privacyguides.org
privacyguides.org copied to clipboard
privacyguides
update: Revamp full disk encryption section
Changes in the order they appear:
- Re-wrote the introduction to the FDE section.
- The information is the same, it just reads a bit better now.
- Added a note that FDE and FVE are generally used interchangeably. Previously, the term "full volume encryption" was used without a precursor.
- Re-wrote the BitLocker card
- Immediately mention it's for Windows and it's proprietary.
- Make explicit mention of the hardware security TPM.
- Remove "The main reason we recommend it..." because generally all info stated supports a recommendation.
- Prominently state officially supported editions (pro, etc)
- Tell where to actually manage and enable BitLocker
- Information and guide on preboot authentication
- I assume this will eventually be moved to #1659, but it's important so might as well get the info out now
- Improved the BitLocker on Windows Home guide
- Re-wrote FileVault card
- Immediately mention it's for macOS and it's proprietary
- Mention secure enclave
- Tell where to manage and enable FileVault
- New logo
- Re-wrote LUKS card
- Renamed it to LUKS, that's what it's known as
- Mention it's open-source
- State and elaborate on how it's a standard
- Tell where/how it can be managed (also linking to a faq)
- New logo
Up for discussion:
- ~~Maybe want to consider removing (or at least testing) the BitLocker on Home guide: https://github.com/privacyguides/privacyguides.org/pull/2437#discussion_r1525770148~~
- It would be nice if someone more knowledgeable on LUKS could add some more context to encrypted containers — perhaps explaining what they are and what they do above the admonition.
- [x] I have disclosed any relevant conflicts of interest in my post.
- [x] I agree to grant Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform, relicense, and distribute my contribution as part of this project.
- [ ] I am the sole author of this work.
- [x] I agree to the Community Code of Conduct.
Deploy Preview for privacyguides ready!
| Name | Link |
|---|---|
| Latest commit | 848b37368b024735ae9ddf5f3598636aeda79bda |
| Latest deploy log | https://app.netlify.com/sites/privacyguides/deploys/65f5e043d7481e00088adf3f |
| Deploy Preview | https://deploy-preview-2437.preview.privacyguides.dev |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
Lighthouse |
4 paths audited Performance: 78 (🟢 up 2 from production) Accessibility: 91 (🔴 down 1 from production) Best Practices: 98 (no change from production) SEO: 90 (no change from production) PWA: - View the detailed breakdown and full score reports |
To edit notification comments on pull requests, go to your Netlify site configuration.
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
maybe worth nothing: latest cryptsetup 2.7.0 adds SED support: https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes
so it can automatically layer both hw+sw encryption without any extra steps, might as well use it if you have it
maybe worth nothing: latest cryptsetup 2.7.0 adds SED support
Thanks for sharing, though I'm not knowledgeable enough on LUKS/Linux to feel comfortable writing about that. If you feel it's good information to add then I would encourage you to add on to this PR @SkewedZeppelin
Your preview is ready!
| Name | Link |
|---|---|
| Latest commit | 3bb1f761fe3ed6f28b0a3458b7fae2f529fc8ca1 |
| Preview | https://2437--glowing-salamander-8d7127.netlify.app/ |
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I assume this will eventually be moved to https://github.com/privacyguides/privacyguides.org/pull/1659, but it's important so might as well get the info out now
Yes it will. We consolidating that PR with https://github.com/privacyguides/privacyguides.org/pull/2452 and then I intend to add original author as co-author. I want to get that one merged as they've worked quite hard on it.
Initially the plan was to wait until we did research on LGPO policies that would make relevant privacy improvements. I've decided against that for the time being because it will require considerable resources and can always be added later by someone with specific knowledge in that area.
The intention is then to merge this PR after the Windows one though. I think that makes logical sense to do it in that order so we don't have to move things around later and annoy the translators.
I am currently proofing/finishing up https://github.com/privacyguides/privacyguides.org/pull/2268 which was contributed by someone else, this makes a good first step because explains some of the hardware features available, particularly in Windows.
I think it might make more sense to move the group policy stuff to this page. We wouldn't want readers to gloss over it and then decide to unencrypt and reencrypt their drives later because they realize they want AES-256. Those policies don't make much sense to enable unless you're using or planning to use Bitlocker, anyway.
Those policies don't make much sense to enable unless you're using or planning to use Bitlocker, anyway.
On further reflection, I agree.
On that note, I recently reviewed the large Windows PR (#1659) and saw that there was a dedicated section for enabling BitLocker security policies. If you can spare the time and if it's not too much trouble, could you please go over this section and see if there's anything worth adding to the BitLocker instructions in this PR?
Link: https://1659--glowing-salamander-8d7127.netlify.app/en/os/windows/hardening/#security-policies-for-bitlocker
Tagging @in-the-trees since you're the author of this PR and @IDON-TEXIST since you brought forth the idea of bringing all the BitLocker policy to this page (and since both of you contributed substantially to the work to update this section of the site)
