### General MFA Recommendations and Setup Source: https://www.privacyguides.org/en/basics/multi-factor-authentication Provides general recommendations for MFA usage, including method selection, backup strategies, and initial setup procedures. ```APIDOC General Recommendations: Which Method Should I Use?: Prioritize hardware security keys, followed by TOTP apps. Avoid SMS/Email MFA if possible due to security risks. Backups: Description: Maintain backup codes or a secondary MFA method in case the primary method is lost or inaccessible. Storage: Store backup codes securely offline. Initial Set Up: Description: Follow the service provider's instructions carefully when enabling MFA. Steps: 1. Choose your preferred MFA method. 2. Follow on-screen prompts to link your device or generate codes. 3. Save backup codes in a secure location. ``` -------------------------------- ### MFA Setup for Operating Systems Source: https://www.privacyguides.org/en/basics/multi-factor-authentication Guides for enabling MFA on various operating systems including macOS, Linux, and Qubes OS. ```APIDOC Operating System MFA Setup: macOS: Description: Enable MFA for user login and system access. Methods: Typically integrated with Apple ID and iCloud Keychain. Linux: Description: Configure MFA for user login, often via PAM modules. Methods: Supports TOTP and hardware keys through various configurations. Qubes OS: Description: Secure user login with MFA options. Methods: Integrates with system security features, potentially supporting hardware keys and TOTP. ``` -------------------------------- ### Manual Mail Server Setup Guides Source: https://www.privacyguides.org/en/self-hosting/email-servers Guides for setting up a mail server manually, focusing on specific components like OpenSMTPD, Dovecot, and Rspamd. ```APIDOC Manual Mail Server Setup: Option 1: OpenSMTPD, Dovecot, and Rspamd - Reference: https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd - Year: 2019 Option 2: General Mail Server Guide - Reference: https://www.c0ffee.net/blog/mail-server-guide - Month: August - Year: 2017 ``` -------------------------------- ### Download Windows Installer Source: https://www.privacyguides.org/en/os/windows Use the official Microsoft Media Creation Tool to create a bootable USB drive for Windows installation. Avoid third-party tools like Rufus or Etcher as they may cause issues. ```URL https://microsoft.com/software-download/windows11 ``` -------------------------------- ### Start BitLocker Encryption (Windows Command Prompt) Source: https://www.privacyguides.org/en/encryption This command initiates the BitLocker encryption process for the C: drive using the -used flag, which typically means it will use available space for encryption. It requires administrator privileges. ```batch manage-bde -on c: -used ``` -------------------------------- ### Self-Hosting Guides Source: https://www.privacyguides.org/en/about/criteria Guides related to self-hosting services for enhanced privacy and control. ```APIDOC Self-Hosting: Email Servers: Guidance on setting up private email servers. ``` -------------------------------- ### Uploading Images Guide Source: https://www.privacyguides.org/en/meta/git-recommendations Technical guide for uploading images to the Privacy Guides website, including recommended formats, sizes, and optimization techniques. ```APIDOC Uploading Images: - Format: Use WebP or AVIF for optimal compression and quality. Fallback to JPG or PNG if necessary. - Optimization: Compress images before uploading to reduce file size. - Naming: Use descriptive filenames with lowercase letters and hyphens. - Placement: Store images in the `static/images` directory. ``` -------------------------------- ### Linux PAM U2F Authentication Setup Source: https://www.privacyguides.org/en/basics/multi-factor-authentication This section discusses setting up two-factor authentication on Linux using the `pam_u2f` module with hardware security keys supporting U2F. It notes that package manager commands and names may vary across distributions, and this guide is not applicable to Qubes OS. ```bash # Example package installation (may vary by distribution) # sudo apt-get install libpam-u2f # For Debian/Ubuntu based systems # sudo dnf install pam-u2f # For Fedora/RHEL based systems ``` -------------------------------- ### Recommended DNS Providers Source: https://www.privacyguides.org/en/tools Mentions recommended encrypted DNS servers, citing Mullvad and Quad9 as examples, and advises users to read detailed pages on DNS before selecting a provider. ```text We [recommend](https://www.privacyguides.org/en/dns/#recommended-providers) a number of encrypted DNS servers based on a variety of criteria, such as [Mullvad](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) and [Quad9](https://quad9.net) amongst others. We recommend for you to read our pages on DNS before choosing a provider. In many cases, using an alternative DNS provider is not recommended. ``` -------------------------------- ### Downloads Section Example Source: https://www.privacyguides.org/en/meta/admonitions Illustrates the structure of a 'downloads' section, typically used within recommendation cards. It utilizes a collapsible `
` element to list various download links for different platforms and services. ```html
Downloads -:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonmail.android) -:simple-appstore: App Store](https://apps.apple.com/app/id979659905) -:simple-github: GitHub](https://github.com/ProtonMail/android-mail/releases) -:fontawesome-brands-windows: Windows](https://proton.me/mail/bridge#download) -:simple-apple: macOS](https://proton.me/mail/bridge#download) -:simple-linux: Linux](https://proton.me/mail/bridge#download) -:octicons-browser-16: Web](https://mail.proton.me)
``` ```markdown Downloads * [](https://play.google.com/store/apps/details?id=ch.protonmail.android) * [](https://apps.apple.com/app/id979659905) * [](https://github.com/ProtonMail/android-mail/releases) * [ Windows](https://proton.me/mail/bridge#download) * [](https://proton.me/mail/bridge#download) * [](https://proton.me/mail/bridge#download) * [](https://mail.proton.me) ``` -------------------------------- ### Contributing to Privacy Guides Source: https://www.privacyguides.org/en/pastebins Guides for contributing to the Privacy Guides project, covering writing style, technical aspects like Git usage, and community guidelines. ```APIDOC Contributing: Writing Guide: Writing Style: https://www.privacyguides.org/en/meta/writing-style/ Admonitions: https://www.privacyguides.org/en/meta/admonitions/ Branding Guidelines: https://www.privacyguides.org/en/meta/brand/ Translations: https://www.privacyguides.org/en/meta/translations/ Technical Guides: Uploading Images: https://www.privacyguides.org/en/meta/uploading-images/ Git Recommendations: https://www.privacyguides.org/en/meta/git-recommendations/ Commit Messages: https://www.privacyguides.org/en/meta/commit-messages/ Commenting on PRs: https://www.privacyguides.org/en/meta/pr-comments/ ``` -------------------------------- ### Operating System Guides Source: https://www.privacyguides.org/en/about/criteria Provides detailed guides for various operating systems, including specific configurations and privacy considerations for each. ```APIDOC Operating Systems: Android Overview: Guides for Android privacy. iOS Overview: Guides for iOS privacy. Linux Overview: Guides for Linux privacy. macOS Overview: Guides for macOS privacy. Qubes Overview: Guides for Qubes OS privacy. Windows: Guides for Windows privacy. Group Policy Settings: Specific guidance on Windows Group Policy for privacy. ``` -------------------------------- ### Toolbx for Containerized Environments Source: https://www.privacyguides.org/en/desktop Illustrates the use of Toolbx to create and manage Podman containers, providing a traditional Fedora environment for development. This allows users to install packages within a container without affecting the host system. ```bash # Create a new Toolbx container toolbx create # Enter the Toolbx container toolbx enter ``` ```bash # Inside the container, use dnf to install packages dnf install # Exit the container exit ``` -------------------------------- ### Privacy Guides Repository Link Source: https://www.privacyguides.org/en/about/statistics Provides a link to the Privacy Guides GitHub repository, including commit date and statistics. ```markdown [ * 2025.07.22 * 3.5k * 243 ](https://github.com/privacyguides/privacyguides.org "Go to repository") ``` -------------------------------- ### Qubes OS VM Configuration for Tor over VPN Source: https://www.privacyguides.org/en/os/qubes-overview Example configuration for connecting to Tor via a VPN using ProxyVMs and Whonix. This setup chains Whonix qubes to a VPN ProxyVM for secure Tor access. ```en Qube name | Qube description | NetVM ---|---|--- sys-net | _Your default network qube (pre-installed)_ | _n/a_ sys-firewall | _Your default firewall qube (pre-installed)_ | sys-net sys-proxyvm | The VPN ProxyVM you [created](https://forum.qubes-os.org/t/configuring-a-proxyvm-vpn-gateway/19061) | sys-firewall sys-whonix | Your Whonix Gateway VM | sys-proxyvm anon-whonix | Your Whonix Workstation VM | sys-whonix ``` -------------------------------- ### Security Keys Recommendations Source: https://www.privacyguides.org/en/tools Lists recommended security key hardware for enhanced online security. ```markdown * [Yubico Security Key](https://www.privacyguides.org/en/security-keys/#yubico-security-key) * [YubiKey](https://www.privacyguides.org/en/security-keys/#yubikey) * [Nitrokey](https://www.privacyguides.org/en/security-keys/#nitrokey) ``` -------------------------------- ### Push To Install Service Setting Source: https://www.privacyguides.org/en/os/windows/group-policies Configures the 'Push To Install' service to be turned off. ```APIDOC Push To Install: Turn off Push To Install service: Enabled ``` -------------------------------- ### Desktop Operating Systems Recommendations Source: https://www.privacyguides.org/en/tools Lists recommended desktop operating systems and distributions known for their security and privacy features. ```markdown * [Qubes OS (Xen VM Distribution)](https://www.privacyguides.org/en/desktop/#qubes-os) * [Fedora Linux](https://www.privacyguides.org/en/desktop/#fedora-linux) * [openSUSE Tumbleweed](https://www.privacyguides.org/en/desktop/#opensuse-tumbleweed) * [Arch Linux](https://www.privacyguides.org/en/desktop/#arch-linux) * [Fedora Atomic Desktops](https://www.privacyguides.org/en/desktop/#fedora-atomic-desktops) * [NixOS](https://www.privacyguides.org/en/desktop/#nixos) * [Whonix (Tor)](https://www.privacyguides.org/en/desktop/#whonix) * [Tails (Live Boot)](https://www.privacyguides.org/en/desktop/#tails) * [Secureblue](https://www.privacyguides.org/en/desktop/#secureblue) * [Kicksecure](https://www.privacyguides.org/en/desktop/#kicksecure) ``` -------------------------------- ### LUKS Full Disk Encryption (FDE) Recommendation Source: https://www.privacyguides.org/en/os/linux-overview This snippet recommends using LUKS (Linux Unified Key Setup) for Full Disk Encryption (FDE) on Linux distributions. It notes that this option is typically available during installation and requires re-installation if not set up initially. Securely erasing the storage device is also suggested. ```markdown Most Linux distributions have an option within its installer for enabling [LUKS](https://www.privacyguides.org/en/encryption/#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device: * [Secure Data Erasure ](https://blog.privacyguides.org/2022/05/25/secure-data-erasure) ``` -------------------------------- ### Project Website Framework Transition Source: https://www.privacyguides.org/en/about Details the technical transition of the Privacy Guides website framework from Jekyll to MkDocs with mkdocs-material, aimed at simplifying contributions. ```markdown In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. ``` -------------------------------- ### RethinkDNS Configuration Examples Source: https://www.privacyguides.org/en/dns Examples of configuring RethinkDNS to work with VPNs or Orbot. This includes adding WireGuard configurations or manually setting up Orbot as a proxy server. ```en Adding a WireGuard configuration: https://docs.rethinkdns.com/proxy/wireguard Manually configuring Orbot as a Proxy server: https://docs.rethinkdns.com/firewall/orbot ``` -------------------------------- ### Configure Automatic Software Updates Source: https://www.privacyguides.org/en/os/macos-overview This guide explains how to set up automatic installation of all available macOS updates, including security fixes and application updates from the App Store. ```macos-settings System Settings -> Automatic Updates -> Check for updates System Settings -> Automatic Updates -> Download new updates when available System Settings -> Automatic Updates -> Install macOS updates System Settings -> Automatic Updates -> Install application updates from the App Store System Settings -> Automatic Updates -> Install Security Responses and system files ``` -------------------------------- ### General Linux Recommendations Source: https://www.privacyguides.org/en/os/linux-overview Recommendations for enhancing Linux security, specifically focusing on drive encryption and swap file configuration. ```markdown - [ General Recommendations ](https://www.privacyguides.org/en/os/linux-overview/#general-recommendations) - [ Drive Encryption ](https://www.privacyguides.org/en/os/linux-overview/#drive-encryption) - [ Swap ](https://www.privacyguides.org/en/os/linux-overview/#swap) ``` -------------------------------- ### Privacy Guides Operating Systems Source: https://www.privacyguides.org/en/about/statistics Provides an overview of operating systems and their privacy implications, including guides for Android, iOS, Linux, macOS, Qubes, and Windows. ```markdown * [ Operating Systems ](https://www.privacyguides.org/en/os/) * [ Android Overview ](https://www.privacyguides.org/en/os/android-overview/) * [ iOS Overview ](https://www.privacyguides.org/en/os/ios-overview/) * [ Linux Overview ](https://www.privacyguides.org/en/os/linux-overview/) * [ macOS Overview ](https://www.privacyguides.org/en/os/macos-overview/) * [ Qubes Overview ](https://www.privacyguides.org/en/os/qubes-overview/) * [ Windows ](https://www.privacyguides.org/en/os/windows/) * [ Group Policy Settings ](https://www.privacyguides.org/en/os/windows/group-policies/) ``` -------------------------------- ### Mullvad Advanced Obfuscation with Shadowsocks and v2ray Source: https://www.privacyguides.org/en/vpn For advanced users, Mullvad provides a guide on using the Shadowsocks with v2ray plugin with Mullvad clients. This setup offers an additional layer of obfuscation and encryption. ```en Advanced obfuscation with Shadowsocks and v2ray: Use the Shadowsocks with v2ray plugin with Mullvad clients for enhanced obfuscation and encryption. ``` -------------------------------- ### Security Key Initialization and Usage Source: https://www.privacyguides.org/en/security-keys This section details the process of initializing and using security keys, focusing on their role in multi-factor authentication. It covers the general steps involved, regardless of the specific key type or operating system. ```APIDOC SecurityKey: __init__(type: str, protocol: str = 'FIDO2') type: The type of security key (e.g., 'YubiKey', 'Google Titan'). protocol: The authentication protocol supported (defaults to 'FIDO2'). register(username: str, relying_party: str) Registers the security key with a service for a given user. Parameters: username: The username for the account. relying_party: The service or website the key is being registered with. Returns: Registration success status. authenticate(username: str, relying_party: str) Authenticates a user using the registered security key. Parameters: username: The username for the account. relying_party: The service or website for authentication. Returns: Authentication success status. remove(username: str, relying_party: str) Removes the security key registration from a service. Parameters: username: The username for the account. relying_party: The service or website the key is being removed from. Returns: Removal success status. Supported Protocols: - FIDO2: The latest standard for passwordless authentication. - U2F: Universal 2nd Factor, an earlier standard for second-factor authentication. Common Security Key Types: - YubiKey: A popular brand offering various models with different features. - Google Titan Security Key: Google's offering for secure authentication. - SoloKeys: An open-source hardware security key. Usage Example: # Initialize a YubiKey for FIDO2 authentication my_key = SecurityKey(type='YubiKey', protocol='FIDO2') # Register the key for a user on a website success = my_key.register('user@example.com', 'example.com') if success: print('Security key registered successfully.') else: print('Failed to register security key.') # Authenticate the user auth_success = my_key.authenticate('user@example.com', 'example.com') if auth_success: print('Authentication successful.') else: print('Authentication failed.') ``` -------------------------------- ### Threat Modeling Example: Protecting Your Belongings Source: https://www.privacyguides.org/en/basics/threat-modeling An example illustrating the application of threat modeling principles to a practical scenario, such as protecting personal belongings. This helps users understand how to apply the concepts discussed. ```markdown - Try it yourself: Protecting Your Belongings ``` -------------------------------- ### Markdown Image Syntax Example Source: https://www.privacyguides.org/en/meta/translations Demonstrates the correct Markdown syntax for inserting an image with alignment, as used on the Privacy Guides website. It highlights potential issues like missing brackets or extra spaces. ```Markdown ![Software logo](assets/img/path/to/image.svg){ align=right } ``` -------------------------------- ### Custom Android Operating Systems Source: https://www.privacyguides.org/en/tools Lists custom Android distributions focused on privacy and security. ```markdown * [GrapheneOS](https://www.privacyguides.org/en/android/distributions/#grapheneos) ``` -------------------------------- ### Operating System Overviews Source: https://www.privacyguides.org/en/os Provides overviews for various operating systems, detailing their privacy features and considerations. Includes links to specific guides for each OS. ```APIDOC Operating Systems: Android Overview: https://www.privacyguides.org/en/os/android-overview/ iOS Overview: https://www.privacyguides.org/en/os/ios-overview/ Linux Overview: https://www.privacyguides.org/en/os/linux-overview/ macOS Overview: https://www.privacyguides.org/en/os/macos-overview/ Qubes Overview: https://www.privacyguides.org/en/os/qubes-overview/ Windows: https://www.privacyguides.org/en/os/windows/ ``` -------------------------------- ### Linux Distribution Choices Source: https://www.privacyguides.org/en/os/linux-overview Guidance on selecting a Linux distribution, including release cycles, update types, security-focused options, Arch-based distributions, and the Linux-libre kernel. ```markdown - [ Choosing your distribution ](https://www.privacyguides.org/en/os/linux-overview/#choosing-your-distribution) - [ Release cycle ](https://www.privacyguides.org/en/os/linux-overview/#release-cycle) - [ Traditional vs Atomic Updates ](https://www.privacyguides.org/en/os/linux-overview/#traditional-vs-atomic-updates) - [ “Security-focused” distributions ](https://www.privacyguides.org/en/os/linux-overview/#security-focused-distributions) - [ Arch-based distributions ](https://www.privacyguides.org/en/os/linux-overview/#arch-based-distributions) - [ Linux-libre kernel and “Libre” distributions ](https://www.privacyguides.org/en/os/linux-overview/#linux-libre-kernel-and-libre-distributions) ``` -------------------------------- ### Donation Acceptance Policy Details Source: https://www.privacyguides.org/en/about/donation-acceptance-policy Outlines the types of donations Privacy Guides can and cannot accept, including specific examples of accepted and restricted gifts. It also covers policies on sponsorships and product reviews in exchange for incentives. ```APIDOC Donation Acceptance Policy: Purpose: To ensure unbiased recommendations and maintain Privacy Guides' mission. What we can accept: - Donations from individuals, corporations, foundations, or other entities. - Forms of support: cash, cash equivalents (checks, money orders, credit/debit card payments), and cryptocurrency. - Gifts of Real Property, Personal Property, or Securities (upon approval of the MAGIC Grants board of directors). - Conditions: Gifts must be legal and consistent with Privacy Guides' policies, mission, purpose, and procedures. Things we do not do: - Accept sponsorships. - Offer to recommend a product or service in exchange for a donation or other incentive. - Threaten to remove a recommendation for a product or service unless we receive a donation or other incentive. - Offer to expedite a review of a product or service in exchange for a donation or other incentive. - Write sponsored content or feature sponsored components in our content. Things we may do: - Accept donations from privacy-related companies and non-profits. - Apply for grant programs. - Accept free versions of software or hardware for testing and review (mindful of version differences). - Accept discounted versions of software or hardware for operational assistance (e.g., non-profit discounts). Restrictions on gifts: - Preference for unrestricted gifts for flexibility. - Acceptance of gifts for specified programs or purposes, provided they are consistent with the mission. - Rejection of gifts that are too restrictive, including: - Funding research/review of specific product categories or products. - Violating existing policies. - Being too difficult to administer. - Being for purposes outside the general mission. - Example of acceptable restriction: Funding video production or website/forum hosting. - Final decisions on gift restrictiveness and acceptance/refusal made by the executive committee. ``` -------------------------------- ### Example dig output showing EDNS Client Subnet information Source: https://www.privacyguides.org/en/advanced/dns-overview An example of `dig` command output indicating that EDNS Client Subnet information is being passed. The presence of an 'edns0-client-subnet' TXT record reveals the shared IP network. ```dns o-o.myaddr.l.google.com. 60 IN TXT "198.51.100.32" o-o.myaddr.l.google.com. 60 IN TXT "edns0-client-subnet 198.51.100.0/24" ;; Query time: 64 msec ;; SERVER: 9.9.9.11#53(9.9.9.11) ;; WHEN: Wed Mar 13 10:23:08 CDT 2024 ;; MSG SIZE rcvd: 130 ``` -------------------------------- ### MFA Setup for KeePass/KeePassXC Source: https://www.privacyguides.org/en/basics/multi-factor-authentication Instructions for enabling multifactor authentication for password managers like KeePass and KeePassXC. ```APIDOC KeePass/KeePassXC MFA Setup: Description: Enhance the security of your password database by requiring MFA upon opening. Methods: TOTP: Integration: Use plugins or built-in features to require TOTP codes. Hardware Security Keys: Integration: May require specific plugins or configurations depending on the KeePass version and OS. ``` -------------------------------- ### Privacy Guides Subprocessors Source: https://www.privacyguides.org/en/privacy Lists subprocessors used by Privacy Guides for website hosting, content delivery, security, data storage, and user support. Includes service, function, processing locations, and links to privacy notices. ```APIDOC Subprocessor Information: Subprocessor | Service | Function | Processing | Links ---|---|---|---|--- [Bunny.net](https://bunny.net) (Slovenia) | [Bunny CDN](https://bunny.net/cdn) | Content Delivery Network services for distributing images and other static assets. | Slovenia, Global | [Privacy Notice](https://bunny.net/privacy), [GDPR Center](https://bunny.net/gdpr) [Cloudflare](https://cloudflare.com) (USA) | [Authoritative DNS](https://cloudflare.com/application-services/products/dns) | Authoritative DNS services for our domain names. | USA, Global | [Privacy Notice](https://cloudflare.com/privacypolicy), [GDPR Center](https://cloudflare.com/trust-hub/gdpr) [Fediverse Communications LLC](https://fediverse.us) (USA) | PeerTube | For hosting public videos produced by Privacy Guides which are shared or embedded on this website. | USA | [More information](https://neat.tube/about/instance) [GitHub](https://github.com) (USA) | Git Repositories | _For visitors to this website_ : sharing information with our visitors about the current release, repo star count, etc. | USA | [Privacy Notice](https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement) [GitHub](https://github.com) (USA) | Git Repositories, Issues, Pull Requests | _For contributors to this website_ : hosting our source code and communications platforms such as our issues tracker. | USA | [Privacy Notice](https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement) [GitHub](https://github.com) (USA) | [Sponsors](https://github.com/sponsors/privacyguides) | For collecting payments for gifts to Privacy Guides | USA | [Privacy Notice](https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement) [Stripe](https://stripe.com) (USA) | Connect | _For certain donations via GitHub Sponsors_ : payment processing for donations | USA | [Privacy Notice](https://stripe.com/privacy), [GDPR Center](https://stripe.com/legal/privacy-center) [Triplebit](https://www.triplebit.org) (USA) | Object Storage | For hosting static websites and static media content, and distributing static content | USA, Poland | [Privacy Notice](https://www.triplebit.org/privacy) [Triplebit](https://www.triplebit.org) (USA) | [Umami Statistics](https://stats.triplebit.net/share/S80jBc50hxr5TquS/www.privacyguides.org) | For compiling aggregated statistics of our website visitor data based on server-side visitor info submissions | USA | [Privacy Notice](https://www.triplebit.org/privacy) [Triplebit](https://www.triplebit.org) (USA) | Virtual Private Servers | For hosting our dynamic websites, storing and processing personal data. | USA | [Privacy Notice](https://www.triplebit.org/privacy) ``` -------------------------------- ### MFA Setup for SSH Source: https://www.privacyguides.org/en/basics/multi-factor-authentication Details on setting up multifactor authentication for SSH access, supporting both hardware security keys and TOTP. ```APIDOC SSH MFA Setup: Methods: Hardware Security Keys: Description: Use FIDO/U2F keys for SSH authentication. Configuration: Requires specific SSH server and client configurations (e.g., `sshd_config`, `ssh_config`). TOTP: Description: Integrate TOTP authenticator apps with SSH. Configuration: Typically involves PAM modules (e.g., `google-authenticator`) on the server. ``` -------------------------------- ### PrivateBin Self-Hosting Documentation Source: https://www.privacyguides.org/en/self-hosting Provides links to the homepage, admin documentation, and source code for PrivateBin, a pastebin service. ```APIDOC PrivateBin: Homepage: https://www.privacyguides.org/en/pastebins/#privatebin Admin Documentation: https://github.com/PrivateBin/PrivateBin/blob/master/doc/Installation.md Source Code: https://github.com/PrivateBin/PrivateBin ``` -------------------------------- ### Privacy Guides - Operating System Recommendations Source: https://www.privacyguides.org/en/about/services This section provides recommendations and overviews for various operating systems, detailing their privacy features and considerations for different platforms like Android, iOS, Linux, macOS, Qubes, and Windows. ```APIDOC Operating Systems: Android Overview: https://www.privacyguides.org/en/os/android-overview/ iOS Overview: https://www.privacyguides.org/en/os/ios-overview/ Linux Overview: https://www.privacyguides.org/en/os/linux-overview/ macOS Overview: https://www.privacyguides.org/en/os/macos-overview/ Qubes Overview: https://www.privacyguides.org/en/os/qubes-overview/ Windows: https://www.privacyguides.org/en/os/windows/ Group Policy Settings: https://www.privacyguides.org/en/os/windows/group-policies/ ``` -------------------------------- ### Old Collapsible Admonition Format Example Source: https://www.privacyguides.org/en/meta/admonitions Illustrates the deprecated collapsible admonition format with a custom title. This format is also no longer used on the site. ```markdown ??? example "Custom Title" Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor massa, nec semper lorem quam in massa. ``` -------------------------------- ### uBlock Origin Installation Links Source: https://www.privacyguides.org/en/browser-extensions Provides direct download links for uBlock Origin across different browsers, including Firefox, Chrome, and Edge. ```text Mozilla Firefox: https://addons.mozilla.org/firefox/addon/ublock-origin Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak ``` -------------------------------- ### KeePass/KeePassXC Security with YubiKey Source: https://www.privacyguides.org/en/basics/multi-factor-authentication KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication with YubiKeys. External documentation is provided for setup. ```text KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. ``` -------------------------------- ### System Update Commands Source: https://www.privacyguides.org/en/os/linux-overview Commands to update the operating system and install firmware updates. These commands are essential for patching security vulnerabilities and ensuring the system is up-to-date. ```bash sudo apt update && sudo apt upgrade sudo pacman -Syu sudo dnf upgrade sudo fwupdmgr refresh --force sudo fwupdmgr get-updates sudo fwupdmgr update ``` -------------------------------- ### Operating System Overviews Source: https://www.privacyguides.org/en/android/distributions Provides links to detailed overviews of various operating systems, focusing on their privacy and security features. This includes information on Android, iOS, Linux, macOS, Qubes OS, and Windows. ```APIDOC Operating Systems: Overview: Provides a general overview of operating systems and their privacy implications. Android Overview: Detailed information on Android privacy and security. iOS Overview: Detailed information on iOS privacy and security. Linux Overview: Detailed information on Linux privacy and security. macOS Overview: Detailed information on macOS privacy and security. Qubes Overview: Detailed information on Qubes OS privacy and security. Windows: Information on Windows privacy and security, including specific settings. Group Policy Settings: Specific guidance on configuring Windows Group Policies for enhanced privacy. ``` -------------------------------- ### Example APK Signature Fingerprints Source: https://www.privacyguides.org/en/android/obtaining-apps Sample output from apksigner showing certificate details and SHA-256, SHA-1, and MD5 digests of the APK's signing certificate. ```text Signer#1 certificate DN: CN=GrapheneOS Signer#1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59 Signer#1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c Signer#1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3 ``` -------------------------------- ### Getting OCSP Responder Information Source: https://www.privacyguides.org/en/advanced/dns-overview This command retrieves information about the OCSP responder for a given server certificate. It helps identify the authority responsible for certificate validation. ```bash openssl ocsp -issuer intermediate.cert -cert server.cert -text -url http://ocsp.example.com ``` -------------------------------- ### Community Platforms Source: https://www.privacyguides.org/en/about Information about the community platforms used by Privacy Guides. This includes their new discussion forum, existing Matrix community, and the replacement of GitHub Discussions. ```Community Forum: https://discuss.privacyguides.net Matrix: https://matrix.to/#/#privacyguides:matrix.org GitHub: https://github.com/privacyguides ``` -------------------------------- ### Mailbox.org Description Source: https://www.privacyguides.org/en/tools Provides a description of Mailbox.org, highlighting its focus on security, being ad-free, eco-friendly power, operation start year, company location, and initial storage capacity. ```text Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed. ``` -------------------------------- ### SimpleLogin Self-Hosting Documentation Source: https://www.privacyguides.org/en/self-hosting Provides links to the homepage, admin documentation, and source code for SimpleLogin, an email aliasing service. ```APIDOC SimpleLogin: Homepage: https://www.privacyguides.org/en/email-aliasing/#simplelogin Admin Documentation: https://github.com/simple-login/app#prerequisites Source Code: https://github.com/simple-login ``` -------------------------------- ### Paaster Self-Hosting Documentation Source: https://www.privacyguides.org/en/self-hosting Provides links to the homepage, admin documentation, and source code for Paaster, a pastebin service. ```APIDOC Paaster: Homepage: https://www.privacyguides.org/en/pastebins/#paaster Admin Documentation: https://github.com/WardPearce/paaster#deployment Source Code: https://github.com/WardPearce/paaster ``` -------------------------------- ### Signal Username Setup and Privacy Configuration Source: https://www.privacyguides.org/en/real-time-communication Instructions for setting up a Signal username to hide your phone number and configuring privacy settings to limit who can see your number and find you by it. ```APIDOC Signal Configuration Steps: 1. Open Signal app settings. 2. Tap account profile. 3. Tap 'Username' and then 'Continue'. 4. Enter a username (e.g., '@john.35'). 5. Go back to main app settings and select 'Privacy'. 6. Select 'Phone Number'. 7. Change 'Who Can See My Number' to 'Nobody'. 8. (Optional) Change 'Who Can Find Me By Number' to 'Nobody'. ``` -------------------------------- ### Tor Browser Recommendations Source: https://www.privacyguides.org/en/android Information and recommendations for using the Tor Browser for enhanced online privacy. This section likely covers setup, usage tips, and its role in anonymous browsing. ```markdown * [Tor Browser ](https://www.privacyguides.org/en/tor/) ``` -------------------------------- ### Secure Your Network - Hardware Considerations Source: https://www.privacyguides.org/en/basics/hardware This section focuses on hardware-related strategies for securing your network. It discusses principles like compartmentalization and minimalism, and provides guidance on choosing and configuring routers for enhanced privacy. ```markdown * [ Secure your Network ](https://www.privacyguides.org/en/basics/hardware/#secure-your-network) * [ Compartmentalization ](https://www.privacyguides.org/en/basics/hardware/#compartmentalization) * [ Minimalism ](https://www.privacyguides.org/en/basics/hardware/#minimalism) * [ Routers ](https://www.privacyguides.org/en/basics/hardware/#routers) ``` -------------------------------- ### Router Firmware Recommendations Source: https://www.privacyguides.org/en/tools Suggests open-source router firmware options that enhance network security and privacy. ```markdown * [OpenWrt](https://www.privacyguides.org/en/router/#openwrt) * [OPNsense](https://www.privacyguides.org/en/router/#opnsense) ``` -------------------------------- ### Old Admonition Format Example Source: https://www.privacyguides.org/en/meta/admonitions Demonstrates the deprecated '!!! note' admonition format used previously on the site. This format is no longer recommended due to compatibility issues with translation software. ```markdown !!! note Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor massa, nec semper lorem quam in massa. ``` -------------------------------- ### Privacy Guides Recommendation Criteria Source: https://www.privacyguides.org/en/notebooks Privacy Guides recommends projects based on standard criteria and specific requirements for privacy and security. Key minimum requirements include open-source clients, E2EE for cloud sync, and support for exporting documents in a standard format. ```text Minimum Requirements * Clients must be open source. * Any cloud sync functionality must be E2EE. * Must support exporting documents into a standard format. Best Case * Local backup/sync functionality should support encryption. * Cloud-based platforms should support document sharing. ``` -------------------------------- ### Privacy Provider Recommendations Source: https://www.privacyguides.org/en/desktop Lists recommended providers for various privacy-focused services, such as cloud storage, DNS, email, and VPNs. ```APIDOC Providers: - Cloud Storage: https://www.privacyguides.org/en/cloud/ - Data Removal Services: https://www.privacyguides.org/en/data-broker-removals/ - DNS Resolvers: https://www.privacyguides.org/en/dns/ - Email Aliasing: https://www.privacyguides.org/en/email-aliasing/ - Email Services: https://www.privacyguides.org/en/email/ - Financial Services: https://www.privacyguides.org/en/financial-services/ - Photo Management: https://www.privacyguides.org/en/photo-management/ - Search Engines: https://www.privacyguides.org/en/search-engines/ - VPN Services: https://www.privacyguides.org/en/vpn/ ``` -------------------------------- ### Admonition Types and Examples Source: https://www.privacyguides.org/en/meta/admonitions This section lists various types of admonitions that can be used, such as 'note', 'info', 'warning', and 'danger'. Each type can be substituted into the HTML structure to categorize the call-out content. ```markdown * `note` * `abstract` * `info` * `tip` * `success` * `question` * `warning` * `failure` * `danger` * `bug` * `example` * `quote` ``` -------------------------------- ### Tuta Description Source: https://www.privacyguides.org/en/tools Provides a description of Tuta (formerly Tutanota), emphasizing its focus on security and privacy through encryption, operation start year, company location, and free account storage. ```text Tuta (formerly _Tutanota_) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage. ``` -------------------------------- ### Running apksigner for Verification Source: https://www.privacyguides.org/en/android/obtaining-apps Executes the apksigner tool from the Android build-tools to verify APK signatures. ```bash ./build-tools/29.0.3/apksigner ``` -------------------------------- ### Configure Automatic Software Updates Source: https://www.privacyguides.org/en/os/ios-overview Ensure your iPhone has the latest security fixes by enabling automatic updates. This includes downloading iOS updates, installing them, and applying security responses. ```APIDOC Software Update Settings: Automatic Updates: - Enable Download iOS Updates: Automatically download new iOS versions. - Enable Install iOS Updates: Automatically install downloaded iOS updates. - Enable Security Responses & System Files: Automatically install critical security patches and system files. ``` -------------------------------- ### Kobold.cpp Documentation and Source Source: https://www.privacyguides.org/en/ai-chat Provides links to the Kobold.cpp project's README, documentation, source code, and security policy on GitHub. Also includes download links for releases. ```APIDOC Kobold.cpp: Source Code: [](https://github.com/LostRuins/koboldcpp "Source Code") Documentation: [](https://github.com/LostRuins/koboldcpp/wiki "Documentation") Security Policy: [](https://github.com/LostRuins/koboldcpp/blob/2f3597c29abea8b6da28f21e714b6b24a5aca79b/SECURITY.md "Security Policy") Downloads: * Windows: [](https://github.com/LostRuins/koboldcpp/releases) ```