Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

personal-security-checklist

đź”’ A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
https://github.com/Lissy93/personal-security-checklist

  • this Verizon report
  • HowSecureIsMyPassword.net - and-2fa/)
  • BitWarden - privacy#password-managers)
  • an authenticator app - seconds)
  • Firefox Monitor - wide notification, where you can receive alerts if any email addresses under your entire domain appear (useful if you use aliases for [anonymous forwarding](https://github.com/Lissy93/awesome-privacy#anonymous-mail-forwarding))
  • no longer recommended
  • explained here
  • SIM-swapping - voice.com/ss7_attacks). There's also no guarantee of how securely your phone number will be stored, or what else it will be used for. From a practical point of view, SMS will only work when you have signal, and can be slow. If a website or service requires the usage of a SMS number for recovery consider purchasing a second pre-paid phone number only used for account recovery for these instances.
  • authenticator app
  • fool it - there are likely photos of your face on the internet, and videos recorded by surveillance cameras
  • keylogger - filled by a password manager can not be intercepted by a hardware keylogger.
  • SoloKey
  • KeePass - password-safe/id897283731) (iOS). The drawback being that it may be slightly less convenient for some, and it will be up to you to back it up, and store it securely
  • anything - fill these. Virtual phone numbers can be generated through your VOIP provider
  • Password Managers - privacy#2-factor-authentication)
  • uBlock Origin - party ads are displayed on a webpage, they have the ability to track you, gathering personal information about you and your habits, which can then be sold, or used to show you more targeted ads, and some ads are plain malicious or fake. Blocking ads also makes pages load faster, uses less data and provides a less cluttered experience
  • Virus Total URL Scanner - browsing/search) if you are unsure
  • signs of browser malware - online-protection-where-malware-hides) and [how to remove browser malware](https://heimdalsecurity.com/blog/malware-removal)
  • Firefox - respecting browsers. Both are fast, open source, user-friendly and available on all major operating systems. Your browser has access to everything that you do online, so if possible, avoid Google Chrome, Edge and Safari as (without correct configuration) all three of them, collect usage data, call home and allow for invasive tracking. Firefox requires a few changes to achieve optimal security, for example - [arkenfox](https://github.com/arkenfox/user.js/wiki) or [12byte](https://12bytes.org/articles/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs/)'s user.js configs. See more: [Privacy Browsers](https://github.com/Lissy93/awesome-privacy#browsers)
  • DuckDuckGo - hosted). Google implements some [incredibly invasive](https://hackernoon.com/data-privacy-concerns-with-google-b946f2b7afea) tracking policies, and have a history of displaying [biased search results](https://www.businessinsider.com/evidence-that-google-search-results-are-biased-2014-10). Therefore Google, along with Bing, Baidu, Yahoo and Yandex are incompatible with anyone looking to protect their privacy. It is recommended to update your [browsers default search](https://duckduckgo.com/install) to a privacy-respecting search engine
  • discovered - day exploit. You can [see which browser version you're using here](https://www.whatismybrowser.com/), or follow [this guide](https://www.whatismybrowser.com/guides/how-to-update-your-browser/) for instructions on how to update. Some browsers will auto-update to the latest stable version
  • HTTPS-Everywhere
  • DNS-over-HTTPS - it is simple to [enable](https://www.maketecheasier.com/enable-dns-over-https-various-browsers) in-browser. Note that DoH comes with it's [own issues](https://blog.mozilla.org/netpolicy/2020/02/25/the-facts-mozillas-dns-over-https-doh/), mostly preventing web filtering
  • Firefox Containers - security-checklist/issues/127), it's possible to use compartmentalize websites without containers, as done in [@arkenfox's user.js](https://github.com/arkenfox/user.js). Alternatively, you could use [different browsers for different tasks](https://medium.com/fast-company/incognito-mode-wont-keep-your-browsing-private-do-this-instead-dd64bc812010) (Brave, Firefox, Tor etc). For Chromium-based browsers, you can create and use [Profiles](https://www.chromium.org/developers/creating-and-using-profiles), or an extension such as [SessionBox](https://sessionbox.io), however this addon is not open source
  • fool-proof - you can still be tracked
  • Fingerprinting - The aim is to be as un-unique as possible
  • Session Hijacking - destructing-cookies.html) is a browser addon, which will kill cookies when you close the browser
  • Third-party cookies - disable-third-party-cookies-all-major-browsers) explains how you can disable 3rd-party cookies, and you can [check here](https://www.whatismybrowser.com/detect/are-third-party-cookies-enabled) ensure this worked
  • Privacy Badger - help-pages/desktop/adding-duckduckgo-to-your-browser/), [uBlock Origin](https://github.com/gorhill/uBlock) and [uMatrix](https://github.com/gorhill/uMatrix) (advanced) are all very effective, open source tracker-blockers available for all major browsers. Alternatively you can block trackers at the network level, with something like [Pi-Hole](https://pi-hole.net) (on your home server) or [Diversion](https://diversion.ch) (Asus routers running Merlin firmware. Some VPNs offer basic tracking blocking (such as [TrackStop on PerfectPrivacy](https://www.perfect-privacy.com/en/features/trackstop?a_aid=securitychecklist))
  • Unvalidated redirects - to-stop-automatic-redirects-on-google-firefox-and-edge/).
  • collects all data
  • this article
  • disabling auto file downloads
  • tap into your device sensors - js](https://sensor-js.xyz) study for more. The best solution is to not grant any permissions to your browser, and to use a privacy browser such as Firefox Focus ([Android](https://play.google.com/store/apps/details?id=org.mozilla.focus) / [iOS](https://apps.apple.com/app/id1055677337)) or DuckDuckGo ([Android](https://play.google.com/store/apps/details?id=com.duckduckgo.mobile.android&hl=en_US) / [iOS](https://apps.apple.com/us/app/duckduckgo-privacy-browser/id663592361))
  • see how
  • webcam - Security_Gadgets.md) such as a webcam cover and microphone blocker
  • Offline NT Password and Registry Editor
  • this article - exfil-protection/ibeemfhcbbikonfajhamlkdgedmekifo) and [Firefox](https://addons.mozilla.org/en-US/firefox/addon/css-exfil-protection/)) which sanitizes and blocks any CSS rules which may be designed to steal data. Check out the [CSS Exfil Vulnerability Tester](https://www.mike-gualtieri.com/css-exfil-vulnerability-tester) to see if you could be susceptible.
  • ActiveX - activex-controls-are-and-why-theyre-dangerous/))
  • WebRTC - quality audio/video communication and peer-to-peer file-sharing straight from the browser. However it can pose as a privacy leak, especially if you are not using a proxy or VPN. In Firefox WebRTC can be disabled, by searching for, and disabling `media.peerconnection.enabled` in about:config. For other browsers, the [WebRTC-Leak-Prevent](ttps://github.com/aghorler/WebRTC-Leak-Prevent) extension can be installed. [uBlockOrigin](https://github.com/gorhill/uBlock) also allows WebRTC to be disabled. To learn more, [check out this guide](https://buffered.com/privacy-security/how-to-disable-webrtc-in-various-browsers/)
  • Canvas Fingerprinting - Fingerprint-Blocker](https://add0n.com/canvas-fingerprint-blocker.html) extension to spoof your fingerprint or use [Tor](https://www.torproject.org) - Check if you are susceptible [here](https://webbrowsertools.com/canvas-fingerprint/)
  • user agent - Agent Switcher](https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg) (Chrome)
  • Do Not Track
  • privacy concerns - cookies, and continue to track users in incognito. It can be disabled by visiting `chrome://net-internals/#hsts` in Chromium-based browsers, or following [this guide for Firefox](https://www.ghacks.net/2015/10/16/how-to-prevent-hsts-tracking-in-firefox/), and [this guide](https://appuals.com/how-to-clear-or-disable-hsts-for-chrome-firefox-and-internet-explorer/) for other browsers
  • Firefox - to-block-the-chrome-software-reporter-tool-software_reporter_tool-exe/), [Brave](https://support.brave.com/hc/en-us/articles/360017905872-How-do-I-enable-or-disable-automatic-crash-reporting-)
  • First Party Isolation - on
  • sanitize manually - US/firefox/addon/clearurls/)) to strip tracking data from URLs automatically in the background
  • this journal article - tops-browser-first-run-network-traffic-results) Brave claims to be the on of the only browser to call out to a single, controlled TLD exclusively
  • The Tor Project - security-checklist/issues/19)) but generally Tor is one of the more secure browser options for anonymity on the web
  • JavaScript malware
  • Privacy Browsers
  • Non-Tracking Search Engines
  • Browser Extensions for Security
  • Secure Browser & Bookmark Sync
  • is on the up
  • third parties full access - gmail-tracks-purchase-history-how-to-delete-it.html). Yahoo was also caught scanning emails in real-time [for US surveillance agencies](http://news.trust.org/item/20161004170601-99f8c) Advertisers [were granted access](https://thenextweb.com/insider/2018/08/29/both-yahoo-and-aol-are-scanning-customer-emails-to-attract-advertisers) to Yahoo and AOL users messages to “identify and segment potential customers by picking up on contextual buying signals, and past purchases.”
  • this article
  • UsePlaintext.email
  • significant security and privacy risks
  • Forward Email - to-end encryption, full privacy as well as more security-focused features. Unlike typical email providers, your mailbox cannot be read by anyone but you, since all messages are encrypted. Providers such as Google, Microsoft and Yahoo scan messages for advertising, analytics and law enforcement purposes, but this poses a serious security threat
  • does not support - 5-overview/) (See [Yubico Neo](https://developers.yubico.com/ykneo-openpgp/)), [Smart Card](https://www.floss-shop.de/en/security-privacy/smartcards/13/openpgp-smart-card-v3.3) (See [guide](https://spin.atomicobject.com/2014/02/09/gnupg-openpgp-smartcard/)), [OnlyKey](https://onlykey.io/)
  • anything
  • subaddressing - 5233](https://tools.ietf.org/html/rfc5233), and supported by most major mail providers (inc Gmail, YahooMail, Outlook, FastMail, Forward Email and ProtonMail). It enables you to keep track of who shared/ leaked your email address, but unlike aliasing it will not protect against your real address being revealed
  • ZoomInfo
  • read more - in-a-box](https://github.com/mail-in-a-box/mailinabox) and [docker-mailserver](https://github.com/tomav/docker-mailserver) are ready-to-deploy correctly-configured mail servers that provide a good starting point
  • reverse DNS lookup
  • Encrypted Email Providers
  • Anonymous Mail Forwarding
  • Pre-Configured Mail Servers
  • End-to-end encryption
  • doing a hash check - being open source, is in no way a guarantee that something is safe
  • critical security issues - backups-android/)~~ not encrypted by default and when enabled [the key still remains in control of WhatsApp](https://github.com/Lissy93/personal-security-checklist/issues/132#issuecomment-1094356009), and so with this feature available, you chat history may be breached. Again, where possible this should be [disabled](https://www.techuntold.com/stop-whatsapp-backup-iphone-android/).
  • older
  • Metadata - mcafee-location-exif/). For example [Exif data](https://en.wikipedia.org/wiki/Exif) attached to images typically includes: Device name and model, author, time & date taken, GPS location (latitude & longitude) and photography information. In order to protect privacy, you should [remove](https://en.wikipedia.org/wiki/Metadata_removal_tool) this data before uploading and file or media item. Some apps strip this information out automatically, but they may be logging it before doing so
  • expose your personal information - it happens on the client-side, and therefore causes your IP, user-agent, device info to be logged. This broadcasts to the website owner that you are discussing that website. One way around this, is to [defang](https://privacymatters.ubc.ca/blocking-email-links-why-we-use-hxxp-emails) your URLs (e.g. `https://www.example.com` --> `hxxps://www[.]example[.]com`), using a VPN will also help protect your IP
  • not secure - catcher), [sim swapping](https://www.schneier.com/blog/archives/2020/01/sim_hijacking.html), manipulation and [malware](https://www.securitynewspaper.com/2019/09/13/hack-any-mobile-phone-with-just-a-sms). If you must use SMS, then you should encrypt messages before sending. One option is to use [Silence](https://silence.im/), an Android app that provides end-to-end encryption for SMS
  • Exodus Privacy
  • Five Eyes
  • forward secrecy
  • Secure Messaging Apps
  • P2P Messaging Platforms
  • Privacy Concerns with Social Networking Services
  • this guide
  • forever
  • Bouncer - an app that gives you the ability to grant permissions temporarily
  • Facebook - services)
  • EXIF data - is-exif-data-and-how-to-remove-it/), use [a CLI tool](https://www.funkyspacemonkey.com/how-to-remove-exif-metadata), or a desktop tool like [EXIF Tage Remover](https://rlvision.com/exif/)
  • Fawkes
  • spoof GPS signals - defined location
  • Alternative Social Media
  • Alternative Video Platforms
  • Alternative Blogging Platforms
  • News Readers and Aggregation
  • limitations - eyes](https://en.wikipedia.org/wiki/Five_Eyes) jurisdiction
  • default-password.info - to-change-your-wireless-routers-admin-password-2487652), for a guide on changing router password
  • WPA2 - is-wpa3-more-secure-wi-fi) (on newer routers). WEP and WPA are moderately [easy to crack](https://null-byte.wonderhowto.com/how-to/hack-wi-fi-cracking-wep-passwords-with-aircrack-ng-0147340/). Ensure it is strong: 12+ alpha-numeric characters, avoiding dictionary words. You can set this within your routers admin panel
  • this article
  • OpenVPN - to-Point_Tunneling_Protocol) or [SSTP](https://en.wikipedia.org/wiki/Secure_Socket_Tunneling_Protocol). [L2TP](https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol) can be good, but only when configured correctly
  • DNS-over-HTTPS - security/pros-cons-dns-over-https/), it does remove the need for trust - see [Cloudflare's 1.1.1.1 Docs](https://1.1.1.1/help) for more details
  • Turris MOX - privacy#router-firmware)
  • CSRF Attack - router-ip-address-list/)), can help protect you from some of these automated attacks
  • Wigle - the-wifi-name-ssid-on-a-router-818337)
  • Wiggle WiFi SSID Map - out of many of these listings](https://www.ghacks.net/2014/10/29/add-_nomap-to-your-routers-ssid-to-have-it-ignored-by-google-and-mozilla/), by adding `_nomap` to the end of your SSID (WiFi network name)
  • trivial task - your-wireless-network-from-your-internet-leeching-neighbors-2487655)
  • major security issues - fi-protected-setup-wps-is-insecure-heres-why-you-should-disable-it/)
  • serious security issues - upnp-on-your-wireless-router-already-1844012366)
  • a VLAN and separate access point - network-for-home-tutorial-818204)
  • any service that’s not used should be disabled
  • AngryIP - ports/)
  • TorSocks - use-tor-for-all-network-traffic-by-default-on-mac-os-x/), for Kali see [TorGhost](https://github.com/SusmithKrishnan/torghost). Alternatively, you can use [OnionPi](https://learn.adafruit.com/onion-pi/overview) to use Tor for all your connected devices, by [configuring a Raspberry Pi to be a Tor Hotspot](https://lifehacker.com/how-to-anonymize-your-browsing-with-a-tor-powered-raspb-1793869805). Though see also [potential drawbacks](https://github.com/Lissy93/personal-security-checklist/issues/19).
  • says here
  • Virtual Private Networks
  • Mix Networks
  • Router Firmware
  • Open Source Proxies
  • DNS Providers
  • Firewalls
  • Network Analysis Tools
  • Self-Hosted Network Security Tools
  • track your location without GPS - style/gadgets-and-tech/news/smartphone-apps-listening-privacy-alphonso-shazam-advertising-pool-3d-honey-quest-a8139451.html), and the [camera can watch you](https://www.businessinsider.com/hackers-governments-smartphone-iphone-camera-wikileaks-cybersecurity-hack-privacy-webcam-2017-6)- all without your knowledge or consent. And then there's the malicious apps, lack of security patches and potential/ likely backdoors.
  • far more than just advertising - more often it's used to rate people for finance, insurance and employment. Targeted ads can even be used for fine-grained surveillance (see [ADINT](https://adint.cs.washington.edu))
  • governments use collect and use our smart phone data - data-requests-from-google-by-federal-agencies-and-governments/), [Facebook](https://www.statista.com/statistics/287845/global-data-requests-from-facebook-by-federal-agencies-and-governments/), Apple, Microsoft, Amazon, and other tech companies. Sometimes requests are made in bulk, returning detailed information on everybody within a certain geo-fence, [often for innocent people](https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html). And this doesn't include all of the internet traffic that intelligence agencies around the world have unhindered access to.
  • Bouncer - off permissions.
  • Juice Jacking
  • SIM hijacking - SMS based 2FA method will reduce the damage, [Read more](https://us.norton.com/internetsecurity-mobile-sim-swap-fraud.html) about the sim swap scam.
  • TrueCaller - to/unlist-phone-number), [SyncMe](https://sync.me/optout), [Hiya](https://hiyahelp.zendesk.com/hc/en-us/requests/new?ticket_form_id=824667). Note that it is possible to opt-out, even before your number has been added, and this will prevent your details being uploaded in the future.
  • OsmAnd
  • this guide
  • this iPhone guide
  • εxodus
  • NetGuard - apps/id1469783711) (iOS), or see more [Firewalls](https://github.com/Lissy93/awesome-privacy#firewalls)
  • SuperFreeze - app basis. Intended purpose is to speed up your phone, and prolong battery life, but this app is also a great utility to stop certain apps from collecting data and tracking your actions while running in the background
  • Island
  • Orbot - wide [Tor](https://www.torproject.org/) connection, which will help protect you from surveillance and public WiFi threats
  • firewall app - party-keyboards-security) by Lenny Zelster explains things further
  • CVE-2015-6639 - 2016-2431](https://www.cvedetails.com/cve/CVE-2016-2431)). Restarting your phone at least once a week will clear the app state cached in memory. A side benefit is that your device may run more smoothly after a restart.
  • not particularly secure - surprising-truth-about-sms-security)), manipulation and malware (see [this article](https://www.securitynewspaper.com/2019/09/13/hack-any-mobile-phone-with-just-a-sms)). <br>SMS should not be used to receive 2FA codes, (as demonstrated in the video in [this article](https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin)), instead use an [authenticator app](https://github.com/Lissy93/awesome-privacy#2-factor-authentication). SMS should not be used for communication, instead use an [encrypted messaging app](https://github.com/Lissy93/awesome-privacy#encrypted-messaging), such as [Signal](https://signal.org)
  • MySudo - number/). Where possible, avoid giving out your real phone number while creating accounts online.
  • this guide
  • the extent to what these apps can access - permission apps](https://veelasha.org/pubs/c2012.pdf) can see more data than you think: accessing phone sensors, vendor ID's and determine which other apps you have installed. All this is enough to identity you. In some situations you can still use a service, without having to install an application, through accessing it via the browser, and this can help mitigate a lot of the issues cause by untrustworthy apps
  • Lineage - [see more](https://github.com/Lissy93/awesome-privacy#mobile-operating-systems)
  • Mobile Apps, for Security + Privacy
  • Encrypted Messaging
  • Mobile Operation Systems
  • BitLocker - us/HT204837) on MacOS, or by enabling [LUKS](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup) on Linux, during install. Or using an open source, program, such as [VeraCrypt](https://www.veracrypt.fr/en/Home.html) or [DiskCryptor](https://www.diskcryptor.org/). For encrypting cloud files, consider [Cryptomator](https://cryptomator.org/) or [CryFS](https://www.cryfs.org/). Note that you should select a long and strong password, and keep it somewhere safe, as there is no way to recover your password if you loose it
  • Cryptomator - such as a physical off-site copy, and a cloud copy of your data
  • USB Killer - rubber-ducky-deluxe)), will act as a keyboard, once plugged in, it will proceed to rapidly type commands at lighning speed, often with severe consequences. There's also remote access tools (such as the [OMG Cable](https://hackaday.com/tag/omg-cable/) or [P4wnP1_aloa](https://github.com/RoganDawes/P4wnP1_aloa)), giving a hacker full remote access to your PC, even after the device has been removed. And of course, there's traditional USB drives, that contain malware that infect your device once inserted. <br>One solution to this, is to make a USB sanitizer, using [CIRCLean](https://www.circl.lu/projects/CIRCLean/) on a Raspberry Pi. It allows you to plug an obtained USB device into the Pi, and it'll convert the untrusted documents into a readable but disarmed format, and save them on a new USB key, which you can then safely insert into your computer
  • serious privacy implications - -> Cortana` and switch it to `Off`. You should also stop your speech, typing and handwriting patterns being sent to Microsoft, since this can be used to identify you, as well as potentially leaking sensitive data - navigate to `Settings --> Privacy --> Speech, Inking, & Typing`, and click `Turn off`. In Mac it's not easy to fully disable Siri, but you can stop it from always listening, go to `System Preferences --> Siri`, and uncheck `Enable Siri`
  • BleachBit
  • disabling the sleep functionality - Encrypting Drives and most other disk encryption methods. Another reason to shut down, is because the machine is completely offline while it is off, and cannot be hacked remotely. It also can't communicate with a command and control server, if it has already been infected with an exploit
  • XBrowserSync
  • remote desktop is disabled - pairing devices, such as beacons that transmit advertising information- this is also in the privacy settings
  • mitigate a large proportion of vulnerabilities - you-shouldnt-use-admin-account/), on how to implement this. You should also ensure that a password is required for all system wide changes, as this helps protect against malware doing widespread damage. In Windows this is enabled by default, in MacOS, navigate to `System Preferences --> Security & Privacy --> General --> Advanced`
  • being watched - such as [Oversight](https://objective-see.com/products/oversight.html) (MacOS) or [CamWings](https://schiffer.tech/camwings.html) (Windows) - for ultimate protection, consider physically [removing the webcam](https://www.wired.com/story/remove-the-mic-from-your-phone/) all together. Blocking unauthorized audio recording, can be done with a [mic block](https://mic-lock.com/), which works by disabling the primary sound input source- but is not fool proof
  • screen privacy filter
  • Kensington Lock - blockers/), to prevent or slow down an intruder from dropping a malicious payload onto your device. Ideally never leave your laptop or other devices unattended
  • a self-signed malicious app - blocker](/6_Privacy_and-Security_Gadgets.md#usb-data-blockers).
  • MAC Address - us/help/4027925/windows-how-and-why-to-use-random-hardware-addresses), [MacOS](https://poweruser.blog/how-to-spoof-the-wifi-mac-address-on-a-macbook-25e11594a932) and [Linux](https://itsfoss.com/change-mac-address-linux/). <br>You should also disallow you device from automatically connect to open Wi-Fi networks
  • Windows - us/HT201642), [Ubuntu](https://wiki.ubuntu.com/UncomplicatedFirewall) and other [Linux ditros](https://www.tecmint.com/start-stop-disable-enable-firewalld-iptables-firewall)). Alternatively, for greater control, consider: [LuLu](https://objective-see.com/products/lulu.html) (MacOS), [gufw](https://costales.github.io/projects/gufw/) (Linux), [LittleSnitch](https://github.com/evilsocket/opensnitch), [SimpleWall](https://github.com/henrypp/simplewall) (Windows), there's plenty more [firewall apps](https://github.com/Lissy93/awesome-privacy#firewalls) available
  • GhostPress
  • OSK - fill password managers.
  • can be circumvented - level super-fast) it will block input until the attack stops. Alternatively, Windows Group Policy can also be [configured to not trust new devices by default](https://www.itechtics.com/enable-gpedit-windows-10-home/). [Port Blockers](https://lindy.com/en/technology/port-blockers/) provide some level of physical protection, which may prevent an opportunistic attack, but can be circumvented fairly easily
  • sold to third-parties - libre closed source programs such as Avast, AVG, Norton, Kasperky, Avira etc- even the paid plans come with privacy concerns. If you need a dedicated anti-virus application, consider [ClamAV](https://www.clamav.net/), which is open source and libre meaning completely open. And for scanning 1-off files, [VirusTotal](https://www.virustotal.com/) is a useful tool
  • chkrootkit - revealer](https://docs.microsoft.com/en-us/sysinternals/downloads/rootkit-revealer) or [gmer](http://www.gmer.net/)
  • Here is a guide on how to enable password
  • QubeOS - privacy#pc-operating-systems)
  • ProxMox - Escapes](https://en.wikipedia.org/wiki/Virtual_machine_escape), may allow for data in memory to leak into the host system
  • Compartmentalization - account containers](https://support.mozilla.org/en-US/kb/containers) for different activities, but taking it further you could have a virtual machine for each category (such as work, shopping, social etc). Alternativley, consider [Qubes OS](https://www.qubes-os.org), which is designed for exactly this, and sandboxes each app in it's own Xen Hypervisor VM, while still providing great user experience
  • HardenTools - software.com/en/shutup10). Note: This should only be done if you are competent Windows user, as modifying the registry can cause issues
  • Secure Boot
  • this guide, on OpenSSH security tweeks
  • exposed to exploits - lt`
  • Rule Set Based Access Control
  • canary trap - quick-free-detection.html) about canary tokens, or see [this guide](https://resources.infosecinstitute.com/how-to-protect-files-with-canary-tokens/) for details on how to create them yourself.
  • Secure Operating Systems
  • Linux Defenses
  • Windows Defenses
  • Mac OS Defenses
  • Anti-Malware
  • Firewalls
  • File Encryption
  • Mycroft
  • FingBox - to-the-monitor-the-bandwidth-and-data-usage-of-individual-devices-on-your-network/).
  • Home Automation
  • AI Voice Assistants
  • 133,015 reports in the US in 2017 alone
  • Experian - alerts) or [Equifax](https://www.equifax.com/personal/credit-report-services/credit-freeze/)
  • Experian - freeze) and [Equifax](https://www.freeze.equifax.com/)
  • Privacy.com - privacy#virtual-credit-cards) offer this service
  • Monero - supported currency (such as [Tether](https://tether.to/), [Bitcoin](https://bitcoin.org/), [LiteCoin](https://litecoin.com/), [Ripple](https://ripple.com/xrp/), [Ethereum](https://ethereum.org/en/) etc), take steps to [distance yourself from the transaction details](https://coinsutra.com/anonymous-bitcoin-transactions/). See more [privacy-respecting crypto currencies](https://github.com/Lissy93/awesome-privacy#cryptocurrencies). Note that using crypto anonymously requires some background knowlegde, and the learning curve can be steep, so take care to ensure you're not putting your privacy at risk (see [#70](https://github.com/Lissy93/personal-security-checklist/issues/70))
  • Wasabi - term storage consider a paper wallet, or a more robust alternative, such as [CryptoSteel](https://cryptosteel.com/how-it-works)
  • LocalBitcoins
  • bitcoin mixer
  • forwarding email address
  • Virtual Credit Cards
  • Cryptocurrencies
  • Crypto Wallets
  • Crypto Exchanges
  • Other Payment Methods
  • Budgeting Tools
  • *camfecting* - 2/2019/09/15000-webcams-vulnerable-how-to-protect-webcam-hacking/) for more tips. Mute home assistants, (Alexa, Google Home and Siri) when you are not using them, or at least when you are discussing anything sensitive or anything conversation involving personal details
  • laptop
  • How to Protect against Common Phishing Attacks - security-breaking-down-the-anatomy-of-a-phishing-email/)
  • Virus Total
  • VeraCrypt - encrypt-your-pc-phone-and-tablet-now.-youll-regret-it-later-if-you-dont)
  • Depix
  • Privacy.com
  • Android - to-manage-app-permissions-on-your-iphone-or-ipad). On Android, there is a great app called [Exodus Privacy](https://play.google.com/store/apps/details?id=org.eu.exodus_privacy.exodusprivacy), that displays all permissions, and trackers for each of your installed apps
  • This guide
  • Simple Opt Out - parties, who combine multiple data sets together, allowing them to easily deduce your identity, along with your habits, purchases, personal details, location etc
  • re-consent
  • Compartmentalization
  • WhoIs
  • Monero - privacy#payment-methods)
  • Online Tools
  • easy and legal to access - records-internet-privacy-dilemma) (identity theft, personal safety risks/ stalkers, destruction of reputations, dossier society)
  • WhitePages - out from these listings. Methods for doing so range considerably between countries and states, see [Personal Data Removal Workbook](https://inteltechniques.com/data/workbook.pdf) by Michael Bazzell or [Word Privacy Forum Opt-Out Guide](https://www.worldprivacyforum.org/2015/08/consumer-tips-top-ten-opt-outs/) or The LifeWire [Remove Personal Information Guide](https://www.lifewire.com/remove-personal-information-from-internet-3482691) to get started
  • communicate with voice assistants with lasers
  • skimmer detector
  • this article
  • patterns
  • Reflectacles
  • do not submit your DNA to heritage websites
  • Privacy-Respecting Software
  • awesome-security
  • awesome-threat-detection
  • awesome-threat-intelligence
  • awesome-sec-talks
  • security_list
  • defensivecomputingchecklist.com
  • Creative Commons, CC BY 4.0
  • ![Attribution 4.0 International
  • ![Sponsor Lissy93 on GitHub
  • ![Share on Twitter - %20an%20ultimate%20list%20of%20tips%20for%20protecting%20your%20digital%20security%20and%20privacy%20in%202020%2C%20with%20%40Lissy_Sykes%20%F0%9F%94%90%20%20%F0%9F%9A%80&url=https://github.com/Lissy93/personal-security-checklist)
  • ![Share on LinkedIn
  • ![Share on Facebook - security-checklist&title=The%20Ultimate%20Personal%20Cyber%20Security%20Checklist&summary=%F0%9F%94%92%20A%20curated%20list%20of%20100%2B%20tips%20for%20protecting%20digital%20security%20and%20privacy%20in%202020&source=)
  • ![Share on Mastodon
  • ![Alicia Sykes on Twitter
  • ![Alicia Sykes on GitHub
  • ![Alicia Sykes on Mastodon
  • ![Alicia Sykes on Keybase
  • ![Alicia Sykes's PGP
  • ![Alicia Sykes's Website
Programming Languages
JavaScript 2 Go 1
Keywords
security 5 awesome-list 3 awesome 2 blocker 1 browser-extension 1 chromium 1 firefox 1 javascript 1 ublock 1 ublock-origin 1 detection 1 incident-response 1 threat-detection 1 threat-hunting 1 hardening 1 windows 1 conferences 1 hacking 1 infosec 1