From a15754a9ef27ef72ca60751b6b0f1b1fe956f8dd Mon Sep 17 00:00:00 2001 From: redoomed1 <161974310+redoomed1@users.noreply.github.com> Date: Thu, 24 Oct 2024 05:19:08 +0000 Subject: [PATCH] feat: Add remaining threat model labels (#2775) Signed-off-by: kimg45 <138676274+kimg45@users.noreply.github.com> Signed-off-by: Daniel Gray --- docs/android/general-apps.md | 9 ++++++++- docs/data-redaction.md | 4 ++++ docs/desktop.md | 20 +++++++++++++++----- docs/financial-services.md | 12 +++++++++++- docs/language-tools.md | 4 +--- docs/office-suites.md | 4 ++++ docs/pastebins.md | 4 ++++ docs/router.md | 7 ++++++- docs/search-engines.md | 4 ++++ docs/tools.md | 9 --------- 10 files changed, 57 insertions(+), 20 deletions(-) diff --git a/docs/android/general-apps.md b/docs/android/general-apps.md index 74a5bc71..dc1ec989 100644 --- a/docs/android/general-apps.md +++ b/docs/android/general-apps.md @@ -27,6 +27,10 @@ schema: operatingSystem: Android robots: nofollow, max-snippet:-1, max-image-preview:large --- +Protects against the following threat(s): + +- [:material-bug-outline: Passive Attacks](../basics/common-threats.md#security-and-privacy){ .pg-orange } + We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality. ### Shelter @@ -58,6 +62,10 @@ Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) a ### Secure Camera +Protects against the following threat(s): + +- [:material-account-search: Public Exposure](../basics/common-threats.md#limiting-public-information){ .pg-green } +
![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right } @@ -101,7 +109,6 @@ The image orientation metadata is not deleted. If you enable location (in Secure Protects against the following threat(s): - [:material-target-account: Targeted Attacks](../basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } -- [:material-bug-outline: Passive Attacks](../basics/common-threats.md#security-and-privacy){ .pg-orange }
diff --git a/docs/data-redaction.md b/docs/data-redaction.md index bcef3d72..be95c11f 100644 --- a/docs/data-redaction.md +++ b/docs/data-redaction.md @@ -5,6 +5,10 @@ icon: material/tag-remove description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. cover: data-redaction.webp --- +Protects against the following threat(s): + +- [:material-account-search: Public Exposure](basics/common-threats.md#limiting-public-information){ .pg-green } + When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. ## Desktop diff --git a/docs/desktop.md b/docs/desktop.md index 583f1759..74f56a74 100644 --- a/docs/desktop.md +++ b/docs/desktop.md @@ -4,6 +4,10 @@ icon: simple/linux description: Linux distributions are commonly recommended for privacy protection and software freedom. cover: desktop.webp --- +Protects against the following threat(s): + +- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown } + Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. - [General Linux Overview :material-arrow-right-drop-circle:](os/linux-overview.md) @@ -68,7 +72,7 @@ Arch Linux has a rolling release cycle. There is no fixed release schedule and p Being a DIY distribution, you are [expected to set up and maintain](os/linux-overview.md#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier. -A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org) are [reproducible](https://reproducible-builds.org). +A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org) are [reproducible](https://reproducible-builds.org)[^1]. ## Atomic Distributions @@ -124,7 +128,7 @@ The Nix package manager uses a purely functional language—which is also called [Nixpkgs](https://github.com/nixos/nixpkgs) (the main source of packages) are contained in a single GitHub repository. You can also define your own packages in the same language and then easily include them in your config. -Nix is a source-based package manager; if there’s no pre-built available in the binary cache, Nix will just build the package from source using its definition. It builds each package in a sandboxed *pure* environment, which is as independent of the host system as possible. Binaries built with this method are reproducible, which can be useful as a safeguard against [:material-package-variant-closed-remove: Supply Chain Attacks](basics/common-threats.md#attacks-against-certain-organizations){ .pg-viridian }. +Nix is a source-based package manager; if there’s no pre-built available in the binary cache, Nix will just build the package from source using its definition. It builds each package in a sandboxed *pure* environment, which is as independent of the host system as possible. Binaries built with this method are reproducible[^1]. ## Anonymity-Focused Distributions @@ -134,7 +138,7 @@ Nix is a source-based package manager; if there’s no pre-built available in th ![Whonix logo](assets/img/linux-desktop/whonix.svg){ align=right } -**Whonix** is based on [Kicksecure](#kicksecure), a security-focused fork of Debian. It aims to provide privacy, security, and anonymity on the internet. Whonix is best used in conjunction with [Qubes OS](#qubes-os). +**Whonix** is based on [Kicksecure](#kicksecure), a security-focused fork of Debian. It aims to provide privacy, security, and [:material-incognito: Anonymity](basics/common-threats.md#anonymity-vs-privacy){ .pg-purple } on the internet. Whonix is best used in conjunction with [Qubes OS](#qubes-os). [:octicons-home-16: Homepage](https://whonix.org){ .md-button .md-button--primary } [:simple-torbrowser:](http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion){ .card-link title="Onion Service" } @@ -157,7 +161,7 @@ Whonix is best used [in conjunction with Qubes](https://whonix.org/wiki/Qubes/Wh ![Tails logo](assets/img/linux-desktop/tails.svg){ align=right } -**Tails** is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses [Tor](tor.md) to preserve privacy and anonymity while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off. +**Tails** is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses [Tor](tor.md) to preserve privacy and [:material-incognito: Anonymity](basics/common-threats.md#anonymity-vs-privacy){ .pg-purple } while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off. [:octicons-home-16: Homepage](https://tails.net){ .md-button .md-button--primary } [:octicons-info-16:](https://tails.net/doc/index.en.html){ .card-link title=Documentation} @@ -182,6 +186,10 @@ By design, Tails is meant to completely reset itself after each reboot. Encrypte ## Security-focused Distributions +Protects against the following threat(s): + +- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange } + ### Qubes OS
@@ -201,7 +209,7 @@ By design, Tails is meant to completely reset itself after each reboot. Encrypte
-Qubes OS secures the computer by isolating subsystems (e.g., networking, USB, etc.) and applications in separate *qubes*. Should one part of the system be compromised, the extra isolation is likely to protect the rest of the *qubes* and the core system. +Qubes OS secures the computer by isolating subsystems (e.g., networking, USB, etc.) and applications in separate *qubes*. Should one part of the system be compromised via an exploit in a [:material-target-account: Targeted Attack](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }, the extra isolation is likely to protect the rest of the *qubes* and the core system. For further information about how Qubes works, read our full [Qubes OS overview](os/qubes-overview.md) page. @@ -241,3 +249,5 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Maintaining an operating system is a major challenge, and smaller projects have a tendency to make more avoidable mistakes, or delay critical updates (or worse, disappear entirely). We lean towards projects which will likely be around 10 years from now (whether that's due to corporate backing or very significant community support), and away from projects which are hand-built or have a small number of maintainers. In addition, [our standard criteria](about/criteria.md) for recommended projects still applies. **Please note we are not affiliated with any of the projects we recommend.** + +[^1]: Reproducibility entails the ability to verify that packages and binaries made available to the end user match the source code, which can be useful against potential [:material-package-variant-closed-remove: Supply Chain Attacks](basics/common-threats.md#attacks-against-certain-organizations){ .pg-viridian }. diff --git a/docs/financial-services.md b/docs/financial-services.md index 1c1d4f10..b0fc6e02 100644 --- a/docs/financial-services.md +++ b/docs/financial-services.md @@ -4,6 +4,9 @@ icon: material/bank cover: financial-services.webp description: These services can assist you in protecting your privacy from merchants and other trackers, which is one of the biggest challenges to privacy today. --- +Protects against the following threat(s): + +- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown } Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: @@ -11,6 +14,10 @@ Making payments online is one of the biggest challenges to privacy. These servic ## Payment Masking Services +Protects against the following threat(s): + +- [:material-account-search: Public Exposure](basics/common-threats.md#limiting-public-information){ .pg-green } + There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously.
@@ -67,6 +74,10 @@ MySudo's virtual cards are currently only available via their iOS app. ## Gift Card Marketplaces +Protects against the following threat(s): + +- [:material-eye-outline: Mass Surveillance](basics/common-threats.md#mass-surveillance-programs){ .pg-blue } + These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, with significantly higher limits for ID verified accounts (if offered). ### Coincards @@ -85,7 +96,6 @@ These services allow you to purchase gift cards for a variety of merchants onlin
- ### Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/docs/language-tools.md b/docs/language-tools.md index 28b4e222..13450410 100644 --- a/docs/language-tools.md +++ b/docs/language-tools.md @@ -7,11 +7,9 @@ cover: language-tools.webp Protects against the following threat(s): - [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } -- [:material-eye-outline: Mass Surveillance](basics/common-threats.md#mass-surveillance-programs){ .pg-blue } - [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown } -- [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray } -Text inputted to grammar, spelling, and style checkers, as well as translation services, can contain sensitive information which may be stored on their servers for an indefinite amount of time. The language tools listed on this page do not send your submitted text to a server, and can be self-hosted and used offline for maximum control of your data. +Text inputted to grammar, spelling, and style checkers, as well as translation services, can contain sensitive information which may be stored on their servers for an indefinite amount of time and sold to third parties. The language tools listed on this page do not send your submitted text to a server, and can be self-hosted and used offline for maximum control of your data. ## LanguageTool diff --git a/docs/office-suites.md b/docs/office-suites.md index f4198721..4d769922 100644 --- a/docs/office-suites.md +++ b/docs/office-suites.md @@ -4,6 +4,10 @@ icon: material/file-edit-outline description: These office suites offer their full functionality without an account and can be used offline. cover: office-suites.webp --- +Protects against the following threat(s): + +- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } + Choose an **office suite** that does not require logging in to an account to access its full functionality. The tools listed here can be used offline and could reasonably act as a replacement for Microsoft Office for most needs. ## LibreOffice diff --git a/docs/pastebins.md b/docs/pastebins.md index 05ce1f57..90a59e7e 100644 --- a/docs/pastebins.md +++ b/docs/pastebins.md @@ -4,6 +4,10 @@ icon: material/content-paste description: These tools allow you to have full control of any pasted data you share to other parties. cover: pastebins.webp --- +Protects against the following threat(s): + +- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } + [**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste. ## PrivateBin diff --git a/docs/router.md b/docs/router.md index aae65334..65827acb 100644 --- a/docs/router.md +++ b/docs/router.md @@ -4,7 +4,12 @@ icon: material/router-wireless description: Alternative operating systems for securing your router or Wi-Fi access point. cover: router.webp --- -Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc. +Protects against the following threat(s): + +- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown } +- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange } + +Below are a few alternative operating systems that can be used on routers, Wi-Fi access points, etc. ## OpenWrt diff --git a/docs/search-engines.md b/docs/search-engines.md index 1ad19e69..9e48a9ac 100644 --- a/docs/search-engines.md +++ b/docs/search-engines.md @@ -7,6 +7,10 @@ cover: search-engines.webp global: - [randomize-element, "table tbody"] --- +Protects against the following threat(s): + +- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown } + Use a **search engine** that doesn't build an advertising profile based on your searches. ## Recommended Providers diff --git a/docs/tools.md b/docs/tools.md index 2d936cbc..8bc69698 100644 --- a/docs/tools.md +++ b/docs/tools.md @@ -37,15 +37,6 @@ For more details about each project, why they were chosen, and additional tips o
-
-

Threat Model Labels

- -You may find any of the following icons on some of the recommendation pages: :material-incognito: :material-target-account: :material-package-variant-closed-remove: :material-bug-outline: :material-server-network: :material-eye-outline: :material-account-cash: :material-account-search: :material-close-outline: - -We are testing a new feature that allows readers to better identify and understand the kinds of threats that privacy tools best defend against. Let us know what you think about this feature by replying to this dedicated forum [thread](https://discuss.privacyguides.net/t/implement-threat-model-labels/18659)! - -
- ## Private Web Browsers