Privacy & Security Guides

͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏ ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏ ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏ ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏ ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏ ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏ ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏ ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏ ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏ ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏ ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏ ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏

Security Researchers

Krebs on Security	Lots of up-to-date, in-depth interesting cyber security news and investigations, by a true legend in the field and NY Times Bestseller, Brian Krebs.
Schneier on Security	Commentary, news, essays and more all about cryptography, cyber security and privacy. New posts are written almost daily, and this is also home to the famous Crypto Gram weekly newsletter, that's been popular since 1994. By the world-renowned security professional, and serial bestselling author, Bruce Schneier.
Underground Tradecraft	Counterintelligence, OPSEC and Tradecraft for everyone.
Errata Security	Covers latest interesting news, and explains concepts clearly. By Robert Graham and David Maynor.
Graham Cluley	Security news, advise and opinion. From Graham Cluley, co-host of Smashing Security.
The Last Watch Dog	Privacy and Security articles, opinion and media by Byron Acohido
Troy Hunt	Security researcher and data breach collector.

Privacy Guides

EFF SSD	- Tips for safer online communications
Restore Privacy	- Tools and guides about privacy and security
Pixel Privacy	- Online privacy guides
https://thetinhat.com	- Tutorials and Articles for Online Privacy
https://www.privacytools.io/	- Tools to protect against mass surveillance
https://prism-break.org	- Secure app alternatives
https://www.theverge.com	- Guides for securing mobile, web and home tech
Oil and Fish	Onion Service Privacy Guide on Protocol Configurations
The New Oil	Welcome to The New Oil. This site is designed to help readers take back control of their data and regain their privacy online.

Cyber Security News

Dark Reading	- Well-known cyber security news site, with articles on a range of topics, ranging from data breaches, IoT, cloud security and threat intelligence.
Threat Post	- News and Articles Cloud Security, Malware, Vulnerabilities, Waterfall Security and Podcasts.
We Live Security	- Security news, views, and insight, by ESET + Community.
The Hacker News	- News and info covering Data Breaches, Cyber Attacks, Vulnerabilities, Malware.
Sophos: Naked Security	- Security news and updates, presented in an easy-to-digest format.
IT Security Guru	- Combines top cyber security news from multiple sites, easier to stay up-to-date.
FOSS Bytes	- Cyber Security - News about the latest exploits and hacks.

Proxy Sites

Nitter (Twitter)	Nitter is a free and open source alternative Twitter front-end focused on privacy, it prevents Twitter from tracking your IP or browser fingerprint. It does not include any JavaScript.
Invidious (YouTube)	Privacy-focused, open source alternative frontend for YouTube.
Bibliogram (Instagram)	Enables you to view Instagram profiles through their proxy without any tracking, great for anonymity.
Libreddit (Reddit)	Private front-end for Reddit written in Rust. Massively faster than Reddit by not including ads, trackers or bloat.

File Sharing

OnionShare - Open source tool that lets you securely and anonymously share a file of any size.

ZeroNet - Decentralized Web site and Web application platform based on the BitTorrent protocol with Bitcoin-like blockchain that has built-in support for anonymization through Tor.

garlicshare - garlicshare is an open source tool that lets you securely and anonymously share files on a hosted onion service using the Tor network.

onionpipe - Onion addresses for anything. onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa.

onionbox - A basic implementation of OnionShare in Go. Send and receive files securely through Tor.

Wormhole - Wormhole lets you share files with end-to-end encryption and a link that automatically expires.

Magic Wormhole | Get things from one computer to another, safely. | MIT license

Awesome Cryptography

A Few Thoughts on Cryptographic Engineering - Some random thoughts about crypto.

https://toc.cryptobook.us - The book covers many constructions for different tasks in cryptography.

https://cacr.uwaterloo.ca/hac/about/toc3.pdf - This book is intended as a reference for professional cryptographers.

https://ia802703.us.archive.org/12/items/cryptoparty/cryptoparty.pdf

The Cloudflare Cryptography Blog

Real-World Cryptography Blog

The cr.yp.to blog

Vaultree Real-time searchable & Fully homomorphic encryption technology. Get the latest updates and news on Cryptography and Cybersecurity from the best cryptographers around the globe.

Taking the Offensive: Threat Hunting and OSINT Tools

https://www.shodan.io	- Search for devices connected to the internet and their vulnerabilities
https://prowl.lupovis.io	- Free IP search & identifications of IoC and IoA
https://intelx.io	- Search engine for data archives.
https://netlas.io	- Search and monitor devices connected to the internet
https://urlscan.io	- Scan a website incoming and outgoing links and assets
https://fullhunt.io	- Identify an attack surface
https://www.zoomeye.org	- Cyberspace search engine, users can search for network devices
https://leakix.net	- Identify public data leaks
https://www.greynoise.io	- Search for devices connected to the internet.
https://search.censys.io	- Get information about devices connected to the internet.
https://hunter.io	- Search for email addresses.
https://www.criminalip.io	- Search for devices connected to the internet. Monitor potential attack vectors.
https://www.wigle.net	- Map wireless access points around the world.
https://grep.app	- Grep across a half million github repos.
https://www.onyphe.io	- Search for devices connected to the internet and monitor attack vector.
https://vulners.com	- A vulnerability database.
https://pulsedive.com	- Search for devices connected to the internet.
grayhatwarfare.com	- Search for S3 buckets that are public.

File Encryption

Provider	Description
VeraCrypt	VeraCrypt is open source cross-platform disk encryption software. You can use it to either encrypt a specific file or directory, or an entire disk or partition. VeraCrypt is incredibly feature-rich, with comprehensive encryption options, yet the GUI makes it easy to use. It has a CLI version, and a portable edition. VeraCrypt is the successor of (the now deprecated) TrueCrypt.
Cryptomator	Open source client-side encryption for cloud files - Cryptomator is geared towards using alongside cloud-backup solutions, and hence preserves individual file structure, so that they can be uploaded. It too is easy to use, but has fewer technical customizations for how the data is encrypted, compared with VeraCrypt. Cryptomator works on Windows, Linux and Mac - but also has excellent mobile apps.
age	age is a simple, modern and secure CLI file encryption tool and Go library. It features small explicit keys, no config options, and UNIX-style composability.

Threat Modeling

OWASP Threat Dragon

Mozilla Seasponge

IriusRisk

eramba

Elevation of Privilege (EoP) Threat Modeling Card Game

Aggregated Latest Crypto News

Latest Crypto News

http://qg24mbrij6rzxr77eovjwjzw7zwn7brmegr3yvwvppj4vhdxeuezkdqd.onion

Aggregated Latest Security News

Latest Security News

http://hpm242zmcxettb74wkl77lruaxq5tsmrg4ewwkywxyisy6ub7dk5l7id.onion/securitynews/

IntelTechniques Search Tools by Michael Bazzel

Intel Techniques

https://inteltechniques.com/tools

These tools were created as a supplement to the book Open Source Intelligence Techniques, 9th Edition and the IntelTechniques online OSINT training.

This list will be continuously updated. Please feel free to submit additions.

Here are some resources I like...

Techlore makes videos (cross-posted to YouTube, LBRY/Odysee, and PeerTube) and maintains community-driven data on VPNs.

The New Oil also makes videos (YouTube, Odysee, PeerTube) and writes a blog.

These two do a podcast together called Surveillance Report.

Michael Bazzell runs a site called IntelTechniques and does a podcast called The Privacy, Security, & OSINT Show (formerly The Complete Privacy & Security Podcast).

Switching.Software is a great resource for finding more private/secure/ethical alternatives (along the lines of PRISM Break).

PrivacyGuides.org (onion) is run by the people who used to run PrivacyTools.io. (See this blog post and this Reddit post for more on that.)

Some other privacy-friendly frontends:

librarian for LBRY/Odysee
ProxiTok for TikTok
Scribe for Medium

There's also https://farside.link/ which lists many instances and can automatically redirect you to an instance of a given frontend. (See its GitHub repo for more info.)

/u/AlphaZero · 3 votes · 10 months ago · Link

You deserve jazzier flair than just 'moderator' if you're going to slang posts this sexy around these here parts

/u/HeadJanitor Moderator

· 1 votes · 10 months ago · Link

Thank you, /u/AlphaZero - I'll keep it alive in here with fresh content to give us a better outlook.

/u/Hungry_Eyes O_O · 2 votes · 10 months ago · Link

Great info. Thanks.

Thank you!

/u/Akar · 2 votes · 10 months ago · Link

Very informative. Be sure to list Mental outlaw, He make videos about all three topics and most info he gets from here.

· 1 votes · 9 months ago · Link

Shall do; thanks for the mention. We need the good stuff!

/u/Grecchi · 1 votes · 6 months ago · Link

Yes. Outlaw is all over the DW stuff.

/u/Cyberjagu · 2 votes · 10 months ago · Link

/u/HeadJanitor always high quality posts

I cherish that you shared :)

· 2 votes · 9 months ago · Link

DAMN! You really push the momentum and drive for me. I didn't think this was going to be a big deal but hearing it from you----I'll put some work into it. Thank you.

/u/bf703c91 · 2 votes · 8 months ago · Link

Under Privacy Guides, add Oil and Fish

http://ajp3kyuubtuxuizdufvdpslr2m5cn7jo3xwf7txttckwzxvjaqkedhqd.onion

· 1 votes · 8 months ago · Link

Sweet, thank you!

Done!

/u/alexpo · 1 votes · 10 months ago · Link

Great post thank you so much.

Was also wondering how you felt about portswigger? They have some interesting resources on cybersecuity and programming in general. I also think they're behind BurpSuite.

THANK YOU. Gotta keep it live. I go through the sites--sometimes too quickly just in search of post-worthy material. The BurpSuite is what pivotal to the field. I'm comprehensive in that it covers every aspect of vulnerability scanning.

/u/newbieforever2018 "You've got ★bail★" · 1 votes · 10 months ago · Link

Do you personally get information from any of the sites mentioned above regarding how to cash out all of your upvotes safely?

I look through the site for newsworthy posts. My posts is the inverse of my value. At some point, I'll be thin air.

/u/newbieforever2018 "You've got ★bail★" · 2 votes · 10 months ago · Link

I believe that your value increases exponentially with each quality topic such as this one. The way that the math works out is that your fans already know to expect quality no matter what the topic but there are always noobs who first stumble upon your works and all of them tell their friends thus becoming a threat to your dread private message systems capabilities to contain the volume of messages generated as responses. So one could say that you are a drain on the systems resources but in a good way if that makes sense. Thanks Mr Alp wherever you are.

Thousand points for that. I'm about to head home and I can't wait to start that drive. Glad Mr. Alp has been taking care of you.

/u/fantomas · 1 votes · 10 months ago · Link

Why no links to the sites?

Good call! I'll plug in the links -- I had more sites to add.

/u/FUDPolice woop woop · 1 votes · 9 months ago · Link

I'm a big fan of privacytools, however, I preferred them when they were electing to be impartial and not affiliated with any companies. Whilst not exhaustive it's a good starting point

These days (honestly) it's so hard to find the impartial (I don't even watch news). If I scoop up a pile do you think you can sort it out for me within a week or so?

Message me just a few to go into these categories. I mean, there are so many, I'm not trying to turn it into a phone book but just get the 'basics' out there.

/u/capitcha · 1 votes · 9 months ago · Link

Phenomenal list, would be better with links but still great information.

Thank you! We all start somewhere.

/u/StrangeLoops · 1 votes · 9 months ago · Link

Great resources. A few additions I would add would be the Whonix and Kicksecure wikis, which in my opinion together amount to an incredibly comprehensive overview of the full ins and outs to the technical side of OpSec for this discipline. The complete content of both wikis are available for download on GitHub, also, so that they can be viewed offline. Another resource for articles and papers called The Counter-Surveillance Resource Center hosts some good content. Lastly, Free Haven's Selected Paper's in Anonymity is a Tor Project-affiliated bibliography of a massive collection of papers dating back to 1977 on the subject of anonymity.

Whonix: http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Documentation

Kicksecure: http://www.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion/wiki/Documentation

Counter-Surveillance Resource Center: http://aka3xvhiygnchpsbrilphkzbdxtvr6j6pc7hluf6mf2ddruttsikswad.onion

Selected Paper's in Anonymity: http://7fa6xlti5joarlmkuhjaifa47ukgcwz6tfndgax45ocyn4rixm632jid.onion/anonbib/index.html

Fantastic. The stuff need. I'll add these on thanks to you!

Sure. Here's two aggregate sources that are good as well.

Latest Security News: http://hpm242zmcxettb74wkl77lruaxq5tsmrg4ewwkywxyisy6ub7dk5l7id.onion

Latest Crypto News: http://qg24mbrij6rzxr77eovjwjzw7zwn7brmegr3yvwvppj4vhdxeuezkdqd.onion

Nice, I'll give this page a full make over, activate the links and pin it to the top of the subdread. Thank you!

Updated! Thank you!

/u/Hep · 1 votes · 9 months ago · Link

thanks a lot

/u/wokeMindedFeminazi · 1 votes · 9 months ago · Link

hmmmmmm.... PRivAcy TooLSss.io???? when it comes to privacy and security we should consider not to trust on advertisings, they're shilling lots of software under USA jurisdiction(the country #1 on massive data collection) , for example: Brave, DuckDuckgo, BitWarden.

I just went through the first 45% of the site --- 98% of the objects mentioned were free. Brave, DuckDuckGo and BitWarden will find their place shortly. Brave is already making deals for a paid VPN and Telemetry with Microsoft. Everything eventually finds its proper place.

/u/FanFanFan · 1 votes · 8 months ago · Link

didn't the privacytools team except their leader leave and make a new project privacyguides? It does not have affiliate links, as far as I know.

some of privacytools' current recommendations are weird, like IPFS, it does not have anything to do with privacy AFAIK.

/u/G-Lock18 · 1 votes · 9 months ago · Link

Nicely organized and based

Thank you, Fully Auto Nine.

/u/fergustos · 1 votes · 9 months ago · Link

Thnx man

My pleasure. Thank you!

/u/An_I2P_User · 1 votes · 9 months ago · Link

I recommend removing That One Privacy Site from this list.

While it was once a fantastic resource, That One Privacy Site has merged with SafetyDetectives (Libreddit onion mirror). Safety Detectives is owned by Kape Technologies, a super sketchy company which owns both multiple VPNs and VPN review sites (big conflict of interest!), and the Safety Detectives VPN page (which thatoneprivacysite.net now redirects to) conveniently decided that 3 Kape-owned VPNs belong in the top 4. Windscribe (a competing VPN company, so don't overlook that bias) wrote a good post about this consolidation of the VPN industry which talks specifically about Kape with sources.

Thank you. I need good insight like this. 'That One Privacy Site' will be removed.

If you know of any good ones, please let me know.

Thank you so much for this. On the weekend I'll get busy with this post and make all the above into links as well. I greatly appreciate your input.

/u/Carl173 · 1 votes · 8 months ago · Link

hoq do i send an anonymous pic

Clear all the EXIF data and upload it then share the link.

http://uoxqi4lrfqztugili7zzgygibs4xstehf5hohtkpyqcoyryweypzkwid.onion

https://imgbb.com/

how do i do the first part im so new to trying thid psrt of the darkweb

Download the release (version) that applies to your computer. Drag & drop.

https://github.com/szTheory/exifcleaner/releases

/u/HoodNerd · 1 votes · 8 months ago · Link

fuck krebs.

/u/akkarin · 1 votes · 7 months ago · Link

belated thanks.

· 1 votes · 7 months ago · Link

Appreciated as always. Thank you, /u/akkarin

/u/aurelia91 · 1 votes · 7 months ago · Link

Awesome list, thanks for sharing! Especially helpful to me as a CS/Cyber student

· 3 votes · 7 months ago · Link

/post/41936e8dacffa43b4e0b

Hope it helps.

/u/aurelia91 · 1 votes · 6 months ago · Link

Definitely helps, thank you /u/HeadJanitor!

· 1 votes · 6 months ago · Link

You're very welcome. Hopefully there was something that met your needs. Have a wonderful day.

· 2 votes · 7 months ago · Link

THAT is awesome. I'll send you another list that will completely fulfill your needs.

/u/kr4ck3n · 1 votes · 7 months ago · Link

Awesome compilation of resources. Thanks for sharing!

/u/startwiping · 1 votes · 5 months ago · Link

Do you think the extension libredirect or privacy redirect should be added? There's also thenewoil.org which talks about privacy.

· 1 votes · 5 months ago · Link

Should I place thenewoil.org under privacy guides?

Let's test out a privacy re-redirect.

Yeah new oil is privacy guides. I've heard lib redirect is better than privacy redirect but they're just extensions for automatically redirecting to proxy sites.

The New Oil is now up - thank you!

What do you think about ArkenJS?

A JavaScript add-on whereas these are mostly straight sites.

/u/swmxMZluuf2z0kOqv73o · 1 votes · 3 months ago · Link

Perhaps be good for add a section of hardware that list tools of security for enhance opsec?

Thing like the purism and privacy beast laptops, reliable HSMs (eg monero wallets of hardware, U2F keys, Nitrokey for HEADS Evil Maid of defeat, etc), BusKill for the tripwire, etc

/d/OpSec

Security Researchers

Privacy Guides

Cyber Security News

Proxy Sites

File Sharing

Awesome Cryptography

Taking the Offensive: Threat Hunting and OSINT Tools

File Encryption

Threat Modeling

Data Flow Diagrams

Tools for generating DFDs:

Threat Enumeration

Methodologies

Tools

Aggregated Latest Crypto News

Aggregated Latest Security News

IntelTechniques Search Tools by Michael Bazzel

Comments (64)