.... .. . _
+^""888h. ~"888h @88> u ..
8X. ?8888X 8888f .u . %8P 88Nu. u. @L
'888x 8888X 8888~ .d88B :@8c . '88888.o888c u . 9888i .dL
'88888 8888X "88x: ="8888f8888r .@88u ^8888 8888 us888u. .udR88N `Y888k:*888.
`8888 8888X X88x. 4888>'88" ''888E` 8888 8888 .@88 "8888" <888'888k 888E 888I
`*` 8888X '88888X 4888> ' 888E 8888 8888 9888 9888 9888 'Y" 888E 888I
~`...8888X "88888 4888> 888E 8888 8888 9888 9888 9888 888E 888I
x8888888X. `%8" .d888L .+ 888E .8888b.888P 9888 9888 9888 888E 888I
'%"*8888888h. " ^"8888*" 888& ^Y8888*"" 9888 9888 ?8888u../ x888N><888'
~ 888888888!` "Y" R888" `Y" "888*""888" "8888P' "88" 888
X888^""" "" ^Y" ^Y' "P' 88F
`88f 98"
88 ./"
"" ~`
... . .. ..
.x888888hx : .uef^" @88> x .d88" dF
d88888888888hxx :d88E %8P 5888R '88bu.
8" ... `"*8888%` `888E . .u '888R '*88888bu
! " ` .xnxx. 888E .z8k .@88u ud8888. 888R ^"*8888N
X X .H8888888%: 888E~?888L ''888E` :888'8888. 888R beWE "888L
X 'hn8888888*" > 888E 888E 888E d888 '88%" 888R 888E 888E
X: `*88888%` ! 888E 888E 888E 8888.+" 888R 888E 888E
'8h.. `` ..x8> 888E 888E 888E 8888L 888R 888E 888F
`88888888888888f 888E 888E 888& '8888c. .+ .888B . .888N..888
'%8888888888*" m888N= 888> R888" "88888% ^*888% `"888*""
^"****""` `Y" 888 "" "YP' "% ""
J88"
@%
:"
Protect Your Privacy, Secure Your Digital World.
Privacy Shield is a suite of simple tools to help you manage your privacy. These tools include:
- Password Manager – A simple password manager that encrypts your passwords for storage.
- File Encryptor/Decryptor – A simple tool to encrypt/decrypt your files.
- File Shredder - A simple file shredder to securely delete your files.
- Browser Privacy Tracks Cleaner – Cleans browser cookies and history items.
- File Deduplicator – A bonus tool to help remove redundant files.
- Motivation
- Features
- The Tools in Detail
- Building and Installation
- Usage
- Contributing
- Authors
- Acknowledgement
- Disclaimer
- Technologies used
- License
Every endeavor is driven by inspiration, and Privacy Shield is no exception. It was born from a relentless pursuit to protect our digital lives and inspired by the stories of privacy advocates and individuals who fell victim to privacy breaches.
I sought to create a simple, yet formidable defense against the ever-expanding data-driven landscape, empowering individuals like you to reclaim your privacy and fortify your digital existence. Thus, the Privacy Shield was born—a culmination of my passion for technology and my unwavering commitment to safeguarding privacy.
-
Cross-Platform – Privacy Shield is written in C++ and uses CMake as its build system, so it can be built on any Unix platform that supports C++23 and the dependencies.
-
Secure – Privacy Shield uses secure cryptographic algorithms and protocols to handle sensitive data. Security is a complex topic, and the current implementation of Privacy Shield is not perfect. If you find any security vulnerabilities, please report them, or better yet, submit a pull request.
-
Easy to Use – Privacy Shield is designed to be easy to use, with a simple command-line interface.
-
Fast – Privacy Shield is designed to be fast, with support for multi-threading and concurrency.
-
Lightweight and Portable – The design is straightforward and lightweight.
-
Safe – Privacy Shield supports safe operations, with support for cancellation and error handling.
-
Free – Privacy Shield is free and open-source software, licensed under the GNU General Public License v3.0. See LICENSE for more information.
-
No Ads, Tracking, and Telemetry – Privacy Shield is free of all these things.
-
No Backdoors, Spyware, and Malware – You can verify this yourself by inspecting the source code.
Privacy Shield now runs exclusively in the command line in an interactive mode.
All the commands/operations are presented in a menu-like interface, and are not saved in the shell command history.
Any operation with any tool can be canceled at any time by pressing Ctrl+C
,
and confirming the cancellation.
Note:
The program uses ANSI escape codes for colors and formatting. If you experience issues with the colors,
you can disable them by setting the NO_COLOR
environment variable to true
(or 1
),
or by using the --no-color
or -nc
option.
export NO_COLOR=true && privacyShield
or
privacyShield --no-color
The program will automatically detect the NO_COLOR
environment variable, and the terminal capabilities
to determine if colors should be used.
The password manager requires a primary password to encrypt/decrypt your passwords. The primary password is verified using the Argon2id algorithm, which is a memory-hard password hashing algorithm, designed to resist side-channel attacks and slow down brute-force attacks.
The primary password must be strong and must not be forgotten. Forgetting the primary password will result in the loss of all passwords stored in the password manager.
Note: When typing a password, the characters are not displayed on the screen for security reasons, and you will be asked to confirm it by typing it again.
A password record consists of the following fields:
- Name – The name of the password record (can be a site name, an application name, etc.)
- Username – The username of the password record (optional)
- Password – The password of the password record.
The passwords are encrypted (and Base64-encoded) before being stored in a file. The actual encryption is done in two steps:
- The 'password' field of a record (the actual password) is encrypted using the
256-bit Serpent cipher in counter mode (CTR)
. - All the fields (including the encrypted password) are encrypted using the
256-bit AES cipher in cipher block chaining mode (CBC)
.
The keys (256-bit) for the two steps are derived from the primary password using the PBKDF2 algorithm, (salted with random bytes).
No two password records are encrypted using the same key.
To be precise, each field of a password record is encrypted independently using a different key.
Also, no two records share the same key, i.e., if you have 100 passwords, then 400 unique keys will
be derived from the primary password for encryption/decryption of the passwords.
This is done to slow down brute-force attacks.
Empty entries/fields are encrypted as well.
The process might be slow, and multithreading has been leveraged to speed up the process.
The Serpent cipher is used for the first step because it is a conservative and secure cipher with more rounds than AES cipher (32 rounds vs. 14 rounds, hence a larger security margin) that is resistant to cryptanalysis. The counter mode (CTR) is used for it because it is a fast and secure mode that is resistant to padding oracle attacks. A non-deterministic random nonce is used in the CTR mode to prevent nonce reuse (or misuse?).
The AES cipher is used for the second step because it is a reputably strong and secure block cipher that has been widely used and tested. The cipher block chaining mode (CBC) ensures that the ciphertext of a block depends on all plaintext blocks processed up to that point, so that the ciphertext does not reveal patterns in the plaintext. Similar to the CTR mode, a non-deterministic random initialization vector (IV) is used in the CBC mode to prevent IV reuse.
For these reasons, the password manager is considerably slower at startup and when saving changes to the password file. Multithreading is used to speed up the encryption/decryption process to some extent.
During runtime, the password manager stores the passwords in memory. The memory is locked to prevent the passwords from being swapped to disk, and is cleared (zeroized, i.e., filled with zeros) when the password manager exits, even if a fatal error occurs, or if the program exits unexpectedly.
The password manager also features the following tools:
- Password Generator – A simple password generator to generate strong passwords.
- Password Strength Checker – A simple password strength checker to check the strength of your passwords.
- Password Exporter – Exports your passwords to a CSV file.
- Password Importer – Imports passwords from a CSV file.
- Analytics – A simple analytics tool to analyze your passwords for strength and reuse.
A note on importation
For importing passwords, the CSV file must have three and only three columns: name, username, and password (in that order).
The file can have a header row, but it is not required (the program will ask you if the file has a header row).
Non-conforming rows will be skipped.
The imported passwords will be deduplicated and merged with the existing passwords. If a password already exists, the program will ask you if you want to overwrite it.
The file encryptor/decryptor requires a password to encrypt/decrypt your files. The password is not stored anywhere (neither verified during decryption) and is only used to encrypt/decrypt the files.
Forgetting the password will result in the loss of all encrypted data.
If a wrong password is provided, decrypted data will be garbage, or the decryption will fail altogether.
The following block ciphers are supported (all with 256-bit keys):
These block ciphers are all strong and secure ciphers that have been widely used and tested.
Serpent and Twofish feature more rounds than their counterparts, and are therefore slower (but more secure?).
The default algorithm is AES-256 in CBC mode.
The 256-bit encryption/decryption keys are derived from the password using the PBKDF2 algorithm salted with random bytes.
For the CBC mode, a non-deterministic random initialization vector (IV) is used, and for the CTR mode, a non-deterministic random nonce is used. This is done to prevent IV/nonce reuse.
By default, the encrypted files are saved with a .enc
extension.
The files encrypted by this program can only be decrypted by this program, and the files encrypted by other programs cannot be decrypted by this program. This is because this program uses a specific format for the encrypted files, and the other programs may use a different format.
Future versions of the program may support authenticated modes of encryption.
The file shredder securely deletes your files by overwriting them with random bytes.
The user can specify the number of overwrites. The default is 3 overwrites.
The file shredder supports the following overwriting methods:
- Random Bytes – Overwrites the file with random bytes.
- 3-Pass DOD 5220.22-M – Overwrites the file with a byte, then with the complement of the byte, and finally with random bytes.
- 7-Pass DOD 5220.22-M – 3-Pass DOD 5220.22-M twice, with a random overwrite in between.
More about the DOD 5220.22-M standard can be found here.
The default overwriting method is a 3-pass overwrite with random bytes.
The random bytes are generated using the
Mersenne Twister
algorithm,
seeded with random bytes from the OS entropy pool
(dictated by C++'s
std::random_device
implementation on the platform).
The cluster tips of the file are also overwritten with zeros by default, and this can be disabled by the user.
After shredding, the file is renamed to a random name thrice, and then deleted (removed, not sent to the recycle bin).
The last write time of the file is also restored to the original value before removal.
The browser privacy tracks cleaner cleans browser cookies and history items.
Currently, only Linux and macOS are supported.
It supports the default installations of the following browsers:
- Google Chrome
- Mozilla Firefox
- Apple Safari
- Opera
- Chromium
It scans for supported browsers in the default installation directories, and then scans for cookies and history databases in the available profile directories.
This tool detects duplicate files in a directory and its subdirectories.
Currently, it only offers detection of duplicate files, and not deletion of the duplicate files. This is because the deletion of duplicate files is a potentially dangerous operation, and the user should be careful when deleting files.
However, the deletion of duplicate files may be implemented in the future.
It uses BLAKE3 hash function to compute the hashes of the files and detect duplicates.
BLAKE3 is a fast and secure hash function that is resistant to extension attacks.
The hashes are computed in parallel using multiple threads to speed up the process.
- A Unix-like operating system, such as Linux, BSD, or macOS.
- A C++ compiler with C++23 support, and C++20 Modules support. For this project, GCC 14 (or newer), or LLVM Clang 18 (or newer) is required.
- CMake 3.28+
- Ninja 1.11+, or any other build system compatible with CMake and C++20 Modules.
- OpenSSL 3+
- Sodium 1.0.18+
- GCrypt 1.10+
- BLAKE3 1.4+ (Fetched automatically by CMake, if not already installed)
- Isocline (Fetched automatically by CMake)
- Mimalloc 2.17+ (Fetched automatically by CMake)
Note:
This project utilizes the C++20 Modules feature,
which is not yet fully supported by all C++ compilers.
The selected C++ compiler must support C++20 Modules, and must provide a way to discover the import graph dependencies.
Only LLVM Clang 17+ (16 has an issue in CMake,
where CMake extensions have to be turned off to use modules)
support this feature via the clang-scan-deps
tool
at the time of writing.
GCC 14 is expected to support this feature as well.
Also, a generator that supports C++20 Modules is required. Ninja 1.11+ is recommended.
BLAKE3 is not available in the package repositories of most Linux distributions, so you will need to build it from the source and install it manually.
You can run install-blake3.sh script to install BLAKE3 automatically, Or you can follow the steps at BLAKE3's GitHub page
Another option is to install BLAKE3 using a package manager, such as Vcpkg: vcpkg install blake3
.
Installing with the script is recommended, as it will also set up the required CMake module for BLAKE3 automatically.
After installing the prerequisites, you can install Privacy Shield by following the steps below:
# Clone the repository (or download the source code)
git clone https://github.com/dr8co/PrivacyShield.git
# Build from the main branch
git checkout main
# Change directory to the project root
cd PrivacyShield
# Configure the project
cmake -S . -B build -DCMAKE_BUILD_TYPE=Release -DCMAKE_CXX_COMPILER=clang++-18 -G Ninja
# Build the project
cmake --build build --config Release -j 4
# Install the program (optional)
cmake --install build # Might need sudo
Remember to replace clang++-18
with your C++ compiler, and 4
with the number of CPU cores you have (for faster builds).
Also, replace Ninja
with your build system if you are not using Ninja.
You can then run the program from the build directory:
# Assuming you are in the project root
./build/privacyShield
You can download a package for your platform from the releases page.
The packages expect the dependencies to be installed on the system, except the ones that are fetched automatically by CMake (they are statically linked to the executable).
The package will contain the built executable, and you can install it using the package manager of your platform.
For the macOS package, you can simply drag the .dmg file to your Applications folder.
The current macOS package was built on macOS 14.5 arm64 (M1 chip), and might not work on older versions of macOS.
For the Linux package, you can install the .deb or .rpm file using the package manager of your distribution.
Internet connection might be required to install the dependencies.
For instance, on Ubuntu, you can install the .deb file using the following command:
sudo dpkg -i privacyshield_3.0.0_amd64.deb # Replace with the actual file path
# You can also use apt to install it:
sudo apt install ./privacyshield_3.0.0_amd64.deb # Replace with the actual file path
On RPM-based distributions like Fedora, you can install the .rpm file using the following command:
sudo rpm -i privacyshield-3.0.0-1.x86_64.rpm # Replace with the actual file path
The packages can be verified using the GnuPG signature files provided. To verify the packages, first import the public GPG key provided:
gpg --import public_gpg_key.asc
The public key is provided in the releases page as well. Then verify the package using the signature file (which can also be found on the releases page):
gpg --verify signatures/privacyshield_3.0.0_amd64.deb.sig privacyshield_3.0.0_amd64.deb
The verification succeeds if the output says
gpg: Good signature from "Ian Duncan (Signing key for personal projects) <[email protected]> ..."
.
SHA256 checksums are also provided for the packages, and you can verify the integrity of the packages using them.
shasum -a 256 -c privacyshield_3.0.0_amd64.deb.sha256
# Or, if you have the sha256sum command available:
sha256sum -c privacyshield_3.0.0_amd64.deb.sha256
After building from the source, you can install the built executable to a custom location by adding
-DCMAKE_INSTALL_PREFIX=/path/to/install
option to the configuration step when building from the source.
The program can then be run by typing privacyShield
in your terminal
(if you've installed to a custom location, you might need to add that installation location to your PATH
environment variable)
The package manager used to install the package can be used to uninstall it.
The specific commands to uninstall the package will depend on the package manager and the platform.
If you have installed Privacy Shield manually, you can uninstall it by running the following command:
# From the project root, run:
xargs rm -f < build/install_manifest.txt # Might need sudo
Or, just remove everything listed in the build/install_manifest.txt
file.
Privacy Shield comes with a command line interface (CLI) that allows you to use the program from your terminal.
The CLI is interactive, which means that you can use it by choosing options from a menu. There is no need to remember commands or arguments, as the CLI will guide you through the process.
To use the CLI, simply run the program by typing privacyShield
in your terminal.
Tab completion is supported for most input fields.
Contributions are welcome! Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests.
- Ian Duncan – Initial work
Thanks to Henrik Steffen Gaßmann for the CMake module to configure the local libsodium installation.
Privacy Shield Suite does not guarantee the development of superhuman powers or sudden urges to wear capes while browsing the internet.
However, the feeling of empowered privacy protection is a strong possibility!
This project is licensed under the GNU GPLv3 License—see the LICENSE file for details.
All third party libraries are licensed under their respective licenses.