20241208b

- Recommended iVerify's Mobile Threat Hunter tool to audit mobile devices.
- Fixed Caddyfile
- Fixed some back-end npm stuff.

caddy/10-headers.caddy

@@ -18,7 +18,7 @@
 	header X-Content-Type-Options nosniff
 	header ?Cross-Origin-Resource-Policy cross-origin
 	header ?Cross-Origin-Embedder-Policy credentialless
-	header ?Cross-Origin-Opener-Policy same-origin
+	header ?Cross-Origin-Opener-Policy same-origin-allow-popups
 
 	# Simplified CSP by removing everything which was set to "none", since the default-src is "none" anyways, except for base-uri and frame-ancestors which don't have default-src fallback: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src
 	header +Content-Security-Policy "default-src 'none'; script-src 'self' https://plausible.thenewoil.org; connect-src 'self' https://plausible.thenewoil.org; style-src 'self' 'unsafe-inline'; style-src-elem 'self'; style-src-attr 'unsafe-inline'; img-src 'self'; font-src 'self' data: ; media-src 'self' data: ;"

caddy/Caddyfile

@@ -1,4 +1,4 @@
-# VERSION: 5
+# VERSION: 6
 # You should increment this number whenever changing ANY file in the /caddy folder, so that the webserver picks up the changes and restarts
 
 # Imports the configuration from all files in this folder with the .caddy file extension

src/pages/en/guides/most-important/auditing.mdx

@@ -30,7 +30,7 @@ In the event that you cannot simply buy a new device or factory reset it, there
 
 **Start with a basic reboot of your phone.** Most mobile malware is not persistent, so unless your device is rooted or jailbroken (which I strongly discourage) then this will clear most basic threats. In the case of persistent malware, this is often accomplished through an app. Many apps masquerade as innocent tools - such as PDF viewers, flashlights, VPNs, or games - but are secretly collecting data. Take this time to go through your phone and **remove as many apps as possible.** Even if you trust them - such as your bank's app - I would recommend removing them unless you really need them or use them frequently.
 
-Next, **consider running a virus scan.** I recommend services like [Malwarebytes](https://www.malwarebytes.com/) or [Bitdefender](https://www.bitdefender.com/), both of whom offer a scanner for Android and iOS. [iVerify Basic](https://iverify.io/products/basic) is another powerful tool I recommend to find potential malware on your device. For Android only, you can also consider using the [Hypatia](https://f-droid.org/packages/us.spotco.malwarescanner/) app.
+Next, **consider running a virus scan.** I recommend services like [Malwarebytes](https://www.malwarebytes.com/) or [Bitdefender](https://www.bitdefender.com/), both of whom offer a scanner for Android and iOS. [iVerify Basic](https://iverify.io/products/basic) is another powerful tool I recommend to find potential malware on your device. The app costs $1 one-timne and you can submit your data for a powerful, comprehensive scan once a month for free after that. This tool has proven [highly effective](https://arstechnica.com/security/2024/12/1-phone-scanner-finds-seven-pegasus-spyware-infections/) in some cases. For Android only, you can also consider using the [Hypatia](https://f-droid.org/packages/us.spotco.malwarescanner/) app.
 
 Once you're sure you have a clean device, you can remove this if it fits your threat model. I am of the belief that by practicing good digital hygiene and keeping your devices up-to-date, the stock antivirus features are sufficient for most users. If you have an elevated threat model, you may elect to keep these apps on your device to help keep yourself safe.