diff --git a/SECURITY.md b/SECURITY.md index 91f30d94..d1aa0fb4 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -37,6 +37,7 @@ privacy.sexy adopts a defense in depth strategy to protect users on multiple lay - **Auditing and Transparency:** The desktop application improves security and transparency by logging application activities and retaining files of executed scripts This facilitates detailed auditability and effective troubleshooting, contributing to the integrity and reliability of the application. + Recognizing that some users prefer not to keep these records, privacy.sexy provides specialized scripts for deletion of these logs. - **Privilege Management:** The desktop application operates without persistent administrative or `sudo` privileges, reinforcing its security posture. It requests elevation of privileges for system modifications with explicit user consent and logs every action taken with high privileges. This @@ -45,6 +46,7 @@ privacy.sexy adopts a defense in depth strategy to protect users on multiple lay Before executing any script, the desktop application stores a copy to allow antivirus software to perform scans. This safeguards against any unwanted modifications. Furthermore, the application incorporates integrity checks for tamper protection. If the script file differs from the user's selected script, the application will not execute or save the script, ensuring the processing of authentic scripts. + Recognizing that some users prefer not to keep these records, privacy.sexy provides specialized scripts for deletion of these scripts. ### Update Security and Integrity diff --git a/docs/desktop-vs-web-features.md b/docs/desktop-vs-web-features.md index 6565d150..fecc0f41 100644 --- a/docs/desktop-vs-web-features.md +++ b/docs/desktop-vs-web-features.md @@ -51,6 +51,8 @@ Log file locations vary by operating system: - Linux: `$HOME/.config/privacy.sexy/logs` - Windows: `%APPDATA%\privacy.sexy\logs` +> 💡 privacy.sexy provides scripts to securely erase these logs. + ### Script execution The desktop version of privacy.sexy enables direct script execution, providing a seamless and integrated experience. @@ -65,6 +67,8 @@ These locations vary based on the operating system: - Linux: `$HOME/.config/privacy.sexy/runs` - Windows: `%APPDATA%\privacy.sexy\runs` +> 💡 privacy.sexy provides scripts to securely erase your script execution history. + ### Error handling The desktop version of privacy.sexy features advanced error handling capabilities. diff --git a/src/application/collections/linux.yaml b/src/application/collections/linux.yaml index de496f67..b7ae1db9 100644 --- a/src/application/collections/linux.yaml +++ b/src/application/collections/linux.yaml @@ -166,6 +166,69 @@ actions: Third-party applications are not typically distributed as part of the operating system and are installed separately. children: + - + category: Clear privacy.sexy data + # Marked: refactor-with-variables, refactor-with-partials + # - Documentation is same across macOS, Linux and Windows, this should be shared and not duplicated. + docs: |- + This category offers scripts to remove data left by the privacy.sexy desktop application, + helping you ensure your privacy by eliminating all traces of use. + + The web application version of privacy.sexy does not create or store user data on your device [1], + so this category is applicable to desktop application users only. + + These scripts are designed for anyone wanting to ensure their script activities leave no trace on their systems. + + > **Caution**: + > Deleting this data might affect security [2] and troubleshooting [1]: + > - Logs are valuable for diagnosing issues and understanding past actions [1]. + > - Script files can help review changes made to the system and aid in reverting those changes if needed. + + [1]: https://github.com/undergroundwires/privacy.sexy/blob/master/docs/desktop-vs-web-features.md "Desktop vs. Web Features | privacy.sexy | github.com" + [2]: https://github.com/undergroundwires/privacy.sexy/blob/master/SECURITY.md "SECURITY.md | privacy.sexy | github.com" + children: + - + name: Clear privacy.sexy script history + docs: |- + This script removes script files generated by the privacy.sexy desktop application. + + The desktop version executes scripts directly on your device [1], saving a script file for execution [1], + troubleshooting [1], and security [2]. + + By running this script, you remove the executed script files, enhancing your privacy by ensuring that there is no + residual data that could reveal your usage patterns or preferences. + + > **Caution**: + > - This action is irreversible. Deleted script files cannot be retrieved. + > - These files might be necessary for troubleshooting if you experience issues after using privacy.sexy scripts. + + [1]: https://github.com/undergroundwires/privacy.sexy/blob/master/docs/desktop-vs-web-features.md "Desktop vs. Web Features | privacy.sexy | github.com" + [2]: https://github.com/undergroundwires/privacy.sexy/blob/master/SECURITY.md "SECURITY.md | privacy.sexy | github.com" + call: + function: ClearDirectoryContents + parameters: + directoryGlob: "$HOME/.config/privacy.sexy/runs" + - + name: Clear privacy.sexy activity logs + docs: |- + This script removes log files generated by the privacy.sexy desktop application. + + Different from the web version, the desktop application records logs for troubleshooting [1]. + Additionally, these logs offer auditing and transparency for security [2]. + + Deleting these logs can help maintain your privacy by ensuring there are no records of the application's activities + on your system. + + > **Caution**: + > - Removing logs will prevent you from reviewing the application's activities, which could be helpful in diagnosing issues. + > - Logs can contain valuable information for technical support should you need assistance. + + [1]: https://github.com/undergroundwires/privacy.sexy/blob/master/docs/desktop-vs-web-features.md "Desktop vs. Web Features | privacy.sexy | github.com" + [2]: https://github.com/undergroundwires/privacy.sexy/blob/master/SECURITY.md "SECURITY.md | privacy.sexy | github.com" + call: + function: ClearDirectoryContents + parameters: + directoryGlob: "$HOME/.config/privacy.sexy/logs" - name: Clear Steam cache docs: |- @@ -3233,6 +3296,8 @@ actions: functions: - name: RunInlineCode + # Marked: refactor-with-partials + # Same function in macOS, Linux, Windows parameters: - name: code - name: revertCode @@ -3493,6 +3558,8 @@ functions: # 💡 Purpose: # Adds a comment in the executed code for better readability and debugging. # This function does not affect the execution flow but helps in understanding the purpose of subsequent code. + # Marked: refactor-with-partials + # Same function as macOS parameters: - name: codeComment optional: true @@ -3904,3 +3971,25 @@ functions: sudo mv "$file.backup" "$file" echo "Successfully restored from backup: $file" fi + - + name: ClearDirectoryContents + # 💡 Purpose: + # Empties the contents of a directory recursively (including all of its files and subfolders) while preserving + # the directory itself. + # Marked: refactor-with-partials + # Same function as macOS + parameters: + - name: directoryGlob + - name: grantPermissions + optional: true + call: + - + function: Comment + parameters: + codeComment: 'Clear directory contents: "{{ $directoryGlob }}"' + - + function: RunInlineCode + parameters: + code: |- + glob_pattern="{{ $directoryGlob }}/*" + {{ with $grantPermissions }}sudo {{ end }}rm -rfv $glob_pattern diff --git a/src/application/collections/macos.yaml b/src/application/collections/macos.yaml index 11cd16e6..4e276771 100644 --- a/src/application/collections/macos.yaml +++ b/src/application/collections/macos.yaml @@ -282,6 +282,69 @@ actions: - category: Clear third-party application data children: + - + category: Clear privacy.sexy data + # Marked: refactor-with-variables, refactor-with-partials + # - Documentation is same across macOS, Linux and Windows, this should be shared and not duplicated. + docs: |- + This category offers scripts to remove data left by the privacy.sexy desktop application, + helping you ensure your privacy by eliminating all traces of use. + + The web application version of privacy.sexy does not create or store user data on your device [1], + so this category is applicable to desktop application users only. + + These scripts are designed for anyone wanting to ensure their script activities leave no trace on their systems. + + > **Caution**: + > Deleting this data might affect security [2] and troubleshooting [1]: + > - Logs are valuable for diagnosing issues and understanding past actions [1]. + > - Script files can help review changes made to the system and aid in reverting those changes if needed. + + [1]: https://github.com/undergroundwires/privacy.sexy/blob/master/docs/desktop-vs-web-features.md "Desktop vs. Web Features | privacy.sexy | github.com" + [2]: https://github.com/undergroundwires/privacy.sexy/blob/master/SECURITY.md "SECURITY.md | privacy.sexy | github.com" + children: + - + name: Clear privacy.sexy script history + docs: |- + This script removes script files generated by the privacy.sexy desktop application. + + The desktop version executes scripts directly on your device [1], saving a script file for execution [1], + troubleshooting [1], and security [2]. + + By running this script, you remove the executed script files, enhancing your privacy by ensuring that there is no + residual data that could reveal your usage patterns or preferences. + + > **Caution**: + > - This action is irreversible. Deleted script files cannot be retrieved. + > - These files might be necessary for troubleshooting if you experience issues after using privacy.sexy scripts. + + [1]: https://github.com/undergroundwires/privacy.sexy/blob/master/docs/desktop-vs-web-features.md "Desktop vs. Web Features | privacy.sexy | github.com" + [2]: https://github.com/undergroundwires/privacy.sexy/blob/master/SECURITY.md "SECURITY.md | privacy.sexy | github.com" + call: + function: ClearDirectoryContents + parameters: + directoryGlob: "$HOME/Library/Application Support/privacy.sexy/runs" + - + name: Clear privacy.sexy activity logs + docs: |- + This script removes log files generated by the privacy.sexy desktop application. + + Different from the web version, the desktop application records logs for troubleshooting [1]. + Additionally, these logs offer auditing and transparency for security [2]. + + Deleting these logs can help maintain your privacy by ensuring there are no records of the application's activities + on your system. + + > **Caution**: + > - Removing logs will prevent you from reviewing the application's activities, which could be helpful in diagnosing issues. + > - Logs can contain valuable information for technical support should you need assistance. + + [1]: https://github.com/undergroundwires/privacy.sexy/blob/master/docs/desktop-vs-web-features.md "Desktop vs. Web Features | privacy.sexy | github.com" + [2]: https://github.com/undergroundwires/privacy.sexy/blob/master/SECURITY.md "SECURITY.md | privacy.sexy | github.com" + call: + function: ClearDirectoryContents + parameters: + directoryGlob: "$HOME/Library/Logs/privacy.sexy" - name: Clear Adobe cache recommend: standard @@ -1558,3 +1621,47 @@ functions: echo "Output from \`tccutil\`: $reset_output." fi fi + - + name: RunInlineCode + # Marked: refactor-with-partials + # Same function in macOS, Linux, Windows + parameters: + - name: code + - name: revertCode + optional: true + code: '{{ $code }}' + revertCode: '{{ with $revertCode }}{{ . }}{{ end }}' + - + name: Comment + # 💡 Purpose: + # Adds a comment in the executed code for better readability and debugging. + # This function does not affect the execution flow but helps in understanding the purpose of subsequent code. + # Marked: refactor-with-partials + # Same function as Linux + parameters: + - name: codeComment + optional: true + - name: revertCodeComment + optional: true + call: + function: RunInlineCode + parameters: + code: '{{ with $codeComment }}# {{ . }}{{ end }}' + revertCode: '{{ with $revertCodeComment }}# {{ . }}{{ end }}' + - + name: ClearDirectoryContents + parameters: + - name: directoryGlob + - name: grantPermissions + optional: true + call: + - + function: Comment + parameters: + codeComment: 'Clear directory contents: "{{ $directoryGlob }}"' + - + function: RunInlineCode + parameters: + code: |- + glob_pattern="{{ $directoryGlob }}/*" + {{ with $grantPermissions }}sudo {{ end }}rm -rfv $glob_pattern diff --git a/src/application/collections/windows.yaml b/src/application/collections/windows.yaml index 24660df4..1768ff2d 100644 --- a/src/application/collections/windows.yaml +++ b/src/application/collections/windows.yaml @@ -194,6 +194,69 @@ actions: - category: Clear third-party application data children: + - + category: Clear privacy.sexy data + # Marked: refactor-with-variables, refactor-with-partials + # - Documentation is same across macOS, Linux and Windows, this should be shared and not duplicated. + docs: |- + This category offers scripts to remove data left by the privacy.sexy desktop application, + helping you ensure your privacy by eliminating all traces of use. + + The web application version of privacy.sexy does not create or store user data on your device [1], + so this category is applicable to desktop application users only. + + These scripts are designed for anyone wanting to ensure their script activities leave no trace on their systems. + + > **Caution**: + > Deleting this data might affect security [2] and troubleshooting [1]: + > - Logs are valuable for diagnosing issues and understanding past actions [1]. + > - Script files can help review changes made to the system and aid in reverting those changes if needed. + + [1]: https://github.com/undergroundwires/privacy.sexy/blob/master/docs/desktop-vs-web-features.md "Desktop vs. Web Features | privacy.sexy | github.com" + [2]: https://github.com/undergroundwires/privacy.sexy/blob/master/SECURITY.md "SECURITY.md | privacy.sexy | github.com" + children: + - + name: Clear privacy.sexy script history + docs: |- + This script removes script files generated by the privacy.sexy desktop application. + + The desktop version executes scripts directly on your device [1], saving a script file for execution [1], + troubleshooting [1], and security [2]. + + By running this script, you remove the executed script files, enhancing your privacy by ensuring that there is no + residual data that could reveal your usage patterns or preferences. + + > **Caution**: + > - This action is irreversible. Deleted script files cannot be retrieved. + > - These files might be necessary for troubleshooting if you experience issues after using privacy.sexy scripts. + + [1]: https://github.com/undergroundwires/privacy.sexy/blob/master/docs/desktop-vs-web-features.md "Desktop vs. Web Features | privacy.sexy | github.com" + [2]: https://github.com/undergroundwires/privacy.sexy/blob/master/SECURITY.md "SECURITY.md | privacy.sexy | github.com" + call: + function: ClearDirectoryContents + parameters: + directoryGlob: '%APPDATA%\privacy.sexy\runs' + - + name: Clear privacy.sexy activity logs + docs: |- + This script removes log files generated by the privacy.sexy desktop application. + + Different from the web version, the desktop application records logs for troubleshooting [1]. + Additionally, these logs offer auditing and transparency for security [2]. + + Deleting these logs can help maintain your privacy by ensuring there are no records of the application's activities + on your system. + + > **Caution**: + > - Removing logs will prevent you from reviewing the application's activities, which could be helpful in diagnosing issues. + > - Logs can contain valuable information for technical support should you need assistance. + + [1]: https://github.com/undergroundwires/privacy.sexy/blob/master/docs/desktop-vs-web-features.md "Desktop vs. Web Features | privacy.sexy | github.com" + [2]: https://github.com/undergroundwires/privacy.sexy/blob/master/SECURITY.md "SECURITY.md | privacy.sexy | github.com" + call: + function: ClearDirectoryContents + parameters: + directoryGlob: '%APPDATA%\privacy.sexy\logs' - name: Clear Listary search index call: @@ -15632,6 +15695,8 @@ functions: defaultStartupMode: '{{ $defaultStartupMode }}' - name: RunInlineCode + # Marked: refactor-with-partials + # Same function in macOS, Linux, Windows parameters: - name: code optional: true