Skip to content

Commit

Permalink
20241007
Browse files Browse the repository at this point in the history
- Removed WindowsSpyBlocker as a suggested tool for Windows as it appears to be abandoned.
- Added a suggestion to rotate security answers on the Auditing page
- Removed prices on the Email Aliasing page
- Added quotes around the backups idiom on the Backups page
  • Loading branch information
tnonate committed Oct 7, 2024
1 parent b0bad72 commit 9b23677
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 8 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@
"Custom domains": 0,
"PGP Encryption": "No"
},
"Premium ($30/yr)": {
"Premium": {
"Aliases": "Unlimited",
"Bandwidth": "Unlimited",
"Reply/Send": "Unlimited",
Expand Down
2 changes: 1 addition & 1 deletion src/pages/en/guides/moderately-important/backups.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ Even if your one-time backup is small, keeping frequent copies can add up quickl

Generally speaking, manual backups are frowned upon. It's far too easy to forget to do them. **It is recommended you use some kind of automated backup software when possible.** Windows and Mac have features that allow you to automate the backup process including frequency, which files to include, and where to store them. If you decide to manually handle your backups for any reason, be sure to set effective recurring reminders so you don't forget.

Finally, **test your backups.** In the IT industry, there's a saying: if you haven't tested your backups, you don't have backups. After first adopting your backup strategy, test out a recovery to ensure you understand how it works and that you did both the backup and recovery correctly. Do a test recovery every so often to ensure that nothing has changed or become corrupted. Nothing is worse than suffering a data loss and finding out that you weren't backing up what you thought you were or that the restoration process is more confusing than you expected and you did it wrong.
Finally, **test your backups.** In the IT industry, there's a saying: "if you haven't tested your backups, you don't have backups." After first adopting your backup strategy, test out a recovery to ensure you understand how it works and that you did both the backup and recovery correctly. Do a test recovery every so often to ensure that nothing has changed or become corrupted. Nothing is worse than suffering a data loss and finding out that you weren't backing up what you thought you were or that the restoration process is more confusing than you expected and you did it wrong.

**Note**: Be sure to encrypt your backup devices - local or offsite - using the instructions in the [previous section](/guides/moderately-important/devices).

Expand Down
8 changes: 3 additions & 5 deletions src/pages/en/guides/moderately-important/desktop-settings.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,6 @@ For those who must use Mac or Windows, even with dual booting or as a separate d
- Privacy & security > App permissions: Evaluate each of these categories, completely turn off any settings you don't use. For categories you do use, examine which apps have permission and revoke any apps that don't have a valid need for it.
- Windows Update: By default, Windows 11 automatic updates are enabled. I still recommending checking this tab periodically to ensure there were no errors updating (especially after the second Tuesday of each month, as this is when Microsoft pushes most of their updates).
- Windows Update > Advanced options > Optional updates: I recommend checking this setting while you're checking your other system updates. These updates include things like drivers that will help keep your system running as smoothly as possible.
- Download [WindowsSpyBlocker](https://github.com/crazy-max/WindowsSpyBlocker/releases) and run it. Select option 1 "Telemetry," then option 1 "Firewall," and finally options 1 and 2, "Add extra rules," and "Add spy rules." After that's done, type "back" to go back to the previous menu, then select option 2 "NCSI," then select either option 2 or option 3, "Apply Debian NCSI" or "Apply Firefox NCSI." _(Note: I have since come to realize that this setup can sometimes interfere with official Microsoft websites and programs such as MSN and Teams. If you rely heavily on these services, I recommend only adding the "spy rules" and not the "extra" rules.)_
- If you don't plan to use a [VPN](/guides/less-important/vpns), then I encourage you to use an [Encrypted DNS Resolver](https://www.privacyguides.org/en/dns/). Follow [these instructions](https://www.bleepingcomputer.com/news/microsoft/how-to-enable-dns-over-https-doh-in-windows-10/) to change your DNS. Select "Encrypted preferred, unencrypted allowed" if the option is available. If the option is not available, the rest of the steps should still apply.
- Advanced users who want more granular control and feel comfortable making extreme changes may want to look into [W10Privacy](https://www.w10privacy.de/english-home/) and [Bulk Crap Uninstaller](https://www.bcuninstaller.com/) to remove additional, pre-installed bloatware and [Portmaster](https://safing.io/portmaster/) or [Simplewall](https://www.henrypp.org/product/simplewall) for additional firewall controls to block outgoing connections and further reduce data collection by Microsoft and other third parties.

Expand Down Expand Up @@ -140,8 +139,7 @@ For those who must use Mac or Windows, even with dual booting or as a separate d
- Privacy > App permisions: Review each setting and disable accordingly
- Update & Security > Windows Security > Open Windows Security > Virus & Threat Protection: All protections on
- Update & Security > Windows Security > Open Windows Security > Firewall & Network Protection: All firewalls on
- Update & Security: Backup:
- Download [WindowsSpyBlocker](https://github.com/crazy-max/WindowsSpyBlocker/releases) and run it. Select option 1 "Telemetry," then option 1 "Firewall," and finally options 1 and 2, "Add extra rules," and "Add spy rules." After that's done, type "back" to go back to the previous menu, then select option 2 "NCSI," then select either option 2 or option 3, "Apply Debian NCSI" or "Apply Firefox NCSI." _(Note: I have since come to realize that this setup can sometimes interfere with official Microsoft websites and programs such as MSN and Teams. If you rely heavily on these services, I recommend only adding the "spy rules" and not the "extra" rules.)_
- Update & Security: Backup: See the [backups](/guides/moderately-important/backups/) page for more information on how to keep effective backups.
- If you don't plan to use a [VPN](/guides/less-important/vpns), then I encourage you to use an [Encrypted DNS Resolver](https://www.privacyguides.org/en/dns/). Follow [these instructions](https://www.bleepingcomputer.com/news/microsoft/how-to-enable-dns-over-https-doh-in-windows-10/) to change your DNS. Select "Encrypted preferred, unencrypted allowed" if the option is available. If the option is not available, the rest of the steps should still apply.
- Advanced users who want more granular control and feel comfortable making extreme changes may want to look into [W10Privacy](https://www.w10privacy.de/english-home/) and [Bulk Crap Uninstaller](https://www.bcuninstaller.com/) to remove additional, pre-installed bloatware and [Portmaster](https://safing.io/portmaster/) or [Simplewall](https://www.henrypp.org/product/simplewall) for additional firewall controls to block outoing connections and further reduce data collection by Microsoft and other third parties.

Expand All @@ -157,6 +155,6 @@ Even with all the third-party software, tweaks, and changes we've made to the op

Just as with [phones](/guides/moderately-important/mobile-habits), **I encourage you to have as few apps, programs, and files as possible on your computer.** Sometimes this is either impossible or just not a reasonable request but, for example, you can use your browser instead of an app to access Netflix or Hulu. I also encourage you to regularly look for and get rid of files you no longer want or need, such as photos of exes or documents you downloaded once so you could print them off. This could potentially be dangerous if your device falls into the wrong hands.

Keep in mind that forensic software can still often recover "deleted" items so if you have anything you want gone for good, be sure to perform a disk wipe, which is offered by Bleachbit. Don't do disk wipes on Solid State Drives as this will shorten their lifespans. Instead, [full disk encryption](/guides/moderately-important/devices/) is your best defense.
Keep in mind that forensic software can still often recover "deleted" items so if you have anything you want gone for good, be sure to perform a disk wipe, which is offered by Bleachbit. Don't do disk wipes on [Solid State Drives](https://www.wikihow.com/Check-if-a-Hard-Drive-Is-SSD-or-HDD-on-Windows) as this will shorten their lifespans. Instead, [full disk encryption](/guides/moderately-important/devices/) is your best defense.

Although I have recommended W10 Privacy and WindowsSpyBlocker for Windows, there are other similar offerings. Whatever you use, be sure to vet it carefully and make sure it is trusworthy. Many modification scripts and third-party variations of Windows can include security vulnerabilities you may not be aware of, such as [AtlasOS](https://www.vice.com/en/article/m7bv4b/windows-for-gamers-rolls-dice-with-your-security-atlasos), which claims to improve Windows performance for gamers but does so at the cost of numerous security features.
Although I have recommended W10 Privacy for Windows, there are other similar offerings. Whatever you use, be sure to vet it carefully and make sure it is trusworthy. Many modification scripts and third-party variations of Windows can include security vulnerabilities you may not be aware of, such as [AtlasOS](https://www.vice.com/en/article/m7bv4b/windows-for-gamers-rolls-dice-with-your-security-atlasos), which claims to improve Windows performance for gamers but does so at the cost of numerous security features.
2 changes: 1 addition & 1 deletion src/pages/en/guides/most-important/auditing.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ You should also check your account settings for any other approved or logged-in
This website is filled with tips to protect your privacy and secure you against a myriad of common threats ranging from targeted advertising, identity theft, data breaches, and unsophisticated cybercriminals. It is my (biased) opinion that everything on this site is valuable and worth your time to investigate. However, going forward, there are still a few specific techniques that stand out:
_ **Keep your devices secure.** Now that you've created safe digital spaces, keep them safe. Consider switching to [apps](/guides/most-important/mobile-apps) that help protect your data and keep your device safe. Change your [mobile settings](/guides/most-important/mobile-settings) and/or [desktop settings](/guides/moderately-important/desktop-settings) to reduce the amount of data you share. Consider your [metadata](/guides/moderately-important/mobile-habits). Consider switching to a custom operating system for Android, enabling Lockdown Mode on iOS, and/or Linux on desktop.
_ **Keep control of your devices.** The best way to protect your devices from compromise is to keep them on you at all times. Because this may not always be possible, I also strongly encourage [encrypting](/guides/moderately-important/devices) your devices and setting strong login passwords to prevent unauthorized access.
_ **Use strong passwords and authentication.** Use a [password manager](/guides/most-important/passwords) and [multifactor authentication](/guides/most-important/mfa) to protect your accounts from compromise. To protect access to those services, I recommend securing your devices with a strong [passphrase](/guides/most-important/passwords#tips--tricks) that only you know. Avoid biometric locks (such as FaceID) or easily guessable PINs/Patterns or other forms of authentication that could be used without your knowledge or consent if you're sleeping or otherwise away from your device for a period of time.
_ **Use strong passwords and authentication.** Use a [password manager](/guides/most-important/passwords) and [multifactor authentication](/guides/most-important/mfa) to protect your accounts from compromise. To protect access to those services, I recommend securing your devices with a strong [passphrase](/guides/most-important/passwords#tips--tricks) that only you know. Avoid biometric locks (such as FaceID) or easily guessable PINs/Patterns or other forms of authentication that could be used without your knowledge or consent if you're sleeping or otherwise away from your device for a period of time. You should also consider changing your security questions and answers to something an attacker can't guess to avoid them simply resetting the password and getting back in.
_ **Keep your device clean.** If compromise of your device is a concern, be sure to keep your device as clean of sensitive information as possible. Switch to an [encrypted messenger](/guides/less-important/messaging) and enable disappearing messages. Set your [browser](/guides/most-important/browser) to never store any history. Always remember to keep your device as clean of apps and files as possible. Consider using a [VPN](/guides/less-important/vpns) or [Tor Browser](/guides/most-important/browser#tor-browser) to protect your traffic from a compromised router or network.
Be aware that this website focuses on a very limited, lower-level threat model, so while it serves as a great foundation, you may need to do more research and learn more to adequately protect yourself. I go into that in more depth [here](http://localhost:3000/en/guides/prologue/threat-model#what-threat-model-does-this-website-address).

Expand Down

0 comments on commit 9b23677

Please sign in to comment.