Merge pull request #13 from zolagonano/review_and_appendix

Finish Review and Appendix

book.toml

@@ -13,4 +13,6 @@ command = "mdbook-mermaid"
 [output]
 
 [output.html]
+git-repository-url = "https://github.com/zolagonano/a-ninjas-handbook"
+mathjax-support = true
 additional-js = ["mermaid.min.js", "mermaid-init.js"]

src/SUMMARY.md

@@ -1,13 +1,15 @@
 # Summary
 
 - [Introduction](./introduction.md)
-- [Chapter 1](./chapter_1.md)
-- [Chapter 2](./chapter_2.md)
-- [Chapter 3](./chapter_3.md)
-- [Chapter 4](./chapter_4.md)
-- [Chapter 5](./chapter_5.md)
-- [Chapter 6](./chapter_6.md)
-- [Chapter 7](./chapter_7.md)
-- [Chapter 8](./chapter_8.md)
+- [Chapter 1: Pirvacy Myths](./chapter_1.md)
+- [Chapter 2: Threat Modeling](./chapter_2.md)
+- [Chapter 3: Operational Security](./chapter_3.md)
+- [Chapter 4: Privacy Essentials](./chapter_4.md)
+- [Chapter 5: All About Encryption](./chapter_5.md)
+- [Chapter 6: Fingerprints and Footprints](./chapter_6.md)
+- [Chapter 7: Going Anonymous](./chapter_7.md)
+- [Chapter 8: Moving Forward](./chapter_8.md)
+- [Appendix A: Technical Details](./appendix_a.md)
+- [Appendix B: Additional Resources](./appendix_b.md)
 - [Acknowledgements](./acknowledgements.md)
 - [Donations and Support](./donations_and_support.md)

src/acknowledgements.md

@@ -1,3 +1,5 @@
+# Acknowledgements
+
 This book was a mess, is a mess, and will be a mess because I refused to use AI to write it. The content and structure are poorly written by me. I am not a writer, not a native English speaker, and I have no idea what I am doing (in terms of writing a book, of course). But this book is not AI-free; I have used AI only and ONLY to fix my grammar mistakes (where I don’t have that many, to be honest) and my misspellings. Although the AI might have decided that my human mind’s vocabulary is not complex enough for the readers of this book and changed them (which are fixed and rewritten in the review), I would rather write a poorly structured book, with the vocabulary of a 10-year-old, than have it written by a soulless algorithm, as everything is nowadays. So AI has been ONLY a tool to fix grammar and misspellings of this book; it has had no influence on the content, structure, wordings, and tone. If it is bad, that is my fault, and I take full responsibility for it.
 
 Writing this book wouldn't have been possible if it weren’t for those boring classes I had to take at the university last term. The boredom they gave me made me start the book that I had wanted to start for years, and for the moral support of the good friends who stood by me and wish to remain unnamed.

src/appendix_b.md

@@ -0,0 +1,144 @@
+# Appendix B
+
+## Additional Resources for Chaper 1:
+
+**Books**
+
+- **"Nothing to Hide: The False Tradeoff Between Privacy and Security"** by Daniel J. Solove
+  - Breaks down why the idea that privacy and security are at odds is a total myth.
+
+- **"The Age of Surveillance Capitalism"** by Shoshana Zuboff
+  -  Looks at how big tech companies are cashing in on our personal info and what that means for us.
+
+- **"The Transparent Society"** by David Brin
+  - Talks about how being open and being watched affects us, and how to keep a balance between the two.
+
+- **"VPNs Illustrated: Tunnels, VPNs, and IPsec"** by Jon C. Snader
+  - A  book covering the details of VPN technologies, including IPsec and other tunneling methods.
+- **"Network Security Essentials: Applications and Standards"** by William Stallings
+  - Covers the basics of network security, including important apps and standards to keep your data safe.
+
+- **"Applied Network Security Monitoring: Collection, Detection, and Analysis"** by Chris Sanders and Jason Smith
+  - A guide on how to monitor your network for security threats, from collecting data to spotting and analyzing attacks.
+
+**RFCs:**
+
+- **[RFC 2401 - Security Architecture for the Internet Protocol](https://www.rfc-editor.org/info/rfc2401)**: Explains the basic framework for IPsec, a bunch of protocols to secure internet communications.
+
+- **[RFC 4301 - Security Architecture for the Internet Protocol](https://www.rfc-editor.org/info/rfc4301)**: An updated guide to IPsec, outlining how its security features work together.
+
+- **[RFC 1826 - IP Authentication Header](https://www.rfc-editor.org/info/rfc1826)**: Talks about the IP Authentication Header (AH) for ensuring data integrity and confirming where data comes from.
+
+- **[RFC 4507 - Transport Layer Security (TLS) Session Resumption without Server-Side State](https://www.rfc-editor.org/info/rfc4507)**: Describes how to resume TLS sessions efficiently, which is useful for VPNs that use TLS.
+
+- **[RFC 4306 - IKEv2: The Internet Key Exchange Protocol Version 2](https://www.rfc-editor.org/info/rfc4306)**: Details how IKEv2 handles key exchanges, a key part of many VPN setups.
+
+**Online Technical Guides and Resources:**
+
+- **[Cisco’s VPN Protocols Overview](https://www.cisco.com/c/en/us/td/docs/ios/solutions_docs/vpdn/VPDNover.pdf)**  
+   - Detailed information about VPN protocols and technologies.
+- **[OpenVPN Protocol Documentation](https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/)**  
+   - In-depth details about the OpenVPN protocol, including its configuration and security features.
+- **[WireGuard Protocol Documentation](https://www.wireguard.com/protocol/)**  
+   - Official documentation for WireGuard, a modern and efficient VPN protocol.
+- **[TLS/SSL Protocol Overview](https://wiki.openssl.org/index.php/SSL_and_TLS_Protocols)**  
+   - Information on the Transport Layer Security (TLS) protocol, which is used in some VPNs for encrypting data.
+
+## Additional Resources for Chapter 2:
+
+**BOOKS:**
+
+- **Threat Modeling: Designing for Security** by Adam Shostack 
+  - A guide to threat modeling.
+
+- **Security Engineering: A Guide to Building Dependable Distributed Systems** by Ross Anderson
+  - In-depth exploration of security engineering principles.
+
+- **The Art of Invisibility** by Kevin Mitnick
+  - Practical strategies for maintaining privacy online.
+
+**MANUALS & SPECIFICATIONS:**
+
+- *[OWASP Threat Modeling Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeling_Cheat_Sheet.html)* : Practical guidance for threat modeling.
+
+
+
+## Additional Resources for Chapter 3:
+
+**BOOKS:**
+
+- **Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World** by Bruce Schneier 
+  - Breaks down how big companies collect your data and why it matters.
+
+- **Privacy and Security for Online Accounts** by David A. Chappell 
+  - How-to guide for protecting your online accounts and staying safe online.
+
+**RFCs:**
+
+- [RFC 6750: The OAuth 2.0 Bearer Token Usage](https://tools.ietf.org/html/rfc6750): Specification for secure token usage in OAuth 2.0.
+
+- [RFC 7231: Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content](https://tools.ietf.org/html/rfc7231): Details HTTP and how to secure data transmission.
+
+## Additional Resources for Chapter 4:
+
+**MANUALS & SPECIFICATIONS:**
+
+1. *[PGP (Pretty Good Privacy) User Guide](https://www.pgp.guide/)*: Instructions for using PGP to encrypt email content.
+2. [*Tor Project: Tor Browser Manual*:](https://tb-manual.torproject.org/) Guide to using the Tor Browser.
+3. [*ProtonMail Security Practices*:](https://proton.me/mail/security) Documentation on ProtonMail's encryption practices and security features.
+4. [*Diceware Passphrase*](https://diceware.net/) : Guide for generating secure Diceware passphrases.
+
+## Additional Resources for Chapter 5:
+
+**BOOKS:**
+
+- **"Applied Cryptography: Protocols, Algorithms, and Source Code in C"** by Bruce Schneier  
+  - All about cryptographic algorithms and how to use them in code.
+
+- **"Cryptography and Network Security: Principles and Practice"** by William Stallings 
+  - Deep dive into how cryptographic techniques keep data secure.
+- **"Introduction to Modern Cryptography: Principles and Protocols"** by Jonathan Katz and Yehuda Lindell 
+  - Basics of modern cryptography and how it works.
+
+- **"Practical Cryptography for Developers"** by Svetlin Nakov 
+  - Guide for using cryptography in software development.
+
+- **"The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography"** by Simon Singh 
+  - Cool history of cryptography and its development over time.
+
+**TECHNICAL DOCUMENTS:**
+
+1. [NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation](https://csrc.nist.gov/publications/detail/sp/800-38a/final): Technical details on block cipher modes and their usage.
+2. [NIST Special Publication 800-175B: Guide to Secure Use of Cryptographic Algorithms](https://csrc.nist.gov/pubs/sp/800/175/b/r1/final): Practical guide on the secure use of cryptographic algorithms.
+
+
+
+## Additional Resources for Chapter 6:
+
+**BOOKS:**
+
+- **"Privacy and Data Protection in the Age of Big Data"** by L. Westin  
+  - Explores the intersection of privacy, data protection, and new technologies.
+
+- **"The Privacy Engineer's Manifesto"** by Michelle Finneran Dennedy  
+  - Talks about privacy engineering and practices for protecting personal data.
+
+**MANUALS AND SPECIFICATIONS:**
+
+- [RFC 6454: The "Same-Origin" Policy](https://tools.ietf.org/html/rfc6454): Details the Same-Origin Policy which is critical in understanding web security and fingerprinting.
+- [Canvas Fingerprinting](https://www.w3.org/TR/html5/): Specification for HTML5, including Canvas API used in fingerprinting.
+- [WebGL Specification](https://www.khronos.org/registry/webgl/specs/latest/): Details of WebGL API used for fingerprinting.
+- [AudioContext API Specification](https://www.w3.org/TR/webaudio/): Describes the AudioContext API used in audio fingerprinting.
+- [Tor Project Documentation](https://2019.www.torproject.org/docs/documentation.html.en): Official documentation for Tor Browser and its features for anonymity.
+
+
+
+## Additional Resources for Chapter 7:
+
+**MANUALS AND SPECIFICATIONS:**
+
+- [**Tails User Manual**](https://tails.net/doc/index.en.html): A guide for using the Tails operating system.
+
+1. [**Whonix Documentation**](https://www.whonix.org/wiki/Introduction): Official documentation for setting up and using the Whonix OS.
+2. [**Tor Project’s Tor Browser Manual**](https://tb-manual.torproject.org/): Guide to using the Tor Browser.
+3. [**Qubes OS Documentation**:](https://www.qubes-os.org/doc/) Guide on using Qubes OS.