PrivacyShield
A Suite of Tools Designed to Facilitate Privacy Management.
Install / Use
/learn @dr8co/PrivacyShieldREADME
Privacy Shield
.... .. . _
+^""888h. ~"888h @88> u ..
8X. ?8888X 8888f .u . %8P 88Nu. u. @L
'888x 8888X 8888~ .d88B :@8c . '88888.o888c u . 9888i .dL
'88888 8888X "88x: ="8888f8888r .@88u ^8888 8888 us888u. .udR88N `Y888k:*888.
`8888 8888X X88x. 4888>'88" ''888E` 8888 8888 .@88 "8888" <888'888k 888E 888I
`*` 8888X '88888X 4888> ' 888E 8888 8888 9888 9888 9888 'Y" 888E 888I
~`...8888X "88888 4888> 888E 8888 8888 9888 9888 9888 888E 888I
x8888888X. `%8" .d888L .+ 888E .8888b.888P 9888 9888 9888 888E 888I
'%"*8888888h. " ^"8888*" 888& ^Y8888*"" 9888 9888 ?8888u../ x888N><888'
~ 888888888!` "Y" R888" `Y" "888*""888" "8888P' "88" 888
X888^""" "" ^Y" ^Y' "P' 88F
`88f 98"
88 ./"
"" ~`
... . .. ..
.x888888hx : .uef^" @88> x .d88" dF
d88888888888hxx :d88E %8P 5888R '88bu.
8" ... `"*8888%` `888E . .u '888R '*88888bu
! " ` .xnxx. 888E .z8k .@88u ud8888. 888R ^"*8888N
X X .H8888888%: 888E~?888L ''888E` :888'8888. 888R beWE "888L
X 'hn8888888*" > 888E 888E 888E d888 '88%" 888R 888E 888E
X: `*88888%` ! 888E 888E 888E 8888.+" 888R 888E 888E
'8h.. `` ..x8> 888E 888E 888E 8888L 888R 888E 888F
`88888888888888f 888E 888E 888& '8888c. .+ .888B . .888N..888
'%8888888888*" m888N= 888> R888" "88888% ^*888% `"888*""
^"****""` `Y" 888 "" "YP' "% ""
J88"
@%
:"
Protect Your Privacy, Secure Your Digital World.
About
Privacy Shield is a suite of simple tools to help you manage your privacy. These tools include:
- Password Manager – A simple password manager that encrypts your passwords for storage.
- File Encryptor/Decryptor – A simple tool to encrypt/decrypt your files.
- File Shredder - A simple file shredder to securely delete your files.
- Browser Privacy Tracks Cleaner – Cleans browser cookies and history items.
- File Deduplicator – A bonus tool to help remove redundant files.
Table of Contents
<!-- TOC -->- Motivation
- Features
- The Tools in Detail
- Building and Installation
- Usage
- Contributing
- Authors
- Acknowledgement
- Disclaimer
- Technologies used
- License
Motivation
Every endeavor is driven by inspiration, and Privacy Shield is no exception. It was born from a relentless pursuit to protect our digital lives and inspired by the stories of privacy advocates and individuals who fell victim to privacy breaches.
I sought to create a simple, yet formidable defense against the ever-expanding data-driven landscape, empowering individuals like you to reclaim your privacy and fortify your digital existence. Thus, the Privacy Shield was born—a culmination of my passion for technology and my unwavering commitment to safeguarding privacy.
Features
-
Cross-Platform – Privacy Shield is written in C++ and uses CMake as its build system, so it can be built on any Unix platform that supports C++23 and the dependencies.
-
Secure – Privacy Shield uses secure cryptographic algorithms and protocols to handle sensitive data. Security is a complex topic, and the current implementation of Privacy Shield is not perfect. If you find any security vulnerabilities, please report them, or better yet, submit a pull request.
-
Easy to Use – Privacy Shield is designed to be easy to use, with a simple command-line interface.
-
Fast – Privacy Shield is designed to be fast, with support for multi-threading and concurrency.
-
Lightweight and Portable – The design is straightforward and lightweight.
-
Safe – Privacy Shield supports safe operations, with support for cancellation and error handling.
-
Free – Privacy Shield is free and open-source software, licensed under the GNU General Public License v3.0. See LICENSE for more information.
-
No Ads, Tracking, and Telemetry – Privacy Shield is free of all these things.
-
No Backdoors, Spyware, and Malware – You can verify this yourself by inspecting the source code.
The Tools in Detail
Privacy Shield now runs exclusively in the command line in an interactive mode.
All the commands/operations are presented in a menu-like interface, and are not saved in the shell command history.
Any operation with any tool can be canceled at any time by pressing Ctrl+C,
and confirming the cancellation.
Note:
The program uses ANSI escape codes for colors and formatting. If you experience issues with the colors,
you can disable them by setting the NO_COLOR environment variable to true (or 1),
or by using the --no-color or -nc option.
export NO_COLOR=true && privacyShield
or
privacyShield --no-color
The program will automatically detect the NO_COLOR environment variable, and the terminal capabilities
to determine if colors should be used.
Password Manager
The password manager requires a primary password to encrypt/decrypt your passwords. The primary password is verified using the Argon2id algorithm, which is a memory-hard password hashing algorithm, designed to resist side-channel attacks and slow down brute-force attacks.
The primary password must be strong and must not be forgotten. Forgetting the primary password will result in the loss of all passwords stored in the password manager.
Note: When typing a password, the characters are not displayed on the screen for security reasons, and you will be asked to confirm it by typing it again.
A password record consists of the following fields:
- Name – The name of the password record (can be a site name, an application name, etc.)
- Username – The username of the password record (optional)
- Password – The password of the password record.
The passwords are encrypted (and Base64-encoded) before being stored in a file. The actual encryption is done in two steps:
- The 'password' field of a record (the actual password) is encrypted using the
256-bit Serpent cipher in counter mode (CTR). - All the fields (including the encrypted password) are encrypted using the
256-bit AES cipher in cipher block chaining mode (CBC).
The keys (256-bit) for the two steps are derived from the primary password using the PBKDF2 algorithm, (salted with random bytes).
No two password records are encrypted using the same key.
To be precise, each field of a password record is encrypted independently using a different key.
Also, no two records share the same key, i.e., if you have 100 passwords, then 400 unique keys will
be derived from the primary password for encryption/decryption of the passwords.
This is done to slow down brute-force attacks.
Empty entries/fields are encrypted as well.
The process might be slow, and multithreading has been leveraged to speed up the process.
The Serpent cipher is used for the first step because it is a conservative and secure cipher with more rounds than AES cipher (32 rounds vs. 14 rounds, hence a larger security margin) that is resistant to cryptanalysis. The counter mode (CTR) is used for it because it is a fast and secure mode that is resistant to padding oracle attacks. A non-deterministic random nonce is used in the CTR mode to prevent nonce reuse (or misuse?).
The [AES cipher](https://en.wikip
