-
Notifications
You must be signed in to change notification settings - Fork 23
Security advice
Wiki ▸ Documentation ▸ Security advice
This page describes how to use Buoy in the safest and most secure way possible. While you don't have to follow most (or even any) recommendations in this guide for Buoy to work, the more of these guidelines you are able to follow the safer you will be whenever you use Buoy. Most of these guidelines can also be applied to other apps or websites, too, although this guide is specific to Better Angels' Buoy.
ℹ️ This guide is a general overview of security advice related to Buoy. For more specific security documentation, see the Security section of the Buoy Documentation for a specific audience. For example, if you are setting up a Buoy for others to use, consider also reading the Security Considerations for Buoy Site Administrators page.
🚧 This guide is a work in progress. Help us improve it!
When a service provider installs the Buoy software on their server, the software checks for the presence of additional security tools and warns the person performing the installation if those are missing. These additional security tools include plugins like Google Authenticator and, when one becomes available, an SQRL plugin, that enable you to add additional protections against unauthorized access to your Buoy account so that it is more difficult for other people to impersonate you.
If these extra security tools are not available on your Buoy installation, consider prodding your service provider into adding them so that you and everyone else who uses their Buoy instance can benefit from them. We only ever recommend free software.
Two-factor authentication is a mechanism that adds an additional password to your account on top of your existing username and password combination. This second password, however, is randomly generated each time you want to log in. Buoy admins can install one of many WordPress plugins to enable two-factor authentication with Buoy.
TK-complete me!
We recommend using CameraV for gathering evidence of abuse, including for taking photographs of injuries sustained after a violent incident and for photographing abuses such as police brutality as they occur. CameraV is a free software project available as an Android app.
Buoy site administrators can take additional steps to further protect all of their Buoy's users.
Questions? Double-check the Frequently Asked Questions. Otherwise, if you want help from other users, try the Buoy Support Forum. To contact the developers, open a new issue.