Do you accept suggestions of links?

[jermanuts]

https://wonderfall.dev/fdroid-issues/
https://cronokirby.com/posts/2021/06/e2e_in_the_browser/

[beerisgood]

Sure!
First link is already included in https://github.com/beerisgood/Smartphone_Security

I will check your second one 🍺

[jermanuts]

https://wonderfall.dev/docker-hardening
All of it https://www.privacyguides.org/basics/threat-modeling/ left section

[beerisgood]

I added all but last one.
Thanks! Your name is also listed in these new commits 🍺

If you don't have more stuff, i would close this issue for now.

[jermanuts]

Thanks for adding some of them!

Got more suggestions :)

https://research.nccgroup.com/2021/10/27/public-report-whatsapp-end-to-end-encrypted-backups-security-assessment/ a research done also on whatsapp E2EE backups https://sudneela.github.io/posts/the-workings-of-whatsapps-end-to-end-encrypted-backups/

https://www.ndss-symposium.org/ndss-paper/improving-signals-sealed-sender/ the video is well explained too.

https://www.scss.tcd.ie/Doug.Leith/pubs/gboard_kamil.pdf

Add https://www.hardenize.com/ , https://mxtoolbox.com/ to (How to test your eMail provider (security & privacy) ??

Also https://youtu.be/aC9Uu5BUxII (monreo)

[jermanuts]

(An Antivirus does not improve your security)

Most of these links are dead and not technical but rather opinion based, maybe in future add archive.org or arhive.ph link when referencing a tweet.

[beerisgood]

(An Antivirus does not improve your security)

Most of these links are dead and not technical but rather opinion based, maybe in future add archive.org or arhive.ph link when referencing a tweet.

Only first link is dead. @Zanthed @terezipyrope

But yeah they’re not technical.
will check your other links. Thanks

[jermanuts]

https://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html
https://www.cryptofails.com/post/70546720222/telegrams-cryptanalysis-contest , https://portswigger.net/daily-swig/multiple-encryption-flaws-uncovered-in-telegram-messaging-protocol. Also no E2EE by default only when enabling secret chat, secret chat isn't available on desktop and some groups are censored by app store/play store.

https://matt.traudt.xyz/posts/2019-10-17-you-want-tor-browser-not-a-vpn/
https://madaidans-insecurities.github.io/encrypted-dns.html , https://madaidans-insecurities.github.io/browser-tracking.html
https://madaidans-insecurities.github.io/security-privacy-advice.html#email
https://www.privacyguides.org/basics/account-deletion/
https://www.privacyguides.org/advanced/erasing-data/#erasing-specific-files
https://www.privacyguides.org/basics/email-security/#email-metadata-overview
https://www.youtube.com/watch?v=QRYzre4bf7I (well explained TOR)
https://www.youtube.com/watch?v=lVcbq_a5N9I (well explained TOR hidden services)

[beerisgood]

I added most of it and also mentioned you again in the commits.
Thank you!

[jermanuts]

Thanks, glad you liked them.

[jermanuts]

https://www.bejarano.io/sms-phishing/
https://mega-awry.io/ (mega.nz flaws, don't trust encrypted storage clouds use cryptomator to upload your files to the cloud)
https://mjg59.dreamwidth.org/59479.html (The Freedom Phone is not great at privacy)

[beerisgood]

Added 🍺

Last link added in https://github.com/beerisgood/Smartphone_Security/blob/main/README.md

[jermanuts]

https://tonyarcieri.com/4-fatal-flaws-in-deterministic-password-managers
https://www.ietf.org/archive/id/draft-nottingham-avoiding-internet-centralization-05.html
https://pseudorandom.resistant.tech/federation-is-the-worst-of-all-worlds.html
https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser
https://rohanrd.xyz/posts/why-you-should-start-self-hosting/

EDIT: do you think the last 2 links fit/related to security?

Not related.
Do you have any way of contacting? Might invite you to servers where you meet like-minded people or for discussing some topics.

[beerisgood]

Password manager link added. Thanks 👍

I read about Meta the other day, but since Meta itself is a problem in itself, i don't see the point of recording individual things about it.
Regarding the other links i have no use.

I am only active on GitHub. All other community platforms are always crap from the users or even from the moderation and i don't want that anymore

[jermanuts]

Thanks for replying,
I was going to recommend #grapheneos:grapheneos.org and https://matrix.to/#/#privacyguides:matrix.org anyway privacyguides is probably not as aggressive as grapheneos when it comes to moderation.

What about #1 (comment) https://www.hardenize.com/ , https://mxtoolbox.com/ they seem to be more accurate than the ones recommended in this repo

guardianproject/haven#454 (haven is broken)
Tox has a severe vulnerability since 2017 and has yet to be fixed as of July 2022 where messages are spoofable.
https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html

Mind changing the antivirus part in this repo with https://privsec.dev/knowledge/badness-enumeration/#antiviruses instead as we discussed #1 (comment)

[beerisgood]

GrapheneOS is already listed in my Smartphone repository.
PrivacyGuides isn’t that good.

Will check your newest links 👍

[beerisgood]

What about #1 (comment) https://www.hardenize.com/ , https://mxtoolbox.com/ they seem to be more accurate than the ones recommended in this repo

while they're nice, both doesn't provide any further information or are even bloated with too much different stuff.

added other ones 🍺

[jermanuts]

https://superuser.com/questions/926517/is-it-safe-to-register-on-an-http-webpage-when-i-am-using-vpn
https://matt.traudt.xyz/posts/2019-10-17-you-want-tor-browser-not-a-vpn/#untruth-vpns-protect-you-from-local-network-hackers
https://daniel.haxx.se/blog/2022/08/10/ipfs-and-their-gateways/

[beerisgood]

Thanks I add both 🍻

Good luck with your collection!

[jermanuts]

https://blog.erethon.com/blog/2022/07/13/what-a-malicious-matrix-homeserver-admin-can-do/

https://blog.erethon.com/blog/2023/06/21/what-happens-when-a-matrix-server-disappears/

https://j3s.sh/thought/fail2ban-sux.html

https://sequoia-pgp.org/blog/2021/06/28/202106-hey-signal-great-encryption-needs-great-authentication/ (messenger problems)

[beerisgood]

thanks I added some.

[CompSciFutures]

Your Messages on Telegram Are Not Encrypted, the Platform Is Not as Private as You Think
Telegram claims to be private and encrypted, but that isn’t really the case.

https://medium.com/secure-words/your-messages-on-telegram-are-not-encrypted-the-platform-is-not-as-private-as-you-think-d14a6342928d

Takeout: only Secret Chat's are e2e encrypted. Everything else is cleartext.

[beerisgood]

@CompSciFutures yes this is sadly still the case since years and I already include three links about that:
https://portswigger.net/daily-swig/multiple-encryption-flaws-uncovered-in-telegram-messaging-protocol
https://www.cryptofails.com/post/70546720222/telegrams-cryptanalysis-contest
https://blog.bytebytego.com/p/ep29-online-gaming-protocol#§is-telegram-secure

[CompSciFutures]

fab :)

…

On Sun, Feb 25, 2024 at 5:54 AM beerisgood ***@***.***> wrote: @CompSciFutures <https://github.com/CompSciFutures> yes this is sadly still the case since years and I already include three links about that: https://portswigger.net/daily-swig/multiple-encryption-flaws-uncovered-in-telegram-messaging-protocol https://www.cryptofails.com/post/70546720222/telegrams-cryptanalysis-contest https://blog.bytebytego.com/p/ep29-online-gaming-protocol#§is-telegram-secure — Reply to this email directly, view it on GitHub <#1 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACGU3TMGC7JWTH6QDL423V3YVIZPBAVCNFSM54FYG5KKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCOJWGI2TGOBRGI2A> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[jermanuts]

https://routersecurity.org/consumerrouters.php

https://passwordbits.com/ Goldmine articles, Ex: https://passwordbits.com/mix-non-english-passwords-secure/

https://www.troyhunt.com/thanks-fedex-this-is-why-we-keep-getting-phished/

[beerisgood]

Thanks.

[jermanuts]

https://educatedguesswork.org/posts/public-wifi/ public wifi security (clears all FUD about public wifi VPN marketing)

Nextcloud E2EE broken

EDIT: Adding quantum resistance to Signal double ratchet algorithm SimpleX Chat 😎

[beerisgood]

https://educatedguesswork.org/posts/public-wifi/ public wifi security (clears all FUD about public wifi VPN marketing)

Nextcloud E2EE broken

EDIT: Adding quantum resistance to Signal double ratchet algorithm SimpleX Chat 😎

Thanks. I added this and also another new post about VPN.
Found also the Nextcloud think in Mastodon a new days ago 🍺

[jermanuts]

https://words.filippo.io/dispatches/telegram-ecdh/ (THE MOST BACKDOOR-LOOKING BUG I’VE EVER SEEN)

TokTok/c-toxcore#426 (https://blog.tox.chat/2023/03/redesign-of-toxs-cryptographic-handshake/)

[beerisgood]

Thanks! I added both 🍻

[wldasf]

Sorry for hijacking this issue but https://ynwarcs.github.io/Win11-24H2-CFG

[beerisgood]

Sorry for hijacking this issue but https://ynwarcs.github.io/Win11-24H2-CFG

Sounds like a good thing for user.

[jermanuts]

https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/

[beerisgood]

Thanks. Added 🍺

[xTrEIX]

Arc Browser insecurity : https://kibty.town/blog/arc/

[beerisgood]

Added 🍺

[jermanuts]

Obvious vulnerabilities in self-proclaimed "most secure messenger"
https://lets.re/blog/ginlo/

https://lets.re/blog/roll-your-own-e2ee-protocol/

https://stulle123.github.io/posts/kakaotalk/secret-chat/

[beerisgood]

Thanks!
Added in d288d2c 🍺