many others.
This is because when it comes to these apps, and other like it, you dont own the encryption keys, the service does, so they are able to decrypt your messages, for their own use, or for the use of government officials who request it. This is something important youll want to remember as you choose the messenger that is right for you.
Even Apples iMessage, which is encrypted, while more secure than Facebooks offerings, still control the keys and can access your messages if necessary. Apple does also collect data based on your behavior, so while using iMessage isnt the same as handing your data over to Facebook, youre still messaging with a variety of privacy vulnerabilities. On Android, youre using SMS messages which are even less secure and can be [easily hijacked](https://web.archive.org/web/20210729190737/https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin) by someone with just enough know-how.
## Metadata
One important aspect of messaging apps you need to be sure of is what kind of [metadata](https://ssd.eff.org/en/glossary/metadata) it exposes, what is encrypted and what isnt.
Wire, a popular encrypted messenger app has always been criticized for its decision not to encrypt user metadata, such as the date and time of registration, IP geographical coordinates, and the date and time of creation, creator, name, and list of participants in a conversation.
Metadata can be used to place you in a certain location, speaking to a certain person and can be used against you by law enforcement, even if they have no idea and no access to what the conversation was about.
Apps such as Signal, or Wickr encrypt metadata, making the conversations between two or more parties more secure and harder to track individual users with.
When it comes to avoiding corporate data mining, your metadata wont be as useful, especially if youre using a service that is not profiting from your data to begin with. For those avoiding state-sponsored surveillance, [metadata can be a killer](https://web.archive.org/web/20210729190737/https://theintercept.com/2019/08/04/whistleblowers-surveillance-fbi-trump/).
## Encryption
This article will not get into the complexities of the best kinds of end-to-end encryption (E2EE), but ensuring your messenger has it, that must be discussed.
The popular messaging app Telegram has come under fire the most for this. Telegram says on their homepage that, “Telegram messages are heavily encrypted and can self-destruct.” Yet, this statement is only partially true. Yes, you can set your messages to self-destruct, a great privacy feature for some, and yes, they do offer encryption, but what they dont tell users is that encryption isnt turned on by default.
In an [interview](https://web.archive.org/web/20210729190737/https://gizmodo.com/why-you-should-stop-using-telegram-right-now-1782557415) with Gizmodo, Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union said that, "There are many Telegram users who think they are communicating in an [end-to-end] encrypted way, when theyre not because they dont realize that they have to turn on an additional setting,” he continued to say that while hes happy they offer the encryption, its not useful if its turned off.
Apps such as Signal, Keybase, and Wickr offer E2EE by default. Less popular but quickly growing apps such as Element, offer E2EE but like Telegram, have not made it a default setting, though the Matrix.org team has [said](https://web.archive.org/web/20210729190737/https://github.com/vector-im/element-web/issues/6779) that default encryption is on their road map.
Ensuring your conversations and metadata are E2EE is one of the best practices you can have when choosing a messenger.
## Registration Process
When it comes to your goals and threat model, you will need to decide how much, if any, information youre willing to give this company on signup. Do they require a phone number and or SIM card? Do they require an email address, or do they allow completely anonymous signups, and how anonymous is anonymous? Are they storing that info (remember the metadata) unencrypted?
Giving up your phone number or email wont be a big deal for many, as any good privacy policy will state they wont use it for any purpose other than those youve granted permission for. Yet, for those avoiding state-sponsored surveillance, you may have a regularly changing number, no number, or would rather not risk giving that information up. Same goes for email.
So, you will want to find a service that fits this need. While Signal is currently testing signup without a phone number, currently youre unable to do so. Element, Wickr, many XMPP services, dont require anything but choosing a username.
## Source Code
Open source may be the most used phrase in all of privacy and security, and for good reason. Its really helpful to be able to review the source code of the product youre trusting. Experts can look for backdoors, leaks, and other bugs. Organizations that opt to open source their code are showing good faith effort to increase trust between them and the user.
Yet, open source can also limit your options, again, depending on your threat model and goals. Signal, Wire, and Keybase all offer open source repositories of their applications, and sometimes even the server software itself.
Open source also doesnt mean secure. This is often misunderstood, and people hear open source and assume it must be good. Look at the apps code you want to use, you dont need to be able to check it, but are others? An open source app that no one follows, or contributes to is no more or less secure than a closed source app.
Wickr, Threema, and others are closed source. They dont offer the ability to check the source, but that doesnt immediately rule them out either. When the Electronic Frontier Foundation (EFF) had a comparison chart for messenger apps, it gave Wickr 5-stars. This doesnt mean its perfect for someone like Snowden, but for those avoiding Facebook and Google, it could be a usable option.
Its also important to remember theres no way to check that someone is always using the source code in their repository in the app or server youre downloading from the Apple Store or Google Play. When it comes to this, reputation becomes a key player in your decision, as does trust, which we will get to next.
If youre unsure what to do here, its always a safe bet to stick with open source that has a large contributor base and strong reputation. Its always best to use open source options when they are available and only recommend closed source when there isnt a usable open source option. This is generally a good way to pick a messenger app as well.
## Ownership & Trust
An often overlooked, but increasingly important part of choosing a secure messenger is, who owns the company thats providing your service? What would the gain or lose from selling your data and who does the company answer to?
Wire [recently lost](https://web.archive.org/web/20210729190737/https://blog.privacytools.io/delisting-wire/) a great deal of trust and standing in the privacy world because they quietly sold their company and moved it to the US. They also changed parts of their privacy policy making it harder for users to tell when Wire would share customer data. They did all of this while never updating their current users of such changes, either to the change of the privacy policy, or the move to the US.
Wire also took in more than $8 million in venture capital funding. So now, users wanted to know more about who owned their data and what jurisdictional rights were changing with the move from Europe to the United States?
These are questions we must ask of all services. Wire now has investors to answer to who will want a return on their millions of dollars.
Signal on the other hand is a [non-profit](https://signal.org/blog/signal-foundation/) which does not rely on investors and instead relies on donations, sponsorships, and grants. Because of their non-profit status in the US, they must also be highly transparent about not only where the money comes from, but how they spend it. So, users can see where this money goes, and who its going to.
Matrix.org (the service Element uses) runs a similar business model as Signal, located in the UK instead of the US, they reply on donations, partnerships, and grants. Matrix.org is heavily supported by New Vector, a venture capital backed company, however, Matrix.org as a non-profit is transparent about its spending, income, and influences.
Not all services are non-profit, and that should not rule them out immediately. You can also follow their funding goals. Wire lost credibility because instead of simply relying on user signups, they wanted to be the next Skype for Business and wanted to build a larger enough user base to get the attention of investors. Meanwhile apps such as Wickr, while for-profit, is transparent about taking limited investors to become sustainable on subscriptions.
This can take some time, because its important to know who the investors are, and what the organizational goals are. Will they eventually need to resort to data harvesting to sustain itself, if they do, and you decide to leave the platform, will you leave behind data you dont want them to get their hands on?
## Making Your Choice
Now its time to choose a messenger and no one can do that for you. Popularity will need to play a role here, theres no point in joining the new up and coming messenger service if you dont have a single contact using it as well. One reason Telegram has been so popular is they have managed to convince more than 100 million people to sign up. If you sign in today, youll likely see a group of your friends in there. Signal isnt as far behind, and others are catching up.
Youll need to decide who you trust, and who your other contacts trust, and then compare all of that with your goals and your threat model. How much information are you willing to give on signup, does metadata matter to your threat model, and is the service youre choosing likely to sell itself to the highest bidder once enough people sign up?
The important thing to remember is there is no one size fits all for messengers, and that each user must decide what is best for them. If someone is an avid WhatsApp or Facebook Messenger user, even Telegram is a step in the right direction. Yet, if that user is concerned with more than just giving data over to Facebook, they may need to look at more secure options.
Ensure you keep your messenger apps up to date. You dont want to discover youve been compromised because a bug found in version 1 was fixed in version 2 but you didnt bother upgrading your apps.
One last piece of advice is that users need to be diligent and never become complacent in their decision. You must be willing to change services if the goals and values of your messenger of choice change in a way that no longer match yours. Look for news of sales, mergers, or acquisitions that could compromise the organization.
---
*Dan Arel is a journalist, author, and privacy advocate. This article was originally published to [Hacker Noon](https://hackernoon.com/choosing-the-right-messenger-mm3x2z47) on November 27th, 2019.*

43
blog/posts/delisting-startpage.md Normal file
View File

@ -0,0 +1,43 @@
---
date:
created: 2019-11-12
categories:
- Announcements
authors:
- niek-de-wilde
links:
- posts/relisting-startpage.md
- Search Engines: https://www.privacyguides.org/en/search-engines/
tags:
- Search Engines
---
# Delisting Startpage From Privacy Guides
!["Delisting Startpage" cover image](../assets/images/delisting-startpage/cover.png)
Dear *Privacy Guides* Community,
On the 15th of October, it was [brought to our attention](https://web.archive.org/web/20201127034309/https://www.reddit.com/r/privacy/comments/di5rn3/startpage_is_now_owned_by_an_advertising_company/) that Startpage.com was reportedly (partially?) taken over by a company called the Privacy One Group, which is in turn owned by a company called System1. We found this quite remarkable as the two companies seem to have conflicting business models.<!-- more --> Startpage has been known for basing their advertisements on what their users enter in their search bar. System1 on the other hand, is a pay-per-click advertising company that "[has developed a pre-targeting platform that identifies and unlocks consumer intent across channels including social, native, email, search, market research and lead generation rather than relying solely on what consumers enter into search boxes.](https://web.archive.org/web/20201127034309/https://www.bizjournals.com/losangeles/news/2017/09/20/system1-raises-270-million-for-consumer-intent.html)"
We reached out to System1 CEO [Ian Weingarten](https://web.archive.org/web/20201127034309/https://finance.yahoo.com/news/system1-appoints-ian-weingarten-ceo-185700741.html) for an explanation. We received a very general response that did not address key questions.
Seemingly prompted by our ongoing concerns, Startpage released a public letter addressed to us from their CEO, and hosted a [Q&A](https://web.archive.org/web/20201127034309/https://www.reddit.com/r/StartpageSearch/comments/djshn3/hello_reddit_startpage_mod_team/) on their Subreddit to try and explain the situation. While some of our questions were answered, we noted that the company seemed to be evasive, essentially restating information from a previously published [blog post](https://web.archive.org/web/20201127034309/https://www.startpage.com/blog/company-updates/startpage-and-privacy-one-group/) or posting the same response to different questions. People had to really dig to get answers and puzzle all information together, instead of getting a clearly explained and comprehensive answer from the start. Requests for clarification to some important questions went ignored.
Because of the conflicting business model and the unusual way the company reacted, claiming to be fully transparent but being evasive at the same time, we have no choice but to de-list Startpage from our recommendations until it is fully transparent about its new ownership and data processing. Remaining questions include:
- The % of Startpage and Surfboard Holding B.V. (the Startpage holding company) System1 acquired in December 2018.
- The current % ownership by System1 at the time of the audit (and any other major owners).
- Information about Privacy One Group Ltd. Where is it registered and in what city, state and country does it operate? (We have not been able to verify registration information.)
- A diagram of data flows, including flows to outside organizations, like System1, Privacy One etc.
This de-listing does not necessarily mean Startpage is violating its privacy policy. We have no evidence of that. But because there are still so many unanswered questions, we can no longer recommend the service with good confidence. If Startpage aims to be re-considered, they will have to answer the questions above, preferably along with an explanation of why it took them so long to get proper answers out to the public.
Sincerely,
Blacklight447
*Privacy Guides*
---
**2020-05-03:** Startpage has answered all of our questions for them and has clarified their policies. We have decided to recommend their service again, and you can read our latest [announcement](relisting-startpage.md) for more details.
**2023-10-23:** This post has been edited to reflect the team's move from [PrivacyTools](https://www.privacyguides.org/en/about/privacytools/) to Privacy Guides.

40
blog/posts/delisting-wire.md Normal file
View File

@ -0,0 +1,40 @@
---
date:
created: 2019-11-19
categories:
- Announcements
authors:
- danarel
links:
- Real Time Communication: https://www.privacyguides.org/en/real-time-communication/
- Types of Communication Networks: https://www.privacyguides.org/en/advanced/communication-network-types/
tags:
- Instant Messengers
---
# Delisting Wire From Privacy Guides
!["Delisting Wire" cover image](../assets/images/delisting-wire/cover.png)
It has recently come to the attention of the *Privacy Guides* team that **Wire**, the popular end-to-end encryption messaging platform [has been sold or moved to a US company](https://web.archive.org/web/20201128215737/https://forum.privacytools.io/t/wire-swiss-gmbh-is-now-owned-by-a-usa-holding-company/1932). After a week of questioning, Wire finally confirmed they had changed holding companies and would now be a US based company in a move they called “simple and pragmatic,” as they worked to expand their foothold in the enterprise market. This also came alongside the news that Wire had accepted more than $8 million in Venture Capital (VC) funding from Morpheus Ventures, as well as other investors.<!-- more -->
Morpheus Ventures holds a [portfolio](https://web.archive.org/web/20201128215737/https://morpheus.com/portfolio/) including companies in healthcare, voice AI, life insurance, and retail customer data analytics: All sectors that have historically used invasive data collection methods to survive. Why would a VC with a portfolio centered on consumer data want to invest in a company whose mission claims to protect that very same information?
Earlier this year, Wire announced they had entered a partnership with [FedResults](https://web.archive.org/web/20201128215737/https://www.globenewswire.com/news-release/2019/07/10/1880912/0/en/Wire-and-FedResults-Partner-to-Offer-End-to-End-Encrypted-Collaboration-Platform-to-Government-Agencies.html), in a move that would bring Wire's secure messaging platform to US federal agencies. This raised a few eyebrows, but did not alarm the privacy community as Wire remained Swiss based and beholden to Switzerland's strict privacy laws. Today however, while much of Wire's business will continue to be run out of their Swiss offices, with new US-based ownership it is not entirely clear how much jurisdiction the United States will have over Wire data.
This is alarming because it is well known that Wire [stores unencrypted metadata](https://web.archive.org/web/20201128215737/https://www.vice.com/en_us/article/gvzw5x/secure-messaging-app-wire-stores-everyone-youve-ever-contacted-in-plain-text) for every user.
In an interview with [TechCrunch](https://web.archive.org/web/20201128215737/https://techcrunch.com/2019/11/13/messaging-app-wire-confirms-8-2m-raise-responds-to-privacy-concerns-after-moving-holding-company-to-the-us/), Wire CEO Morten Brøgger said of privacy laws: “We are in Switzerland, which has the best privacy laws in the world” — its subject to Europes General Data Protection Regulation framework (GDPR) on top of its own local laws — “and Wire now belongs to a new group holding, but there no change in control.” [sic]
Even if he is correct, the move and statement do bring up further questions. With Wire now being a US company with contracts partnering it with US federal authorities, will those authorities now have leverage to compel Wire to give up metadata on users? Wire has investors to answer to and will not be able to risk losing large deals with clients like the US federal government. This is of course a hypothetical situation, but one to be considered nonetheless as we decide which services to recommend on [*Privacy Guides*](https://www.privacyguides.org/en/tools/).
Wire also quietly made an adjustment to its own privacy policy. A [previous version](https://web.archive.org/web/20180324221043/https://wire.com/en/legal/#privacy-7) of the policy (July 18, 2017) stated it would only share user data when required by law. Now (Updated September 1, 2018), it reads they will share user data when "necessary." What does necessary mean, and necessary to whom? Necessary to law enforcement, shareholders, or advertisers? The word "necessary" is an alarming change because "necessary" is purposefully vague terminology that could conceivably be used as a tool to justify any action. This change doesn't leave the user with much confidence as to when the company may share your data.
Yet another red flag, and one of the more important ones to us, was is that Wire decided not to disclose this policy change to its users, and when asked why, Brøgger was flippant in his response, stating: “Our evaluation was that this was not necessary. Was it right or wrong? I dont know.”
We feel we do know, and the answer was that it was wrong. Privacy and security are not built solely on strong technology, but on trust. Yes, we can review Wire's open source code on GitHub, but we can't ever be sure that code is the same exact code that runs on their servers in practice. Yet, we have trusted them in the past because Wire had built a trustworthy reputation for themselves. We now feel that Wire has lost this reputation. By deciding to withhold information regarding its ownership and policies from its users, Wire has broken the trust our community has placed in it, and worse yet sounds almost dismissive of the worries voiced by the privacy community that had long held them in high regard.
Because of these ongoing concerns, and this break in trust in Wire's organization, *Privacy Guides* has made the decision to remove Wire from its recommendations. It is worth noting that does not necessarily mean Wire is unsafe, but we believe it is our duty to recommend products that we as a team feel comfortable standing behind. We need to believe in the security, privacy, and integrity of our recommendations, and we no longer feel we can do that with Wire at this time.
---
**2023-10-23:** This post has been edited to reflect the team's move from [PrivacyTools](https://www.privacyguides.org/en/about/privacytools/) to Privacy Guides.

71
blog/posts/firefox-privacy-2021-update.md Normal file
View File

@ -0,0 +1,71 @@
---
date:
created: 2021-12-01
categories:
- Reviews
authors:
- dngray
links:
- 'Desktop Browsers<br><small>Firefox</small>': https://www.privacyguides.org/desktop-browsers/#firefox
tags:
- Browsers
- Firefox
license: CC0
---
# Firefox Privacy: 2021 Update
![Firefox Privacy cover](../assets/images/firefox-privacy/cover.png)
A lot changed between 2019 and now, not least in regards to Firefox. Since our last post, Mozilla has [improved](https://blog.mozilla.org/en/products/firefox/latest-firefox-rolls-out-enhanced-tracking-protection-2-0-blocking-redirect-trackers-by-default/) privacy with [Enhanced Tracking Protection (ETP)](https://blog.mozilla.org/en/products/firefox/firefox-now-available-with-enhanced-tracking-protection-by-default/). Earlier this year Mozilla introduced [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/) (Dynamic First Party Isolation dFPI). This was then further tightened with [Enhanced Cookie Clearing](https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-enhanced-cookie-clearing/). Were also looking very forward to [Site Isolation](https://blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/) (code named Fission) being enabled by default in the coming releases.<!-- more -->
Now that so many privacy features are built into the browser, there is little need for extensions made by third-party developers. Accordingly, we have updated our very outdated [browser](https://www.privacyguides.org/desktop-browsers/) section. If youve got an old browser profile we suggest **creating a new one**. Some of the old advice may make your browser *more* unique.
## Privacy Tweaks “about:config”
Were no longer recommending that users set `about:config` switches manually. Those switches need to be up to date and continuously maintained. They should be studied before blindly making modifications. Sometimes their behaviour changes in between Firefox releases, is superseded by other keys or they are removed entirely. We do not see any point in duplicating the efforts of the community [Arkenfox](https://github.com/arkenfox/user.js) project. Arkenfox has very good documentation in their [wiki](https://github.com/arkenfox/user.js/wiki) and we use it ourselves.
## LocalCDN and Decentraleyes
These extensions arent required with Total Cookie Protection (TCP), which is enabled if youve set Enhanced Tracking Protection (ETP) to **Strict**.
Replacing scripts on CDNs with local versions is not a comprehensive solution and is a form of [enumeration of badness](https://www.ranum.com/security/computer_security/editorials/dumb/). While it may work with some scripts that are included it doesnt help with most other third-party connections.
CDN extensions never really improved privacy as far as sharing your IP address was concerned and their usage is fingerprintable as this Tor Project developer [points out](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22089#note_2639603). They are the wrong tool for the job and are not a substitute for a good VPN or Tor. Its worth noting the [resources](https://git.synz.io/Synzvato/decentraleyes/-/tree/master/resources) for Decentraleyes are hugely out of date and would not be likely used anyway.
## NeatURLs and ClearURLS
Previously we recommended ClearURLs to remove tracking parameters from URLs you might visit. These extensions are no longer needed with uBlock Origins [`removeparam`](https://github.com/gorhill/uBlock/wiki/Static-filter-syntax#removeparam) feature.
## HTTPS Everywhere
The EFF announced back in September they were [deprecating HTTPS-Everywhere](https://www.eff.org/deeplinks/2021/09/https-actually-everywhere) as most browsers now have an HTTPS-Only feature. We are pleased to see privacy features built into the browser and Firefox 91 introduced [HTTPS by Default in Private Browsing](https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-https-by-default-in-private-browsing/).
## Multi Account Containers and Temporary Containers
Container extensions arent as important as they used to be for privacy now that we have [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/).
Multi Account Container will still have some use if you use [Mozilla VPN](https://en.wikipedia.org/wiki/Mozilla_VPN) as it is going to be [integrated](https://github.com/mozilla/multi-account-containers/issues/2210) allowing you to configure specified containers to use a particular VPN server. Another use might be if you want to login to multiple accounts on the same domain.
## Just-In-Time Compilation (JIT)
What is “Disable JIT” in Bromite? This option disables the JavaScript performance feature [JIT](https://en.wikipedia.org/wiki/Just-in-time_compilation). It can increase security but at the cost of performance. Those trade-offs vary wildly and are explored in [this](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/) publication by Johnathan Norman from the Microsoft Edge team. This option is very much a security vs performance option.
## Mozilla browsers on Android
We dont recommend any Mozilla based browsers on Android. This is because we dont feel that [GeckoView](https://mozilla.github.io/geckoview) is quite as secure as it could be as it doesnt support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture), soon to be coming in desktop browsers or [isolated processes](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
We also noticed that there isnt an option for [HTTPS-Only mode](https://github.com/mozilla-mobile/fenix/issues/16952#issuecomment-907960218). The only way to get something similar is to install the [deprecated](https://www.eff.org/deeplinks/2021/09/https-actually-everywhere) extension [HTTPS Everywhere](https://www.eff.org/https-everywhere).
There are places which Firefox on Android shines for example browsing news websites where you may want to *partially* load some JavaScript (but not all) using medium or hard [blocking mode](https://github.com/gorhill/uBlock/wiki/Blocking-mode). The [reader view](https://support.mozilla.org/en-US/kb/view-articles-reader-view-firefox-android) is also pretty cool. We expect things will change in the future, so were keeping a close eye on this.
## Fingerprinting
Firefox has the ability to block known third party [fingerprinting resources](https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/). Mozilla has [advanced protection](https://support.mozilla.org/kb/firefox-protection-against-fingerprinting) against fingerprinting (RFP is enabled with Arkenfox).
We do not recommend extensions that promise to change your [browser fingerprint](https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead/). Some of those extensions [are detectable](https://www.cse.chalmers.se/~andrei/codaspy17.pdf) by websites through JavaScript and [CSS](https://hal.archives-ouvertes.fr/hal-03152176/file/style-fingerprinting-usenix.pdf) methods, particularly those which inject anything into the web content.
This includes **all** extensions that try to change the user agent or other browser behaviour to prevent fingerprinting. We see these often recommended on Reddit and would like to say that they will likely make you more unique and can be circumvented. Arkenfox has [a good list](https://github.com/arkenfox/user.js/wiki/4.1-Extensions) of extensions you could use, and a list of ones you [needn't bother with](https://github.com/arkenfox/user.js/wiki/4.1-Extensions#-dont-bother). We also like to say testing sites which show you how unique you are in a set of users are often using hugely tainted results that are not indicative of real-world usage.
----------
*Special thanks to [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) and [Tommy](https://tommytran.io) for their help with providing advice and further documentation during the research phase.*

153
blog/posts/firefox-privacy.md Normal file
View File

@ -0,0 +1,153 @@
---
date:
created: 2019-11-09
categories:
- Reviews
authors:
- jonah
links:
- posts/firefox-privacy-2021-update.md
tags:
- Browsers
- Firefox
license: BY-SA
---
# Firefox Privacy: Tips and Tricks for Better Browsing
!["Firefox Privacy" cover image](../assets/images/firefox-privacy/cover.png)
Mozilla Firefox is one of the most popular web browsers around, and for good reason. It's fast, secure, open-source, and it's backed by an organization that actually respects your privacy. Unlike many other Chrome alternatives and forks, it has a massive development team behind it that publishes new updates on a constant, regular basis. Regular updates doesn't only mean shiny new features, it means you'll also receive security updates that will keep you protected as you browse the web.<!-- more -->
Because of all of this, [we recommend Firefox](https://www.privacyguides.org/desktop-browsers/#firefox) as our general-purpose browser for most users. It's the best alternative to Chrome and Edge for privacy conscious individuals.
Firefox is fantastic out of the box, but where it really shines is customizability. By adjusting Firefox privacy settings and using helpful add-ons, you can increase your privacy and security even further. Making those changes is what we're going to go over in this Firefox privacy guide.
Before we get started, there's a couple things that should be noted that are not only applicable to this guide, but privacy in general:
## Considerations
Protecting your privacy online is a tricky proposition, there are so many factors to take into consideration on an individual basis for any one guide or site to cover comprehensively. You will need to take into account things like threat modeling and your general preferences before making any changes or following any recommendations.
### Threat Modeling
What is [threat modeling](https://www.privacyguides.org/basics/threat-modeling/)? Consider who you're trying to keep your data hidden from. Do you need to keep your information hidden from the government, or just the average stranger? Maybe you are just looking to alternatives to Big Tech like Google and Facebook. You'll also want to consider how much time and resources you want to spend hiding your data from those "threats". Some solutions might not be feasible from a financial or time standpoint and you'll have to make compromises. Taking all those questions into account creates a basic threat model for you to work with.
We want to publish a more complete guide on threat modeling in the future, so stay tuned to this blog for further updates. But for now, just keep those thoughts in the back of your mind as we go through this article. Not every solution might be for you, or conversely you may need to pay more attention to certain areas we aren't able to cover completely.
### Browser Fingerprinting
Another consideration is your browser's fingerprint. When you visit a web page, your browser voluntarily sends information about its configuration, such as available fonts, browser type, and add-ons. If this combination of information is unique, it may be possible to identify and track you without using more common tracking tools, like cookies.
That's right, add-ons contribute to your fingerprint. Another thing a lot of people miss when they are setting up their browser is that more is not always the best solution to their problems. You don't need to use every add-on and tweak we recommend installed, and the more you configure the greater chance there is that your browser will appear more unique to websites. Think about your specific situation and pick and choose the add-ons and tweaks we recommend only if you think they will help you.
## Firefox Privacy Settings
We'll start off with the easy solutions. Firefox has a number of privacy settings built in, no add-ons necessary! Open your Options page (Preferences on macOS) and we'll go through them one at a time.
### DNS over HTTPS
DNS (or the Domain Name System) is what your browser uses to turn domain names like `privacyguides.org` into IP addresses like `65.109.20.157`. Because computers can only make connections to IP addresses, it's necessary to use DNS every time you visit a new domain. But DNS is unencrypted by default, that means everyone on your network (including your ISP) can view what domains you're looking up, and in some situations even change the IP answers to redirect you to their own websites! Encrypting your DNS traffic can shield your queries and add some additional protection to your browsing.
Encrypted DNS takes many forms: DNS over HTTPS (DoH), DNS over TLS, DNSCrypt, etc., but they all accomplish the same thing. They keep your DNS queries private from your ISP, and they make sure they aren't tampered with in transit between your DNS provider. Fortunately, Firefox recently added native DoH support to the browser. On the **General** page of your preferences, scroll down to and open **Network Settings**. At the bottom of the window you will be able to select "Enable DNS over HTTPS" and choose a provider.
Keep in mind that by using DoH you're sending all your queries to a single provider, probably Cloudflare unless you choose [another provider](https://www.privacyguides.org/dns/) that supports DNS over HTTPS. While it may add some privacy protection from your ISP, you're only shifting that trust to the DoH provider. Make sure that's something you want to do.
It should also be noted that even with DoH, your ISP will still be able to see what domain you're connecting to because of a technology called Server Name Indication (SNI). Until SNI is encrypted as well, there's no getting around it. Encrypted SNI (eSNI) is in the works — and can actually be [enabled on Firefox](https://blog.cloudflare.com/encrypt-that-sni-firefox-edition/) today — but it only works with a small number of servers, mainly ones operated by Cloudflare, so its use is limited currently. Therefore, while DoH provides some additional privacy and integrity protections, its use as a privacy tool is limited until other supplemental tools like eSNI and [DNSSEC](https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en) are finalized and implemented.
### Change Your Search Engine
This is an easy one. In the **Search** tab, change your **Default Search Engine** to something other than Google. Out of the built-in options, DuckDuckGo is the most privacy respecting service, but there's a number of [search engines we would recommend](https://www.privacyguides.org/search-engines/) that can be easily installed as well.
### Enhanced Tracking Protection
Now we'll delve into the biggest set of options for people like us, Firefox's **Privacy & Security** tab. First up is their **Enhanced Tracking Protection**. This set of filters is set to Standard by default, but we'll want to change it to Strict for more comprehensive coverage.
In rare occasions, Strict browsing protections might cause some of the websites you visit to not function properly. But there's no need to worry! If you suspect the Strict browsing protection is breaking a website you visit frequently, you can disable it on a site by site basis with the shield icon in the address bar.
Disabling Enhanced Tracking Protection will of course decrease your privacy on that site, so you will have consider whether that's something you are willing to compromise on, on a site-by-site basis.
Another benefit of Firefox's Enhanced Tracking Protection is that it can actually speed up your browsing! Advertising networks and social media embeds can sometimes make your browser download huge files just to show an ad or a like button, and blocking those out trims the fat, in a sense.
### Disabling Telemetrics
When you use Firefox, Mozilla collects information about what you do, what kind of extensions you have installed, and various other aspects of your browser. While they claim to do this in a privacy-respecting way, sending as little data as possible is always preferred from a privacy standpoint, so we would go ahead and uncheck all the boxes under **Firefox Data Collection and Use** just to be safe.
### Clearing Cookies and Site Data
This one is for more advanced users, so if you don't understand what this is doing you can skip this section. Firefox provides the option to delete all your cookies and site data every time Firefox is closed. Cookies and site data are little pieces of information sites store in your browser, and they have a myriad of uses. They are used for things like keeping you logged in and saving your website preferences, but they also can be used to track you across different websites. By deleting your cookies regularly, your browser will appear clean to websites, making you harder to track.
This will likely log you out of websites quite often, so make sure that's an inconvenience you're willing to put up with for enhanced privacy.
## Firefox Privacy Add-Ons
Of course, just the browser settings alone won't go quite far enough to protect your privacy. Mozilla has made a lot of compromises in order to provide a more functional browsing experience for the average user, which is completely understandable. But, we can take it even further with some browser add-ons that prevent tracking and make your experience more private and secure.
[We recommend a number of fantastic add-ons](https://www.privacyguides.org/desktop-browsers/#ublock-origin) for Firefox, nine at the time of writing, but they aren't all necessary for everyone. Some of them provide redundant functionality to each other, and some of them accomplish similar tasks to the settings we've enabled above.
When you are installing add-ons for Firefox, consider whether you actually need them for your personal browsing. Remember that fingerprinting warning from earlier? Adding as many extensions as possible might make you stand out more, which is not the goal.
Keeping all that in mind, there are three add-ons I would consider necessary for virtually every user:
- uBlock Origin
- HTTPS Everywhere
- Decentraleyes
Out of the box, these add-ons only complement the settings we've described in this article already, and they have sane defaults that won't break the sites you visit.
### uBlock Origin
[**uBlock Origin**](https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/) is an efficient ad- and tracker-blocker that is easy on memory, and yet can load and enforce thousands more filters than competing blockers. We trust it because it is completely open-source. Additionally, unlike its competitors it has no monetization strategy: There's no "Acceptable" ads program or a similar whitelist like many other adblockers feature.
### HTTPS Everywhere
HTTPS is the secure, encrypted version of HTTP. When you see an address starting with `https://` along with the padlock in your browser's address bar, you know that your connection to the website is completely secure. This is of course important when you're logging into websites and sending your passwords and emails in a form. But it also prevents people on your network and your ISP from snooping in on what you're reading, or changing the contents of an unencrypted webpage to whatever they want.
Therefore, [**HTTPS Everywhere**](https://www.eff.org/https-everywhere) is a must-have extension, all it does is upgrade your HTTP connections to HTTPS wherever possible. And because it works silently in the background, you probably will never notice it! We trust HTTPS Everywhere because it is completely open-source, and is developed by the Electronic Frontier Foundation, a non-profit dedicated to private and secure technologies.
Of course, it only works with sites that support HTTPS on the server's side, so you'll still need to keep an eye on your address bar to make sure you're securely connected. But fortunately more and more websites have implemented HTTPS thanks to the advent of free certificates from organizations like Let's Encrypt.
### Decentraleyes
When you connect to many websites, your browser is most likely making connections to a myriad of "Content Delivery Networks" like Google Fonts, Akamai, and Cloudflare, to download fonts and Javascript that make the website run. This generally makes websites look and feel better, but it means you're constantly making connections to these servers, allowing them to build a fairly accurate tracking profile of you.
[**Decentraleyes**](https://addons.mozilla.org/en-US/firefox/addon/decentraleyes) works by impersonating those CDNs locally in your browser. When a website wants to download a program like jQuery, instead of connecting to a remote CDN Decentraleyes will serve the file from its own cache of files. This means that you'll won't have to make remote CDN connections for the files that Decentraleyes supports, and therefore the remote CDNs can't track your browser. Because everything is stored locally instead of on a far away server, Decentraleyes has the added benefit of speeding up your browsing as well. Everything happens instantly, and you won't see a difference in the websites you visit.
### Additional Privacy Add-Ons
There is of course more functionality that can be achieved at the expense of more time spent configuring your browser and reduced website functionality. If you're looking for the most privacy options possible however, they may be for you. Check out our [desktop browsers recommendations page](https://www.privacyguides.org/desktop-browsers/) for further information and additional resources.
## More Privacy Functionality
Firefox has developed a number of other privacy tools that can be used to enhance your privacy or security. They may be worth looking into, but they have some drawbacks that would prevent me from recommending them outright.
### Firefox Private Network
Firefox Private Network is a new extension developed by Mozilla that serves as a [Virtual Private Network](https://www.privacyguides.org/basics/vpn-overview/) (VPN), securing you on public WiFi networks and other situations where you might trust Mozilla more than the ISP or network administrator. It is free in beta, but will likely be available at some subscription pricing once the test pilot ends.
Firefox Private Network is still just a VPN, and there are a number of drawbacks you would want to consider before using it. We wrote an entire article on [choosing a VPN provider](https://www.jonaharagon.com/posts/choosing-a-vpn/) that is worth a read, but it boils down to the fact that your VPN provider will be able to see your web traffic. All you are accomplishing is shifting the trust from your network to the VPN provider, in this case *Cloudflare*, the operators behind this service.
Additionally, unlike a traditional VPN, only data through the Firefox browser is protected, not every app on your machine. This means that it won't adequately protect you from many of the threats people typically want to protect against when they use a VPN, like IP leaks.
And finally, Cloudflare and Mozilla are both US companies. There are a number of concerns with entrusting internet traffic to the US and other fourteen eyes countries that should not be overlooked.
If you require a Virtual Private Network, we would look elsewhere. There are a number of [recommended providers](https://www.privacyguides.org/vpn/) like Mullvad that will provide a better experience at a low cost.
### Multi-Account Containers
Mozilla has an in-house add-on called [Multi-Account Containers](https://support.mozilla.org/en-US/kb/containers) that allows you to isolate websites from each other. For example, you could have Facebook in a container separate from your other browsing. In this situation, Facebook would only be able to set cookies with your profile on sites within the container, keeping your other browsing protected.
A containers setup may be a good alternative to techniques like regularly deleting cookies, but requires a lot of manual intervention to setup and maintain. If you want complete control of what websites can do in your browser, it's definitely worth looking into, but we wouldn't call it a necessary addition by any means.
## Additional Resources
[Desktop Browsers (Privacy Guides)](https://www.privacyguides.org/desktop-browsers/) — Our comprehensive set of recommendations for browsers and tweaks you can make to enhance your privacy is a great next step for more advanced users looking to protect their privacy online.
[arkenfox user.js](https://github.com/arkenfox/user.js) — For more advanced users, the arkenfox user.js is a "configuration file that can control hundreds of Firefox settings [...] which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage".
[Mozilla's Privacy Policy](https://www.mozilla.org/en-US/privacy/) — Of course, we always recommend reading through the privacy statement of any organization you deal with, and Mozilla is no exception.
## Firefox Privacy Summary
In conclusion, we believe that Firefox is the most promising browser for privacy-conscious individuals. The non-profit behind it seems truly dedicated to promoting user control and privacy, and the good defaults coupled with the sheer customizability of the browser allow you to truly protect your information when you browse the web.
For more Firefox privacy-related information, or for recommendations for non-desktop platforms, give our full page on [web browsers](https://www.privacyguides.org/desktop-browsers/) a read.

79
blog/posts/grapheneos-or-calyxos.md Normal file
View File

@ -0,0 +1,79 @@
---
date:
created: 2022-04-21
authors:
- contributors
categories:
- Opinion
tags:
- GrapheneOS
- CalyxOS
links:
- General Android Overview: https://www.privacyguides.org/android/overview/
- Android Recommendations: https://www.privacyguides.org/android/
license: BY-SA
---
# Should You Use GrapheneOS or CalyxOS?
GrapheneOS and CalyxOS are often compared as similar options for people looking for an alternative Android OS for their Pixel devices. Below are some of the reasons why we recommend GrapheneOS over CalyxOS.<!-- more -->
## Update Frequency
CalyxOS has a track record of being slower to apply security and feature updates to its OS and core applications than other custom Android operating systems. Timely security updates are one of the most important factors to consider when determining whether an OS is secure enough for regular use, which is a requirement for privacy.
In contrast to that, GrapheneOS manages to stay close to upstream and in some cases even [deliver updates before the stock OS does](https://grapheneos.org/features#more-complete-patching).
As an example, [GrapheneOS's first Android 12 release](https://grapheneos.org/releases#2021102020) was in October 2021, whereas [CalyxOS moved to Android 12](https://calyxos.org/news/2022/01/19/android-12-changelog/) in January 2022.
## Sandboxed Google Play vs Privileged microG
When Google Play Services are used on GrapheneOS, they are confined using the highly restrictive, default [`untrusted_app`](https://source.android.com/security/selinux/concepts) [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) domain. As a result, you have full control as to what these apps can access via permissions, just like any other app you install. Additionally, you can selectively choose which profile(s) to install the Sandboxed Google Play in.
microG is a partially open-source re-implementation of Google Play Services.[^1] On CalyxOS, it runs in the highly privileged [`system_app`](https://source.android.com/security/selinux/concepts) SELinux domain like regular Google Play Services, and it uses [signature spoofing](https://github.com/microg/GmsCore/wiki/Signature-Spoofing) to masquerade as Google Play Services. This is less secure than Sandboxed Google Play's approach, which does not need access to sensitive system APIs.
When using Sandboxed Google Play, you have the option to reroute location requests to the Play Services API back to the OS location API, which uses satellite based location services. With microG, you have the option to choose between different backend location providers, including *shifting trust* to another location backend, like Mozilla; using [DejaVu](https://github.com/n76/DejaVu), a location backend that locally collects and saves RF-based location data to an offline database which can be used when GPS is not available; or to simply not use a network location backend at all.
Network location providers like Play Services or Mozilla rely the on the MAC addresses of surrounding WiFi access points and Bluetooth devices being submitted for location approximation. Choosing a network location like Mozilla to use with microG provides little to no privacy benefit over Google because you are still submitting the same data and trusting them to not profile you.
Local RF location backends like DejaVu require that the phone has a working GPS first for the local RF data collected to be useful. This makes them less effective as location providers, as the job of a location provider is to assist location approximation when satellite based services are not working.
If your [threat model](https://www.privacyguides.org/basics/threat-modeling/) requires protecting your location or the MAC addresses of nearby devices, rerouting location requests to the OS location API is probably the best option. The benefit brought by microG's custom location backend is minimal at best when compared to Sandboxed Google Play.
In terms of application compatibility, ==Sandboxed Google Play on GrapheneOS is always going to be more compatible== as it is the same code as what is released by Google. microG is a reimplementation of these services. As a result, it only supports the various parts that have been reimplemented, meaning some things such as [Google Play Games](https://play.google.com/googleplaygames) and [In-app Billing API](https://developer.android.com/google/play/billing) are not yet supported.
Larger apps, especially games, require [Play Asset Delivery](https://android-developers.googleblog.com/2020/06/introducing-google-play-asset-delivery.html) to be installed, which is currently not implemented in microG. Authentication using [FIDO](https://www.privacyguides.org/basics/multi-factor-authentication#fido-fast-identity-online) with online services on Android also relies on Play Services, and does not currently work with microG.
[^1]: It should be noted that microG still uses proprietary Google binaries for some of its components such as DroidGuard. Push notifications, if enabled, still go through Google's servers just like with Play Services. Outside of default microG setups like on CalyxOS, it is possible to run microG in the unprivileged [`untrusted app`](https://source.android.com/security/selinux/concepts) SELinux domain and without the signature spoofing patch. However, microG's functionality and compatibility, which is already not nearly as broad as Sandboxed Google Play, will greatly diminish.
## Privileged eSIM Activation Application
Currently, eSIM activation is tied to a privileged proprietary application by Google. The app has the `READ_PRIVILEGED_PHONE_STATE` permission, giving Google access to your hardware identifiers such as the IMEI.
On GrapheneOS, the app comes disabled and you can *optionally* enable it after installing Sandboxed Google Play.
On CalyxOS, the app comes installed by default (regardless of whether you choose to have microG or not) and you cannot opt-out. This means that Google still has access to your hardware identifiers regardless of whether or not you need eSIM activation and they can be accessed persistently.
## Privileged App Extensions
Android 12 comes with special support for seamless app updates with [third-party app stores](https://android-developers.googleblog.com/2020/09/listening-to-developer-feedback-to.html). The popular Free and Open-Source Software (FOSS) repository [F-Droid](https://f-droid.org) doesn't implement this feature and requires a [privileged extension](https://f-droid.org/en/packages/org.fdroid.fdroid.privileged) to be included with the Android distribution in order to have unattended app updates.
CalyxOS includes the [privileged extension](https://f-droid.org/en/packages/org.fdroid.fdroid.privileged), which may lower device security.
On the other hand, GrapheneOS officially recommends [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play) instead. Many FOSS Android apps are also in Google's Play Store but sometimes they are not (like [NewPipe](https://www.privacyguides.org/frontends#newpipe-android)). In those cases, you can [keep up with updates using RSS](https://www.privacyguides.org/android/#manually-with-rss-notifications).
## Profiles
GrapheneOS significantly improves [user profiles](https://www.privacyguides.org/android/overview#user-profiles) in [multiple ways](https://grapheneos.org/features#improved-user-profiles), such as increasing the limit of how many profiles you can create (32 instead of the standard 4), allowing you to log out of user profiles, disabling app installation, and notification forwarding. All of these improvements make it so user profiles can be daily driven without sacrificing too much usability.
CalyxOS doesn't feature any improvements to user profiles over AOSP, and instead includes a device controller app so that the [work profile](https://www.privacyguides.org/android/overview#work-profile) can be used without needing to download a third party app such as [Shelter](https://www.privacyguides.org/android/#shelter). However, work profiles are not nearly as flexible (as you're limited to only one) and don't provide the same amount of isolation and security.
## Additional Hardening
GrapheneOS improves upon [AOSP](https://source.android.com/) security with:
- **Hardened WebView:** Vanadium WebView requires [64-bit](https://en.wikipedia.org/wiki/64-bit_computing) processes on the [WebView](https://developer.android.com/reference/android/webkit/WebView) process and disables legacy [32-bit](https://en.wikipedia.org/wiki/32-bit_computing) processes. It uses hardened compiler options such as [`-fwrapv`](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html) and [`-fstack-protector-strong`](https://gcc.gnu.org/onlinedocs/gcc-4.9.3/gcc/Optimize-Options.html), which can help protect against [stack buffer overflows](https://en.wikipedia.org/wiki/Stack_buffer_overflow). [API](https://en.wikipedia.org/wiki/API)s such as the [battery status API](https://chromestatus.com/feature/4537134732017664) are disabled for privacy reasons. All system apps on GrapheneOS use the Vanadium WebView which means that apps which use WebView will also benefit from Vanadium's hardening. The [Vanadium patch set](https://github.com/GrapheneOS/Vanadium) is a lot more comprehensive than CalyxOS's [Chromium patch set](https://gitlab.com/CalyxOS/chromium-patches) which is derived from it.
- **Hardened Kernel:** GrapheneOS kernel includes some hardening from the [linux-hardened](https://github.com/GrapheneOS/linux-hardened) project and the [Kernel Self Protection Project (KSPP)](https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project). CalyxOS uses the [same kernel](https://calyxos.org/docs/development/build/kernel/) as regular Android with some minor modifications.
- **Hardened Memory Allocator:** GrapheneOS uses the [hardened malloc](https://github.com/GrapheneOS/hardened_malloc) subproject as its memory allocator. This focuses on hardening against [memory heap corruption](https://en.wikipedia.org/wiki/Memory_corruption). CalyxOS uses the default AOSP [Scudo Malloc](https://source.android.com/devices/tech/debug/scudo), which is generally [less effective](https://twitter.com/danielmicay/status/1033671709197398016). Hardened Malloc has uncovered vulnerabilities in AOSP which have been [fixed](https://github.com/GrapheneOS/platform_system_core/commit/be11b59725aa6118b0e1f0712572e835c3d50746) by GrapheneOS such as [CVE-2021-0703](https://nvd.nist.gov/vuln/detail/CVE-2021-0703).
- **Secure Exec Spawning:** GrapheneOS [spawns](https://en.wikipedia.org/wiki/Spawn_(computing)) fresh processes as opposed to using the [Zygote model](https://ayusch.com/android-internals-the-android-os-boot-process) used by AOSP and CalyxOS. The Zygote model weakens [Address Space Layout Randomization](https://en.wikipedia.org/wiki/Address_space_layout_randomization) (ASLR) and is considered [less secure](https://wenke.gtisc.gatech.edu/papers/morula.pdf). Creating [fresh processes](https://grapheneos.org/usage#exec-spawning) is safer but will have some performance penalty when launching a new application. These penalties are not really noticeable unless you have an [old device](https://support.google.com/nexus/answer/4457705) with slow storage such as the Pixel 3a/3a XL as it has [eMMC](https://en.wikipedia.org/wiki/MultiMediaCard#eMMC).
**Please note that these are just a few examples and are not an extensive list of GrapheneOS's hardening**. For a more complete list, please read GrapheneOS' [official documentation](https://grapheneos.org/features).

51
blog/posts/hide-nothing.md Normal file
View File

@ -0,0 +1,51 @@
---
date:
created: 2022-06-09
categories:
- Opinion
authors:
- danarel
links:
- posts/move-fast-and-break-things.md
- posts/choosing-the-right-messenger.md
tags:
- Government
license: BY-SA
---
# Hide Nothing
In the wake of the September 11, 2001, attack on the United States, the US government enacted laws that weakened citizen privacy in the name of national emergency. This sent up many red flags for human rights and privacy advocates.<!-- more -->
These concerns were met with “if you have nothing to hide, you have nothing to fear.” The argument goes that if you're not doing anything illegal, then these violations of your privacy shouldn't bother you. If you care about privacy, you clearly can't be up to anything good.
On the surface, this seems true to many people but the reality is very different. We may not have had anything to hide in the immediate aftermath of 9/11, but that was not the only information being sought after by governments. Indeed, following the passage of the Patriot Act in the US, the FBI issued 192,499 [National Security Letters](https://www.aclu.org/other/national-security-letters), meaning they collected the records and online activity of nearly 200,000 people.
In the end it only convicted one person.
Now, many have argued that stopping one terrorist might be worth giving up some security for, but [according](https://www.aclu.org/issues/national-security/privacy-and-surveillance/surveillance-under-patriot-act) to the ACLU, the conviction would have occurred without the Patriot Act.
Many legal actions you take today could be deemed illegal by future laws or future government. In the US today there is discussion around the possibility of Roe v. Wade being overturned, allowing states to outlaw abortions. You may not currently feel the need to hide internet searches, menstrual cycle apps, or donations to women's health clinics today because it's not illegal, but tomorrow that information could be used against you.
In countries were organizing around political dissent is legal, that doesn't mean the government is tracking those taking part and using that information to create informants or infiltrate such groups. Or worse, when or if laws change, using that surveillance to punish those involved.
And even if you break away from the legal aspects, we all have something to hide. You may not be ready to reveal your sexual or gender identity, but your internet usage could potentially do that for you. You don't want to make your bank account public; you have that information to hide. And you can continue to list things about your life you'd just rather not make public, regardless of potential legality.
In July of 2021, a Catholic priest by the name of Jeffrey Burrill lost his job and was forced to resign after data collected through his cell phone showed that he was active on the gay dating app Grindr, and that he had visited multiple gay bars in the area. [According](https://www.washingtonpost.com/religion/2021/07/20/bishop-misconduct-resign-burrill/) to the *Washington Post*:
> “A mobile device correlated to Burrill emitted app data signals from the location-based hookup app Grindr on a near-daily basis during parts of 2018, 2019, and 2020 —– at both his USCCB office and his USCCB-owned residence, as well as during USCCB meetings and events in other cities,” the Pillar reported.
>
> “The data obtained and analyzed by The Pillar conveys mobile app date signals during two 26-week periods, the first in 2018 and the second in 2019 and 2020. The data was obtained from a data vendor and authenticated by an independent data consulting firm contracted by The Pillar,” the site reported. It did not identify who the vendor was or if the site bought the information or got it from a third party.
>
> The Pillar story says app data “correlated” to Burrill's phone shows the priest visited gay bars, including while traveling for the USCCB.
While it was not clear who was tracking Burrill's device, the Post went on to say that:
> Privacy experts have long raised concerns about “anonymized” data collected by apps and sold to or shared with aggregators and marketing companies. While the information is typically stripped of obviously identifying fields, like a user's name or phone number, it can contain everything from age and gender to a device ID. It's possible for experts to de-anonymize some of this data and connect it to real people.
While Burrill was without a doubt in violation of his work's own code of conduct, he did decide on his own to be a priest. However, his personal life was not harming others and was just that, his personal life. While the question looms about who was tracking him to begin with and why, the fact it was so easy to do is alarming.
What if Burrill wasn't a priest, but just happened to work for someone who held anti-homosexual views who used this data to out him, humiliate him, and fire him under false pretenses? This data, which should be private could (and likely did in the real-life circumstance) ruin his life.
That is what makes internet privacy so important. It's not hiding nefarious activity, it's that we all have an innate right to our privacy.
You might not feel today that you have anything to hide, but you might not feel that way tomorrow and once something is public, it cannot be made private again.

79
blog/posts/i18n-announcement.md Normal file
View File

@ -0,0 +1,79 @@
---
date:
created: 2023-02-26
categories:
- Announcements
authors:
- freddy-m
- dngray
- niek-de-wilde
tags:
- Privacy Guides
license: BY-SA
---
# Privacy Guides Is Now Multilingual
It's finally here. After countless requests, Privacy Guides now has translations.
People have always asked us for translations to other languages because our team and community produces high quality, reliable, honest, and researched content. Our [previous site](https://blog.privacyguides.org/2021/09/14/welcome-to-privacy-guides) never had a system for this. All translations were done manually, and translators would quickly lose interest. Translated sites would be outdated and lay unmaintained on domains that we didn't own. Privacy Guides now has a proper system.<!-- more -->
Our site runs [Material for MkDocs](https://squidfunk.github.io/mkdocs-material/), which supports [internationalization](https://squidfunk.github.io/mkdocs-material/setup/changing-the-language/). This allows us to provide language specific content without the mammoth effort previously required.
## What we're planning
You can expect translations of this blog and lots more content. We will add languages to the site when they near completion. That way they can be checked to make sure they maintain the high quality that people have come to expect from the rest of Privacy Guides.
### Translators
We'd also like to remind everyone you can stay up to date with the main site by looking at [our release page](https://github.com/privacyguides/privacyguides.org/releases), this will show major changes to the main content. You can subscribe with a [News Aggregator](https://www.privacyguides.org/news-aggregators):
- [privacyguides.org (Releases)](https://github.com/privacyguides/privacyguides.org/releases.atom).
- [privacyguides.org (Commit log)](https://github.com/privacyguides/privacyguides.org/commits/main.atom)
- [blog.privacyguides.org](https://blog.privacyguides.org/feed_rss_created.xml)
- [blog.privacyguides.org (Commit log)](https://github.com/privacyguides/blog.privacyguides.org/commits/main.atom)
The blog doesn't have releases, but articles are generally published in a complete state and only updated with minor changes.
Feel free to check out our localization room on Matrix [#pg-i18n:aragon.sh](https://matrix.to/#/%23pg-i18n:aragon.sh) if you have any questions on getting started. You can [find us on Crowdin](https://crowdin.com/project/privacyguides).
Please note that the English version of the site is the primary version, meaning changes occur there first. This means it is still possible that specific languages may be behind. If you notice such an instance please help out. We cannot guarantee the accuracy of all our translations. If you have a suggestion about content specific to your region, please open an issue or pull request to our [main repository](https://github.com/privacyguides/privacyguides.org).
#### Some tips for translators
Crowdin has good documentation and we suggest looking at their [Getting Started](https://support.crowdin.com/crowdin-intro/) guide. Our site is in [Markdown](https://en.wikipedia.org/wiki/Markdown), so it should be easy to chip in.
#### Admonitions
Throughout the site we use MkDocs's [admonitions](https://squidfunk.github.io/mkdocs-material/reference/admonitions/#usage), to show information to readers about the products such as `example`, `warning`, `tip`, etc.
By default when admonitions are used they will have an English string on the site. This can be [customized](https://squidfunk.github.io/mkdocs-material/reference/admonitions/#changing-the-title), without too much effort. For example if you were translating and admonition of type [warning](https://squidfunk.github.io/mkdocs-material/reference/admonitions/#type:warning) to Dutch, this is how you would write it:
```text
!!! warning "Waarschuwing"
```
Downloads are a [custom admonition](https://squidfunk.github.io/mkdocs-material/reference/admonitions/#custom-admonitions) that we use and you would write that like:
```text
??? downloads "Downloaden"
```
The same goes for other types, such as `tip`, `example` etc. Recommendations are also admonitions, but they do not need overriding, because the default has no text, so they are always:
```text
!!! recommendation
```
#### Translation software
Translation software gets the translation quite reliable. We've found [DeepL](https://www.deepl.com/en/translator) works well however, attention does need to be given that the translated string is correct.
For example:
```text
![Software logo](assets/img/path/to/image.svg){ align=right }
```
We have sometimes found that the syntax for inserting an image like above was missing the `![` or an extra space was placed between the text and the path, eg `](`. If a translation string is clearly not correct, we encourage you to **delete** it by pressing the trash icon [or vote](https://support.crowdin.com/enterprise/getting-started-for-volunteers/#voting-view) which one you think sounds best. When invalid strings are deleted they are removed from the organization's [translation memory](https://support.crowdin.com/enterprise/translation-memory), meaning that when the source string is seen again, it won't suggest the incorrect translation.
We'd like to thank the [translation team](https://crowdin.com/project/privacyguides/reports/top-members) who spent many hours on translating the content, that we now have. We're going to launch in Dutch, French and Hebrew.

172
blog/posts/integrating-metadata-removal.md Normal file
View File

@ -0,0 +1,172 @@
---
date:
created: 2022-04-09
categories:
- Tutorials
authors:
- contributors
links:
- Metadata Removal Tools: https://www.privacyguides.org/data-redaction/
tags:
- macOS
- iOS
- Windows
license: BY-SA
---
# Removing Metadata From Your Photos, Videos, and Other Files
When sharing files, it's important to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data, and sometimes photos even include GPS coordinates within its metadata.<!-- more -->
While there are plenty of metadata removal tools, they typically aren't convenient to use. The guides featured here aim to detail how to integrate metadata removal tools in a simple fashion by utilizing easy-to-access system features.
## macOS
This guide uses the [Shortcuts](https://support.apple.com/guide/shortcuts-mac/intro-to-shortcuts-apdf22b0444c/mac) app to add an [ExifTool](https://www.privacyguides.org/data-redaction#exiftool) script to the *Quick Actions* context menu within Finder. Shortcuts is developed by Apple and bundled in with macOS by default.
Shortcuts is quite intuitive to work with, so if you don't like the behavior demoed here then experiment with your own solution. For example, you could set the shortcut to take a clipboard input instead. The sky's the limit.
![ExifTool Quick Action](../assets/images/metadata-removal/preview-macos.png)
### Prerequisites
1. [Homebrew](https://brew.sh): a package manager.
```bash
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
```
2. ExifTool is a tool for viewing and manipulating image, audio, video, and PDF metadata.
```bash
brew install exiftool
```
!!! note
You can check if ExifTool is installed by running `exiftool -ver`. You should see a version number.
### Creating the Shortcut
1. Open **Shortcuts.app** and create a new shortcut
2. In the shortcut's options, check **Use as Quick Action** and **Finder**
3. Set up the retrieval options:
- Receive **Images, Media, and PDFs** input from **Quick Actions**
- If there is no input select **Continue**
4. Add the **Run Shell Script** action to the shortcut. You may need to enable **Allow Running Scripts** in Shortcut.app's settings
5. Set up the shell script action:
- Select **zsh** from the shell list
- Set the input to **Shortcut Input**
- Select **as arguments** for the pass input
- Leave **Run as administrator** unchecked
6. Use the following as the body of the script:
```bash
for f in "$@"
do
exiftool -all= "$f";
done
```
![macOS metadata removal shortcut](../assets/images/metadata-removal/shortcut-macos.png)
!!! tip "Worth Mentioning"
The open-source [ImageOptim](https://imageoptim.com/mac) app integrates into Finder's *Services* context menu by default. While it is primarily an image optimization app, it also removes metadata.
### Enabling & using the Shortcut
1. The shortcut will be accessible through **Quick Actions** context menu within Finder.
2. If you want to reposition the shortcut within the context menu, go to:<br>
**System Preferences****Extensions****Finder and drag the shortcut's position**.
## iOS and iPadOS
[Shortcuts](https://support.apple.com/guide/shortcuts/welcome/ios) can be made accessible through the system Share Sheet, making accessing those shortcuts very convenient. This guide will show you how to build a metadata removal shortcut and integrate it into the system *Share Sheet*.
!!! warning
This method of metadata removal is not as comprehensive at removing metadata as utilities like [ExifTool](https://www.privacyguides.org/data-redaction#exiftool) and [mat2](https://www.privacyguides.org/data-redaction#mat2) are.
The lack of *good* metadata removal apps on the App Store is what makes this solution worthwhile.
![Don't preserve metadata shortcut](../assets/images/metadata-removal/preview-ios.png)
### Prerequisites
1. [Shortcuts](https://apps.apple.com/us/app/shortcuts/id915249334) via the App Store.
### Creating the Shortcut
1. Create a new Shortcut
2. Enter the Shortcut's settings and check **Show in Share Sheet**
3. Add a **Receive** action and set it to receive **Images** from **Share Sheet**
4. Add an **If** action
5. Set the **If** action to **Shortcut Input** and **has any value**
6. Add an **Otherwise** action
7. Add an **End If** action
8. Add a **Convert** action and set it to **If Result** and **Match Input**
9. Finally, add a **Share** action and set that to **Converted Image**
10. Make sure that you uncheck **preserve metadata**
![iOS/iPadOS metadata removal shortcut](../assets/images/metadata-removal/shortcut-ios.png)
### Enabling & using the Shortcut
1. The shortcut should be available through the system Share Sheet. If it is not, then a device restart may be required.
2. Optionally, you can add the shortcut to your home screen.
## Windows
Windows allows you to place files in a **SendTo** folder which then appear in the *Send to* context menu. This guide will show you how to add an [ExifTool](https://www.privacyguides.org/data-redaction#exiftool) batch script to this menu.
![Send to metadata removal shortcut](../assets/images/metadata-removal/preview-windows.jpg)
### Prerequisites
1. ExifTool is a tool for viewing and manipulating image, audio, video, and PDF metadata. We suggest you read the [Installation instructions](https://exiftool.org/install.html#Windows) on the official website.
!!! note
You can check if ExifTool is present in your [PATH](https://www.computerhope.com/issues/ch000549.htm) by running `exiftool -ver` in Command Prompt. You should see a version number.
### Creating the shortcut
1. Navigate to `%appdata%\Microsoft\Windows\SendTo`
2. Right click in the **SendTo** folder and create a new **Text Document**
3. Name the file `ExifTool.bat` (any name works, however it must end in `.bat`)
!!! note
You may need to check if [file name extensions](https://support.microsoft.com/en-us/windows/common-file-name-extensions-in-windows-da4a4430-8e76-89c5-59f7-1cdbbc75cb01) are enabled.
4. Open **ExifTool.bat** in Notepad
5. Copy the following into the document:
```bat
exiftool -fast4 -if "$filepermissions =~ /^.w/" %*
if not errorlevel 0 (
echo Some files are write protected
exit /b %errorlevel%
)
exiftool -all= %*
```
6. Save
### Using the shortcut
1. Right click a supported file and choose **ExifTool.bat** within the *Send to* context menu.

202
blog/posts/ios-configuration-guide.md Normal file
View File

@ -0,0 +1,202 @@
---
date:
created: 2022-10-22
categories:
- Tutorials
authors:
- mfwmyfacewhen
- jonah
- contributors
tags:
- iOS
license: BY-SA
---
# iOS 16 Privacy Configuration Guide
There are a number of privacy and security-related settings you should consider changing in the **Settings** app on iOS.<!-- more -->
## iCloud
Apple uses **iCloud** to sync your settings, photos, documents, apps, etc. to your other devices. Some things synced to iCloud are end-to-end encrypted, while others are merely encrypted in transit. You can check [Apple's documentation](https://support.apple.com/en-us/HT202303) for information on which services are E2EE; anything listed as "in transit" or "on server" means it's possible for Apple to access that data without your permission. You should disable anything you don't want backed up to iCloud.
!!! warning
Despite "Messages in iCloud" being E2EE, enabling iCloud Backup stores a key to unlock iMessage in your device backup, which is **not** E2EE. If you don't want to store a copy of your iMessage keys, disable iCloud Backup.
At the top of the **Settings** app, you'll see your name and profile picture if you are signed in to iCloud. Select that, then **iCloud**, and turn off the switches for any services you don't want to sync to iCloud. You may see third-party apps listed under **Show All** if they sync to iCloud, which you can disable here. For the purposes of this guide, we will only be covering first-party Apple iCloud services:
**iCloud Backup** backs up your phone and app data to Apple's servers. Unfortunately, these backups are not E2EE,[^1] and having them enabled even removes E2EE from some other iCloud services (like iMessage). Instead of iCloud Backup, we recommend making an encrypted backup to your computer using iTunes (Windows) or Finder (macOS).
[^1]: [Reuters - Exclusive: Apple dropped plan for encrypting backups after FBI complained](https://www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT)
Select **iCloud Backup**
- [ ] Turn off **Back Up This iPhone**
**Private Relay** is a paid ([**iCloud+**](https://support.apple.com/en-us/HT201318)) proxy service which relays your Safari traffic through two servers: one owned by Apple and one owned by Cloudflare. Because Private Relay is still in beta and it only covers the Safari browser, we recommend you choose a proper [VPN](https://www.privacyguides.org/vpn/) instead.
Select **Private Relay**
- [ ] Turn off **Private Relay (Beta)**
If you already use iCloud Mail, **Hide My Email** is Apple's first-party email aliasing feature. You can use email aliases with Sign In With Apple, for free, or generate unlimited aliases with a paid iCloud+ plan. Hide My Email may be good for iCloud Mail users because it only requires trusting one party (Apple) with your emails, but if you use any other email provider, we recommend [a standalone email aliasing service](https://www.privacyguides.org/email#email-aliasing-services) instead.
### Media & Purchases
At the top of the **Settings** app, you'll see your name and profile picture if you are signed in to an Apple ID. Select that, then select **Media & Purchases** > **View Account**.
- [ ] Turn off **Personalized Recommendations**
### Find My
**Find My** is a service that lets you track your Apple devices and share your location with your friends and family. It also allows you to wipe your device remotely in case it is stolen, preventing a thief from accessing your data. Your Find My [location data is E2EE](https://www.apple.com/legal/privacy/data/en/find-my/) when:
- Your location is shared with a family member or friend, and you both use iOS 15 or greater.
- Your device is offline and is located by the Find My Network.
Your location data is not E2EE when your device is online and you use Find My iPhone remotely to locate your device. You will have to make the decision whether these trade-offs are worth the anti-theft benefits of Activation Lock.
At the top of the **Settings** app, you'll see your name and profile picture if you are signed in to an Apple ID. Select that, then select **Find My**. Here you can choose whether to enable or disable Find My location features.
## Airplane Mode
Enabling **Airplane Mode** stops your phone from contacting cell towers. You will still be able to connect to Wi-Fi and Bluetooth, so whenever you are connected to Wi-Fi you can turn this setting on.
## Wi-Fi
You can enable hardware address randomization to protect you from tracking across Wi-Fi networks. On the network you are currently connected to, press the :material-information: button:
- [x] Turn on **Private Wi-Fi Address**
You also have the option to **Limit IP Address Tracking**. This is similar to iCloud Private Relay but only affects connections to "known trackers." Because it only affects connections to potentially malicious servers, this setting is probably fine to leave enabled, but if you don't want *any* traffic to be routed through Apple's servers, you should turn it off.
## Bluetooth
**Bluetooth** should be disabled when you aren't using it as it increases your attack surface. Disabling Bluetooth (or Wi-Fi) via the Control Center only disables it temporarily: you must switch it off in Settings for disabling it to remain effective.
- [ ] Turn off **Bluetooth**
## General
Your iPhone's device name will by default contain your first name, and this will be visible to anyone on networks you connect to. You should change this to something more generic, like "iPhone." Select **About** > **Name** and enter the device name you prefer.
It is important to install **Software Updates** frequently to get the latest security fixes. You can enable **Automatic Updates** to keep your phone up-to-date without needing to constantly check for updates. Select **Software Update** > **Automatic Updates**:
- [x] Turn on **Download iOS Updates**
- [x] Turn on **Install iOS Updates**
- [x] Turn on **Security Responses & System Files**
**AirDrop** allows you to easily transfer files, but it can allow strangers to send you files you do not want.
- [x] Select **AirDrop** > **Receiving Off**
**AirPlay** lets you seamlessly stream content from your iPhone to a TV; however, you might not always want this. Select **AirPlay & Handoff** > **Automatically AirPlay to TVs**:
- [x] Select **Never** or **Ask**
**Background App Refresh** allows your apps to refresh their content while you're not using them. This may cause them to make unwanted connections. Turning this off can also save battery life, but it may affect an app's ability to receive updated information, particularly weather and messaging apps.
Select **Background App Refresh** and switch off any apps you don't want to continue refreshing in the background. If you don't want any apps to refresh in the background, you can select **Background App Refresh** again and turn it **Off**.
## Siri & Search
If you don't want anyone to be able to control your phone with Siri when it is locked, you can turn that off here.
- [ ] Turn off **Allow Siri When Locked**
## Face ID or Touch ID & Passcode
Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** > **Passcode Options** > **Custom Alphanumeric Code**. Make sure that you create a [secure password](https://www.privacyguides.org/basics/passwords-overview/).
If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your phone will use the password you set up earlier as a fallback in case your biometric verification fails. Biometric unlock methods are primarily a convenience, although they do stop surveillance cameras or people over your shoulder from watching you input your passcode.
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
**Allow Access When Locked** gives you options for what you can allow when your phone is locked. The more of these options you disable, the less someone without your password can do, but the less convenient it will be for you. Pick and choose which of these you don't want someone to have access to if they get their hands on your phone.
- [ ] Turn off **Today View and Search**
- [ ] Turn off **Notification Center**
- [ ] Turn off **Control Center**
- [ ] Turn off **Lock Screen Widgets**
- [ ] Turn off **Siri**
- [ ] Turn off **Reply with Message**
- [ ] Turn off **Home Control**
- [ ] Turn off **Wallet**
- [ ] Turn off **Return Missed Calls**
- [ ] Turn off **USB Accessories**
iPhones are already resistant to brute-force attacks by making you wait long periods of time after multiple failed attempts; however, there have historically been exploits to get around this. To be extra safe, you can set your phone to wipe itself after 10 failed passcode attempts.
!!! warning
With this setting enabled, someone could intentionally wipe your phone by entering the wrong password many times. Make sure you have proper backups and only enable this setting if you feel comfortable with it.
- [x] Turn on **Erase Data**
## Privacy
**Location Services** allows you to use features like Find My and Maps. If you don't need these features, you can disable Location Services. Alternatively, you can review and pick which apps can use your location here. Select **Location Services**:
- [ ] Turn off **Location Services**
You can decide to allow apps to request to **track** you here. Disabling this disallows all apps from tracking you with your phone's advertising ID. Select **Tracking**:
- [ ] Turn off **Allow Apps to Request to Track**
You should turn off **Research Sensor & Usage Data** if you don't wish to participate in studies. Select **Research Sensor & Usage Data**:
- [ ] Turn off **Sensor & Usage Data Collection**
**Safety Check** allows you to quickly view and revoke certain people and apps that might have permission to access your data. Here you can perform an **Emergency Reset**, immediately resetting permissions for all people and apps which might have access to device resources, and you can **Manage Sharing & Access** which allows you to go through and customize who and what has access to your device and account resources.
You should disable analytics if you don't wish to send Apple usage data. Select **Analytics & Improvements**:
- [ ] Turn off **Share iPhone Analytics** or **Share iPhone & Watch Analytics**
- [ ] Turn off **Share iCloud Analytics**
- [ ] Turn off **Improve Fitness+**
- [ ] Turn off **Improve Safety**
- [ ] Turn off **Improve Siri & Dictation**
Disable **Personalized Ads** if you don't want targeted ads. Select **Apple Advertising**
- [ ] Turn off **Personalized Ads**
**App Privacy Report** is a built-in tool that allows you to see which permissions your apps are using. Select **App Privacy Report**:
- [x] Select **Turn On App Privacy Report**
**Lockdown Mode** is a security setting you can enable to make your phone more resistant to attacks. Be aware that certain apps and features [won't work](https://support.apple.com/en-us/HT212650) as they do normally.
- [x] Select **Turn On Lockdown Mode**
## Privacy/Security Tips
### E2EE Calls
Normal phone calls made with the Phone app through your carrier are not E2EE. Both FaceTime Video and FaceTime Audio calls are E2EE, or you can use [another app](https://www.privacyguides.org/real-time-communication/) like Signal.
### Avoid Jailbreaking
Jailbreaking an iPhone undermines its security and makes you vulnerable. Running untrusted, third-party software could cause your device to be infected with malware.
### Encrypted iMessage
The color of the message bubble in the Messages app indicates whether your messages are E2EE or not. A blue bubble indicates that you're using iMessage with E2EE, while a green bubble indicates they're using the outdated SMS and MMS protocols. Currently, the only way to get E2EE in Messages is for both parties to be using iMessage on Apple devices.
If either you or your messaging partner have iCloud Backup enabled, the encryption key will be stored on Apple's servers, meaning they can access your messages. Additionally, iMessage's key exchange is not as secure as alternative implementations, like Signal (which allows you to view the recipients key and verify by QR code), so it shouldn't be relied on for particularly sensitive communications.
### Blacking Out Faces/Information
If you need to hide information in a photo, you can use Apple's built-in tools to do so. Open the photo you want to edit, press edit at the top right corner of the screen, then press the markup symbol at the top right. Press the plus at the bottom right of the screen, then press the rectangle icon. Now, you can place a rectangle anywhere on the image. Make sure to press the shape icon at the bottom left and select the filled-in rectangle. **Don't** use the highlighter to obfuscate information, because its opacity is not quite 100%.
### Installing Beta Versions of iOS
Apple always makes beta versions of iOS available early for those that wish to help find and report bugs. We don't recommend installing beta software on your phone. Beta releases are potentially unstable and could have undiscovered security vulnerabilities.
### Before First Unlock
If your threat model includes forensic tools and you want to minimize the chance of exploits being used to access your phone, you should restart your device frequently. The state *after* a reboot but *before* unlocking your device is referred to as "Before First Unlock" (BFU), and when your device is in that state it makes it [significantly more difficult](https://belkasoft.com/checkm8_glossary) for forensic tools to exploit vulnerabilities to access your data. This BFU state allows you to receive notifications for calls, texts, and alarms, but most of the data on your device is still encrypted and inaccessible. This can be impractical, so consider whether these trade-offs make sense for your situation.

74
blog/posts/linux-application-sandboxing.md Normal file
View File

@ -0,0 +1,74 @@
---
date:
created: 2022-04-22
categories:
- Tutorials
authors:
- contributors
tags:
- Linux
- Security
license: BY-SA
---
# Sandboxing Applications on Desktop Linux
Some sandboxing solutions for desktop Linux distributions do exist, however they are not as strict as those found in macOS or ChromeOS. Applications installed from the package manager (`dnf`, `apt`, etc.) typically have **no** sandboxing or confinement whatsoever. Below are a few projects that aim to solve this problem:<!-- more -->
## Flatpak
[Flatpak](https://flatpak.org) aims to be a universal package manager for Linux. One of its main functions is to provide a universal package format which can be used in most Linux distributions. It provides some [permission control](https://docs.flatpak.org/en/latest/sandbox-permissions.html).However, [it is known](https://madaidans-insecurities.github.io/linux.html#flatpak) that Flatpak sandboxing could be improved as particular Flatpaks often have greater permission than required. There does seem to be [some agreement](https://theevilskeleton.gitlab.io/2021/02/11/response-to-flatkill-org.html) that this is the case.
You can restrict applications further by issuing [Flatpak overrides](https://docs.flatpak.org/en/latest/flatpak-command-reference.html#flatpak-override). This can be done with the command-line or by using [Flatseal](https://flathub.org/apps/details/com.github.tchx84.Flatseal). Some sample overrides are provided by [rusty-snake](https://github.com/rusty-snake/kyst/tree/main/flatpak).
We generally recommend revoking access to:
- the Network (`share=network`) socket (internet access)
- the PulseAudio socket (for both audio in and out), `device=all` (access to all devices including the camera)
- `org.freedesktop.secrets` dbus (access to secrets stored on your keychain) for applications which do not need it
If an application works natively with Wayland (and not running through the [XWayland](https://wayland.freedesktop.org/xserver.html) compatibility layer), consider revoking its access to the X11 (`socket=x11`) and [Inter-process communications (IPC)](https://en.wikipedia.org/wiki/Unix_domain_socket) socket (`share=ipc`) as well.
We also recommend restricting broad filesystem permissions such as `filesystem=home` and `filesystem=host` which should be revoked and replaced with just the directories that the app needs to access. Some applications like [VLC](https://www.flathub.org/apps/details/org.videolan.VLC) implement the [Portals](https://docs.flatpak.org/en/latest/portal-api-reference.html) [API](https://en.wikipedia.org/wiki/API), which allows a file manager to pass files to the Flatpak application (e.g. VLC) without specific filesystem access privileges. VLC is only able to access the specific file that you want to open, rather than requiring privileges to particular locations.
Hard-coded access to some kernel interfaces like [`/sys`](https://en.wikipedia.org/wiki/Sysfs) and [`/proc`](https://en.wikipedia.org/wiki/Procfs#Linux) and weak [seccomp](https://en.wikipedia.org/wiki/Seccomp) filters unfortunately cannot be secured with Flatpak.
## Firejail
[Firejail](https://firejail.wordpress.com/) is another method of sandboxing. As it is a large [setuid](https://en.wikipedia.org/wiki/Setuid) binary, it has a large attack surface which may assist in [privilege escalation](https://en.wikipedia.org/wiki/Privilege_escalation).
[This post from a Whonix security researcher](https://madaidans-insecurities.github.io/linux.html#firejail) provides additional details on how Firejail can worsen the security of your device.
## Mandatory Access Control
[Mandatory access control](https://en.wikipedia.org/wiki/Mandatory_access_control) systems require policy files in order to force constraints on the system.
The two main control systems are [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) (used on Android and Fedora) and [AppArmor](https://en.wikipedia.org/wiki/AppArmor).
Fedora includes SELinux preconfigured with some policies that will confine [system daemons](https://en.wikipedia.org/wiki/Daemon_(computing)) (background processes). We dont recommend disabling SELinux.
openSUSE gives the choice of AppArmor or SELinux during the installation process. We recommend sticking to the default for each variant (AppArmor for [Tumbleweed](https://get.opensuse.org/tumbleweed/) and SELinux for [MicroOS](https://microos.opensuse.org/)). openSUSEs SELinux policies are derived from Fedora.
Arch and Arch-based operating systems often do not come with a mandatory access control system and that must be configured manually for either [AppArmor](https://wiki.archlinux.org/title/AppArmor) or [SELinux](https://wiki.archlinux.org/title/SELinux).
Linux desktops don't usually include individual app confinement rules, unlike Android which sandboxes every application installed.
## Making your own policies/profiles
You can make your own AppArmor profiles, SELinux policies, Bubblewrap profiles, and [seccomp](https://en.wikipedia.org/wiki/Seccomp) blacklist to have better confinement of applications. This is an advanced and sometimes tedious task, so we wont go into detail about how to do it here, but we do have a few projects that you could use as reference.
- Whonixs [AppArmor Everything](https://github.com/Whonix/apparmor-profile-everything)
- Krathalans [AppArmor profiles](https://github.com/krathalan/apparmor-profiles)
- noatsecures [SELinux templates](https://github.com/noatsecure/hardhat-selinux-templates)
- Seirdys [Bubblewrap scripts](https://sr.ht/~seirdy/bwrap-scripts)
## Securing Linux containers
If youre running a server, you may have heard of Linux Containers, Docker, or Podman which refer to a kind of [OS-level virtualization](https://en.wikipedia.org/wiki/OS-level_virtualization). Containers are more common in server and development environments where individual apps are built to operate independently.
[Docker](https://en.wikipedia.org/wiki/Docker_(software)) is one of the most common container solutions. It does not run a proper sandbox, and this means that there is a large kernel attack surface. The [daemon](https://en.wikipedia.org/wiki/Daemon_(computing)) controls everything and [typically](https://docs.docker.com/engine/security/rootless/#known-limitations) runs as root. If it crashes for some reason, all the containers will crash too. The [gVisor](https://en.wikipedia.org/wiki/GVisor) runtime which implements an application level kernel can help limit the number of [syscalls](https://en.wikipedia.org/wiki/System_call) an application can make and can help isolate it from the hosts [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)).
Red Hat develops [Podman](https://docs.podman.io/en/latest/) and secures it with SELinux to [isolate](https://www.redhat.com/sysadmin/apparmor-selinux-isolation) containers from each other. One of the notable differences between Docker and Podman is that Docker requires [root](https://en.wikipedia.org/wiki/Superuser) while Podman can run with [rootless containers](https://developers.redhat.com/blog/2020/09/25/rootless-containers-with-podman-the-basics) that are also [daemonless](https://developers.redhat.com/blog/2018/08/29/intro-to-podman), meaning if one crashes they dont all come down.
Another option is [Kata containers](https://katacontainers.io/), where virtual machines masquerade as containers. Each Kata container has its own Linux kernel and is isolated from the host.
The above container technologies can be useful if you want to run certain web app software on your local network, such as [Vaultwarden](https://github.com/dani-garcia/vaultwarden) or images provided by [LinuxServer.io](https://www.linuxserver.io), to increase privacy by decreasing dependence on various web services. A guide on [hardening Docker and OCI](https://wonderfall.dev/docker-hardening) has been written by the author "Wonderfall."

137
blog/posts/linux-system-hardening.md Normal file
View File

@ -0,0 +1,137 @@
---
date:
created: 2022-04-22
categories:
- Tutorials
authors:
- contributors
tags:
- Linux
- Security
license: BY-SA
---
# Hardening Your Desktop Linux System's Security
There are a number of procedures you can follow to make your Linux desktop system more secure, some more advanced than others. We cover some general techniques here.<!-- more -->
## Firewalls
A [firewall](https://en.wikipedia.org/wiki/Firewall_(computing)) may be used to secure connections to your system. If youre on a public network, the necessity of this may be greater than if youre on a local trusted network that you control. We would generally recommend that you block incoming connections only, unless youre using an application firewall such as [OpenSnitch](https://github.com/evilsocket/opensnitch) or [Portmaster](https://safing.io/portmaster/).
Red Hat distributions (such as Fedora) are typically configured through [firewalld](https://en.wikipedia.org/wiki/Firewalld). Red Hat has plenty of [documentation](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/using-and-configuring-firewalld_configuring-and-managing-networking) regarding this topic. There is also the [Uncomplicated Firewall](https://en.wikipedia.org/wiki/Uncomplicated_Firewall) which can be used as an alternative.
You could also set your default firewall zone to drop packets. If you're on a Redhat based distribution, such as Fedora this can be done with the following commands:
!!! Example
```bash
firewall-cmd --set-default-zone=drop;
firewall-cmd --add-protocol=ipv6-icmp --permanent;
firewall-cmd --add-service=dhcpv6-client --permanent;
```
All these firewalls use the [Netfilter](https://en.wikipedia.org/wiki/Netfilter) framework and therefore cannot protect against malicious programs running on the system. A malicious program could insert its own rules.
If you are using Flatpak packages, you can revoke their network socket access using Flatseal and prevent those applications from accessing your network. This permission is not bypassable.
If you are using non-classic [Snap](https://en.wikipedia.org/wiki/Snap_(package_manager)) packages on a system with proper snap confinement support (with both AppArmor and [cgroups](https://en.wikipedia.org/wiki/Cgroups) v1 present), you can use the Snap Store to revoke network permission as well. This is also not bypassable.
## Kernel hardening
Kernel hardening options such as configuring [sysctl](https://en.wikipedia.org/wiki/Sysctl#Linux) keys and [kernel command-line parameters](https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html) can help harden your system. We suggest looking at the following [sysctl settings](https://madaidans-insecurities.github.io/guides/linux-hardening.html#sysctl) and [boot parameters](https://madaidans-insecurities.github.io/guides/linux-hardening.html#boot-parameters).
We **strongly** recommend that you learn what these options do before applying them. There are also some methods of [kernel attack surface reduction](https://madaidans-insecurities.github.io/guides/linux-hardening.html#kernel-attack-surface-reduction) and [access restrictions to sysfs](https://madaidans-insecurities.github.io/guides/linux-hardening.html#restricting-sysfs) that can further improve security.
!!! Note
Unprivileged [user namespaces](https://madaidans-insecurities.github.io/linux.html#kernel) can be disabled, due to it being responsible for various privileged escalation vulnerabilities. Some software such as Docker, Podman, and LXC require unprivileged user namespaces to function. If you use these tools you should not disable `kernel.unprivileged_userns_clone`.
Disabling access to `/sys` without a proper whitelist will lead to various applications breaking. This will unfortunately be an extremely tedious process for most users. Kicksecure, and by extension, Whonix, has an experimental [hide hardware info service](https://github.com/Kicksecure/security-misc/blob/master/lib/systemd/system/hide-hardware-info.service) which does just this. From our testing, these work perfectly fine on minimal Kicksecure installations and both Qubes-Whonix Workstation and Gateway. If you are using Kicksecure or Whonix, we recommend that you follow the [Kicksecure Wiki](https://www.kicksecure.com/wiki/Security-misc) to enable hide hardware info service.
## Linux-Hardened
Some distributions like Arch Linux have the [linux-hardened](https://github.com/anthraxx/linux-hardened), kernel package. It includes [hardening patches](https://wiki.archlinux.org/title/security#Kernel_hardening) and more security-conscious defaults. Linux-Hardened has `kernel.unprivileged_userns_clone=0` disabled by default. See the [note above](#kernel-hardening) about how this might impact you.
## Linux Kernel Runtime Guard (LKRG)
LKRG is a kernel module that performs runtime integrity check on the kernel to help detect exploits against the kernel. LKRG works in a *post*-detect fashion, attempting to respond to unauthorized modifications to the running Linux kernel. While it is [bypassable by design](https://lkrg.org/), it does stop off-the-shelf malware that does not specifically target LKRG itself. This may make exploits harder to develop and execute on vulnerable systems.
If you can get LKRG and maintain module updates, it provides a worthwhile improvement to security. Debian based distributions can get the LKRG DKMS package from KickSecure's secure repository and the [KickSecure documentation](https://www.kicksecure.com/wiki/Linux_Kernel_Runtime_Guard_LKRG) has instructions.
On Fedora, [fepitre](https://github.com/fepitre), a QubesOS developer has a [COPR repository](https://copr.fedorainfracloud.org/coprs/fepitre/lkrg/) where you can install it. Arch based systems can obtain the LKRG DKMS package via an [AUR package](https://aur.archlinux.org/packages/lkrg-dkms).
## GRSecurity
GRSecurity is a set of kernel patches that attempt to improve security of the Linux kernel. It requires [payment to access](https://grsecurity.net/purchase) the code and is worth using if you have a subscription.
## Simultaneous multithreading (SMT)
[SMT](https://en.wikipedia.org/wiki/Simultaneous_multithreading) has been the cause of numerous hardware vulnerabilities, and subsequent patches for those vulnerabilities often come with performance penalties that negate most of the performance gain given by SMT. If you followed the “kernel hardening” section above, some kernel parameters already disable SMT. If the option is available to you, we recommend that you disable it in your firmware as well.
## Hardened memory allocator
The [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc) from [GrapheneOS](https://grapheneos.org) can also be used on general Linux distributions. It is available as an [AUR package](https://wiki.archlinux.org/title/Security#Hardened_malloc) on Arch based distributions, and (though not enabled by default) on Whonix and Kicksecure.
If you are using Whonix, Kicksecure or the AUR package, consider setting up `LD_PRELOAD` as described in the [Kicksecure Documentation](https://www.kicksecure.com/wiki/Hardened_Malloc) or [Arch Wiki](https://wiki.archlinux.org/title/Security#Hardened_malloc).
## Umask
If you are not using openSUSE, consider changing the default [umask](https://en.wikipedia.org/wiki/Umask) for both regular user accounts and root to 077. Changing umask to 077 can break snapper on openSUSE and is **not** recommended.
## Mountpoint hardening
Consider adding the [following options](https://man7.org/linux/man-pages/man8/mount.8.html) `nodev`, `noexec`, and `nosuid` to [mountpoints](https://en.wikipedia.org/wiki/Mount_(computing)) which do not need them. Typically, these could be applied to `/boot`, `/boot/efi`, and `/var`.
These flags could also be applied to `/home` and `/root` as well, however, `noexec` will prevent applications from working that require binary execution in those locations. This includes products such as Flatpak and Snap.
If you use [Toolbox](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/), `/var/log/journal` must not have any of those options. If you are on Arch Linux, do not apply `noexec` to `/var/tmp`.
## Disabling SUID
SUID allows a user to execute an application as the owner of that application, which in many cases, would be the `root` user. Vulnerable SUID executables could lead to privilege escalation vulnerabilities.
It is desirable to remove SUID from as many binaries as possible; however, this takes substantial effort and trial and error on the user's part, as some applications require SUID to function.
Kicksecure, and by extension, Whonix has an experimental [permission hardening service](https://github.com/Kicksecure/security-misc/blob/master/lib/systemd/system/permission-hardening.service) and [application whitelist](https://github.com/Kicksecure/security-misc/tree/master/etc/permission-hardening.d) to automate SUID removal from most binaries and libraries on the system. From our testing, these work perfectly fine on a minimal Kicksecure installation and both Qubes-Whonix Workstation and Gateway.
If you are using Kicksecure or Whonix, we recommend that you follow the [Kicksecure Wiki](https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener) to enable the permission hardener.
Users of other distributions can adapt the permission hardener to their own system based on the source code linked above.
## Secure Time Synchronization
Most Linux distributions by default (especially Arch based distributions with `systemd-timesyncd`) use un-encrypted NTP for time synchronization. Securing NTP can be achieved by [configuring NTS with chronyd](https://fedoramagazine.org/secure-ntp-with-nts/) or by using [swdate](https://github.com/Kicksecure/sdwdate) on Debian based distributions.
## Linux Pluggable Authentication Modules (PAM)
The security of [PAM](https://en.wikipedia.org/wiki/Linux_PAM) can be [hardened](https://madaidans-insecurities.github.io/guides/linux-hardening.html#pam) to allow secure authentication to your system.
On Red Hat distributions you can use [`authselect`](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_authentication_and_authorization_in_rhel/configuring-user-authentication-using-authselect_configuring-authentication-and-authorization-in-rhel) to configure this e.g.:
```bash
sudo authselect select <profile_id, default: sssd> with-faillock without-nullok with-pamaccess
```
On systems where [`pam_faillock`](https://man7.org/linux/man-pages/man8/pam_tally.8.html) is not available, consider using [`pam_tally2`](https://man7.org/linux/man-pages/man8/pam_tally.8.html) instead.
## USB port protection
To better protect your [USB](https://en.wikipedia.org/wiki/USB) ports from attacks such as [BadUSB](https://en.wikipedia.org/wiki/BadUSB), we recommend [USBGuard](https://github.com/USBGuard/usbguard). USBGuard has [documentation](https://github.com/USBGuard/usbguard#documentation) as does the [Arch Wiki](https://wiki.archlinux.org/title/USBGuard).
Another alternative option if youre using the [linux-hardened](#linux-hardened) is the [`deny_new_usb`](https://github.com/GrapheneOS/linux-hardened/commit/96dc427ab60d28129b36362e1577b6673b0ba5c4) sysctl. See [Preventing USB Attacks with `linux-hardened`](https://blog.lizzie.io/preventing-usb-attacks-with-linux-hardened.html).
## Secure Boot
[Secure Boot](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_Boot) can be used to secure the boot process by preventing the loading of [unsigned](https://en.wikipedia.org/wiki/Public-key_cryptography) [UEFI](https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface) drivers or [boot loaders](https://en.wikipedia.org/wiki/Bootloader).
One of the problems with Secure Boot, particularly on Linux is, that only the [chainloader](https://en.wikipedia.org/wiki/Chain_loading#Chain_loading_in_boot_manager_programs) (shim), the [boot loader](https://en.wikipedia.org/wiki/Bootloader) (GRUB), and the [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)) are verified and that's where verification stops. The [initramfs](https://en.wikipedia.org/wiki/Initial_ramdisk) is often left unverified, unencrypted, and open up the window for an [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attack. The firmware on most devices is also configured to trust Microsoft's keys for Windows and its partners, leading to a large attacks surface.
To eliminate the need to trust Microsoft's keys, follow the "Using your own keys" section on the [Arch Wiki](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot). The important thing that needs to be done here is to replace the OEM's key with your own Platform Key.
- If you enroll your own keys as described above, and your distribution supports Secure Boot by default, you can add your distribution's EFI Key into the list of trusted keys (db keys). It can then be enrolled into the firmware. Then, you should move all of your keys off your local storage device.
- If you enroll your own keys as described above, and your distribution does **not** support Secure Boot out of the box (like Arch Linux), you have to leave the keys on the disk and setup automatic signing of the [kernel](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Signing_the_kernel_with_a_pacman_hook) and bootloader. If you are using Grub, you can install it with the `--no-shim-lock` option and remove the need for the chainloader.
The second option is to creating an [EFI Boot Stub](https://wiki.archlinux.org/title/Unified_kernel_image) that contains the [kernel](https://en.wikipedia.org/wiki/Kernel_(operating_system)), [initramfs](https://en.wikipedia.org/wiki/Initial_ramdisk), and [microcode](https://en.wikipedia.org/wiki/Microcode). This EFI stub can then be signed. If you use [dracut](https://en.wikipedia.org/wiki/Dracut_(software)) this can easily be done with the [`--uefi-stub` switch](https://man7.org/linux/man-pages/man8/dracut.8.html) or the [`uefi_stub` config](https://www.man7.org/linux/man-pages/man5/dracut.conf.5.html) option. This option also requires you to leave the keys on the disk to setup automatic signing, which weakens the security model.
After setting up Secure Boot it is crucial that you set a “firmware password” (also called a “supervisor password”, “BIOS password” or “UEFI password”), otherwise an adversary can simply disable Secure Boot.
These recommendations can make you a little more resistant to [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, but they not good as a proper verified boot process such as that found on [Android](https://source.android.com/security/verifiedboot), [ChromeOS](https://www.chromium.org/chromium-os/chromiumos-design-docs/security-overview/#verified-boot), [macOS](https://support.apple.com/en-us/HT208198), or [Windows](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process).

92
blog/posts/macos-ventura-privacy-security-updates.md Normal file
View File

@ -0,0 +1,92 @@
---
date:
created: 2022-10-27
categories:
- News
authors:
- jonah
tags:
- macOS
- Security
links:
- posts/ios-configuration-guide.md
license: BY-SA
---
# New Privacy and Security Features in macOS 13 Ventura
macOS Ventura was released this week, and the Apple users among us may be interested in the improvements it brings to your personal privacy and security. We always recommend running the most up-to-date version of your operating system available. Updates add privacy and security improvements all the time—and macOS Ventura is no exception.<!-- more --> Some notable new additions to the macOS privacy ecosystem include:
- Lockdown Mode
- Rapid Security Responses
- Passkeys
Let's venture in and see what these updates will mean for you.
## Lockdown Mode
Apple's headline security feature for macOS and iOS this year was **Lockdown Mode**, a setting which allows you to enable much stricter security protections on your device. Designed for the rare few who are actively targeted by cyberattacks, Lockdown Mode still received widespread attention in the privacy and security space as an important attack surface reduction tool.
Enabling Lockdown Mode can be done easily in the **System Settings** app:
1. Click **Privacy & Security** in the sidebar.
2. Scroll down to **Lockdown Mode** and click **Turn On**.
3. Click **Turn On & Restart** to restart your device in Lockdown Mode.
Lockdown Mode needs to be enabled separately on each device. Lockdown Mode [changes your device's behavior](https://support.apple.com/en-us/HT212650) significantly in a number of ways. Its worth trying for yourself to see if it impacts your everyday usage. There is little downside to enabling it as its impact to most features is relatively minor in day-to-day use.
### Safari
Enabling Lockdown Mode disables a number of "complex web technologies". These can impact your device's browsing performance and battery efficiency, in some cases to a significant degree. The changes to Safari include:
- JavaScript's Just-in-Time (JIT) compilation features are disabled. JIT allows JavaScript code to be compiled on the fly during its execution. Disabling JIT shows performance decreases by up to 95% in some browser benchmarks, though this difference is difficult to notice in everyday browsing. Unfortunately, the added performance and complexity of JIT in JavaScript comes with a [significant security cost](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/). An analysis [conducted](https://docs.google.com/spreadsheets/d/1FslzTx4b7sKZK4BR-DpO45JZNB1QZF9wuijK3OxBwr0/edit#gid=0) by Mozilla indicates that over half of Chrome exploits "in the wild" abused a JIT bug, so disabling JIT can roughly cut your attack surface in half.
- [WebAssembly](https://en.wikipedia.org/wiki/WebAssembly) (WASM) support is also disabled. WASM was created to allow for high-performance applications on web pages; however, it can be used to fingerprint browsers to track people across websites and apps.
- JPEG 2000 support is disabled. Safari is the only modern browser to [support](https://caniuse.com/jpeg2000) the JPEG 2000 image format, which makes its support an easy way to identify Safari users.
- PDF previews are disabled. The PDF format has historically been subject to a number of exploits; this change means that PDF files will be downloaded and have to be opened in a dedicated PDF previewing app instead.
Other technologies that were [disabled](https://blog.alexi.sh/posts/2022/07/lockdown-jsc/) include WebGL, MathML, Gamepad API, Web Audio API, RTCDataChannel, and SVG Fonts. Additionally, many other external web fonts are disabled, limiting websites to only the fonts pre-installed on the device. This notably breaks a lot of icons on various websites, which are often replaced by an empty square.
Luckily, Lockdown Mode can be disabled on a per-site basis on Safari, so none of these issues should prevent you from enabling Lockdown Mode on your device. If you encounter a trusted website which breaks with Lockdown Mode enabled, you can easily add an exception for that website while keeping the rest of Lockdown Mode's protections intact.
### Apple Services
Lockdown Mode also changes the way a number of different Apple services are used on your device.
- **Messages**: Most message attachments are blocked, besides certain image, video, and audio attachments. This includes most iMessage "apps" such as in-conversation games. Link previews are also disabled.
- **FaceTime**: Incoming calls are blocked, unless you have previously called that person or contact. This is likely in response to past FaceTime bugs, such as the [exploit in 2019](https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/) which allowed an attacker to listen in on your microphone before you picked up the call.
- **Photos**: The new Shared Albums functionality in iCloud Photos is blocked, and invitations are automatically rejected. Shared Albums do still work on any devices without Lockdown Mode enabled.
In addition to these, other Apple services like **Home** will reject incoming invitations unless you have previously interacted with the sender.
### Device Changes
Some other device functionality is limited with Lockdown Mode enabled as well. If you have a Mac with Apple Silicon, connected devices or accessories are not allowed to connect unless your Mac is unlocked and explicit approval of the device is given. Configuration profiles can no longer be installed either, and the ability to enroll in a Mobile Device Management (MDM) system is disabled. These are enterprise management features, which are occasionally abused to control or monitor devices.
## Passkeys
**Passkeys** are likely to be the most impactful new feature for the everyday person's security practices. Passkeys are a cross-platform standard supported by Google, Apple, and Microsoft. Based on the FIDO2 standard, passkeys are the first real effort to replace passwords as your primary mode of authentication.
Using a passkey stored on your phone is supported by most browsers in macOS, but only Safari currently allows you to use a passkey stored on your Mac. Passkeys generated on your iPhone or Mac are stored in iCloud Keychain, which is end-to-end encrypted with your phone or computer's lock screen password. In Safari, passkeys are replacing the single-device WebAuthn registration, which allowed you to use your computer as a hardware key with Touch ID.
The benefits of passkeys are fairly limited at the moment, until more services support the standard for primary or multi-factor authentication.
## Rapid Security Responses
Alongside iOS 16, Apple is introducing **Rapid Security Responses** (RSR) to macOS Ventura. RSR allows Apple to ship small security fixes on the fly much faster than before.
Previously, releasing even a small security patch meant Apple had to release a huge multi-gigabyte update package. This was required to preserve the system's cryptographic integrity, following changes to how the system volume is handled in macOS Big Sur. With RSR, updates are much smaller, so patches can be downloaded much faster and applied more reliably.
RSR patches are applied immediately. However, [they are tied](https://support.apple.com/guide/deployment/whats-new-dep950aed53e/1/web/1.0) to the macOS minor version they are released with, meaning you need to be on the latest available macOS update to receive them: they are not a replacement for regular updates.
What [remains to be seen](https://eclecticlight.co/2022/09/22/apple-can-patch-ventura-on-the-fly-rsr-is-coming/) is which security patches will be released via RSR as opposed to standard security updates. More severe bugs, including Mach zone memory leaks and bugs which could cause kernel panics, are still likely to require a formal macOS update rather than a quick patch.
## Gatekeeper Changes
**Gatekeeper** is Apple's primary approach to handling malware on macOS, which has historically operated as a "scan at launch" feature for newly downloaded apps. In macOS Ventura, Gatekeeper has been updated to run signature and notarization checks upon every launch of an application, as opposed to just the first launch. This should improve its malware scanning capabilities, but could potentially [cause problems](https://eclecticlight.co/2022/09/24/why-some-apps-wont-run-in-ventura-and-how-to-fix-it/) with apps which update themselves. This practice is common with apps distributed outside the App Store, and could lead to discrepancies between the app's code signature and actual content.
## A Bug with Malware Scanners and Monitoring Tools
WIRED [reported](https://www.wired.com/story/apple-macos-ventura-bug-security-tools/) that a bug in the initial release of macOS Ventura cuts off third-party security products like [BlockBlock](https://objective-see.org/products/blockblock.html) from Objective-See from the access they need to perform system scans. There is a workaround to fix this access, so if you use tools like these you should manually check your security app to make sure it is working as intended. Apple should fix this problem in the next system update.
## Final Thoughts
If you are a Mac user, macOS Ventura brings a lot of new security and privacy features to the table. We recommend upgrading to macOS Ventura as soon as possible (I already have). We'll continue to keep an eye on how security features like these are used and improved in the future, on Apple platforms and beyond.

29
blog/posts/merch-announcement.md Normal file
View File

@ -0,0 +1,29 @@
---
date:
created: 2023-05-31
categories:
- Announcements
authors:
- freddy-m
- niek-de-wilde
tags:
- Privacy Guides
license: BY-SA
---
# Privacy Guides Now Has Merchandise
Yes, you read the title correctly: we have merch now. Privacy Guides has partnered with [HELLOTUX](https://www.hellotux.com/privacyguides) to create what we think are the finest garments in the land.<!-- more -->
It would be ironic to sell our products on a site riddled with ads and trackers. So we weren't going to. This decision ruled out loads of providers, as our privacy-focused values and their Google Analytics just didn't quite align. Privacy Guides has a global audience, so worldwide shipping was a must. And we didn't want to be peddling tacky cheaply printed t-shirts either. This narrowed down our options considerably.
Then we stumbled across HELLOTUX.
HELLOTUX is a family business who have been making high quality merchandise for open source projects since 2002. Their site is tracker free, and isn't littered with irritating adverts. They seemed, pardon the pun, the perfect fit.
We're excited to launch a range of dashing t-shirts and Polo shirts, along with our very own hoodies and jackets. Check them out at [`www.hellotux.com/privacyguides`](https://www.hellotux.com/privacyguides).
Buying our merch is a great way to support us financially. We get between three to five dollars per garment, depending on the product. Privacy Guides is a non-profit, socially motivated website so all the money we receive will be put towards improving our site and community. Our finances can be viewed publicly via the [Open Collective](https://opencollective.com/privacyguides).
A fun fact about HELLOTUX is that they make everything with Linux: the embroidery, the website, the customer service - the whole shebang. They also offer a money back guarantee. If you're not happy with your order, just send it back within three months, and they will sort you out with a replacement or refund.
So go ahead: bag yourself some Privacy Guides swag today!

36
blog/posts/move-fast-and-break-things.md Normal file
View File

@ -0,0 +1,36 @@
---
date:
created: 2022-04-04
categories:
- Opinion
authors:
- freddy-m
links:
- posts/virtual-insanity.md
tags:
- Facebook
license: BY-SA
---
# Move Fast and Break Things
Mark Zuckerberg does not look comfortable on stage. Yet, there he was proclaiming that “the future is private”. If someone has to tell you that they care about your privacy, they probably dont.<!-- more -->
For someone trying not to appear like a cartoon villain, Zuckerberg doesnt do a great job. He gives the impression of some strange cyborg algorithmically attempting to impersonate human life. His movements are not quite robotic, but he lacks the charisma you might expect from one of the most powerful people on the planet. A *New Yorker* [profile](https://www.newyorker.com/magazine/2018/09/17/can-mark-zuckerberg-fix-facebook-before-it-breaks-democracy) of him revealed that he had an affinity for Emperor Augustus, an ancient Roman tyrant. Through a really harsh approach, [Augustus] established two hundred years of world peace, he said.
Its the first part of that sentence that is worrying.
Is this what Zuckerberg sees himself as: a modern-day emperor hellbent on using any means he can to gain world peace? Probably not, but it would have been reassuring if he just told us he liked doing Sudoku and dad-dancing with his daughter (interestingly named August).
The Zuck once [joked](https://www.esquire.com/uk/latest-news/a19490586/mark-zuckerberg-called-people-who-handed-over-their-data-dumb-f/) to a friend that he could get them info about anyone in Harvard. He had email addresses, pictures, real addresses: the lot. When the friend asked how, this was his riposte: People just submitted it. I dont know why. They trust me. Dumb f*cks. We now live in a reality where Zuckerberg can get info about almost anyone in the world.
Like a depraved tabloid journalist fishing through a minor celebritys trash, Facebook collects everything it can about its users. Even if it means sifting through garbage, they want that data. But Facebook is not technically in the data business. It is in what author and professor Carissa Véliz [terms](https://aeon.co/essays/privacy-matters-because-it-empowers-us-all) the business of power which sounds rather more sinister than flogging off mildly irritating adverts.
Véliz argues that privacy is a form of power. It is the power to influence you, show you adverts and predict your behaviour. In this sense, personal data is being used to make us do things we otherwise would not do: to buy a certain product or to vote a certain way. Filmmaker Laura Poitras [described](https://www.washingtonpost.com/news/the-switch/wp/2014/10/23/snowden-filmmaker-laura-poitras-facebook-is-a-gift-to-intelligence-agencies/) Facebook as a gift to intelligence agencies. It allows governments to arrest people planning to participate in protests before they have even begun.
The social media giant is tip-toeing ever closer into our personal lives. When Facebook encountered competition it just bought it, adding Instagram and WhatsApp to its roster. The company even tried to make its own cryptocurrency so that one day the Facebook would control all our purchases too. Earlier this year, the project was [killed](https://www.ft.com/content/a88fb591-72d5-4b6b-bb5d-223adfb893f3) by regulators. It is worth noting that when Zuckerberg purchased WhatsApp and Instagram, they had no revenue. Author Tim Wu notes in his book *The Attention Merchants* that Facebook is a business with an exceedingly low ratio of invention to success. Perhaps that is a part of Zucks genius.
Move fast and break things was the old company motto. When there were a few too many scandals, they moved fast and [rebranded](https://www.privacyguides.org/blog/2021/11/01/virtual-insanity) to Meta. No one expected online privacy to be the thing they broke.
Before it became a global behemoth, Facebook started out as a dorm-room project. Zuckerberg sat at his keyboard after a few drinks and built it mainly because he could. It now has nearly three billion users. In the same way, Facebook [conducted](https://www.theguardian.com/technology/2014/jul/02/facebook-apologises-psychological-experiments-on-users) social experiments seemingly just for fun. Why he did it doesnt really matter. As John Lanchester [put it](https://www.lrb.co.uk/the-paper/v39/n16/john-lanchester/you-are-the-product): he simply did it *because*.
It is unfair to say that Zuckerberg does not care about privacy he does. Thats why he [spared](https://www.theguardian.com/technology/2013/oct/11/mark-zuckerberg-facebook-neighbouring-houses) no expense buying the houses that surrounded his home. Zuckerberg knows the power of privacy, which is painfully ironic given he has built his career on exploiting it. For Zuckerberg, at least, the future is private. Its the rest of us that should be worried.

87
blog/posts/mozilla-disappoints-us-yet-again-2.md Normal file
View File

@ -0,0 +1,87 @@
---
date:
created: 2024-07-14
categories:
- Opinion
authors:
- jonah
tags:
- Firefox
- Mozilla
---
# "Privacy-Preserving" Attribution: Mozilla Disappoints Us Yet Again
![](../assets/images/mozilla-disappoints-us-yet-again-2/cover.jpeg)
**"No shady privacy policies or back doors for advertisers" proclaims the Firefox homepage, but that's no longer true in Firefox 128.**
Less than a month after [acquiring the AdTech company Anonym](https://discuss.privacyguides.net/t/mozilla-acquires-anonym-raising-the-bar-for-privacy-preserving-digital-advertising/18936), Mozilla has added special software co-authored by Meta and built for the advertising industry directly to the latest release of Firefox, in an experimental trial you have to opt out of manually. This "Privacy-Preserving Attribution" (PPA) API adds another tool to the arsenal of tracking features that advertisers can use, which is thwarted by traditional content blocking extensions.<!-- more -->
It seems that 6 years after the [Mr. Robot extension debacle](https://www.theverge.com/2017/12/16/16784628/mozilla-mr-robot-arg-plugin-firefox-looking-glass), Mozilla still hasn't learned their lesson about sneaking unwanted advertising and features onto our computers.
We already know from Google's [Privacy Sandbox](https://www.eff.org/deeplinks/2019/08/dont-play-googles-privacy-sandbox-1) that simply adding "privacy" to the name of your feature does not make it private. While Mozilla claims that the "Privacy-Preserving" attribution aims to provide a more privacy-friendly alternative to ad tracking, there are a plethora of issues with this new (anti-)feature that are worth examining:
## Misaligned Incentives
Mozilla's decision to implement PPA in Firefox highlights a growing trend among user agents (browsers) to grant preferential treatment to the advertising industry over all other businesses.
**All** websites on the internet—including ad networks!—are **guests** on our computers, and the content they provide are merely suggestions for a user agent to interpret and show us how it chooses. This has always been a fundamental truth of how the internet works, and enables many great things: from highly-accessible text-based web browsers to the ability to [block trackers](https://www.privacyguides.org/en/browser-extensions/) and other unwanted bloat on the websites you visit. By baking in software that's tailor-made for the advertising industry, Mozilla is wrongly asserting that the advertising industry has a legitimate interest in collecting your data and tracking you across the internet over all other parties, including over your own interests.
The advertising industry and [Google](https://discuss.privacyguides.net/t/ublock-origin-lite/15329/11) in particular have been trying their hardest to reverse this dynamic, to turn browsers into a locked-down piece of viewing software under the total control of the servers it's accessing. Mozilla is the organization meant to protect us from the ever-encroaching desires of industry to control and track what we see online, but instead they're continually giving in to the idea that user agents should serve website operators and ad-tracking networks instead of users.
## Lack of Consent
Mozilla constantly fails to understand the basic concept of consent. Firefox developers seem to see their position as shepherds, herding the uninformed masses towards choices they interpret to be "good for them." Firefox users are not a captive audience that needs to be coddled, they are generally full-grown adult computer users who need to be listened to.
One Mozilla developer claimed that explaining PPA would be too challenging, so they had to opt users in by default.
<iframe src="https://mastodon.social/@Schouten_B/112784434152717689/embed" class="mastodon-embed" style="max-width: 100%; border: 0" width="400" allowfullscreen="allowfullscreen"></iframe><script src="https://mastodon.social/embed.js" async="async"></script>
<iframe src="https://mastodon.social/@Schouten_B/112784608473016028/embed" class="mastodon-embed" style="max-width: 100%; border: 0" width="400" allowfullscreen="allowfullscreen"></iframe><script src="https://mastodon.social/embed.js" async="async"></script>
The reality is that it isn't simply a *privileged minority* of users who care about surveillance tracking software being built in to their browsers.
Firefox users are **fully** capable of understanding basic concepts like tracking, and can make an informed decision about whether they want their browser to track them. Mozilla refuses to acknowledge this, because it's in their best (financial) interest to get as many people as possible to use this feature.
At the end of the day, Mozilla **knows** this feature isn't something that Firefox users want. If they truly believed this was the one path away from the constant data theft perpetuated by the advertising industry, they would've announced this loudly and proudly. They could've given the privacy and general Firefox communities ample time to scrutinize the protocol beforehand.
Instead, they buried the announcement in a two sentence blurb at the bottom of the release notes, 5 months after they posted a very brief [blog post](https://blog.mozilla.org/en/mozilla/privacy-preserving-attribution-for-advertising/) talking about this technology which was likely ignored by the vast majority of Firefox users.
## False Privacy
Let's ignore all of this though, and say you don't care that Mozilla is selling out to advertisers, as long as the feature is actually more private than the current status quo. PPA still isn't the answer we are looking for.
The simple truth is that the "Distributed Aggregation Protocol" Mozilla is using here is **not private by design.**
The way it works is that individual browsers report their behavior to a data aggregation server (operated by Mozilla), then that server reports the aggregated data to an advertiser's server. The "advertising network" only receives aggregated data with differential privacy, but the aggregation server still knows the behavior of individual browsers!
This is essentially a semantic trick Mozilla is trying to pull, by claiming the advertiser can't infer the behavior of individual browsers by re-defining part of the advertising network to not be the advertiser.
It is extremely disingenuous for Mozilla to claim that Firefox is adding technical measures to protect your privacy, when the reality is that your privacy is only being protected by social measures. In this particular case, Mozilla and their partner behind this technology, the ISRG (responsible for Let's Encrypt), could trivially collude to compromise your privacy.
## Uselessness
Finally, there is no reason for this technology to exist in the first place, because tracking aggregate ad conversions like this **can already be done** by websites without cookies and without invading privacy, using basic web technology.
All an advertisement has to do is link to a unique URL: Instead of linking to `example.com` one could link to `example.com/ad01`, and the website operator simply has to track how many people visit the `ad01` page on their end.
In contrast to the amazingly complex PPA setup Mozilla is pushing, this is a perfectly viable alternative that advertisers could easily adopt today. The reason they do not is simply because they have an insatiable need for as much of your data as possible.
## Disabling PPA
Firefox users should disable this feature:
1. Open Firefox's settings page at `about:preferences`
2. In the Privacy & Security panel, find the *Website Advertising Preferences* section.
3. Uncheck the box labeled **Allow websites to perform privacy-preserving ad measurement.**
There are also plenty of other [web browsers](https://www.privacyguides.org/en/desktop-browsers/) you could choose from, if you're growing tired of Mozilla's behavior in recent months. Between their foray into generative AI and their business acquisitions in the advertising industry itself, I certainly wouldn't blame you.
PPA is an additional privacy attack surface that has no value for end users whatsoever, as its sole purpose is to give data to the advertising industry for nothing in return. Instead of focusing their efforts on compromising with advertisers, Mozilla could work to actively block unwanted data collection. Because they aren't blocking any of the myriad of ways advertisers currently track you, Mozilla is not acting in your best interest here.
For a browser and organization which has built its reputation entirely on protecting user privacy, these moves are really eroding the trust of its core user base. We hope that Mozilla will listen to the overwhelming user feedback surrounding this feature and their other endeavors, and consider whether these recent actions are aligned with their core mission of putting users first.
---
[Discuss this article on our forum](https://discuss.privacyguides.net/t/privacy-preserving-attribution-mozilla-disappoints-us-yet-again/19467/2), or leave a comment below.

43
blog/posts/privacy-guides-partners-with-magic-grants-501-c-3.md Normal file
View File

@ -0,0 +1,43 @@
---
date:
created: 2024-07-22
categories:
- Announcements
authors:
- jonah
---
# Privacy Guides Partners With MAGIC Grants 501(c)(3)
![](../assets/images/privacy-guides-partners-with-magic-grants-501-c-3/magicblog.webp)
In February, the OpenCollective Foundation (OCF)—[our fiscal host of 4 years](https://blog.privacyguides.org/2019/10/31/weve-joined-the-open-collective-foundation/)—sent us an email to [announce](https://docs.opencollective.foundation/) that they would be shutting down, and they would no longer be able to collect donations on our behalf (or for any of the hundreds of projects they provided fiscal hosting services to). We immediately began to consider multiple options for the future of this project, including forming our own non-profit or finding another [fiscal host](https://en.wikipedia.org/wiki/Fiscal_sponsorship).<!-- more -->
We're excited to announce a [partnership](https://magicgrants.org/2024/07/22/Privacy-Guides-Fund) with MAGIC Grants, a Public 501(c)(3) charity with the mission of supporting privacy projects like ours and providing undergraduate scholarships for students interested in cryptocurrencies and privacy. They will immediately take over all of the operations previously provided by OCF, including accepting donations on our behalf, handling any of our accounting and taxes, reimbursing team members and volunteers, and taking legal ownership of assets like our domains and servers.
This last point is important, because we want to ensure Privacy Guides is never fully reliant on a single individual like myself. This setup ensures Privacy Guides never strays from its mission of providing free and accessible privacy and security resources to protect consumers.
Of course, all of our projects including the [open-source](https://github.com/privacyguides/privacyguides.org) Privacy Guides website, our communities, and this blog remain editorially independent and volunteer led. This partnership only affects our administrative platform behind the scenes.
MAGIC Grants was the right choice for our project for a number of reasons:
1. They are a 501(c)(3) non-profit, which allows us to retain our tax deductible status in the United States, and means there are legal safeguards in place to prevent Privacy Guides from being used for personal profit.
2. They've provided us with a great deal of flexibility and independence over how we run our project, and added many safeguards to ensure the current Privacy Guides team retains ultimate control over the project. This means that nothing about Privacy Guides will change, now or in the future, due to outside influence.
3. They've generously offered to provide their services to us for no fee, in support of our shared core mission of creating great educational materials.
Finally, unlike OCF, MAGIC Grants is extremely flexible when it comes to accepting cryptocurrencies. Previously we have not been able to accept cryptocurrency donations, because OCF did not have the accounting tools in place to handle such transactions. MAGIC Grants is highly experienced in the cryptocurrency—and especially [Monero](https://www.privacyguides.org/en/cryptocurrency/)—space, and we will be able to accept completely private donations through that very soon.
Donations to Privacy Guides are considered restricted contributions which may only be used under the [Privacy Guides Fund agreement](https://magicgrants.org/funds/privacy_guides/) we have with MAGIC Grants, and not for any of MAGIC Grants other endeavors. You can make a general donation to MAGIC Grants on their [website](https://magicgrants.org/contribute/).
---
We considered forming our own organization, but estimated that the initial costs to do so would meet or exceed our current annual budget, which wasn't financially viable. We have reserved the right to spin off as an independent non-profit, or to transfer to another fiscal host in the future, if we feel it would be beneficial to do so.
Running this network of websites and services for free to the public is a time-consuming and costly endeavor. We do it because we believe it is the right thing to do, not because we are looking to make a profit. Any contributions have been either used to pay our expenses or saved in a reserve for expansion or times of need.
Your support of this project will help us keep our servers running and pay for other various expenses accrued by the team while developing this community. We do not operate Privacy Guides for personal profit, and all funds will be used to further our mission in one form or another.
If you like what we do, please consider contributing to our project at <https://www.privacyguides.org/en/about/donate/>.
---
Read more about the [Privacy Guides Fund announcement](https://magicgrants.org/2024/07/22/Privacy-Guides-Fund) on MAGIC Grants' blog.

43
blog/posts/relisting-startpage.md Normal file
View File

@ -0,0 +1,43 @@
---
date:
created: 2020-05-03
categories:
- Announcements
authors:
- contributors
links:
- Search Engines: https://www.privacyguides.org/en/search-engines/
tags:
- Search Engines
---
# Relisting Startpage.com
!["Relisting Startpage" cover image](../assets/images/relisting-startpage/cover.png)
Dear *Privacy Guides* Community,
In October 2019, we learned that System1 had become the majority shareholder in Startpage.com via a new System1 subsidiary, Privacy One Group. Due to the uncertainty surrounding the acquisition and the initial lack of clear communication from the Startpage team towards the privacy community, we were forced to delist Startpage from our [search engine recommendations](https://www.privacyguides.org/en/search-engines/).<!-- more --> In an [explanatory blog post](delisting-startpage.md), we asked for more clarity surrounding the situation, stating:
> ...there are still so many unanswered questions, we can no longer recommend the service with good confidence. If Startpage aims to be re-considered, they will have to answer the questions above, preferably along with an explanation of why it took them so long to get proper answers out to the public.
Shortly after this, the *Privacy Guides* team was able to get an open line of communication with Startpage.com CEO Robert Beens, who vocalized his regret for not answering our questions more quickly and providing more clarity to the community from the start. From their perspective nothing fundamental had changed due to the acquisition, except that they would now have the resources to market Startpage efficiently thanks to System1. Unfortunately, Startpage failed to put themselves in the place of their users, and understand that their lack of transparancy at the beginning would erode the trust they shared with the privacy community.
By December, Startpage had [responded](https://code.privacyguides.dev/privacyguides/privacytools.io/issues/1562#issue-737) to our questions. More recently they also clarified that [System1's privacy policy](https://web.archive.org/web/20201110100140/https://system1.com/terms/privacy-policy) does not relate to Startpage; Startpage's privacy policy remains [unchanged](https://web.archive.org/web/20201110100140/https://www.startpage.com/en/privacy-policy/):
> Having a new shareholder in the company will not change any aspect of the privacy we offer. We are a Dutch company and will continue to be so, fully complying with Dutch and EU privacy regulations (GDPR). We dont store or share any personal data. No change either. Our clear privacy policy will stay the same. Management / founders (including myself) continue to have an important stake in the company and will continue to be fully committed to our privacy mission!
They also created new support pages clarifying the privacy implications of System1's relationship with Startpage:
- [Startpage CEO Robert Beens discusses the investment from Privacy One / System1](https://web.archive.org/web/20201110100140/https://support.startpage.com/index.php?/Knowledgebase/Article/View/1277/0/startpage-ceo-robert-beens-discusses-the-investment-from-privacy-one--system1)
- [What is Startpage's relationship with Privacy One/System1 and what does this mean for my privacy protections?](https://web.archive.org/web/20201110100140/https://support.startpage.com/index.php?/Knowledgebase/Article/View/1275/0/what-is-startpages-relationship-with-privacy-onesystem1-and-what-does-this-mean-for-my-privacy-protections)
- [What is the Startpage privacy-guarding data flow?](https://web.archive.org/web/20201110100140/https://support.startpage.com/index.php?/Knowledgebase/Article/View/1276/0/what-is-the-startpage-privacy-guarding-data-flow)
Additionally, Beens joined an [interview](https://invidio.us/watch?v=h-3fW0w2ayg) with Techlore in February answering his questions and further questions from the privacy community.
We prepared a [merge request](https://code.privacyguides.dev/privacyguides/privacytools.io/pulls/1592) in December for relisting Startpage in case we decided to do so, but did not have plans to merge it until the whole team felt confident (which we knew would take time). 5 months later, we sync'd up as a team, and decided to re-list them (with a warning explaining these events) which you can now find on our website [here](https://web.archive.org/web/20201110100140/https://www.privacytools.io/providers/search-engines). Our confidence and trust in Startpage has grown, and we're appreciative of Startpage's cooperation and willingness to address the concerns of our community.
We also hope this encourages any services that may end up being delisted for one reason or another to take action and improve themselves in this same fashion. We don't like delisting the services we've previously trusted and recommended, and we are always happy to see when steps are taken to regain community trust.
---
**2023-10-23:** This post has been edited to reflect the team's move from [PrivacyTools](https://www.privacyguides.org/en/about/privacytools/) to Privacy Guides.

57
blog/posts/restrict-act.md Normal file
View File

@ -0,0 +1,57 @@
---
date:
created: 2023-04-01
categories:
- Opinion
authors:
- jonah
tags:
- Government
- VPN
- United States
links:
- posts/hide-nothing.md
canonical: https://www.jonaharagon.com/posts/restrict-act/
---
# Worried About TikTok? The RESTRICT Act Is Not the Answer Americans Are Looking For
Privacy advocates have been calling for the United States to adopt strong consumer privacy protection laws along the lines of the EU's GDPR for a long time now, but the proposed *Restricting the Emergence of Security Threats that Risk Information and Communications Technology* (RESTRICT) *Act* isn't the answer we're looking for.<!-- more -->
Terrible acronym aside, the RESTRICT Act claims to...
> empower the United States government to prevent certain foreign governments from exploiting technology services operating in the United States in a way that poses risks to Americans sensitive data and our national security. ([whitehouse.gov](https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/07/statement-from-national-security-advisor-jake-sullivan-on-the-introduction-of-the-restrict-act/))
In reality, this act would grant the government broad powers to restrict access to any site or service they claim could pose a threat to national security, akin to China's "[great firewall](https://en.wikipedia.org/wiki/Great_Firewall)."
Currently, if you go on the internet and try and find out what the RESTRICT Act *actually does*, you'll find a lot of confusing and conflicting information. This is by design, not from a lack of analysis. Simply put, the RESTRICT Act has been interpreted in so many different ways because the wording is so broad that it *can* be interpreted in so many different ways. This is obviously a problematic form of government overreach.
So what does it actually do? Well, nothing! For now anyway: Like many bills lately, this bill has no immediate effects, but it does grant the White House power to create rules and regulations which will have the power of law. Section 8 grants the Secretary of Commerce the power to "establish such rules, regulations, and procedures as the Secretary considers appropriate." These rules can include almost anything as long as they are targeting an entity covered by the bill.
To give it a little credit, the specific activities this bill targets are *relatively* narrow. Section 2 of the bill mainly defines the affected entities in terms of corporate ownership and funding in relation to specific "foreign adversaries." It would be difficult for a company to violate this bill without *actually* being a front for a foreign government. However, once a targeted company *is* identified, the powers the White House then gains to prevent their operation and access within the United States are wildly expansive.
## How might this affect VPN providers?
This is the question on a lot of people's mind, and the answer is of course a bit complicated.
Right now, this bill is mainly focused on TikTok, despite them not being mentioned specifically within the bill text, so let's focus on them. If the White House determines that TikTok is covered by this act, they could implement "mitigation measures" including ordering Internet Service Providers to block access to TikTok entirely. At this point, the Act grants very broad power to block **circumvention** of those mitigation measures as well. Now, any service "which is designed or intended to evade or circumvent the application of this Act" falls under the scope of this regulation.
> No person may cause or aid, abet, counsel, command, induce, procure, permit, or approve the doing of any act prohibited by, or the omission of any act required by any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued under, this Act. (Section 11(a)(2))
A reading of this could certainly include VPN providers. Even if the White House does not declare VPN companies to be directly violating this act, they could certainly deem their services to be aiding and abetting violators, and the end result is the same: Regulations which ban the operation of VPNs entirely.
Even more worryingly—especially for myself at [Privacy Guides](https://www.privacyguides.org)—a stricter reading of the quoted section above could make it illegal to even *share advice* (i.e. "counsel") on how to run a VPN or sideload TikTok! And all of these violations *can* be punished with criminal charges including up to 20 years in jail or up to $1,000,000 in fines.
So what do we actually know?
- Does this bill ban VPNs? **No.**
- Does this bill give the White House executive power to ban VPNs? **Yes!**
Ultimately, the provisions in this bill are so broad that it is inconceivable that they will *not* be eventually abused by the White House, it would only be a matter of time. Any law like this which gives the government broad authority to ban all sorts of tools if they are even tangentially related to a foreign country they deem a threat is simply unacceptable in a purportedly free country, and we need to make sure it does not pass.
## Is this good privacy regulation?
Absolutely not. Fundamentally, the RESTRICT Act does nothing to address the actual privacy concerns of American citizens, it only ensures that the digital data of Americans is exploited *exclusively* by America-friendly companies. If Congress was legitimately concerned about data collection in America, they could implement strong consumer protections that enhance individuals' control and rights over their personal data on *every* platform instead of playing whac-a-mole with every foreign technology entity.
You may still be thinking that this bill would only really impact large, foreign entities like China/TikTok, but we've seen time and time again how bills like this that are sold as attacks on huge, nebulous entities like "terrorists" and "foreign state adversaries" wind up mainly used to attack the little guy with minor infractions.
Just like with the post-9/11 Patriot Act, the government is trying to whip people up into a panic to pass a bill under false pretexts that only serves to expand their police powers over us. Call your legislators and demand that they vote against the RESTRICT Act, don't let them take away even more freedoms.

53
blog/posts/secure-data-erasure.md Normal file
View File

@ -0,0 +1,53 @@
---
date:
created: 2022-05-25
categories:
- Tutorials
authors:
- mfwmyfacewhen
- contributors
links:
- 'Encryption<br><small>OS Full Disk Encryption</small>': https://www.privacyguides.org/encryption#os-full-disk-encryption
tags:
- Linux
license: BY-SA
---
# Erasing Data Securely From Your SSD or HDD
**Erasing data** from your computer may seem like a simple task, but if you want to make sure the data is truly unrecoverable, there are some things you should consider.<!-- more -->
!!! tip
You should use [full disk encryption](https://www.privacyguides.org/encryption#os-full-disk-encryption) on your storage devices. If your device is stolen or needs to be returned under warranty your privacy may be at risk.
To erase a storage device **thoroughly**, you should securely erase the whole device and not individual files.
## Erasing Your Entire Drive
When you delete a file, the operating system marks the space where the deleted file was as "empty." That "empty" space can be fairly easily undeleted, yielding the original file.
### Magnetic storage
If the disk is a magnetic storage device, such as a spinning hard disk, we suggest using [`nwipe`](https://en.wikipedia.org/wiki/Nwipe). `nwipe` can be installed in most Linux distributions. If you wish to use a complete boot environment on a system, consider using [ShredOS Disk Eraser](https://github.com/PartialVolume/shredos.x86_64). ShredOS boots straight into `nwipe` and allows you to erase available disks. To install it to a flash USB stick see the [installation methods](https://github.com/PartialVolume/shredos.x86_64/blob/master/README.md#obtaining-and-writing-shredos-to-a-usb-flash-drive-the-easy-way-).
Once you have your boot media, enter your system's UEFI settings and boot from the USB stick. Commonly used keys to access UEFI are ++f2++, ++f12++, or ++del++. Follow the on-screen prompts to wipe your data.
![ShredOS](../assets/images/data-erasure/shredos.png)
### Flash Storage
For [flash memory](https://en.wikipedia.org/wiki/Flash_memory) (SSD, NVMe, etc) devices we suggest the ATA Secure Erase command. Methods such as `nwipe` should not be used on flash storage devices as it may damage their performance. The "Secure Erase" feature is often accessible through the UEFI setup menu. NVMe storage can be erased using the [`nvme-cli`](https://github.com/linux-nvme/nvme-cli) tools. For that see:
```text
nvme format /dev/nvme0 -s 2 -n 1
```
It is also possible to complete a Secure Erase using the [`hdparm`](https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase) command, or [Microsoft Secure Group Commands](https://docs.microsoft.com/en-us/windows-hardware/drivers/storage/security-group-commands).
Physical destruction may be necessary to securely erase devices such as memory cards, USB sticks and unusable hard disks.
## Erasing Specific Files
Securely shredding **individual files** is difficult if not impossible. Copies can exist in a variety of ways such as through manual, or automatic backups, [wear leveling](https://en.wikipedia.org/wiki/Wear_leveling) (on modern [flash storage](https://en.wikipedia.org/wiki/Solid-state_drive)), caching and filesystem [journaling](https://en.wikipedia.org/wiki/Journaling_file_system).
Wear leveled devices do not guarantee a fixed relationship between [logical blocks addressed](https://en.wikipedia.org/wiki/Logical_block_addressing) through the interface. This means that the physical locations in which the data is stored may be different to where it is actually located, so shredding may not provide adequate security.

59
blog/posts/security-privacy-anonymity.md Normal file
View File

@ -0,0 +1,59 @@
---
date:
created: 2021-02-23
categories:
- Opinion
authors:
- natebartram
links:
- 'Threat Modeling<br><small>Creating Your Threat Model</small>': https://www.privacyguides.org/basics/threat-modeling/
- posts/choosing-the-right-messenger.md
tags:
- Security
license: BY
---
# Security, Privacy, and Anonymity
![](../assets/images/security-privacy-anonymity/cover.jpeg)
We may think that we know the differences between privacy, security and anonymity, however we often mix them up. People will often criticize a product or service as “not private” when they really mean “not anonymous.” Privacy, security, and anonymity often complement each other, but they are not always dependent on each other, and they are definitely not the same thing. A service can be private without being anonymous, or even secure without being private. Which one should you prioritize?<!-- more --> To some extent, there are no wrong answers. It really comes down to your threat model and what your desired goal is. It is perfectly fine to pick a product that provides privacy even though it doesn't provide anonymity. Furthermore, it's okay to pick a product that doesn't provide security if it does provide one of the other features. The important thing is that you need to be aware what these products and services are and arent offering you so that you can use them correctly.
Theres lots of ways to define privacy, security, and anonymity. Someone showed me [this](https://code.privacyguides.dev/privacyguides/privacytools.io/issues/1760#issuecomment-10452) definition and I really liked it. It seems to pretty much hit the nail on the head when applying these terms specifically to data privacy and cybersecurity:
**Anonymity**: *The sender and/or recipient's real ID is unknown*
In the real world this could be a secret admirer sending a Valentine's Day card. Online this could be when ones "footprints" cannot lead back to the poster: e.g. Tor.
**Privacy**: *The contents of the message can only be seen/heard by the intended recipient(s)*
In the real world this could be a whispered conversation between two people in the middle of Siberia. Online this could be a Signal message, which is end-to-end encrypted and only the recipient & sender can read the contents.
**Security** (in the context of privacy/anonymity): *The parties involved are who they say they are*
In the real world this could be something unique and verifiable such as a passport or fingerprints. Online this could be certificates or PGP signatures.
These topics often overlap: Privacy can help your security because if people don't know information about you, they can't effectively target you. For example, an attacker that doesn't know who you bank with cannot know which bank to target. Security can protect your privacy by forcibly controlling who has access to that information about you. Lets take a few examples:
## Security without Privacy or Anonymity
The most obvious example of this that comes to mind is Google. Google has had almost no major data breaches in all their years of existence, yet they know almost everything about everyone to the point that the former CEO Eric Schmidt remarked "[We can more or less know what you're thinking about.](https://web.archive.org/web/20210729190743/https://www.zdnet.com/article/google-even-knows-what-youre-thinking/)" Google offers world-class security with zero privacy or anonymity.
## Security and Some Privacy without Anonymity
Consider the renowned encrypted messaging app Signal. Because your phone number is required, you can be unmasked by a court order or even a web search depending on the phone number you use. However, Signal is renowned for having some of the best security in the world, and the content of your messages and the information you transfer will be protected and controlled even if your identity is not. Top-notch security and privacy over the content of your messages, but anonymity cannot be guaranteed.
## Anonymity without Security
Cash is a great example of this. Paying for a product in cash preserves your anonymity - unless the business requires it, you don't have to give any kind of information at all. Yet, you have no security if the seller doesn't deliver the item (unless you have a receipt). You have no protection from fraud or anything like that.
## Security with Privacy and Anonymity
XMPP is arguably the best example of this. XMPP allows you to sign up without any real information, over a VPN or Tor connection for total anonymity. Additionally, the conversations can be protected by OMEMO encryption, meaning the data itself is also private. When used properly, this is as closed to perfect as you can get, if a bit user-unfriendly. (**Editor's note**: XMPP is not officially endorsed by Privacy Guides for the reasons listed [here](https://code.privacyguides.dev/privacyguides/privacytools.io/issues/1854).)
## Closing Thoughts
These three concepts are not necessarily dependent on each other. A secure product does not guarantee privacy, a private product does not guarantee security, and anonymity does not guarantee either. As I said before, there is nothing wrong with valuing one facet over another. It's also okay to use Signal even though it doesn't give you total anonymity. Just be sure you understand how a product is meant to be used and where it both shines and falls short. It would be awful to use Google thinking that it will give your communications total privacy and then your financial details get stolen by a [rogue employee](https://web.archive.org/web/20210729190743/https://nypost.com/2020/09/23/shopify-says-rogue-employees-may-have-stolen-customer-data/). Or if you used a service like Signal to organize protests in a hostile country only to be arrested once your phone number is unmasked. Know the limitations of the services you choose and decide what features are important to you. Its also important to know that privacy and security are sliding scales. This could be an entire blog post on its own. Think of passwords. Any password even “password” - is technically more secure than no password at all. But a 16-character randomly-generated password is even more secure than “password.” Sometimes its okay to find a solution that offers a blend less privacy in one area in exchange for more security in another, or vice versa. Once again, it all comes back to your threat model, your needs, and your resources.
---
*Originally published on [The New Oil](https://web.archive.org/web/20210729190743/https://thenewoil.xyz/privsecanon.html).*

274
blog/posts/signal-configuration-and-hardening.md Normal file
View File

@ -0,0 +1,274 @@
---
date:
created: 2022-07-07
updated: 2023-05-06
authors:
- contributors
- matchboxbananasynergy
- dngray
categories:
- Tutorials
tags:
- Signal
- Molly
- Instant Messengers
license: BY-SA
---
# Signal Configuration and Hardening Guide
[Signal](https://www.privacyguides.org/en/real-time-communication#signal) is a widely regarded instant messaging service that is not only easy to use but is also private and secure. Signal's strong E2EE implementation and metadata protections provide a level of assurance that only you and your intended recipients are able to read communications.<!-- more -->
This guide details actions you can take to configure and harden Signal in accordance with your [threat model](https://www.privacyguides.org/en/basics/threat-modeling/).
## Signal Configuration
### Signal PIN
When you register for Signal with your phone number, you will be asked to set up a Signal PIN. This PIN can be used to recover your profile, settings, contacts and who you've blocked in case you ever lose or switch devices.
Additionally, your Signal PIN can also double as a registration lock that prevents others from registering with your number.
!!! attention "Registration Lock"
The server will not enforce the registration lock after 7 days of inactivity. After that, someone will be able to reset the PIN at registration and register with your phone number. This will wipe the data stored in your Signal account, as it is encrypted by the PIN, but it won't prevent someone from registering with your number provided that they can receive a text on it.
**Important update**: since this blog post was published, there have been changes to the registration flow for Signal. You should read about this [here](signal-number-registration-update.md).
If you haven't set up a Signal PIN, or have previously opted out of setting one up, follow these steps on Android/iOS:
- Select :material-dots-vertical: > **Settings** > **Account** > **Signal PIN**
- Select **Create new PIN**
Signal will prompt you to enter a PIN. We suggest using a strong alphanumeric PIN that can be stored in a [password manager](https://www.privacyguides.org/en/passwords/).
Once you have done that, or if you already have set up a PIN, make sure that **Registration Lock** is also enabled.
- Select :material-dots-vertical: > **Settings** > **Account** > **Signal PIN**
- [x] Turn on **Registration Lock**
!!! Important
If you forget the PIN and have enabled a registration lock, you may be locked out of your account for up to 7 days.
You can learn more about Signal PIN on [Signal's website](https://support.signal.org/hc/en-us/articles/360007059792-Signal-PIN).
### Safety Numbers
Safety numbers are a feature in Signal that allows you to ensure that messages are delivered securely between verified devices.
It is best practice to always compare safety numbers with your contacts. This can be done in a couple of ways:
- Scanning your contact's QR code while viewing their safety number.
- Comparing the safety numbers on both ends, be it visually or audibly.
!!! Important
In order for safety numbers to also verify that the intended recipient has access to the device you're verifying, you need a secondary communication channel where you can authenticate the person that is holding the device. For example, an in-person meeting or during a video call.
To view the safety number for a particular contact, you need to follow these steps within Signal:
- Go to a chat with a contact.
- Select the chat header or :material-dots-vertical: > **View Safety Number**
Once you've compared the safety numbers on both devices, you can mark that contact as **Verified**.
A checkmark will appear in the chat header by your contact's name when the safety number is marked as verified. It will remain verified unless the safety number changes or you manually change the verification status.
After doing that, any time the safety number changes, you'll be notified.
If the safety number with one of your contacts changes, we recommend asking the contact what happened (if they switched to a new device or re-installed Signal, for example) and verify the safety numbers again.
For more demanding threat models, you should agree on a protocol with your contacts in advance on what to do in case the safety number ever changes.
You can learn more about safety numbers on [Signal's website](https://support.signal.org/hc/en-us/articles/360007060632-What-is-a-safety-number-and-why-do-I-see-that-it-changed-).
### Disappearing Messages
While communication in Signal is E2EE, the messages are still available on the devices, unless they are manually deleted.
It is good practice to set up disappearing messages in Signal's settings so that any chats you start will disappear after a specified amount of time has passed.
On Android/iOS:
- Select :material-dots-vertical: > **Settings** > **Privacy**
- Under **Disappearing messages**, select **Default timer for new chats**
- Select the desired amount of time and select **Save**
!!! tip "Override the global default for specific contacts"
- Go to a chat with a contact
- Select :material-dots-vertical: on the top right
- Select **Disappearing messages**
- Select the desired amount of time and select **Save**
We recommend setting up a reasonable timer by default, such as one week, and adjusting it per contact as you see fit.
!!! tip "Snapchat-like Functionality"
Signal allows you to send "view-once" media that are automatically removed from the conversation after they have been viewed.
### Disable Link Previews
Signal offers the ability to retrieve previews of webpages linked within a conversation.
This means that when you send a link, a request will be sent to that website so that a preview of the website can be displayed alongside the link. Thus, we recommend disabling link previews.
Your recipient doesn't make any requests unless they open the link on their end.
On Android/iOS:
- Select :material-dots-vertical: > **Settings** > **Chats**
- [ ] Turn off **Generate link previews**
### Screen Security
Signal allows you to prevent a preview of the app being shown (i.e., in the app switcher) unless you explicitly open it.
On Android:
- Select :material-dots-vertical: > **Settings** > **Privacy**
- [x] Turn on **Screen Security**
On iOS:
- Select :material-dots-vertical: > **Settings** > **Privacy**
- [x] Turn on **Hide Screen in App Switcher**
### Screen Lock
If someone gets a hold of your device while it is unlocked, you run the risk of them being able to open the Signal app and look at your conversations.
To mitigate this, you can leverage the Screen Lock option to require additional authentication before Signal can be accessed.
On Android/iOS:
- Select :material-dots-vertical: > **Settings** > **Privacy**
- [x] Turn on **Screen Lock**
### Notification Privacy
Even when your phone is locked, anyone who can lay eyes on the device can read messages and sender names from your lock screen.
On Signal, you have the ability to hide message content and sender name, or just the message content itself.
On Android:
- Select :material-dots-vertical: > **Settings** > **Notifications**
- Select **Show**
- Select **No name or message** or **Name only** respectively.
On iOS:
- Select :material-dots-vertical: > **Settings** > **Notifications**
- Select **Show**
- Select **No name or Content** or **Name Only** respectively.
### Call Relaying
Signal allows you to relay all calls (including video calls) through the Signal server to avoid revealing your IP address to your contact. This may reduce call quality.
On Android/iOS:
- Select :material-dots-vertical: > **Settings** > **Privacy** > **Advanced**
- [x] Turn on **Always Relay Calls**
For incoming calls from people who are not in your Contacts app, the call will be relayed through the Signal server regardless of how you've set it up.
### Proxy Support
If Signal is blocked in your country, Signal allows you to set up a proxy to bypass it.
!!! Warning
All traffic remains opaque to the proxy operator. However, the censoring party could learn that you are using Signal through a proxy because the app [fails to route all the IP connections to the proxy](https://community.signalusers.org/t/traffic-not-routed-to-tls-proxies-can-expose-users-to-censors/27479).
You can learn more about Signal's proxy support on their [website](https://support.signal.org/hc/en-us/articles/360056052052-Proxy-Support).
### Disable Signal Call History (iOS)
Signal allows you to see your call history from your regular phone app. This allows your iOS device to sync your call history with iCloud, including who you spoke to, when, and for how long.
If you use iCloud and you dont want to share call history on Signal, confirm its turned off:
- Select :material-dots-vertical: > **Settings** > **Privacy**
- [ ] Turn off **Show Calls in Recents**
## Signal Hardening
### Avoid Device Linking
While it may be tempting to link your Signal account to your desktop device for convenience, keep in mind that this extends your trust to an additional and potentially less secure operating system.
If your threat model calls for it, avoid linking your Signal account to a desktop device to reduce your attack surface.
### Endpoint Security
Signal takes security very seriously, however there is only so much an app can do to protect you.
It is very important to take device security on both ends into account to ensure that your conversations are kept private.
We recommend an up-to-date [GrapheneOS](https://www.privacyguides.org/en/android/distributions#grapheneos) or iOS device.
### Molly (Android)
On Android you can consider using **Molly**, a fork of the Signal mobile client which aims to provide extensive hardening and anti-forensic features.
!!! recommendation
![Molly logo](../assets/images/signal-configuration/molly.svg){ align=right }
**Molly** is an independent Signal fork which offers additional security features, including locking the app at rest, securely shredding unused RAM data, routing via Tor, and more.
[:octicons-home-16: Homepage](https://molly.im/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/mollyim/mollyim-android/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/mollyim/mollyim-android){ .card-link title="Source Code" }
[:octicons-heart-16:](https://opencollective.com/mollyim){ .card-link title=Contribute }
??? downloads
- [:octicons-moon-16: Accrescent](https://accrescent.app/app/im.molly.app)
- [:simple-github: GitHub](https://github.com/mollyim/mollyim-android/releases)
Molly offers two variants of the app: **Molly** and **Molly-FOSS**.
The former is identical to Signal with the addition of Molly's improvements and security features. The latter, Molly-FOSS, removes Google's proprietary code, which is used for some key features (e.g., [FCM](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) and Google Maps integration), in an effort to make it fully open-source.
A comparison of the two versions is available in the [project's repository](https://github.com/mollyim/mollyim-android#readme).
Both versions of Molly support [reproducible builds](https://github.com/mollyim/mollyim-android/tree/main/reproducible-builds), meaning it's possible to confirm that the compiled APKs match the source code.
#### Features
Molly has implemented database encryption at rest, which means that you can encrypt the app's database with a passphrase to ensure that none of its data is accessible without it.
!!! note
As long as Molly is locked, you will not receive notifications for any incoming messages or calls until you unlock it again.
Once enabled, a configurable lock timer can be set, after which point Molly will lock itself if you haven't unlocked your device for that specific time period. Alternatively, you can manually lock the app whenever you want.
For the database encryption feature to be useful, two conditions must be met:
1. Molly has to be locked at the time an attacker gains access to the device. This can include a physical attack in which the attacker seizes your device and manages to unlock the device itself, or a remote attack, in which the device is compromised and manages to elevate privileges to root.
1. If you become aware that your device has been compromised, you should not unlock Molly's database.
If both of the above conditions are met, the data within Molly is safe as long as the passphrase is not accessible to the attacker.
To supplement the database encryption feature, Molly securely wipes your device's RAM once the database is locked to defend against forensic analysis.
While Molly is running, your data is kept in RAM. When any app closes, its data remains in RAM until another app takes the same physical memory pages. That can take seconds or days, depending on many factors. To prevent anyone from dumping the RAM to disk and extracting your data after Molly is locked, the app overrides all free RAM memory with random data when you lock the database.
There is also the ability to configure a SOCKS proxy in Molly to route its traffic through the proxy or [Tor via Orbot](https://www.privacyguides.org/en/tor#orbot). When enabled, all traffic is routed through the proxy and there are no known IP or DNS leaks. When using this feature, [call relaying](#call-relaying) will always be enabled, regardless of the setting.
Signal adds everyone who you have communicated with to its database. Molly allows you to delete those contacts and stop sharing your profile with them.
To supplement the feature above, as well as for additional security and to fight spam, Molly offers the ability to block unknown contacts that you've never been in contact with or those that are not in your contact list without you having to manually block them.
You can find a full list of Molly's [features](https://github.com/mollyim/mollyim-android#features) on the project's repository.
#### Caveats
- Molly removes Signal's MobileCoin integration.
- Molly is updated every two weeks to include the latest features and bug fixes from Signal. The exception is security issues, which are patched as soon as possible. That said, you should be aware that there might be a slight delay compared to upstream.
- By using Molly, you are extending your trust to another party, as you now need to trust the Signal team, as well as the Molly team.

47
blog/posts/signal-number-registration-update.md Normal file
View File

@ -0,0 +1,47 @@
---
date:
created: 2022-11-10
categories:
- News
authors:
- matchboxbananasynergy
tags:
- PSA
- Signal
- Instant Messengers
links:
- posts/signal-configuration-and-hardening.md
- Real-Time Communication: https://www.privacyguides.org/real-time-communication/
license: BY-SA
---
# Important Changes to Signal Registration and Registration Lock
**EDIT: This change has been temporarily rolled back after discussions that took place in the [Signal community](https://community.signalusers.org/t/phone-numbers-can-be-hogged-or-hijacked-permanently-using-registration-lock/6907/62). It will likely be the way things work in the future, but it seems that the old behavior is now back in place for the time being.**
Signal has changed how it handles registration. This primarily affects people who are using a number for Signal that they don't have exclusive access to.<!-- more -->
## How It Used to Work
As outlined in our [Signal Configuration & Hardening Guide](signal-configuration-and-hardening.md#signal-pin), if you registered, set up Registration Lock, and checked into the app at least once every 7 days, nobody could use the number you'd claimed and try to re-register it for themselves without knowing your Registration Lock PIN.
## How It Works Now
As outlined in this [issue](https://github.com/signalapp/Signal-Android/issues/12595#issuecomment-1310752097) on the Signal-Android GitHub repository, if someone tries to register with that number and is able to get the SMS code, they can kick you out of your Signal account. At that point, you have to re-register by receiving an SMS for that number, and inputting your Signal PIN. If you are unable to do this, the Registration Lock is not enforced after 7 days. Someone who tries to register after that will be prompted to enter the Signal PIN once more. If the correct PIN is not entered, the app will prompt you to create a new PIN, and the account is wiped and the number can be claimed by a person who can receive an SMS code for it.
You can find the relevant changes in the code [here](https://github.com/signalapp/Signal-Server/commit/80a3a8a43c8698be9f561a42762ffafe2db1409b#diff-c99f1a5184455de55e73623642ad010e2269a2d217a911e6bcf8f6bc8a79f6eaR484).
>If Alice registers number X and enables reglock, but Bob later proves ownership of number X (by registering and completing the SMS code), then Alice will be unregistered. However, if a reglock is present, Bob still won't be able to register immediately if he does not know the reglock code. This allows reglock to still function as a way to prevent someone else from taking over your account.
>
>However, by unregistering Alice, this starts a 7-day timer. After 7 days, if Alice doesn't re-register, then the reglock is removed and Bob will be free to register the number without needing to know the reglock. But if Alice still truly does own the number, she can simply re-prove ownership and things should go back to normal for her.
>
>This is important because phone number can (and are) re-used among cell carriers. If someone gets a new phone number from their carrier, they should not be prevented from registering with Signal indefinitely because the previous owner has reglock.
>
>The intention of reglock is to prevent hijacking of numbers you actually own, not to guarantee the number for yourself for life.
While this change makes sense from the perspective of making it so you cannot "hold a number hostage" as long as you keep checking in, it is particularly important for people who've used disposable phone numbers to know this.
We recommend migrating to a phone number that you own and will be able to own for the foreseeable future in order to avoid getting locked out of your account and losing your contacts.
---
*Special thanks to the [Molly](https://molly.im) community who made us aware of this change soon after it went live.*

95
blog/posts/the-trouble-with-vpn-and-privacy-review-sites.md Normal file
View File

@ -0,0 +1,95 @@
---
date:
created: 2019-11-20
categories:
- Opinion
authors:
- jonah
links:
- Choosing a VPN: https://www.jonaharagon.com/posts/choosing-a-vpn/
- Understanding VPNs: https://www.jonaharagon.com/posts/understanding-vpns/
- VPN Recommendations: https://www.privacyguides.org/vpn/
tags:
- VPN
license: BY-SA
---
# The Trouble With VPN and Privacy Review Sites
!["Unbiased Reviews" cover image](../assets/images/the-trouble-with-vpn-and-privacy-review-sites/cover.png)
Theres a massive problem in the privacy world. Websites, social media accounts, and other platforms are constantly popping up out of nowhere, telling you to buy *The Greatest Service Ever* in order to solve all your privacy woes, whatever that may be. These websites often employ marketing teams to make sure their “reviews” are what you see first when you begin your research. Some of them are even operated by VPN providers themselves, operating under anonymous business entities to hide their bias, or doing it right out in the open, hoping youll mistake their advertising-filled press releases and blogs as insider knowledge of the VPN space.<!-- more -->
When a seemingly “unbiased review” on a site is merely a paid advertisement in disguise, that website is breaking their readers trust. From a consumers point of view, affiliate marketing and other paid promotional techniques like this make it near impossible to know when a review is genuine or not.
This isnt going to be a lengthy blog post on advertising being bad, far from it. In fact, many of the VPN providers we recommend on *Privacy Guides* engage in responsible advertising across various platforms. The key is transparency: Their advertisements should *look like advertisements*, and nothing else.
Im really looking to take the time here and identify “the bad” sites and resources that use these techniques to profit off a community just looking for reliable answers. Lots of sites like these will claim theyre acting in your best interest, but theyre just here to make money.
One common thing Ill see on these sites is a ranked list of providers that are ostensibly the best ones to choose from. These sites have supposedly done all the work for you, so you can just click and go, assured youre making the right choices.
So heres my issue with ranking VPN providers: Lets face it, VPN providers are all offering the same service, and they will either protect your information or they wont. Ranking providers like this only serves as an easy way to guide users to a certain choice (in this case, the choice that will make the reviewers the most money).
Lets look at one of these “review” sites for example, which will go unnamed for the purposes of this article. On their homepage they prominently list 10 providers as the “best” VPN services, in this order:
1. NordVPN
2. Surfshark
3. ExpressVPN
4. PerfectPrivacy
5. IPVanish
6. Mullvad
7. CyberGhost
8. Trust.Zone
9. ibVPN
10. Private Internet Access
To their credit, this review site also helpfully included an advertising disclosure in their footer. On this fairly well hidden away page, they note that they participate in affiliate programs from 8 providers, as follows:
- NordVPN
- SurfShark
- ExpressVPN
- Perfect-Privacy
- IPVanish
- CyberGhost
- Trust.Zone
- Private Internet Access
*Hmm*. Look familiar? Of the 73 providers this site had reviewed at the time of writing this article, **all eight** of the VPN providers paying this review site happened to make their top 10 recommendations. In fact, youd have to scroll down to #6 before you found a provider that wouldnt pay them, practically buried.
Furthermore, their list includes NordVPN, a company [notable for not disclosing security breaches](https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/) in a timely fashion, and ExpressVPN, a provider [notable for using weak 1024-bit encryption keys](https://www.goldenfrog.com/blog/some-providers-use-weak-1024-bit-keys-vyprvpn-explains-why-its-strong-keys-matter) to protect their users. By any objective standard, these providers do not deserve to be included in a top 10 recommendations list for securing anybodys information. This review site in particular claims to have set criteria for their recommendations, but this just demonstrates that any criteria can be adjusted to fit any goal you may have.
If these sites truly wanted to be helpful, they would consolidate all the relevant information and present it to their users without making the choice for them. A provider is going to be better or worse for every user depending on their particular situation, and encouraging making an informed choice between options presented equally is far more beneficial to putting one over the other in a largely arbitrary fashion.
But that isnt to say they should just throw all the providers in a big table and call it a day. Almost worse than the ranking scheme above is when sites provide out of context lists of providers, often just with pricing and a link. Sometimes they will link you to a full review (more on that in a bit), but for the most part these sites just expect you to follow their recommendations blindly.
![Image of a review site with mostly affiliated recommendations](../assets/images/the-trouble-with-vpn-and-privacy-review-sites/image1.png "Affiliate links and discounts galore! This is a different site than before, but look at the familiar faces were seeing…")
These read like advertisements, because they usually are. Once again we see the usual suspects — NordVPN, ExpressVPN… — paraded as the gold standard in the VPN space, not out of any inherent value, but based on the value of their affiliate programs. To further this point, lets take a look at how much each of the five providers above will pay you for a referral (on a one-month plan).
1. ExpressVPN: $13 for first month
2. NordVPN: $11.95 for first month
3. VPNArea: $4.95 for first month
4. VPN.ac: $2.90 for first month
*Unfortunately, Perfect Privacy would not share their commission rates publicly, but if anyone has any information on that Id be happy to receive it. What I will say is that based on the information above, I would not be surprised if it fell right between ExpressVPN and NordVPNs rates. Their one-month plan costs $12.99, so assuming a 100% match on the first month (the standard from NordVPN and ExpressVPN) that would add up quite nicely.*
Once again, we see a lineup of providers ordered in a way that *conveniently* pays the most to the website owner. And therein lies the issue with affiliate programs. Once you begin receiving financial compensation *on a per-signup basis*, you are now motivated to push the most users to the sites that pay more on a monthly basis, rather than the sites that will actually help the user.
Occasionally, these recommendations are coupled with a “review” that is supposedly independent and unbiased, but in reality are simply more marketing tools to persuade you towards their opinions. In most cases, these reviewers will simply copy the VPN providers own press releases and even media, presenting their advertising as fact to their readers. These reviews are always hidden away as well, with main navigation links directing users towards the more affiliate-link-laden lists and tables that theyd much rather you browse. The true value of these review articles is the [Search Engine Optimization (SEO) advantage they bring](https://www.pcmag.com/news/367640/how-a-vpn-review-site-dominated-google-search-with-a-scam) in the rankings on Google, and not much more. More traffic = More clicks, at the expense of good, independent content and integrity.
*Originally, this article contained a section about how ThatOnePrivacySite was the last bastion of a hope in the VPN review world. However, that has since sold out to Safety Detectives, a site guilty of using all the affiliate tricks mentioned above. Goes to show, eh?*
At [Privacy Guides](https://privacyguides.org/), weve developed a set list of criteria, and we make that abundantly clear when you read our list of [recommended VPN providers](https://privacyguides.org/vpn/). We also refrain from using affiliate links. As weve discussed, they are fundamentally flawed ways to market a service, and using them would break the trust our community has in our recommendations.
We do have a sponsorship program, but all of our finances are handled in an incredibly transparent fashion. As a non-profit organization, the funding we receive cannot be used for private profit, and our community can see both where we receive money from and how it is being spent thanks to [Open Collective.](https://opencollective.com/privacyguides) Additionally, the recommendations on our site are handled by an entirely separate team of editors and contributors than the administrative team such as myself that handles the sponsorships and finances. The editors have sole control over our recommendations and operate entirely independently and on a volunteer-basis to ensure the choices we make are for the benefit of the privacy community over one individual.
Ultimately, as a matter of policy our sponsors have no say over our recommendations, or whether they are recommended or a competitor is removed. We have given our community vast access to our website and internal workings to keep us in check and ensure were staying true to our word. This separation of management and editors is a strategy that has served the media industry well for decades, and makes all of our team and organization a more credible and trustworthy source of information.
## Summary
We have a lot of points we want to get across. The current landscape of privacy reviewers and “experts” weighing in on topics regarding the very companies that pay for their reviews is morally reprehensible, and just another way for big tech companies to collect all of our data more easily.
Review sites should make it abundantly clear when their reviews are paid for by the VPN companies in any fashion, whether that be via affiliate programs or good old-fashioned sponsorships. This cant be via a hidden-away disclosure in the footer or not published at all, but *clear* and *close in proximity* to the claims published on their site. **Customers are not expecting or seeking out these disclosures** when they visit review sites, and cant be expected to immediately discern whether youre speaking from a place of unbiased fact, or from a place with the greatest financial incentive. Better yet, they should reconsider their entire business model. Our site is based solely on a community donation model that still keeps us sustained. Its the more difficult way to build a site to be sure, actually working to gain the trust of a huge community, but the difference in quality and integrity is remarkable.
VPN providers should consider spending less money on paid reviews, and more money on securing and validating their infrastructure. Regular security audits are one fantastic way for companies to demonstrate their dedication to keeping their users secure. We strongly believe VPN services should consider our criteria, especially in regard to the ownership of their organization. Your VPN provider should not be hiding away in Panama controlled by anonymous leadership. While you *as a user* deserve privacy, transparency should be *required* of providers if you are expected to trust them. I would not give my money to some anonymous overseas investor, why would I give all of my internet traffic to some anonymous overseas administrator?
Finally, when youre choosing a VPN provider, do your own research. [Understand what a VPN actually does for you](https://www.jonaharagon.com/posts/understanding-vpns/). [Understand what it is a security audit proves](https://www.pcmag.com/article/371839/what-does-a-vpn-security-audit-really-prove), find out who owns and operates the VPN service you want to use, and make sure their policies and technologies reflect your values. [Ultimately gathering the information yourself](https://www.jonaharagon.com/posts/choosing-a-vpn/) and making an informed decision is the only way to make sure your privacy is being respected.

34
blog/posts/threads-launch-twitter.md Normal file
View File

@ -0,0 +1,34 @@
---
date:
created: 2023-07-21
categories:
- Opinion
authors:
- freddy-m
links:
- posts/move-fast-and-break-things.md
- posts/virtual-insanity.md
tags:
- Twitter
- Facebook
license: BY-SA
---
# Threads Is the Perfect Twitter Alternative, Just Not for You
Silicon Valley could well be built on the principle of scrapping principles. Now Elon Musk, perhaps the ultimate tech bro, is shredding another well-regarded convention with an *original business strategy*.<!-- more -->
Generally, in business, it is sensible to provide your customers with what they want. With Twitter, the meme-makers' favourite billionaire is doing the opposite. The cyber-trucker is trying his best to [cull](https://jottings.lol/2022/12/bravo-elon) his customer base. Instead of finding gaps in the market, Musk is helping to create them. Ever the [copycat](https://blog.privacyguides.org/2022/04/04/move-fast-and-break-things/), Mark Zuckerberg wants to give these innovative tactics a try. Enter the-company formerly-known-as-Facebook's rival to the birdsite: Threads.
The Zuck is, by all accounts, good at making social media platforms. This doesn't mean the platforms themselves are good - they [aren't](https://blog.privacyguides.org/2021/11/01/virtual-insanity/). But they are unarguably successful: Instagram and WhatsApp have comfortably over a billion users, Facebook has nearly three. If only half of these users adopt the new platform, it would instantly eclipse Twitter. As it happens, Threads allows you to import all your followers from Instagram. Of all the Twitter alternatives, Zuckerberg's looks like the most promising.
Here, however, the promise ends.
The man behind Facebook has somehow managed to make the Twitter experience worse. Following people, a key part of the social media mogul's earlier ventures, is meaningless on Threads. You are beholden to its algorithm and who it reckons you will interact with. (Want to see what your mates are posting about? Tough, [here's](https://jogblog.substack.com/p/facebooks-threads-is-so-depressing) an 'Epic Meme from the official Salesforce account.') Your timeline isn't chronological either.
And this is where it gets clever. Say you tire of blue-tick brands shitposting, and want to delete your account? Hard luck. Like an ill-advised tattoo, Threads accounts are effectively permanent. If you delete your Threads account, your Instagram account goes too. You're locked in this shiny pit of brand based flimflam, and your Instagram account is hostage.
Threads is what would happen if Twitter and Instagram made out in a bowling alley. It's all their worst parts combined - but it may well succeed. Rocket-man Musk's changes to Twitter have not exactly made it 'brand friendly'. Threads, meanwhile, is shaping up to be a paradise for in-your-face brands - and the AdTech industry would love for you to join them. As Chris Black [put it](https://www.gq.com/story/pulling-weeds-chris-black-twitter-is-better-than-ever), Threads is just 'another marketing channel masquerading as a community.' When the site inevitably introduces ads, the scared Twitter advertisers will flock. A *TechCrunch* headline [ran](https://techcrunch.com/2023/07/06/you-cant-post-ass-threads-is-doomed-meta-instagram-twitter/) 'You cant post ass, Threads is doomed'. It should have run: 'You can't post ass, Threads will boom'.
Despite cut-and-pasting a dying social media site, the Zuck won't be worried. If anyone knows how to transform bland technology into profit it's him. Aside from providing a platform for asinine hot-takes, Threads' main purpose is to hoover up and auction off data. Unlike Twitter, Meta's microblogging venture has strict moderation. When advertisers bore of Musk's manic antics you know where they'll go.
Threads' naffness won't stop its success. It's data-scraping fluffily dressed up as substandard corporate twaddle. It's a cringe-inducing privacy invasion. It's not meant for users, but that doesn't really matter: you're not a user, you're a product.

39
blog/posts/virtual-insanity.md Normal file
View File

@ -0,0 +1,39 @@
---
date:
created: 2021-11-01
categories:
- Opinion
authors:
- freddy-m
links:
- posts/move-fast-and-break-things.md
- posts/why-i-run-a-tor-relay.md
tags:
- Facebook
license: BY-SA
---
# Virtual Insanity
Not so long ago, the world was predicting the end for Facebook. Now it is no more. Gone from the face of the planet never to be seen again. Except it isnt.
Facebook has not disappeared. No, not even the damning Facebook Papers can shut it down. Mark Zuckerberg stood up on stage, and announced that it had changed its name to: Meta.<!-- more -->
A key part of this new vision for the company is the idea of the metaverse. If it sounds like something out of a sci-fi movie or novel, thats because it is. The term was first coined by author Neal Stephenson in his 1992 book *Snow Crash*. Zuckerbergs only problem is that novel was dystopian. Heres a brief snippet of Stephensons description of the metaverse:
> “Your avatar can look any way you want it to, up to the limitations of your equipment. If youre ugly, you can make your avatar beautiful. If youve just gotten out of bed, your avatar can still be wearing beautiful clothes and professionally applied makeup. You can look like a gorilla or a dragon or a giant talking penis in the Metaverse. Spend five minutes walking down the Street and you will see all of these.”
In fairness, that doesnt seem unlike the sort of content you see on Facebook today. Compare this to what Zuckerberg [wrote](https://about.fb.com/news/2021/10/founders-letter/) in his 2021 Founders Letter:
> “In this future, you will be able to teleport instantly as a hologram to be at the office without a commute, at a concert with friends, or in your parents living room to catch up. This will open up more opportunity no matter where you live. Youll be able to spend more time on what matters to you, cut down time in traffic, and reduce your carbon footprint.”
The similarities are uncanny.
This wouldnt be the first time that Facebook has been described as dystopian. One *Mashable* article [called](https://mashable.com/article/facebook-dystopia) the social media giant Orwellian and Huxleyan at the same time. Quite a feat.
The Facebook Papers have some pretty shocking-though not entirely surprising-revelations as well. The leaked documents demonstrate the extent to which Facebook values engagement above all else (including a good experience). For instance, we learnt that the algorithm is [optimised](https://www.wired.com/story/facebook-transparency-biggest-sites-pages-links/) for low quality content, [prioritises](https://www.washingtonpost.com/technology/2021/10/26/facebook-angry-emoji-algorithm/) rage over happiness for profit, and [promotes](https://www.theatlantic.com/ideas/archive/2021/10/facebook-papers-democracy-election-zuckerberg/620478/) extremist content. Most alarming was that the firm [failed](https://apnews.com/article/the-facebook-papers-covid-vaccine-misinformation-c8bbc569be7cc2ca583dadb4236a0613) to reduce disinformation during the pandemic even when given the opportunity. Zuckerberg said no to this, presumably because it would reduce engagement and, in turn, Facebooks advertising revenue.
Lets not forget all Facebooks previous scandals. From the Cambridge Analytica kerfuffle to [conducting](https://www.theregister.com/2014/06/29/researchers_mess_with_facebook_users_emotions/) manipulative social experiments in secret.
In light of this, the name change makes sense. It deceives you into thinking the company has evolved into a benevolent corporation, when it simply hasnt. Zuckerberg would much prefer you to think about Meta as a playful universe where you can meet with friends across the globe in virtual reality. Where humans train themselves to sound like heavily discounted robots. Where Facebook is not a Horrid Company.
Despite all this: Meta *is* Facebook, just worse. It doesnt matter about the new name, the company has not changed. It will still be violating our privacy, daily, on an unprecedented scale. It will still be as reliably scandalous as a Carry On film. It will still be terrible. Plus it will have all the added claptrap of a sub-par holographic universe attached.

29
blog/posts/warning-about-signal-proxies.md Normal file
View File

@ -0,0 +1,29 @@
---
date:
created: 2022-10-15
categories:
- News
authors:
- jonah
tags:
- PSA
- Signal
- Instant Messengers
links:
- Signal Configuration Guide: https://www.privacyguides.org/real-time-communication/signal-configuration-hardening/
- Real-Time Communication: https://www.privacyguides.org/real-time-communication/
license: BY-SA
---
# A Warning About Signal Proxies in Iran and Other Oppressive Countries
People looking to use [Signal Proxies](https://www.signal.org/blog/run-a-proxy/) to bypass censorship programs should be aware of a number of issues with Signals current proxy implementation. Currently, Signal does not tunnel all application traffic through the specified proxy, which means authorities could still track people using Signal.<!-- more -->
[This has been an issue since TLS proxies were added and has not yet been fixed](https://community.signalusers.org/t/traffic-not-routed-to-tls-proxies-can-expose-users-to-censors/27479):
> The latest version of the Android app (v5.3.12 at this time) fails to route all the traffic to the TLS proxy. There are DNS leaks in the app, and its trivial for the censors to learn what IP addresses are connecting to Signal. [...]
>
> When the app connects to the Signal server, it first looks up the IP of the Signal servers via DNS, and immediately after, it resolves the IP of the TLS proxy, also with DNS. This is an unexpected behavior that allows the censors to discover proxies by only monitoring the DNS traffic. [...]
There are also a number of other problems with their TLS proxies (such as [outdated dependencies](https://privsec.dev/apps/update-your-signal-tls-proxy/)) which have not been resolved.
Currently, we believe Signals TLS Proxies are an incomplete solution to the problems they try to solve. Instead, we recommend using Orbot in conjunction with Molly, an alternative Signal client which natively supports SOCKS proxies, to fully tunnel your Signal traffic over the Tor network. For more information please check out our [Signal configuration guide](https://www.privacyguides.org/real-time-communication/signal-configuration-hardening/).

70
blog/posts/welcome-to-privacy-guides.md Normal file
View File

@ -0,0 +1,70 @@
---
date:
created: 2021-09-14
categories:
- Announcements
authors:
- jonah
- dngray
- freddy-m
links:
- 'About Privacy Guides': "https://www.privacyguides.org/about/"
- posts/weve-joined-the-open-collective-foundation.md
tags:
- Privacy Guides
license: CC0
---
# Welcome to Privacy Guides
![Privacy Guides cover image](../assets/brand/images/png/cover.png)
We are excited to announce the launch of [Privacy Guides](https://www.privacyguides.org/) and [r/PrivacyGuides](https://www.reddit.com/r/PrivacyGuides/), and welcome the privacy community to participate in our crowdsourced software recommendations and share tips and tricks for keeping your data safe online. Our goal is to be a central resource for privacy and security-related tips that are usable by anybody, and to carry on the trusted legacy of PrivacyTools.<!-- more -->
As we [announced](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/) on the PrivacyTools blog in July, we made the decision to migrate off our former privacytools.io domain for various reasons, including an inability to contact the current domain holder for over a year and [growing](http://www.thedarksideof.io/) [issues](https://fortune.com/2020/08/31/crypto-fraud-io-domain-chagos-islands-uk-colonialism-cryptocurrency/) [with the .IO top-level domain](https://code.privacyguides.dev/privacyguides/privacytools.io/issues/1324). As attempts to regain ownership of the domain have proven fruitless, we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to [www.privacyguides.org](https://www.privacyguides.org/), and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc.
We chose the name Privacy Guides because it represents two things for us as an organization: An expansion beyond simple recommendation lists, and a goal of acting as the trusted guides to anyone newly learning about protecting their personal data.
As a name, it moves us past recommendations of various tools and focuses us more on the bigger picture. We want to provide more *education*rather than *direction*surrounding privacy-related topics. You can see the very beginnings of this work in our new page on [threat modeling](https://www.privacyguides.org/basics/threat-modeling/), or our [VPN](https://www.privacyguides.org/vpn) and [Email Provider](https://www.privacyguides.org/email) recommendations, but this is just the start of what we eventually hope to accomplish.
## Website Development
Our project has always been community-oriented and open-sourced. The source code for PrivacyTools is currently archived at [https://code.privacyguides.dev/privacyguides/privacytools.io](https://code.privacyguides.dev/privacyguides/privacytools.io). This repository will remain online as an archive of everything on PrivacyTools up to this transition.
The source code for our new website is available at [https://github.com/privacyguides/privacyguides.org](https://github.com/privacyguides/privacyguides.org). All updates from PrivacyTools have been merged into this new repository, and this is where all future work will take place.
## Services
PrivacyTools also runs a number of online services in use by many users. Some of these services are federated, namely Mastodon, Matrix, and PeerTube. Due to the technical nature of federation, it is impossible for us to change the domain name on these services, and because we cannot guarantee the future of the privacytools.io domain name we will be shutting down these services in the coming months.
We strongly urge users of these services to migrate to alternative providers in the near future. We hope that we will be able to provide enough time to make this as seamless of a transition as possible for our users.
At this time we do not plan on launching public Matrix, Mastodon, or PeerTube instances under the Privacy Guides domain. Any users affected by this transition can get in touch with [@jonah:aragon.sh](https://matrix.to/#/@jonah:aragon.sh) on Matrix if any assistance is needed.
Other services being operated by PrivacyTools currently will be discontinued. This includes Searx, WriteFreely, and GhostBin.
Our future direction for online services is uncertain, but will be a longer-term discussion within our community after our work is complete on this initial transition. We are very aware that whatever direction we move from here will have to be done in a way that is sustainable in the very long term.
## r/PrivacyGuides
PrivacyTools has a sizable community on Reddit, but to ensure a unified image we have created a new Subreddit at [r/PrivacyGuides](https://www.reddit.com/r/PrivacyGuides/) that we encourage all Reddit users to join.
In the coming weeks our current plan is to wind down discussions on r/privacytoolsIO. We will be opening r/PrivacyGuides to lots of the discussions most people are used to shortly, but encouraging general “privacy news” or headline-type posts to be posted on [r/Privacy](https://www.reddit.com/r/privacy/) instead. In our eyes, r/Privacy is the “who/what/when/where” of the privacy community on Reddit, the best place to find the latest news and information; while r/PrivacyGuides is the “how”: a place to share and discuss tools, tips, tricks, and other advice. We think focusing on these strong points will serve to strengthen both communities, and we hope the good moderators of r/Privacy agree.
## Final Thoughts
The former active team at PrivacyTools universally agrees on this direction towards Privacy Guides, and will be working exclusively on Privacy Guides rather than any “PrivacyTools” related projects. We intend to redirect PriavcyTools to new Privacy Guides properties for as long as possible, and archive existing PrivacyTools work as a pre-transition snapshot.
Privacy Guides additionally welcomes back PrivacyTools former sysadmin [Jonah](https://twitter.com/JonahAragon), who will be joining the projects leadership team.
We are not accepting sponsorships or donations at this time, while we work out our financial plan. We will be in touch with existing sponsors on PrivacyTools OpenCollective to determine what the best way forward is soon.
We are all very excited about this new brand and direction, and hope to have your continued support through all of this. If you have any questions, concerns, or suggestions, please reach out to us. We are always happy to receive guidance and input from our community! ❤
---
***Privacy Guides*** *is a socially motivated website that provides information for protecting your data security and privacy.*
- [Join r/PrivacyGuides on Reddit](https://www.reddit.com/r/privacyguides)
- [Follow @privacy_guides on Twitter](https://twitter.com/privacy_guides)
- [Collaborate with us on GitHub](https://github.com/privacyguides/privacyguides.org)
- [Join our chat on Matrix](https://matrix.to/#/#privacyguides:aragon.sh)

28
blog/posts/weve-joined-the-open-collective-foundation.md Normal file
View File

@ -0,0 +1,28 @@
---
date:
created: 2019-10-31
categories:
- Announcements
authors:
- jonah
links:
- posts/welcome-to-privacy-guides.md
tags:
- Privacy Guides
license: CC0
---
# We've Joined the Open Collective Foundation 501(c)(3)
![Privacy Guides cover image](../assets/brand/images/png/cover.png)
[Privacy Guides](https://www.privacyguides.org) provides knowledge, recommendations, and services to protect you against global mass surveillance programs and encourage self-control of your data online. Our website is free of advertisements and is not affiliated with any listed providers, because we believe that our ability to recommend solutions without receiving financial kickbacks is incredibly important in remaining unbiased.<!-- more -->
However, we have always accepted and solicited financial contributions from our community. Running this network of websites and services for free to the public is a time-consuming and costly endeavor. We do it because we believe it is the right thing to do, not because we are looking to make a profit. Any contributions have been either used to pay our expenses or saved in a reserve for expansion or times of need.
Today we are building on our transparency efforts by joining OpenCollective, a platform which will allow us to accept contributions and create expenses completely transparently. We are being sponsored by a fiscal host, the Open Collective Foundation, a nonprofit organization whose mission is to promote access to educational resources like ours.
The Open Collective Foundation is a 501(c)(3) organization that is collecting these contributions on our behalf. Because of this, contributions to Privacy Guides through OpenCollective are **tax-deductible** for US taxpayers.
Your support of this project will help us keep our servers running and pay for other various expenses accrued by the team while developing this community platform. We do not operate Privacy Guides for personal profit, and all funds will be used to further our mission in one form or another.
Please consider contributing at [opencollective.com/privacyguides](https://opencollective.com/privacyguides) if you like what we do.

44
blog/posts/why-i-run-a-tor-relay.md Normal file
View File

@ -0,0 +1,44 @@
---
date:
created: 2020-05-04
categories:
- Opinion
authors:
- sam-howell
links:
- 'Tor Network<br><small>Relays and Bridges</small>': https://www.privacyguides.org/tor/#relays-and-bridges
tags:
- Tor
- Self-Hosting
license: BY-SA
---
# Why I Decided to Run a Tor Relay
![Tor graphic](../assets/images/why-i-run-a-tor-relay/cover.png)
It makes me smile when I come across someone struggling with the decision of whether to get a [VPN](https://www.privacyguides.org/vpn/). It makes me smile not because of the indecision and relative lack of knowledge, but because it wasn't so long ago I was in exactly the same position—perceiving VPNs to be some kind of extreme measure only the paranoid and the criminal resorted to. How wrong I was.<!-- more -->
In just a few months I've come to realize that something like a VPN is in fact a basic measure one might take in the effort to more freely roam the Internet—tainted as it is by censorship, surveillance and many other forms of state control. So where do you go from realizing these issues if you know them to be the threats that they are to democracy and freedom? You seek to *take control*.
You discover the [Tor Project](https://www.torproject.org/)—or rather, you learn more about a network that's been around for years and for years has suffered the type of reputation which only blinds everyday people from its incredible potential for positive change in numerous oppressed countries around the world.
At the time of writing there are over 6,300 Tor relays, and I like to think this number will continue to grow steadily. Each one—no matter its uptime, bandwidth or overall reputation, or whether its a Guard, Middle or Exit—each one is the direct result of an individual deciding to sacrifice money, time and effort for the cause of fighting for a freer Internet: enabling millions of users—journalists, bloggers, whistleblowers, activists and everyday people like you and I—to communicate anonymously, and therefore safely, wherever we are in the world.
Like many others, at first I was unsure about running my own relay. The usual doubts and questions arose: surely it's too difficult; I dont know much about servers, and its surely expensive and beyond my skill-set to configure one as a Tor relay. But then I watched this talk ([Invidious Link](https://invidious.privacyguides.net/watch?v=Wl5OQz0Ko8c), [YouTube Link](https://youtube.com/watch?v=Wl5OQz0Ko8c)) by the articulate, intelligent and passionate Tor Project developer Jacob Appelbaum (if you do nothing else today, watch it).
Jacob couldnt have made a better case for direct action, requesting of the audience:
> Raise your hand if you think anonymity is something that is good, and you think is a fundamental human right that we should all have...
> Now raise your hand if you want to do something about it...
> Now keep your hand up if youre going to run a Tor relay...
> Everybody that put your hand down, why arent you running a Tor relay? You can do something about it right now.
And this is when it struck me, as I hope it struck many others at that talk: Am I doing enough? Can I claim to take this subject seriously if Im not willing to invest the effort to really *be a part* of the solution? Not simply to donate money—which of course is still a great way to contribute—but to truly, technologically support the Tor network.
It struck me that I have enough money, time and access to the right information to run my own relay. So it begged the question: Why *wouldnt* I?
At the time of writing my relay has been flagged valid, running and fast and is on track to have relayed around 750GB by the end of the month. It feels good. It feels really good.
---
*Sam is an elearning designer and privacy advocate interested in free (libre) software and how it can protect civil liberties. This article was [originally published](https://web.archive.org/web/20200508115203/https://samhowell.uk/dark/blog/blog-Tor_Relay.html) on my personal blog at [samhowell.uk](https://samhowell.uk), on February 15th, 2019.*

3
blog/tags.md Normal file
View File

@ -0,0 +1,3 @@
# Tag Index
<!-- material/tags -->

2
includes/strings.en.env
View File

@ -26,7 +26,7 @@ HOMEPAGE_BUTTON_TOOLS_TITLE="Recommended privacy tools, services, and knowledge"
NAV_ABOUT="About"
NAV_ADVANCED="Advanced"
NAV_ADVANCED_TOPICS="Advanced Topics"
NAV_BLOG="Blog"
NAV_BLOG="Articles"
NAV_CHANGELOG="Changelog"
NAV_CODE_OF_CONDUCT="Code of Conduct"
NAV_COMMUNITY="Community"

219
mkdocs.blog.yml Normal file
View File

@ -0,0 +1,219 @@
# Copyright (c) 2022-2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
docs_dir: "blog"
site_url: "https://www.privacyguides.org/articles/"
site_dir: "site/articles"
site_name: Privacy Guides
site_description: "Privacy Guides is your central privacy and security resource to protect yourself online."
edit_uri_template: blob/main/blog/{path}?plain=1
extra:
privacy_guides:
footer:
intro:
!ENV [
FOOTER_INTRO,
"Privacy Guides is a non-profit, socially motivated website that provides information for protecting your data security and privacy.",
]
note:
!ENV [
FOOTER_NOTE,
"We do not make money from recommending certain products, and we do not use affiliate links.",
]
copyright:
author:
!ENV [FOOTER_COPYRIGHT_AUTHOR, "Privacy Guides and contributors."]
date: !ENV [FOOTER_COPYRIGHT_DATE, "2019-2024"]
license:
- fontawesome/brands/creative-commons
- fontawesome/brands/creative-commons-by
- fontawesome/brands/creative-commons-sa
homepage: https://www.privacyguides.org/en/
generator: false
context: !ENV [BUILD_CONTEXT, "production"]
offline: !ENV [BUILD_OFFLINE, false]
deploy: !ENV DEPLOY_ID
social:
- icon: simple/mastodon
link: https://mastodon.neat.computer/@privacyguides
name: !ENV [SOCIAL_MASTODON, "Mastodon"]
- icon: simple/matrix
link: https://matrix.to/#/#privacyguides:matrix.org
name: !ENV [SOCIAL_MATRIX, "Matrix"]
- icon: simple/discourse
link: https://discuss.privacyguides.net/
name: !ENV [SOCIAL_FORUM, "Forum"]
- icon: simple/github
link: https://github.com/privacyguides
name: !ENV [SOCIAL_GITHUB, "GitHub"]
- icon: simple/torbrowser
link: http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion/posts/
name: !ENV [SOCIAL_TOR_SITE, "Hidden service"]
repo_url:
!ENV [BUILD_REPO_URL, "https://github.com/privacyguides/privacyguides.org"]
repo_name: ""
theme:
name: material
language: en
custom_dir: theme
font:
text: Public Sans
code: DM Mono
palette:
- media: "(prefers-color-scheme)"
scheme: default
accent: deep purple
toggle:
icon: material/brightness-auto
name: !ENV [THEME_DARK, "Switch to dark mode"]
- media: "(prefers-color-scheme: dark)"
scheme: slate
accent: amber
toggle:
icon: material/brightness-2
name: !ENV [THEME_LIGHT, "Switch to light mode"]
- media: "(prefers-color-scheme: light)"
scheme: default
accent: deep purple
toggle:
icon: material/brightness-5
name: !ENV [THEME_AUTO, "Switch to system theme"]
favicon: assets/brand/logos/png/favicon-32x32.png
icon:
repo: simple/github
features:
- announce.dismiss
- navigation.tracking
- navigation.tabs
- navigation.sections
- navigation.expand
- navigation.path
- navigation.indexes
- navigation.footer
- content.action.edit
- content.tabs.link
- content.tooltips
- search.highlight
extra_css:
- assets/stylesheets/extra.css?v=20240802
watch:
- theme
- includes
plugins:
blog:
blog_dir: .
blog_toc: true
post_url_format: "{date}/{file}"
authors_profiles: true
authors_profiles_toc: true
categories_allowed:
- Announcements
- Opinion
- Tutorials
- News
- Reviews
rss:
match_path: posts/.*
abstract_chars_count: -1
date_from_meta:
as_creation: date.created
as_update: date.updated
categories:
- categories
- tags
tags: {}
search: {}
privacy:
enabled: !ENV [BUILD_PRIVACY, true]
offline:
enabled: !ENV [BUILD_OFFLINE, false]
group:
enabled: !ENV [BUILD_INSIDERS, true]
plugins:
macros: {}
meta: {}
optimize:
enabled: !ENV [OPTIMIZE, PRODUCTION, NETLIFY, false]
typeset: {}
social:
cards: !ENV [CARDS, true]
cards_dir: assets/img/social
cards_layout_dir: theme/layouts
cards_layout: page
markdown_extensions:
admonition: {}
pymdownx.details: {}
pymdownx.superfences:
custom_fences:
- name: mermaid
class: mermaid
format: !!python/name:pymdownx.superfences.fence_code_format
pymdownx.tabbed:
alternate_style: true
pymdownx.arithmatex:
generic: true
pymdownx.critic: {}
pymdownx.caret: {}
pymdownx.keys: {}
pymdownx.mark: {}
pymdownx.tilde: {}
pymdownx.snippets:
auto_append:
- !ENV [BUILD_ABBREVIATIONS, "includes/abbreviations.en.txt"]
pymdownx.tasklist:
custom_checkbox: true
attr_list: {}
def_list: {}
md_in_html: {}
meta: {}
abbr: {}
pymdownx.emoji:
emoji_index: !!python/name:material.extensions.emoji.twemoji
emoji_generator: !!python/name:material.extensions.emoji.to_svg
tables: {}
footnotes: {}
toc:
permalink: true
toc_depth: 4
nav:
- !ENV [NAV_HOME, "Home"]: /en/
- !ENV [NAV_KNOWLEDGE_BASE, "Knowledge Base"]: /en/basics/why-privacy-matters/
- !ENV [NAV_RECOMMENDATIONS, "Recommendations"]: /en/tools/
- !ENV [NAV_BLOG, "Articles"]:
- index.md
- tags.md
- !ENV [NAV_ABOUT, "About"]: /en/about/
- "Donate": /en/about/donate/
- !ENV [NAV_CHANGELOG, "Changelog"]:
"https://github.com/privacyguides/privacyguides.org/releases"
- !ENV [NAV_FORUM, "Forum"]: "https://discuss.privacyguides.net/"
validation:
nav:
not_found: info

2
mkdocs.yml
View File

@ -438,6 +438,7 @@ nav:
- !ENV [NAV_ADVANCED, "Advanced"]:
- "alternative-networks.md"
- "device-integrity.md"
- !ENV [NAV_BLOG, "Articles"]: "/articles/"
- !ENV [NAV_ABOUT, "About"]:
- "about.md"
- "about/donate.md"
@ -464,7 +465,6 @@ nav:
- !ENV [NAV_CHANGELOG, "Changelog"]:
"https://github.com/privacyguides/privacyguides.org/releases"
- !ENV [NAV_FORUM, "Forum"]: "https://discuss.privacyguides.net/"
- !ENV [NAV_BLOG, "Blog"]: "https://blog.privacyguides.org/"
validation:
nav: