- Any capable of running an OS that still receives security updates
- Google Chromebook
- Apple macOS with T2 Security Chip using FileVault
- Windows 10 PCs with BitLocker (TPM + Pre-Boot PIN)
- Purism Librem
- Linux Computers with LUKS and/or NBDE
Internet of Things¶
a.k.a. Internet of Shit
We generally recommend against the use of these devices and services as much as possible unless you fully understand and accept the risks.
You should create a Security Plan (a.k.a Thread Modeling / Risk Assessment) before use.
Consider what these products are adding into your home: Internet connected cameras, microphones, location, metadata, etc.
If you do use, see if someone trustworthy has reviewed the product:
Mozilla *privacy not included – Be Smart. Shop Safe. How creepy is that smart speaker, that fitness tracker, those wireless headphones? We created this guide to help you shop for safe, secure connected products.
Internet of Shitdex – We track Internet of Things devices, their privacy track record and what’s worth buying.
Example list of devices:
- Assistants: Alexa, Bixby, Cortana, Google, Siri
- Amazon Echo, Amazon Dash Buttons, Apple HomePod, Blink, Google Home, Microsoft Cortana, Nest, Ring, etc.
- Appliances, Adult Toys, Baby Monitors, Cameras, Clothing, Doorbells, Furniture, Headphones, Health & Beauty Devices, Home Theater, Light-bulbs, Locks, Medical Devices, Microphones, Outlets, Speakers, Toys, Thermostats, Scales, TVs, Watches, Webcams, etc.
Modem / Gateway¶
Get a Modem ONLY from your Internet Service Provider (ISP) if at all possible.
If you must use a provided Router/Gateway with built-in Wireless, see if you can disable it and instead use your own Router (this can be referred to as “Bridge”, “NAT”, “Pass-through” or “DMZ” modes.)
Use/update any accounts / wireless networks with strong passwords/diceware passphrases
Automatically updating mesh wireless routers:
Allows specific date/time configuration of automatic updates:
Most other Mesh Routers such as Google Wifi, eero, Orbi, UniFi, Deco, Luma, Velop, etc. may perform automatic updates randomly without control.
In most cases the automatic update is more important than the potential disruption it may cause (do NOT disable or choose manual updates even if the option is available).