Remove old blog drafts

like 2016 2017 old :)
2025-09-01 18:49:06 +00:00 · 2022-05-09 14:50:49 +02:00 · 2022-05-09 14:50:49 +02:00 · 77386a595d
commit 77386a595d
parent fc4bb4fce0
7 changed files with 0 additions and 360 deletions
--- a/_drafts/2016-10-07-first-milestone-funded.md
+++ b/_drafts/2016-10-07-first-milestone-funded.md
@ -1,10 +0,0 @@
 ---
 title: First Milestone Funded!
 tags: announcement
 ---
 We've been successfully funded by [netidee.at](https://www.netidee.at/), a funding initiative by the [Internet Foundation Austria](https://www.nic.at/ipa/).
 This gives us the opportunity to kick-start Safing, batteries (hardware and services) included, spanning from for January to December 2017.
 We are looking forward to next year and the great time we will have implementing Safing.
 ![Netidee Logo](/assets/img/external/logos/netidee.png){: .blog-image }
--- a/_drafts/2016-12-12-Safing-Guide-Privacy-101.md
+++ b/_drafts/2016-12-12-Safing-Guide-Privacy-101.md
@ -1,118 +0,0 @@
 ---
 title: "Safing Guide: Digital Privacy 101"
 tags: guide
 ---
 This Guide is updated regularly, future versions will be available under the same URL.
 ### A word of warning
 While this guide is about privacy, it is deeply connected with security and only differs from it in some cases.
 Whoever tries to gain security in the digital world will very quickly realize, that the biggest problem is actually a fight between security versus convenience, because in most cases, security is not convenient. Although this is one thing we at Safing thrive to keep out of your as much as possible, there are a lot of things that a software just can't do for you.
 This guide starts with the easy and more convenient actions to guard privacy and quite soon will get to things that aren't so convenient and may require some serious work in order to get going.
 ###
 <small>E2/S5/P2</small>
 effort
 security
 probability that this will affect you
 ## 1 - Turn OFF devices you are not using.
 In the past decade, the industry has started to slowly change their devices from having an OFF mode to having a "not really OFF, but still doing things in the background mode".
 The current best example would be Smart TVs, with Samsung openly stating, that you should not have confidential conversations near their TVS, because it just might be listening and uploading everything to the Cloud.
 **So, get some distributors with a switch, and TURN OFF devices, you are not actively using.**
 Yes, it's true, you won't be able to turn on your TV with only a remote anymore.
 ## Don't type sensitive information on a wireless keyboard.
 You me one those, who like sitting on your couch and surfing, ordering stuff on the internet and entering
 Well, the thing is, the connection between your wireless keyboard and your device is most certainly not encrypted, your sensitive information is flying in the air and everyone who wants to can catch your stuff out of thin air.
 **Never, ever enter sensitive information on a wireless keyboard**
 ## Do not enter sensitive information into Computers you don't know.
 Kiosk or Interet Café PCs.
 ## Be careful when using untrusted Networks
 This includes the network of another company, or a Café WiFi.
 ## Avoid Data-Hungry Internet Services
 This is probably the most challenging, because it hurts convenience the most.
 If you can avoid Services like Google (We have Startpage and Duckduckgo!), Facebook (Take a look at Diaspora), Dropbox (Check out MEGA) and other companies that you give massive amounts of data too, but don't pay them a penny.
 ## Be careful when Services say they use the "Cloud".
 In essence, the cloud is just another guys computer, the "Cloud" is such a buzzword, everyone uses it, and you don't know what anyone means by it. Your data may be stored on some random insecure server.
 ## Use a password manager
 Never, ever use the same password with multiple service, use a good password manager, ...
 ## Be careful when sending sensitive stuff via email.
 - Check if service offers SSL
 - encrypt sensitive data
  - key over 2nd channel
 ## Use 2-Factor Authentication anywhere you can!
 In order to further guard yourself from stolen passwords, use 2-Factor Authentication (2FA) wherever possible. Banks require this if you want to issue transactions online. In principle with 2FA you have to verify your identity with another code, that either changes in short intervals (mostly 30 econds) or somehow acquire a code that can only be used on time.
 2FA can be done in a lot of different ways and some are more secure than others, here they are in order of strength:
 - Static list of codes  
  This was used by banks when online banking first started. Consider this your last option.
 - Receiving Codes via Text/SMS  
  This is very widely used technique, but there are several ways to successfully attack this method and steal codes. In 2016 NIST stopped recommending it. You should switch to better alternatives as soon as possible. Sometimes also called smsTAN.
 - Receiving Codes via an app.  
  This is a lot better than receiving codes via Text/SMS; because an app is able to communicate securely and cannot be compromised that easily, but this then depends on the quality of the app.
 - Generating Codes with software  
  This one of the most used methods for 2FA, because it is both easy to set up for websites and rather convenient to use for users. Usually this works by downloading the app Google Authenticator for Android or iOS and scanning a QR-Code with it. The app the generates a new 2FA code every 30 seconds.
 - Generating codes with hardware  
  This is by far the most secure method for 2FA, as an attack MUST physically steal your device and possibly a PIN code. These are mostly used by big companies that care about the security of their IT. One other famous example is the Battle.net Authenticator used by many World of Warcraft players.  
  Recently, banks have started to adopt this method by using devices into which you pluck your debit card and enter you PIN code to generate a new 2FA code. There are also referred to as chipTAN or cardTAN.
 ## Email Account is your most important account!
 Next to your bank account, your email account is probably your most valuable online account you have. With it you can normally reset any other account that you have. Protect this account with extra care. Choose a password you do not use anywhere else. Enable 2-Factor Authentication. Log out
 ## Encryption
 ## Use a good messenger
 Find a messenger that protect your privacy. We recommend [...], here is a good comparison of messengers from a security perspective.
 ## Be careful with email
 Email was defined in 19??, back then nobody thought about security or privacy on the Internet. Today we are stuck with an email system that, although a lot of great stuff is done to try to make it more secure, has serious weaknesses. The current email ecosystem offers best effort privacy, but usually there is no way to enforce it.
 **Do not send confidential data via email**
 If you really want to send private data via email, at least be sure, that the email you are sending to supports minimum security functionality [FIXME: link]
 ## Avoid Smart Home, for now <small>E2/S5/P2</small>
 Smart Home is quite a big hype, with a lot of companies and start-ups bringing new products into this domain. Although there is so much going on here, we at Safing have yet to come across a Smart Home solution that is both open source and really secure. The recent past has shown that most solutions lack security.
 #### Appendix: Versions
 | Date        | Comment       |
 |:-----------:|--------------:|
 | 12 Jun 2012 | First edition |
 #### Full References:
 08/2016: Smart Home Thermometer hacked: https://thehackernews.com/2016/08/hacking-thermostat.html
 08/2016: 75% of Bluetooth Smart Locks can be hacked: http://www.tomsguide.com/us/bluetooth-lock-hacks-defcon2016,news-23129.html
--- a/_drafts/2017-08-01-tech-preview-released.md
+++ b/_drafts/2017-08-01-tech-preview-released.md
@ -1,45 +0,0 @@
 ---
 title: Tech Preview Released
 tags: announcement
 ---
 We've finally released the tech preview of our first milestone - check it out at [Github](https://github.com/Safing/safing-core)!
 Here is quick overview over what we have released so far:
 Safing comes in three components:
 - Safing Core: The core system doing all the work
 - Safing UI: Settings and monitoring
 - Safing Notify: Tray icon for fast level switching and notifications
 The Safing Core in more detail:
 - acts as an intelligent DNS Server
 - identifies processes behind connections
 - applies profiles to connections and enforces them
 - checks TLS connections for validity and revocation
 Stay tuned for our upcoming [tech](/blog/tags/#tech) blog series, where we will look at how we built Safing and why we've done things the way we did!
 We are looking forward to your feedback!
 {% comment %}
 Wir haben nun endlich die Tech Preview unseres ersten Meilensteins auf [Github](https://github.com/Safing/safing-core) veröffentlicht!
 Hier ist ein kurzer Überblick:
 Safing besteht aus drei Komponenten:
 - Safing Core: Das Kernsystem, das die ganze Arbeit macht
 - Safing UI: Einstellungen und Monitoring
 - Safing Notify: Tray-Icon für schnelles Umschalten des Security Levels und Notifications
 Der Safing Core:
 - ist ein intelligenter DNS Server
 - identifiziert Prozesse hinter Verbindungen
 - weißt Verbindungen Profile zu und setzt diese durch
 - prüft TLS-Verbindungen auf Gültigkeit und Revocation
 In der kommenden Blog-Serie werden wir im Detail auf die Komponenten eingehen. Wir freuen uns auf dein Feedback!
 {% endcomment %}
--- a/_drafts/2017-08-02-security-levels.md
+++ b/_drafts/2017-08-02-security-levels.md
@ -1,82 +0,0 @@
 ---
 title: Security Levels
 tags: tech
 ---
 Besides strengthening the privacy and security of our users, we strive to make Safing as convenient and easy to use as possible.  
 The hard part about this is, that we do not expect any technical knowledge of our users, so that even your grandma could use it.
 That is why we came up with the concept of Security Levels.  
 Instead of having a gazillion settings to go through, we use three simple levels that the user can select:
 <p align="center">
  <img src="/assets/icons/level_dynamic.svg" height="96">
  <img src="/assets/icons/level_secure.svg" height="96">
  <img src="/assets/icons/level_fortress.svg" height="96">
 </p>
 <p align="center">
  Dynamic
  &nbsp;&nbsp;&nbsp;&nbsp;
  &nbsp;&nbsp;&nbsp;&nbsp;
  Secure
  &nbsp;&nbsp;&nbsp;&nbsp;
  &nbsp;&nbsp;&nbsp;&nbsp;
  Fortress
 </p>
 #### <img src="/assets/icons/level_dynamic.svg" height="24"> Dynamic:
 Day-to-day mode - provides additional security measures to protect your privacy, but will also try to not be in your way to help you stay focused. Use this mode in trusted networks.
 #### <img src="/assets/icons/level_secure.svg" height="24"> Secure:
 Heightend security measures - to keep you safe in untrusted environments. It is automatically activated if you enter an unknown network, like a café's Wi-Fi, or if an attack is detected. Use this mode when you do not trust a network, or are temporarily in need of more security.
 #### <img src="/assets/icons/level_fortress.svg" height="24"> Fortress:
 All protective mechanisms available are activated - this will most likely cut off at least some applications from the Internet, but provides best protection technically possible. Use this mode if you think you are currently being attacked, like having clicked on a possible virus.
 If you are a technical person, you can of course use our gazillion settings (still growing...) to modify which security and privacy features are active at certain levels, except for the Fortress Level, where every security measure is always active.
 If you want to know more about how Safing works, check out our [guides](https://github.com/Safing/safing-doc).
 {% comment %}
 Neben der Stärkung der Privatsphäre und Sicherheit unserer Nutzer, bemühen wir uns, Safing so bequem und einfach bedienbar wie möglich zu machen.
 Das schwere dabei ist, dass wir kein technisches Wissen von unseren Benutzern erwarten, damit auch deine Oma Safing benutzen kann.
 Deshalb haben wir das Konzept der Sicherheitslevel eingeführt.
 Anstatt unzähligen Einstellungen, verwenden wir drei einfache Level, die der Benutzer auswählen kann:
 <p align="center">
  <img src="/assets/icons/level_dynamic.svg" height="96">
  <img src="/assets/icons/level_secure.svg" height="96">
  <img src="/assets/icons/level_fortress.svg" height="96">
 </p>
 <p align="center">
  Dynamic
  &nbsp;&nbsp;&nbsp;&nbsp;
  &nbsp;&nbsp;&nbsp;&nbsp;
  Secure
  &nbsp;&nbsp;&nbsp;&nbsp;
  &nbsp;&nbsp;&nbsp;&nbsp;
  Fortress
 </p>
 #### <img src="/assets/icons/level_dynamic.svg" height="24"> Dynamic:
 Alltäglicher Modus - bietet zusätzliche Sicherheitsmaßnahmen zum Schutz deiner Privatsphäre, wird aber auch versuchen, dir nicht in die Quere zu kommen, damit du deinen Fokus nicht verlierst. Verwende diesen Modus in vertrauenswürdigen Netzwerken.
 #### <img src="/assets/icons/level_secure.svg" height="24"> Secure:
 Höhere Sicherheitsmaßnahmen - hält dich in nicht vertrauenswürdigen Umgebungen sicher. Dieser Modus wird automatisch aktiviert, wenn du dich mit einem unbekannten Netzwerk - wie das WLAN eines Cafés - verbindest, oder wenn ein Angriff erkannt wird. Verwende diesen Modus, wenn du einem Netzwerk nicht vertraust oder vorübergehend mehr Sicherheit benötigst.
 #### <img src="/assets/icons/level_fortress.svg" height="24"> Fortress:
 Alle vorhandenen Schutzmechanismen werden aktiviert - das wird höchstwahrscheinlich zumindest einige Anwendungen vom Internet trennen, bietet aber bestmöglichen technischen Schutz. Verwende diesen Modus, wenn du denkst, dass du gerade angegriffen wirst, vielleicht weil du - natürlich versehentlich - den Anhang eine fragwürdigen Email geöffnet hast.
 Wenn du technisch begabt bist, gibt es für dich natürlich trotzdem unzählige Einstellungen (noch am werden ...), um zu ändern, welche Sicherheits- und Datenschutzfeatures in bestimmten Levels aktiv sind, mit Ausnahme des Levels Fortress, wo jede Sicherheitsmaßnahme immer aktiv ist.
 Wenn du mehr darüber wissen willst, wie Safing funktioniert, schau die unsere [Guides](https://github.com/Safing/safing-doc) an.
 {% endcomment %}
--- a/_drafts/2017-08-03-application-profiles.md
+++ b/_drafts/2017-08-03-application-profiles.md
@ -1,55 +0,0 @@
 ---
 title: Application Firewall - Profiles
 tags: tech
 ---
 We think having a application firewall that constantly prompts you whether an app is allowed to access something on the network is pretty lame - and disrupts your focus.  
 With Safing, instead of being asked what a program (or a whole group of programs!) is allowed to do, you define its behavior - a profile - once, and let Safing handle the rest.
 The most important part about these profiles are the flags you can set - they let you describe the application with just a few clicks, and you can get back to work.  
 There are flags for:
 - the actor: who is executing that application
 - the location: Internet or local network?
 - the type: select one or more behavioral profiles
 The most interesting, and definitely the most used type will be `Strict`. If a profile with this flag is applied to an application, Safing dynamically checks whether the application and the domain it wants to connect to have any kind of relationship to evaluate if the connection to it shall be allowed or not.
 Two nice examples of this are:
 - Adobe Acrobat: the only valid connection is to the update servers, everything else, like a malicious PDF loading malware, is blocked.
 - Various Apps: mostly the only valid connection is to the app's company, 3rd party tracking and ads are blocked.
 Profiles will make it a breeze to keep you safe online.
 If you want to know more about how Safing works, check out our [guides](https://github.com/Safing/safing-doc).
 {% comment %}
 Wir denken, dass eine Application Firewall, die dich ständig fragt, ob eine App auf etwas im Netzwerk zugreifen darf, nicht angenehm zu nutzen ist - und den Fokus extrem stört.
 Mit Safing definierst du - anstatt andauernd gefragt zu werden - einmal ein Verhaltensprofil für eine App und lässt Safing den Rest erledigen.
 Das beste an diesen Profilen sind die Flags, die du setzen kannst - mit diesen kannst du ganz schnell und unkompliziert für eine App ein bestimmtes Verhalten definieren und wieder an deine Arbeit gehen.
 Es gibt Flags für:
 - den Akteur: wer führt die App aus?
 - den Ort: Internet oder lokales Netzwerk?
 - der Typ: um was für eine App handelt es sich?
 Eine der interessantesten Flags ist sicherlich `Strict`. Wenn ein Profil mit diesem Flag auf eine App angewendet wird, prüft Safing dynamisch, ob die Anwendung und die Domain, mit der sie eine Verbindung herstellen möchte, irgendeine Art von Beziehung haben, um zu bewerten, ob die Verbindung zu ihr erlaubt ist oder nicht.
 Zwei schöne Beispiele dafür sind:
 - Adobe Acrobat: Die einzige gültige Verbindung ist zum Update-Server, alles andere, wie das Herunterladen von Malware von einer fremden Domain, wird blockiert.
 - Verschiedene Apps: meistens sind die einzigen gültigen Verbindungen zum Unternehmen der App, Tracking und Werbung wird blockiert.
 Profile machen es zu einem Kinderspiel, sicher und privat im Internet unterwegs zu sein.
 Wenn du mehr darüber wissen willst, wie Safing funktioniert, schau dir unsere [Guides](https://github.com/Safing/safing-doc) an.
 Die englische Version dieses Posts findest du [hier](https://safing.me/blog/post/2017/08/application-profiles/).
 {% endcomment %}
--- a/_drafts/2017-08-04-dns-resolution.md
+++ b/_drafts/2017-08-04-dns-resolution.md
@ -1,27 +0,0 @@
 ---
 title: DNS Resolution
 tags: tech
 ---
 DNS is an inherently insecure part of the Internet ecosystem. It was never designed to be secure and any security enhancements are adapted only at a very slow rate. In order to mitigate possible threats that take advantage of the insecurity of DNS, Safing transparently takes over resolving DNS queries.
 One thing Safing does, is to use altenative DNS transport protocols, to ensure that DNS packets aren't being tampered with. Currently we have added support for Google's DNS over HTTPS service, and will soon also support T-DNS, whish is DNS over TCP/TLS.
 In addition to protecting DNS transport, Safing uses intelligent query routing to get queries directly to the best available server that can answer them. This minimizes exposing queries to servers that could not answer them (securely) anyway.
 If you want to know more about how Safing works, check out our [guides](https://github.com/Safing/safing-doc).
 {% comment %}
 DNS ist ein grundlegender, aber unsicherer Teil des Internet-Ökosystems. Es wurde niemals dafür konzipiert sicher zu sein und jegliche Sicherheitsverbesserungen finden nur sehr langsam Verbreitung. Um mögliche Bedrohungen, die die Unsicherheit von DNS ausnutzen, zu verringern, übernimmt Safing transparent die Beantwortung von DNS-Anfragen.
 Etwas was Safing tut, um DNS sicherer zu machen, ist auf alternative DNS-Transportprotokolle zu setzen. So können wir sicherstellen dass die DNS-Pakete nicht manipuliert werden. Derzeit unterstützen wir das "DNS over HTTPS" Service von Google, und bald auch T-DNS (DNS over TCP / TLS).
 Zusätzlich zum Schutz des DNS-Transports leitet Safing DNS-Anfragen intelligent an den best-verfügbaren Server, der sie auch beantworten kann. Dadurch geben wir dem Netzwek möglichst wenig Informationen preis.
 Wenn du mehr darüber wissen willst, wie Safing funktioniert, schau dir unsere [Guides](https://github.com/Safing/safing-doc) an.
 Die englische Version dieses Posts findest du [hier](https://safing.me/blog/post/2017/08/dns-resolution/).
 {% endcomment %}
--- a/_drafts/2017-08-05-tls-enforcement.md
+++ b/_drafts/2017-08-05-tls-enforcement.md
@ -1,23 +0,0 @@
 ---
 title: TLS Enforcement
 tags: tech
 ---
 Sadly, the current state-of-the-art for security software is to intercept and break (man-in-the-middle) TLS connections to scan the content they carry. Sometimes this has even been done by big manufacturers to inject ads into encrypted web traffic. What makes matters even worse, is that a lot of times, the intercepting software does not correctly verify TLS connections and made the user vulnerable to real attacks.
 Safing goes the exact opposite way. Instead of breaking TLS, Safing enforces valid TLS connections, by inspecting traffic and verifying certificates, checking revocation and Certificate Transparency. With Safing you do not longer need to trust your OS or applications alone, because Safing acts as an additional security check for TLS.
 If you want to know more about how Safing works, check out our [guides](https://github.com/Safing/safing-doc).
 {% comment %}
 Traurigerweise ist der aktuelle "Stand der Technik", dass Sicherheitssoftware TLS-Verbindungen aufbricht um den Inhalt darin zu scannen. Es ist auch vorgekommen, dass große Hersteller TLS-Verbindungen aufgebrochen haben, um zum Beispiel auf den von ihnen verkauften Geräten Werbung anzuzeigen. Was die ganze Sache dann eigentlich zur großen Gefahr gemacht hat, ist dass die TLS-aufbrechende Software in so einigen Fällen die TLS-Verbindungen nicht korrekt geprüft hat, und Nutzer somit anfällig für echte Angriffe waren.
 Safing geht den genau umgekehrten Weg. Anstatt TLS aufzubrechen, erzwingt Safing gültige und gute TLS-Verbindungen, indem Verbindungen und Zertifikate gründlich geprüft werden. Mit Safing musst du also nicht länger nur deinem Betriebssystem oder Apps vertrauen, denn Safing macht einen zusätzlichen Sicherheitscheck für TLS.
 Wenn du mehr darüber wissen willst, wie Safing funktioniert, schau dir unsere [Guides](https://github.com/Safing/safing-doc) an.
 Die englische Version dieses Posts findest du [hier](https://safing.me/blog/post/2017/08/tls-enforcement/).
 {% endcomment %}