personal-security-checklist icon indicating copy to clipboard operation
personal-security-checklist copied to clipboard
verified publisher icon Lissy93

update for 2025

Open sm18lr88 opened this issue 5 months ago • 3 comments

Category

Checklist addition or deletion / Spelling, grammatical or link updates

Overview

This PR refreshes the personal-security-checklist YAML for 2025 and adds clearer guidance on smartphone and desktop app privacy.

Key changes:

  • Modernizes Authentication to emphasize passkeys/FIDO2 and current breach trends, instead of legacy 2016 DBIR stats.
  • Updates Web Browsing copy around HTTPS (noting HTTPS Everywhere’s deprecation and browser HTTPS-only modes) and cleans minor link/typo issues.
  • Clarifies Email risks from third-party inbox add-ons and strengthens recommendations for privacy-respecting providers.
  • Expands Mobile Devices guidance to treat many native apps (shopping, social, finance, companion apps) as always-on data-collection agents:
    • Stronger emphasis on minimizing app installs, using OS permission managers, and preferring hardened browsers over native apps where possible.
    • Highlights tracker analysis tools (e.g. Exodus Privacy) and use of firewalls/DNS filters to block app telemetry.
  • Tightens Personal Computers and Smart Home sections for current OS “assistant”/copilot behaviour and IoT companion-app risk, while keeping the original structure and tone.

Overall aim: keep the checklist accessible to non-experts but align the threat model with modern realities (passkeys, pervasive mobile tracking, OS-level AI features) without changing the site’s layout.

Issue Number (if applicable)

N/A

Supporting Material (if applicable)

  • Verizon 2024/2025 DBIR: credentials and personal data remain top breach targets; stolen credentials are a major initial vector.
  • FIDO Alliance and industry reports on passkey/FIDO2 adoption across major platforms (Apple, Google, Microsoft); passkey-capable accounts now in the billions.
  • NIST PQC standardization for Kyber, Dilithium, and SPHINCS+ as new crypto baselines.
  • Exodus Privacy and related research on third-party trackers in mobile apps (e.g. ~75% of Android apps containing at least one tracker).
  • EFF and others on the deprecation of HTTPS Everywhere and the shift to native HTTPS-only browser modes.

Association (if applicable)

No affiliation with any of the linked products or services.

Checklist

  • [x] I have performed a self-review (valid links, formatting, spelling and grammar)
  • [x] I have indicated whether I have any affiliation with any software/ services edited
  • [x] I have read the Contributing Guidelines, and agree to follow the Code of Conduct

sm18lr88 avatar Nov 29 '25 00:11 sm18lr88

@sm18lr88 is attempting to deploy a commit to the AS93 Team on Vercel.

A member of the Team first needs to authorize it.

vercel[bot] avatar Nov 29 '25 00:11 vercel[bot]

Deploy Preview for security-checklist canceled.

Name Link
Latest commit 7c015837b08c950476e114f110c61c1744b9bbcf
Latest deploy log https://app.netlify.com/projects/security-checklist/deploys/692a4323aa41190008628b98

netlify[bot] avatar Nov 29 '25 00:11 netlify[bot]

ChatGPT translation of the Hebrew is very confusing. I don't know if it's a bot that posted a random reply. This is my first actual pull request, ever. Let me know if any clarification is needed.

sm18lr88 avatar Dec 07 '25 21:12 sm18lr88