From 448797ad41c86757606c28cb0c3bdb3946ed7d86 Mon Sep 17 00:00:00 2001 From: Zola Gonano Date: Thu, 16 May 2024 17:33:09 +0000 Subject: [PATCH 1/2] Write 'Open-source means private' and 'Chapter 1's ending' --- src/chapter_1.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/chapter_1.md b/src/chapter_1.md index 87ff1a9..0961a32 100644 --- a/src/chapter_1.md +++ b/src/chapter_1.md @@ -62,4 +62,14 @@ The reason for this uncertainty is that they're not transparent about how they i However, in the case of something like Google Drive, which offers a reasonable amount of free cloud storage, you can still use it. If you already have a Google account associated with your identity, you can use that Google Drive to upload some encrypted data that you don't have space for elsewhere. Just because it's Google doesn't mean it's pure evil, and there can still be uses for it. You can use Google once you're self-conscious about your privacy. -Although, every day, more and more privacy-friendly alternatives are emerging. In the near future, you might not need to use Google or other similar companies. \ No newline at end of file +Although, every day, more and more privacy-friendly alternatives are emerging. In the near future, you might not need to use Google or other similar companies. + +## Open-source means private + +Yes, open-source software is more transparent than proprietary software and has the potential to be more secure and private. However, transparency and potential alone don't make them more private or secure. It's essential to look for independent audits of the software you intend to use. Also, being proprietary doesn't necessarily mean it's less safe. Assess the reputation of the software and its maintainers and determine whether it undergoes audits. + +--- + + + +These were some of the most common myths about online privacy and security. Countless misconceptions exist, and in such situations, it's crucial to approach them with logic rather than bias. We need to plan out where to focus our time and energy wisely. The next chapter will delve into threat modeling and the common threats you should be aware of before designing your own threat model. \ No newline at end of file From 59d03a8c027e4e2660d31248edb276c269210ccb Mon Sep 17 00:00:00 2001 From: Zola Gonano Date: Thu, 16 May 2024 17:34:40 +0000 Subject: [PATCH 2/2] Fix a typo in 'VPNs are Anonymous' --- src/chapter_1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/chapter_1.md b/src/chapter_1.md index 0961a32..a481e9b 100644 --- a/src/chapter_1.md +++ b/src/chapter_1.md @@ -32,7 +32,7 @@ Also, they don't do a good job at hiding your real IP. With most VPN companies, Even if your VPN provider doesn't log anything, the datacenters hosting their servers surely will. Another thing is that VPNs are vulnerable to traffic analysis; the VPN traffic can be analyzed to find patterns that indicate the source and destination of your traffic. And that's okay; VPNs aren't meant to be anonymity tools after all. -Another problem with VPNs is fingerprinting. With Tor, you have the Tor Browser, which is designed to make all Tor users look identical. But with VPNs, you're the most unique person on this planet, especially if you have a browser that is modified in any way or if you're using an operating system like Linux or BSD. Even the smallest changes can make you super unique when it comes to fingerprinting, and that's not what you want for anonymity. For privacy, though, that would be fine. You can safely use a hardened Firefox, for example, for your personal usage, like watching YouTube and paying your bills. That's actually a good move. In that scenario, you don't need to look like everybody else; you can be unique. I'll cover fingerprinting more in the next chapter. +Another problem with VPNs is fingerprinting. With Tor, you have the Tor Browser, which is designed to make all Tor users look identical. But with VPNs, you're the most unique person on this planet, especially if you have a browser that is modified in any way or if you're using an operating system like Linux or BSD. Even the smallest changes can make you super unique when it comes to fingerprinting, and that's not what you want for anonymity. For privacy, though, that would be fine. You can safely use a hardened Firefox, for example, for your personal usage, like watching YouTube and paying your bills. That's actually a good move. In that scenario, you don't need to look like everybody else; you can be unique. I'll cover fingerprinting more in the next chapters. If you want to maintain your anonymity, you should use tools specifically built for it, like Tor (and the Tor Browser). What Tor does is precisely what its name stands for: the onion router. It works like an onion, encrypting your data in three layers. As the data passes through each Tor relay, one layer of encryption will be removed, revealing the address of the next relay in the chain until the data reaches the final destination. When browsing the clearnet with Tor, your last relay will be a node called the exit node. The exit node is able to see the data inside your packet, but it won't know for sure where the packet originated. To trace a packet back to its sender, all relays that your traffic passes through must be controlled by one person, which is very unlikely and costly to implement.