Security and Privacy Best Practices. This list is not meant to be user-friendly. You can contribute on .
Last update: 08/14/2017
Hardware
x86 Platforms
Any platform supported by
Note: It is suggested to use Thinkpad x60 or x200. They were the firsts to support libreboot, so it's stable and clean. They have issues, though: proprietary wifi card (you have to remove it), microphone, bluetooth card, blobbed Embedded Controller, infra-red and speakers (use headphones).
You can also achieve good security using and
ARM Platforms
Boards based on i.MX*:
Note: You have to reflash uBoot to make sure it's not altered.
POWER Platforms
MIPS Platforms
SPARC64 Platforms
supported platforms
RISC-V Platforms
No real implementation yet. Looking hopefully to
Wifi Card
Any Ralink device from
Keyboard
Storage
Display
GPU
Note: The project failed. It's a good idea, though.
One-Time Passphrase Device
RNG Device
Side-Channel Attacks Mitigation
Main concerns are , , Shoulder Surfing and CCTV
(TEMPEST)
(TEMPEST)
(Acoustic)
Note: It has to be stochastic. Digital white-noise players don't work.
If in public, may help with shoulder surfing or security cameras recording you.
(Shoulder Surfing)
(CCTV)
Note: Yes, it looks stupid.
Hide with
Misc
Firmware
(Caution, Google Link!)
- Check
Operating Systems
(set )
(with for FDE)
VPS and Dedicated Servers
You SHOULD NOT trust these companies. Use with caution and anonymize yourself.
VPN
Get a VPS and do your own VPN. Use for now, look for WireGuard in future.
Email
Try no to use email as much as you can. If you need it, do your own using . Use client.
HTTP server
OpenBSD's
DNS
Cache with
Document Encryption
Blog
Repository
Anonymous Networks
Note: you have to setup and TorDNS with DNSPort configured on torrc (check also ). It's quite obvious but: donot run Tor as root.
Cryptocoins
Note: check also or similar for bitcoin cards. Always buy bitcoin using money, and then use a BT Mixer(through Tor). As always: bitcoin is not anonymous, be careful. That's why we're suggesting Dashcoin instead.
Passphrase Manager
Instant Communication
(currenly in beta)
File Sharing
(route through Tor for anonymity)
RSS Readers
Web Browsers
from OpenBSD ports
PDF Reader
from command line, without javascript decoding
Window Manager
(it has by default)
(basically a port of dwm to Wayland - cited here because of it's simple code. Not audited.)