6.2 KiB
Privacy Toolkit - Tool Candidates
🛡️ Document Sanitization
-
Dangerzone - PDF/Office document sanitizer using container isolation
- Threat: Malicious documents with embedded exploits
- Status: Installation script ready (needs chmod fix for GPG key)
- Source: Freedom of the Press Foundation
- Platform: Linux (Debian/Ubuntu/Fedora)
-
ExifCleaner - Metadata removal from images/PDFs/videos
- Threat: EXIF data leaking location, camera info, timestamps
- Source: https://github.com/szTheory/exifcleaner
- Platform: Cross-platform (AppImage for Linux)
-
mat2 (Metadata Anonymization Toolkit)
- Threat: Document metadata revealing identity/system info
- Source: apt package, part of Tails
- Platform: Linux
🔐 Encryption & Secure Storage
-
VeraCrypt - Full disk encryption and encrypted containers
- Threat: Physical device seizure, data theft
- Status: Already in use
- Source: https://veracrypt.fr
- Platform: Cross-platform
-
age - Modern file encryption (simpler than GPG)
- Threat: Sensitive files at rest
- Source: https://github.com/FiloSottile/age
- Platform: Cross-platform, Go binary
-
Cryptomator - Client-side cloud storage encryption
- Threat: Cloud provider access to files
- Source: https://cryptomator.org
- Platform: Cross-platform
📡 Secure Communication
-
Signal Desktop - E2E encrypted messaging
- Threat: Message interception, surveillance
- Source: https://signal.org
- Platform: Linux (official .deb)
-
SimpleX - E2E encrypted messaging without identifiers
- Threat: Metadata correlation, phone number linking
- Status: Already documented in PAI
- Source: https://simplex.chat
- Platform: Cross-platform
-
Jami - P2P encrypted video/audio calls
- Threat: Centralized communication surveillance
- Source: https://jami.net
- Platform: Cross-platform
🌐 Anonymity & Network Privacy
-
Tor Browser - Anonymous web browsing
- Threat: IP tracking, browser fingerprinting
- Source: https://torproject.org
- Platform: Cross-platform
-
ProtonVPN - Privacy-focused VPN
- Status: Already installed
- Source: https://protonvpn.com
- Platform: Cross-platform
-
OnionShare - Anonymous file sharing over Tor
- Threat: File transfer metadata, IP exposure
- Source: https://onionshare.org
- Platform: Cross-platform
🔍 Metadata & Privacy Analysis
-
ExifTool - View/edit metadata in files
- Threat: Understanding what metadata you're leaking
- Source: apt package
- Platform: Cross-platform
-
Sherlock - Username enumeration across platforms
- Threat: Understanding your digital footprint
- Source: https://github.com/sherlock-project/sherlock
- Platform: Python tool
🗑️ Secure Deletion
-
BleachBit - Secure file deletion and system cleaning
- Threat: Forensic recovery of deleted files
- Source: apt package
- Platform: Linux/Windows
-
shred - Overwrite files securely
- Threat: File recovery after deletion
- Source: GNU coreutils (already installed)
- Platform: Linux
🔒 Password & Secret Management
-
KeePassXC - Offline password manager
- Status: Already in use
- Source: https://keepassxc.org
- Platform: Cross-platform
-
Bitwarden - Open source password manager (self-hostable)
- Threat: Password reuse, weak passwords
- Source: https://bitwarden.com
- Platform: Cross-platform + self-hosted
📧 Email Privacy
-
Thunderbird + Enigmail - PGP email encryption
- Threat: Email content surveillance
- Source: apt package
- Platform: Cross-platform
-
ProtonMail Bridge - Use ProtonMail with desktop clients
- Threat: Email metadata, provider access
- Source: https://proton.me
- Platform: Cross-platform
🛡️ System Hardening
-
firejail - Application sandboxing
- Threat: Application exploits compromising system
- Source: apt package
- Platform: Linux
-
AppArmor - Mandatory Access Control
- Threat: Privilege escalation
- Source: Built into Debian
- Platform: Linux
🌐 DNS Privacy
-
dnscrypt-proxy - Encrypted DNS queries
- Threat: DNS surveillance, ISP tracking
- Source: https://github.com/DNSCrypt/dnscrypt-proxy
- Platform: Cross-platform
-
Unbound - Validating DNS resolver
- Threat: DNS spoofing, MITM
- Source: apt package
- Platform: Linux
📱 Mobile Companion Tools
- scrcpy - Control Android via ADB (for testing privacy apps)
- Source: apt package
- Platform: Linux/Windows/macOS
🎯 Priority Tools (Install First)
- Dangerzone - Document sanitization
- mat2 - Metadata removal
- Signal Desktop - Secure messaging
- Tor Browser - Anonymous browsing
- BleachBit - Secure deletion
- firejail - App sandboxing
📁 Repository Structure Proposal
privacy-toolkit/
├── README.md # Overview, threat model intro
├── install.sh # Master handler script
├── tools/
│ ├── dangerzone/
│ │ ├── install.sh # Individual install script
│ │ ├── README.md # What it does, why you need it
│ │ └── verify.sh # Post-install verification
│ ├── mat2/
│ │ ├── install.sh
│ │ ├── README.md
│ │ └── examples/ # Usage examples
│ ├── signal-desktop/
│ └── tor-browser/
├── categories.md # Tools organized by threat model
├── threat-models.md # Common threat scenarios
└── docs/
├── installation-guide.md
├── verification-guide.md # How to verify tools work
└── threat-modeling.md # Help users choose tools
🔧 Installation Script Template
Each tool should have:
- Distro detection (Debian/Ubuntu/Fedora/Arch)
- GPG key verification (with chmod fix for keyrings!)
- Dependency checking
- Version verification
- Post-install testing
- Cleanup on failure
- Usage examples
📝 Notes
- Focus on FOSS tools (auditability)
- Prefer official repositories
- Include threat model for each tool
- Provide usage examples
- Link to official documentation
- Security-focused: verify signatures, check hashes