Security and Privacy Best Practices

Security and Privacy Best Practices. This list is not meant to be user-friendly. You can contribute on .

Last update: 08/14/2017

Hardware

x86 Platforms

  • Any platform supported by
  • Note: It is suggested to use Thinkpad x60 or x200. They were the firsts to support libreboot, so it's stable and clean. They have issues, though: proprietary wifi card (you have to remove it), microphone, bluetooth card, blobbed Embedded Controller, infra-red and speakers (use headphones).
  • You can also achieve good security using and

  • ARM Platforms

    Boards based on i.MX*:

    Note: You have to reflash uBoot to make sure it's not altered.

    POWER Platforms


    MIPS Platforms


    SPARC64 Platforms

  • supported platforms

  • RISC-V Platforms

  • No real implementation yet. Looking hopefully to

  • Wifi Card

  • Any Ralink device from

  • Keyboard


    Storage


    Display


    GPU

    Note: The project failed. It's a good idea, though.

    One-Time Passphrase Device


    RNG Device


    Side-Channel Attacks Mitigation

    Main concerns are , , Shoulder Surfing and CCTV

  • (TEMPEST)
  • (TEMPEST)
  • (Acoustic)
  • Note: It has to be stochastic. Digital white-noise players don't work.
  • If in public, may help with shoulder surfing or security cameras recording you.
  • (Shoulder Surfing)
  • (CCTV)
  • Note: Yes, it looks stupid.
  • Hide with

  • Misc


    Firmware

  • (Caution, Google Link!)
  • - Check

  • Operating Systems

  • (set )
  • (with for FDE)

  • VPS and Dedicated Servers

    You SHOULD NOT trust these companies. Use with caution and anonymize yourself.


    VPN

    Get a VPS and do your own VPN. Use for now, look for WireGuard in future.


    Email

    Try no to use email as much as you can. If you need it, do your own using . Use client.


    HTTP server

  • OpenBSD's

  • DNS

  • Cache with

  • Document Encryption


    Blog


    Repository


    Anonymous Networks

    Note: you have to setup and TorDNS with DNSPort configured on torrc (check also ). It's quite obvious but: donot run Tor as root.

    Cryptocoins

    Note: check also or similar for bitcoin cards. Always buy bitcoin using money, and then use a BT Mixer(through Tor). As always: bitcoin is not anonymous, be careful. That's why we're suggesting Dashcoin instead.

    Passphrase Manager


    Instant Communication

  • (currenly in beta)

  • File Sharing

  • (route through Tor for anonymity)

  • RSS Readers


    Web Browsers

  • from OpenBSD ports

  • PDF Reader

  • from command line, without javascript decoding

  • Window Manager

  • (it has by default)
  • (basically a port of dwm to Wayland - cited here because of it's simple code. Not audited.)

  • Search Engines

  • Host your own instance of .

  • News

    Use your RSS reader and get news from:

  • SoylentNews

  • Psychology

  • Be aware of . Many people are paid these days not just to start discussions, but also to defeat genuine discussions about a determined subject.

  • Basic Tips

  • Don't use social media
  • Don't use smartphones
  • Block facebook and google on your firewall


  • Disclaimer

    Anyone involved with this project has any correlation with any of those projects. And, as aways: use anything listed here at your own risk.