update for 2025

[sm18lr88]

Category

Checklist addition or deletion / Spelling, grammatical or link updates

Overview

This PR refreshes the personal-security-checklist YAML for 2025 and adds clearer guidance on smartphone and desktop app privacy.

Key changes:

• Modernizes Authentication to emphasize passkeys/FIDO2 and current breach trends, instead of legacy 2016 DBIR stats.
• Updates Web Browsing copy around HTTPS (noting HTTPS Everywhere’s deprecation and browser HTTPS-only modes) and cleans minor link/typo issues.
• Clarifies Email risks from third-party inbox add-ons and strengthens recommendations for privacy-respecting providers.
• Expands Mobile Devices guidance to treat many native apps (shopping, social, finance, companion apps) as always-on data-collection agents:
  • Stronger emphasis on minimizing app installs, using OS permission managers, and preferring hardened browsers over native apps where possible.
  • Highlights tracker analysis tools (e.g. Exodus Privacy) and use of firewalls/DNS filters to block app telemetry.
• Tightens Personal Computers and Smart Home sections for current OS “assistant”/copilot behaviour and IoT companion-app risk, while keeping the original structure and tone.

Overall aim: keep the checklist accessible to non-experts but align the threat model with modern realities (passkeys, pervasive mobile tracking, OS-level AI features) without changing the site’s layout.

Issue Number (if applicable)

N/A

Supporting Material (if applicable)

• Verizon 2024/2025 DBIR: credentials and personal data remain top breach targets; stolen credentials are a major initial vector.
• FIDO Alliance and industry reports on passkey/FIDO2 adoption across major platforms (Apple, Google, Microsoft); passkey-capable accounts now in the billions.
• NIST PQC standardization for Kyber, Dilithium, and SPHINCS+ as new crypto baselines.
• Exodus Privacy and related research on third-party trackers in mobile apps (e.g. ~75% of Android apps containing at least one tracker).
• EFF and others on the deprecation of HTTPS Everywhere and the shift to native HTTPS-only browser modes.

Association (if applicable)

No affiliation with any of the linked products or services.

Checklist

• I have performed a self-review (valid links, formatting, spelling and grammar)
• I have indicated whether I have any affiliation with any software/ services edited
• I have read the Contributing Guidelines, and agree to follow the Code of Conduct

[vercel]

@sm18lr88 is attempting to deploy a commit to the AS93 Team on Vercel.

A member of the Team first needs to authorize it.

[netlify]

✅ Deploy Preview for security-checklist canceled.

Name	Link
🔨 Latest commit	7c01583
🔍 Latest deploy log	https://app.netlify.com/projects/security-checklist/deploys/692a4323aa41190008628b98

[sm18lr88]

ChatGPT translation of the Hebrew is very confusing. I don't know if it's a bot that posted a random reply.
This is my first actual pull request, ever. Let me know if any clarification is needed.