diff --git a/docs/alternative-networks.md b/docs/alternative-networks.md index 0cf9a769a5..d15a984f95 100644 --- a/docs/alternative-networks.md +++ b/docs/alternative-networks.md @@ -4,10 +4,15 @@ icon: material/vector-polygon description: These tools allow you to access networks other than the World Wide Web. cover: alternative-networks.webp --- +Protects against the following threat(s): + +- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } +- [:material-eye-outline: Mass Surveillance](basics/common-threats.md#mass-surveillance-programs){ .pg-blue } +- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown } ## Anonymizing Networks -When it comes to anonymizing networks, we want to specially note that [Tor](advanced/tor-overview.md) is our top choice. It is by far the most utilized, robustly studied, and actively developed anonymous network. Using other networks could be more likely to endanger your anonymity, unless you know what you're doing. +When it comes to anonymizing networks, we want to specially note that [Tor](advanced/tor-overview.md) is our top choice. It is by far the most utilized, robustly studied, and actively developed anonymous network. Using other networks could be more likely to endanger your [:material-incognito: Anonymity](basics/common-threats.md#anonymity-vs-privacy){ .pg-purple }, unless you know what you're doing. ### Tor @@ -15,7 +20,7 @@ When it comes to anonymizing networks, we want to specially note that [Tor](adva ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } -The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool. +The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray } circumvention tool. [:octicons-home-16:](https://torproject.org){ .card-link title=Homepage } [:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" } diff --git a/docs/android/distributions.md b/docs/android/distributions.md index 421cd8f3c5..387833636a 100644 --- a/docs/android/distributions.md +++ b/docs/android/distributions.md @@ -31,6 +31,8 @@ schema: "@type": WebPage url: "./" --- +[:material-target-account:](../basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } [:material-bug-outline:](../basics/common-threats.md#security-and-privacy){ .pg-orange } + A **custom Android-based operating system** (often known as a **custom ROM**) is a popular way to achieve higher levels of privacy and security on your device. This is in contrast to the "stock" version of Android which comes with your phone from the factory, and is often deeply integrated with Google Play Services. We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems. diff --git a/docs/android/general-apps.md b/docs/android/general-apps.md index 5858adac3d..7444196e0c 100644 --- a/docs/android/general-apps.md +++ b/docs/android/general-apps.md @@ -94,6 +94,11 @@ The image orientation metadata is not deleted. If you enable location (in Secure ### Secure PDF Viewer +Protects against the following threat(s): + +- [:material-target-account: Targeted Attacks](../basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } +- [:material-bug-outline: Passive Attacks](../basics/common-threats.md#security-and-privacy){ .pg-orange } +
Hardware Keys
diff --git a/docs/notebooks.md b/docs/notebooks.md index 28246a4d2d..9a7058b133 100644 --- a/docs/notebooks.md +++ b/docs/notebooks.md @@ -4,6 +4,9 @@ icon: material/notebook-edit-outline description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. cover: notebooks.webp --- +Protects against the following threat(s): + +- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } Keep track of your notes and journalings without giving them to a third-party. diff --git a/docs/os/ios-overview.md b/docs/os/ios-overview.md index 2fdef159d5..14fe987a2d 100644 --- a/docs/os/ios-overview.md +++ b/docs/os/ios-overview.md @@ -41,7 +41,7 @@ You can also protect your data by limiting what you sync to iCloud in the first A paid **iCloud+** subscription (with any iCloud storage plan) comes with some privacy-protecting functionality. While these may provide adequate service for current iCloud customers, we wouldn't recommend purchasing an iCloud+ plan over a [VPN](../vpn.md) and [standalone email aliasing service](../email-aliasing.md) just for these features alone. -**Private Relay** is a proxy service which relays your Safari traffic through two servers: one owned by Apple and one owned by a third-party provider (including Akamai, Cloudflare, and Fastly). In theory this should prevent any single provider in the chain—including Apple—from having full visibility into which websites you visit while connected. Unlike a full VPN, Private Relay does not protect traffic from your apps outside of Safari. +[**Private Relay**](https://apple.com/legal/privacy/data/en/icloud-relay) is a proxy service which relays all of your Safari traffic, your DNS queries, and unencrypted traffic on your device through two servers: one owned by Apple and one owned by a third-party provider (including Akamai, Cloudflare, and Fastly). In theory this should prevent any single provider in the chain—including Apple—from having full visibility into which websites you visit while connected. Unlike a VPN, Private Relay does not protect traffic that's already encrypted. **Hide My Email** is Apple's email aliasing service. You can create an email aliases for free when you *Sign In With Apple* on a website or app, or generate unlimited aliases on demand with a paid iCloud+ plan. Hide My Email has the advantage of using the `@icloud.com` domain for its aliases, which may be less likely to be blocked compared to other email aliasing services, but does not offer functionality offered by standalone services such as automatic PGP encryption or multiple mailbox support. diff --git a/docs/passwords.md b/docs/passwords.md index da619a1a52..b33b1f487a 100644 --- a/docs/passwords.md +++ b/docs/passwords.md @@ -131,6 +131,12 @@ schema: "@type": WebPage url: "./" --- +Protects against the following threat(s): + +- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } +- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange } +- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } + **Password managers** allow you to securely store and manage passwords and other credentials with the use of a master password. [Introduction to Passwords :material-arrow-right-drop-circle:](./basics/passwords-overview.md) diff --git a/docs/photo-management.md b/docs/photo-management.md index fc709dbb23..542b28f2e7 100644 --- a/docs/photo-management.md +++ b/docs/photo-management.md @@ -4,6 +4,11 @@ icon: material/image description: Photo management tools to keep your personal photos safe from the prying eyes of cloud storage providers and other unauthorized access. cover: photo-management.webp --- +Protects against the following threat(s): + +- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange } +- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } + Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon Photos don't secure your photos against being accessed by the cloud storage provider themselves. These options keep your personal photos private, while allowing you to share them only with family and trusted people. ## Ente Photos diff --git a/docs/real-time-communication.md b/docs/real-time-communication.md index 4bd1f966b3..cac9a74b9a 100644 --- a/docs/real-time-communication.md +++ b/docs/real-time-communication.md @@ -5,6 +5,12 @@ icon: material/chat-processing description: Other instant messengers make all of your private conversations available to the company that runs them. cover: real-time-communication.webp --- +Protects against the following threat(s): + +- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange } +- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } +- [:material-eye-outline: Mass Surveillance](basics/common-threats.md#mass-surveillance-programs){ .pg-blue } +- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown } These are our recommendations for encrypted **real-time communication**. @@ -67,7 +73,7 @@ We have some additional tips on configuring and hardening your Signal installati ![Simplex logo](assets/img/messengers/simplex.svg){ align=right } -**SimpleX** Chat is an instant messenger that is decentralized and doesn't depend on any unique identifiers such as phone numbers or usernames. Users of SimpleX Chat can scan a QR code or click an invite link to participate in group conversations. +**SimpleX** Chat is an instant messenger that doesn't depend on any unique identifiers such as phone numbers or usernames. Its decentralized network makes SimpleX Chat an effective tool against [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }. Users of SimpleX Chat can scan a QR code or click an invite link to participate in group conversations. [:octicons-home-16: Homepage](https://simplex.chat){ .md-button .md-button--primary } [:octicons-eye-16:](https://github.com/simplex-chat/simplex-chat/blob/stable/PRIVACY.md){ .card-link title="Privacy Policy" } @@ -98,7 +104,7 @@ SimpleX Chat supports basic group chatting functionality, direct messaging, and ![Briar logo](assets/img/messengers/briar.svg){ align=right } -**Briar** is an encrypted instant messenger that [connects](https://briarproject.org/how-it-works) to other clients using the Tor Network. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briar’s local mesh mode can be useful when internet availability is a problem. +**Briar** is an encrypted instant messenger that [connects](https://briarproject.org/how-it-works) to other clients using the Tor Network, making it an effective tool at circumventing [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briar’s local mesh mode can be useful when internet availability is a problem. [:octicons-home-16: Homepage](https://briarproject.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://briarproject.org/privacy-policy){ .card-link title="Privacy Policy" } diff --git a/docs/security-keys.md b/docs/security-keys.md index df1761a08b..9a55bb2567 100644 --- a/docs/security-keys.md +++ b/docs/security-keys.md @@ -4,6 +4,11 @@ icon: 'material/key-chain' description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. cover: multi-factor-authentication.webp --- +Protects against the following threat(s): + +- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } +- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange } + A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication. ## Yubico Security Key diff --git a/docs/tools.md b/docs/tools.md index 673afaa2ad..151677d971 100644 --- a/docs/tools.md +++ b/docs/tools.md @@ -37,6 +37,15 @@ For more details about each project, why they were chosen, and additional tips oThreat Model Labels
+ +You may find any of the following icons on some of the recommendation pages: :material-incognito: :material-target-account: :material-package-variant-closed-remove: :material-bug-outline: :material-server-network: :material-eye-outline: :material-account-cash: :material-account-search: :material-close-outline: + +We are testing a new feature that allows readers to better identify and understand the kinds of threats that privacy tools best defend against. Let us know what you think about this feature by replying to this dedicated forum [thread](https://discuss.privacyguides.net/t/implement-threat-model-labels/18659)! + +