This page contains security-related recommendations. Kindly note that we exclusively recommend hardware, software and services which we actually use and own. We do not recommend any products based on sponsoring or things we only know from hearsay.
- [BLO] blogs
- [BOO] books
- [HW] hardware
- [POD] podcasts
- [SRV] services
- [SW] software
- [WS] website
Follow us on Mastodon:
General information security topics
Other interesting projects from the InfoSec world.
- [BLO]: Scott Helme (InfoSec blog)
- [BLO]: n-o-d-e (interesting hardware projects)
- [POD]: Security Now hosted by Steve Gibson and Leo Laporte (weekly podcast) (#securitynow)
- [POD]: StormCast (daily 5-10 minute information security threat updates)
- [WS]: Information Security Stack Exchange (question and answer site for information security professionals)
- [WS]: EFF Security Education Companion (for digital security educators)
- [WS]: EFF Surveillance Self-Defense (tips, tools and how-tos for safer online communications)
- [WS]: IT and Information Security Cheat Sheets (cheat sheets on different topics)
- [WS]: OWASP Cheat Sheet Series (cheat sheets on different topics)
Your home network connects you and your family to the internet. The most vulnerable point is your router since it has to fulfill different functions and is the primary point of entry for a remote attacker. Feel free to read our home network security series.
- [BOO]: Introducing Basic Network Concepts (PDF file)
- [BOO]: Meyers: CompTIA Network+ Certification, ISBN 978-0-07-184821-3
- [BOO]: Kizza: Guide to Computer Network Security, ISBN 978-3-319-55606-2
- [BOO]: Lowe: Networking for dummies, ISBN 978-1-119-25777-6
- [BOO]: Peterson/Davie: Computer Networks: A Systems Approach (online)
- [BLO]: Router security blog by Michael Horowitz
- [HW]: Turris Omnia (open hardware and open source router) (#turris-omnia)
Many private users are totally focused on HTTPS, and forget about their insecure DNS traffic. Cleartext DNS traffic can be modified or logged, and third parties can learn about your surfing habits. People who are familiar with network protocols and DNS can configure DNSSEC as well as DNS-over-TLS. If configured correctly, you get validated DNS responses, and your DNS traffic is authenticated and encrypted.
- check our DNS-related articles
- [WS]: DNS Privacy Project (collaborative open project to promote, implement and deploy DNS Privacy)
- [WS]: DNS leak test (see the DNS server that is used by your client)
- [WS]: Public recursive name server list on Wikipedia
- [WS]: DNS Privacy Public Resolvers
- [WS]: DNS Privacy Test Servers
Identity theft is a main threat to individuals on the internet. The best way to defend your personal data online is to stop using online services at all. This is quite unrealistic. Another way is to use services which provide cryptographic proof so others can verify that you actually own certain online accounts.
Ask 10 people about their preferred instant messenger and you’ll get 15 recommendations. Some people say that federation is best for privacy (no), some recommend closed-source messengers like Threema and most people keep on using WhatsApp. We aren’t interested in wars of opinions and stay with the facts.
- [SRV]: Signal (#signal)
- [SW]: ChatSecure (iOS only)
- [SW]: Conversations (Android only)
- [SW]: Gajim (Desktop OS only)
Security warning: XMPP server admins can access and manipulate all of your data including contacts, groups, password etc. They can also inject messages. This is not only a security nightmare but also anything but privacy-friendly. Because of that we repeat our recommendation: Use Signal or run your own XMPP server.
Usability note: Well-known XMPP clients implement XMPP itself, however, they do not implement each and every XEP. This means that you have to carefully evaluate which XEPs you want to use and whether your client supports them. Especially “XEP-0384: OMEMO Encryption” isn’t widely or only partially (e.g. no OMEMO in MUCs) supported by clients.
We recommend the following operating systems for advanced users:
- [SW]: Parrot OS Security Edition (security testing + software development)
- [SW]: Debian (server operating system)
- [SW]: Arch Linux (client operating system)
The following repositories contain useful resources and links:
- [WS]: Awesome Infosec
- [WS]: Awesome Hacking
- [WS]: Awesome Security
- [WS]: Awesome Social Engineering
- [WS]: Awesome Web Security
- [WS]: Probable Wordlists
Secure key and password storage
If you use GnuPG, SSH etc., you probably store your keys on your computer. This isn’t very secure and stolen keys can result in data breaches (SSH) and decrypted messages (GnuPG). Use dedicated security hardware to store your keys. Furthermore, use password management software like KeePass to store your passwords encrypted. Some products also support OATH-TOTP and/or U2F for 2FA.