feat: Add remaining threat model labels (#2775)

Signed-off-by: kimg45 <138676274+kimg45@users.noreply.github.com>
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
This commit is contained in:
redoomed1 2024-10-24 05:19:08 +00:00 committed by Daniel Gray
parent 321d14b66d
commit a15754a9ef
No known key found for this signature in database
GPG Key ID: 41911F722B0F9AE3
10 changed files with 57 additions and 20 deletions

View File

@ -27,6 +27,10 @@ schema:
operatingSystem: Android
robots: nofollow, max-snippet:-1, max-image-preview:large
---
<small>Protects against the following threat(s):</small>
- [:material-bug-outline: Passive Attacks](../basics/common-threats.md#security-and-privacy){ .pg-orange }
We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
### Shelter
@ -58,6 +62,10 @@ Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) a
### Secure Camera
<small>Protects against the following threat(s):</small>
- [:material-account-search: Public Exposure](../basics/common-threats.md#limiting-public-information){ .pg-green }
<div class="admonition recommendation" markdown>
![Secure camera logo](../assets/img/android/secure_camera.svg#only-light){ align=right }
@ -101,7 +109,6 @@ The image orientation metadata is not deleted. If you enable location (in Secure
<small>Protects against the following threat(s):</small>
- [:material-target-account: Targeted Attacks](../basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](../basics/common-threats.md#security-and-privacy){ .pg-orange }
<div class="admonition recommendation" markdown>

View File

@ -5,6 +5,10 @@ icon: material/tag-remove
description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share.
cover: data-redaction.webp
---
<small>Protects against the following threat(s):</small>
- [:material-account-search: Public Exposure](basics/common-threats.md#limiting-public-information){ .pg-green }
When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata.
## Desktop

View File

@ -4,6 +4,10 @@ icon: simple/linux
description: Linux distributions are commonly recommended for privacy protection and software freedom.
cover: desktop.webp
---
<small>Protects against the following threat(s):</small>
- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions.
- [General Linux Overview :material-arrow-right-drop-circle:](os/linux-overview.md)
@ -68,7 +72,7 @@ Arch Linux has a rolling release cycle. There is no fixed release schedule and p
Being a DIY distribution, you are [expected to set up and maintain](os/linux-overview.md#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
A large portion of [Arch Linuxs packages](https://reproducible.archlinux.org) are [reproducible](https://reproducible-builds.org).
A large portion of [Arch Linuxs packages](https://reproducible.archlinux.org) are [reproducible](https://reproducible-builds.org)[^1].
## Atomic Distributions
@ -124,7 +128,7 @@ The Nix package manager uses a purely functional language—which is also called
[Nixpkgs](https://github.com/nixos/nixpkgs) (the main source of packages) are contained in a single GitHub repository. You can also define your own packages in the same language and then easily include them in your config.
Nix is a source-based package manager; if theres no pre-built available in the binary cache, Nix will just build the package from source using its definition. It builds each package in a sandboxed *pure* environment, which is as independent of the host system as possible. Binaries built with this method are reproducible, which can be useful as a safeguard against [:material-package-variant-closed-remove: Supply Chain Attacks](basics/common-threats.md#attacks-against-certain-organizations){ .pg-viridian }.
Nix is a source-based package manager; if theres no pre-built available in the binary cache, Nix will just build the package from source using its definition. It builds each package in a sandboxed *pure* environment, which is as independent of the host system as possible. Binaries built with this method are reproducible[^1].
## Anonymity-Focused Distributions
@ -134,7 +138,7 @@ Nix is a source-based package manager; if theres no pre-built available in th
![Whonix logo](assets/img/linux-desktop/whonix.svg){ align=right }
**Whonix** is based on [Kicksecure](#kicksecure), a security-focused fork of Debian. It aims to provide privacy, security, and anonymity on the internet. Whonix is best used in conjunction with [Qubes OS](#qubes-os).
**Whonix** is based on [Kicksecure](#kicksecure), a security-focused fork of Debian. It aims to provide privacy, security, and [:material-incognito: Anonymity](basics/common-threats.md#anonymity-vs-privacy){ .pg-purple } on the internet. Whonix is best used in conjunction with [Qubes OS](#qubes-os).
[:octicons-home-16: Homepage](https://whonix.org){ .md-button .md-button--primary }
[:simple-torbrowser:](http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion){ .card-link title="Onion Service" }
@ -157,7 +161,7 @@ Whonix is best used [in conjunction with Qubes](https://whonix.org/wiki/Qubes/Wh
![Tails logo](assets/img/linux-desktop/tails.svg){ align=right }
**Tails** is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses [Tor](tor.md) to preserve privacy and anonymity while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off.
**Tails** is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses [Tor](tor.md) to preserve privacy and [:material-incognito: Anonymity](basics/common-threats.md#anonymity-vs-privacy){ .pg-purple } while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off.
[:octicons-home-16: Homepage](https://tails.net){ .md-button .md-button--primary }
[:octicons-info-16:](https://tails.net/doc/index.en.html){ .card-link title=Documentation}
@ -182,6 +186,10 @@ By design, Tails is meant to completely reset itself after each reboot. Encrypte
## Security-focused Distributions
<small>Protects against the following threat(s):</small>
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
### Qubes OS
<div class="admonition recommendation" markdown>
@ -201,7 +209,7 @@ By design, Tails is meant to completely reset itself after each reboot. Encrypte
</div>
Qubes OS secures the computer by isolating subsystems (e.g., networking, USB, etc.) and applications in separate *qubes*. Should one part of the system be compromised, the extra isolation is likely to protect the rest of the *qubes* and the core system.
Qubes OS secures the computer by isolating subsystems (e.g., networking, USB, etc.) and applications in separate *qubes*. Should one part of the system be compromised via an exploit in a [:material-target-account: Targeted Attack](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }, the extra isolation is likely to protect the rest of the *qubes* and the core system.
For further information about how Qubes works, read our full [Qubes OS overview](os/qubes-overview.md) page.
@ -241,3 +249,5 @@ Choosing a Linux distro that is right for you will come down to a huge variety o
- Maintaining an operating system is a major challenge, and smaller projects have a tendency to make more avoidable mistakes, or delay critical updates (or worse, disappear entirely). We lean towards projects which will likely be around 10 years from now (whether that's due to corporate backing or very significant community support), and away from projects which are hand-built or have a small number of maintainers.
In addition, [our standard criteria](about/criteria.md) for recommended projects still applies. **Please note we are not affiliated with any of the projects we recommend.**
[^1]: Reproducibility entails the ability to verify that packages and binaries made available to the end user match the source code, which can be useful against potential [:material-package-variant-closed-remove: Supply Chain Attacks](basics/common-threats.md#attacks-against-certain-organizations){ .pg-viridian }.

View File

@ -4,6 +4,9 @@ icon: material/bank
cover: financial-services.webp
description: These services can assist you in protecting your privacy from merchants and other trackers, which is one of the biggest challenges to privacy today.
---
<small>Protects against the following threat(s):</small>
- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases:
@ -11,6 +14,10 @@ Making payments online is one of the biggest challenges to privacy. These servic
## Payment Masking Services
<small>Protects against the following threat(s):</small>
- [:material-account-search: Public Exposure](basics/common-threats.md#limiting-public-information){ .pg-green }
There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously.
<div class="admonition tip" markdown>
@ -67,6 +74,10 @@ MySudo's virtual cards are currently only available via their iOS app.
## Gift Card Marketplaces
<small>Protects against the following threat(s):</small>
- [:material-eye-outline: Mass Surveillance](basics/common-threats.md#mass-surveillance-programs){ .pg-blue }
These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, with significantly higher limits for ID verified accounts (if offered).
### Coincards
@ -85,7 +96,6 @@ These services allow you to purchase gift cards for a variety of merchants onlin
</div>
<!-- markdownlint-disable-next-line -->
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

View File

@ -7,11 +7,9 @@ cover: language-tools.webp
<small>Protects against the following threat(s):</small>
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
- [:material-eye-outline: Mass Surveillance](basics/common-threats.md#mass-surveillance-programs){ .pg-blue }
- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
- [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }
Text inputted to grammar, spelling, and style checkers, as well as translation services, can contain sensitive information which may be stored on their servers for an indefinite amount of time. The language tools listed on this page do not send your submitted text to a server, and can be self-hosted and used offline for maximum control of your data.
Text inputted to grammar, spelling, and style checkers, as well as translation services, can contain sensitive information which may be stored on their servers for an indefinite amount of time and sold to third parties. The language tools listed on this page do not send your submitted text to a server, and can be self-hosted and used offline for maximum control of your data.
## LanguageTool

View File

@ -4,6 +4,10 @@ icon: material/file-edit-outline
description: These office suites offer their full functionality without an account and can be used offline.
cover: office-suites.webp
---
<small>Protects against the following threat(s):</small>
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
Choose an **office suite** that does not require logging in to an account to access its full functionality. The tools listed here can be used offline and could reasonably act as a replacement for Microsoft Office for most needs.
## LibreOffice

View File

@ -4,6 +4,10 @@ icon: material/content-paste
description: These tools allow you to have full control of any pasted data you share to other parties.
cover: pastebins.webp
---
<small>Protects against the following threat(s):</small>
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
[**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) are online services most commonly used to share large blocks of code in a convenient and efficient manner. The pastebins listed here employ client-side encryption and password protection for pasted content; both of these features prevent the website or server operator from reading or accessing the contents of any paste.
## PrivateBin

View File

@ -4,7 +4,12 @@ icon: material/router-wireless
description: Alternative operating systems for securing your router or Wi-Fi access point.
cover: router.webp
---
Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc.
<small>Protects against the following threat(s):</small>
- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
Below are a few alternative operating systems that can be used on routers, Wi-Fi access points, etc.
## OpenWrt

View File

@ -7,6 +7,10 @@ cover: search-engines.webp
global:
- [randomize-element, "table tbody"]
---
<small>Protects against the following threat(s):</small>
- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
Use a **search engine** that doesn't build an advertising profile based on your searches.
## Recommended Providers

View File

@ -37,15 +37,6 @@ For more details about each project, why they were chosen, and additional tips o
</div>
<div class="admonition example" markdown>
<p class="admonition-title">Threat Model Labels</p>
You may find any of the following icons on some of the recommendation pages: <span class="pg-purple">:material-incognito:</span> <span class="pg-red">:material-target-account:</span> <span class="pg-viridian">:material-package-variant-closed-remove:</span> <span class="pg-orange">:material-bug-outline:</span> <span class="pg-teal">:material-server-network:</span> <span class="pg-blue">:material-eye-outline:</span> <span class="pg-brown">:material-account-cash:</span> <span class="pg-green">:material-account-search:</span> <span class="pg-blue-gray">:material-close-outline:</span>
We are testing a new feature that allows readers to better identify and understand the kinds of threats that privacy tools best defend against. Let us know what you think about this feature by replying to this dedicated forum [thread](https://discuss.privacyguides.net/t/implement-threat-model-labels/18659)!
</div>
## Private Web Browsers
<div class="admonition recommendation" markdown>