From 27dc7d2724a3e31e2c48862c698aa1d11a717fc3 Mon Sep 17 00:00:00 2001 From: Crowdin Bot Date: Thu, 15 Aug 2024 02:28:17 +0000 Subject: [PATCH] New Crowdin translations by GitHub Action --- i18n/ar/email.md | 35 +++++++++++++++++------------------ i18n/bn-IN/email.md | 35 +++++++++++++++++------------------ i18n/bn/email.md | 35 +++++++++++++++++------------------ i18n/cs/email.md | 35 +++++++++++++++++------------------ i18n/de/email.md | 35 +++++++++++++++++------------------ i18n/el/email.md | 35 +++++++++++++++++------------------ i18n/eo/email.md | 35 +++++++++++++++++------------------ i18n/es/email.md | 39 +++++++++++++++++++-------------------- i18n/fa/email.md | 35 +++++++++++++++++------------------ i18n/fr/email.md | 39 +++++++++++++++++++-------------------- i18n/he/email.md | 35 +++++++++++++++++------------------ i18n/hi/email.md | 35 +++++++++++++++++------------------ i18n/hu/email.md | 35 +++++++++++++++++------------------ i18n/id/email.md | 35 +++++++++++++++++------------------ i18n/it/email.md | 39 +++++++++++++++++++-------------------- i18n/ja/email.md | 35 +++++++++++++++++------------------ i18n/ko/email.md | 35 +++++++++++++++++------------------ i18n/ku-IQ/email.md | 35 +++++++++++++++++------------------ i18n/nl/email.md | 35 +++++++++++++++++------------------ i18n/pl/email.md | 35 +++++++++++++++++------------------ i18n/pt-BR/email.md | 35 +++++++++++++++++------------------ i18n/pt/email.md | 35 +++++++++++++++++------------------ i18n/ru/email.md | 35 +++++++++++++++++------------------ i18n/sv/email.md | 35 +++++++++++++++++------------------ i18n/tr/email.md | 35 +++++++++++++++++------------------ i18n/uk/email.md | 35 +++++++++++++++++------------------ i18n/vi/email.md | 35 +++++++++++++++++------------------ i18n/zh-Hant/email.md | 35 +++++++++++++++++------------------ i18n/zh/email.md | 35 +++++++++++++++++------------------ 29 files changed, 499 insertions(+), 528 deletions(-) diff --git a/i18n/ar/email.md b/i18n/ar/email.md index 12eae39a..5305c797 100644 --- a/i18n/ar/email.md +++ b/i18n/ar/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - حتَّى ولو كان البريد الإلكتروني حاجةً لتستخدم أيَّ خدمة إنترنت فإننا لا نوصي به للتحادث. تأمَّل استخدام خدمة اتصال مباشر تدعم السرية المستقبلية لتحادث الناس بدلًا من استخدام بريد إلكتروني. [ما نوصي به من برامج مراسلة فورية](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the ![Proton Mail logo](assets/img/email/protonmail.svg){ align=left } -**بريد بروتون** هو خدمة بُرُد إلكترونية تركِّز في الخصوصية والتعمية والأمن واليسر. وهم يعملون منذ **٢٠١٣**. ومقرُّ بروتون أي‌جي في جنيف في سويسرا. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +**بريد بروتون** هو خدمة بُرُد إلكترونية تركِّز في الخصوصية والتعمية والأمن واليسر. They have been in operation since 2013. ومقرُّ بروتون أي‌جي في جنيف في سويسرا. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ All accounts come with limited cloud storage that [can be encrypted](https://kb. ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Advanced system administrators may consider setting up their own email server. M ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } -**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. +**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ We regard these features as important in order to provide a safe and optimal ser - Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. - Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- Catch-all or alias functionality for those who own their own domains. -- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. ### Privacy @@ -315,7 +314,7 @@ We prefer our recommended providers to collect as little data as possible. **Minimum to Qualify:** -- Protect sender's IP address. Filter it from showing in the `Received` header field. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. - Privacy policy that meets the requirements defined by the GDPR. @@ -326,12 +325,12 @@ We prefer our recommended providers to collect as little data as possible. ### Security -Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. +Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their customers. **Minimum to Qualify:** - Protection of webmail with 2FA, such as TOTP. -- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. +- Zero access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support. - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption. @@ -344,13 +343,14 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. -- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Best Case:** -- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). +- Support for hardware authentication, i.e. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. -- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Published security audits from a reputable third-party firm. - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t **Best Case:** -- Public-facing leadership. - Frequent transparency reports. ### Marketing -With the email providers we recommend we like to see responsible marketing. +With the email providers we recommend, we like to see responsible marketing. **Minimum to Qualify:** -- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. +- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Must not have any marketing which is irresponsible: +Must not have any irresponsible marketing, which can include the following: - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: +- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.) - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Best Case:** -- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Additional Functionality diff --git a/i18n/bn-IN/email.md b/i18n/bn-IN/email.md index 9c7efcdd..105a00c2 100644 --- a/i18n/bn-IN/email.md +++ b/i18n/bn-IN/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. [Recommended Instant Messengers](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ These providers store your emails with zero-knowledge encryption, making them gr ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Advanced system administrators may consider setting up their own email server. M ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } -**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. +**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ We regard these features as important in order to provide a safe and optimal ser - Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. - Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- Catch-all or alias functionality for those who own their own domains. -- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. ### Privacy @@ -315,7 +314,7 @@ We prefer our recommended providers to collect as little data as possible. **Minimum to Qualify:** -- Protect sender's IP address. Filter it from showing in the `Received` header field. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. - Privacy policy that meets the requirements defined by the GDPR. @@ -326,12 +325,12 @@ We prefer our recommended providers to collect as little data as possible. ### Security -Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. +Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their customers. **Minimum to Qualify:** - Protection of webmail with 2FA, such as TOTP. -- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. +- Zero access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support. - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption. @@ -344,13 +343,14 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. -- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Best Case:** -- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). +- Support for hardware authentication, i.e. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. -- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Published security audits from a reputable third-party firm. - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t **Best Case:** -- Public-facing leadership. - Frequent transparency reports. ### Marketing -With the email providers we recommend we like to see responsible marketing. +With the email providers we recommend, we like to see responsible marketing. **Minimum to Qualify:** -- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. +- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Must not have any marketing which is irresponsible: +Must not have any irresponsible marketing, which can include the following: - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: +- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.) - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Best Case:** -- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Additional Functionality diff --git a/i18n/bn/email.md b/i18n/bn/email.md index 9c7efcdd..105a00c2 100644 --- a/i18n/bn/email.md +++ b/i18n/bn/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. [Recommended Instant Messengers](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ These providers store your emails with zero-knowledge encryption, making them gr ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Advanced system administrators may consider setting up their own email server. M ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } -**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. +**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ We regard these features as important in order to provide a safe and optimal ser - Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. - Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- Catch-all or alias functionality for those who own their own domains. -- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. ### Privacy @@ -315,7 +314,7 @@ We prefer our recommended providers to collect as little data as possible. **Minimum to Qualify:** -- Protect sender's IP address. Filter it from showing in the `Received` header field. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. - Privacy policy that meets the requirements defined by the GDPR. @@ -326,12 +325,12 @@ We prefer our recommended providers to collect as little data as possible. ### Security -Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. +Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their customers. **Minimum to Qualify:** - Protection of webmail with 2FA, such as TOTP. -- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. +- Zero access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support. - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption. @@ -344,13 +343,14 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. -- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Best Case:** -- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). +- Support for hardware authentication, i.e. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. -- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Published security audits from a reputable third-party firm. - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t **Best Case:** -- Public-facing leadership. - Frequent transparency reports. ### Marketing -With the email providers we recommend we like to see responsible marketing. +With the email providers we recommend, we like to see responsible marketing. **Minimum to Qualify:** -- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. +- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Must not have any marketing which is irresponsible: +Must not have any irresponsible marketing, which can include the following: - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: +- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.) - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Best Case:** -- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Additional Functionality diff --git a/i18n/cs/email.md b/i18n/cs/email.md index 9c7efcdd..105a00c2 100644 --- a/i18n/cs/email.md +++ b/i18n/cs/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. [Recommended Instant Messengers](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ These providers store your emails with zero-knowledge encryption, making them gr ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Advanced system administrators may consider setting up their own email server. M ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } -**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. +**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ We regard these features as important in order to provide a safe and optimal ser - Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. - Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- Catch-all or alias functionality for those who own their own domains. -- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. ### Privacy @@ -315,7 +314,7 @@ We prefer our recommended providers to collect as little data as possible. **Minimum to Qualify:** -- Protect sender's IP address. Filter it from showing in the `Received` header field. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. - Privacy policy that meets the requirements defined by the GDPR. @@ -326,12 +325,12 @@ We prefer our recommended providers to collect as little data as possible. ### Security -Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. +Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their customers. **Minimum to Qualify:** - Protection of webmail with 2FA, such as TOTP. -- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. +- Zero access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support. - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption. @@ -344,13 +343,14 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. -- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Best Case:** -- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). +- Support for hardware authentication, i.e. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. -- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Published security audits from a reputable third-party firm. - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t **Best Case:** -- Public-facing leadership. - Frequent transparency reports. ### Marketing -With the email providers we recommend we like to see responsible marketing. +With the email providers we recommend, we like to see responsible marketing. **Minimum to Qualify:** -- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. +- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Must not have any marketing which is irresponsible: +Must not have any irresponsible marketing, which can include the following: - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: +- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.) - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Best Case:** -- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Additional Functionality diff --git a/i18n/de/email.md b/i18n/de/email.md index 00d85436..1ce219d5 100644 --- a/i18n/de/email.md +++ b/i18n/de/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - E-Mail ist praktisch eine Voraussetzung für die Nutzung aller Online-Dienste, wir empfehlen sie jedoch nicht zur Kommunikation von Mensch zu Mensch. Anstatt E-Mails für die Kontaktaufnahme mit anderen Personen zu verwenden, überleg ob du einen Instant Messenger benutzen kannst, der Forward Secrecy (auf Deutsch etwa "vorwärts gerichtete Geheimhaltung") unterstützt. [Empfohlene Instant Messenger](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP unterstützt auch keine Forward Secrecy. Das heißt, wenn entweder dein ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** ist ein E-Mail-Dienst mit dem Schwerpunkt auf Datenschutz, Verschlüsselung, Sicherheit und Benutzerfreundlichkeit. Sie sind seit **2013** in Betrieb. Die Proton AG hat ihren Sitz in Genf, Schweiz. Der Proton Mail Free Tarif beinhaltet 500 MB Mailspeicher, den du kostenlos auf bis zu 1 GB erweitern kannst. +**Proton Mail** ist ein E-Mail-Dienst mit dem Schwerpunkt auf Datenschutz, Verschlüsselung, Sicherheit und Benutzerfreundlichkeit. They have been in operation since 2013. Die Proton AG hat ihren Sitz in Genf, Schweiz. Der Proton Mail Free Tarif beinhaltet 500 MB Mailspeicher, den du kostenlos auf bis zu 1 GB erweitern kannst. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion / Tor" } @@ -192,7 +191,7 @@ Diese Anbieter speichern deine E-Mails mit Zero-Knowledge-Verschlüsselung und s ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta ist seit **2011** in Betrieb und hat seinen Sitz in Hannover. Kostenlose Konten beginnen mit 1 GB Speicherplatz. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Kostenlose Konten beginnen mit 1 GB Speicherplatz. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Datenschutz" } @@ -257,7 +256,7 @@ Fortgeschrittene Systemadministratoren können die Einrichtung eines eigenen E-M ![Mailcow-Logo](assets/img/email/mailcow.svg){ align=right } -**Mailcow** ist ein fortgeschrittener Mailserver, perfekt für diejenigen mit ein wenig mehr Linux-Erfahrung. Es vereinigt alles was du brauchst in einem Docker-Container: Einen Mailserver mit DKIM-Unterstützung, Virenschutz und Spam-Überwachung, Webmail und ActiveSync mit SOGo, sowie eine webbasierte Verwaltung mit 2FA-Unterstützung. +**Mailcow** ist ein fortgeschrittener Mailserver, perfekt für diejenigen mit ein wenig mehr Linux-Erfahrung. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Dokumentation} @@ -306,8 +305,8 @@ Wir halten diese Merkmale für wichtig, um einen sicheren und optimalen Service - Unterstützung für eine temporäre Mailbox für externe Benutzer. Dies ist nützlich, wenn du eine verschlüsselte E-Mail versenden möchtest, ohne eine Kopie an den Empfänger zu senden. Diese E-Mails haben in der Regel eine begrenzte Lebensdauer und werden dann automatisch gelöscht. Sie erfordern auch nicht, dass der Empfänger eine Kryptographie wie OpenPGP konfiguriert. - Verfügbarkeit der Dienste des E-Mail-Anbieters über einen [onion service](https://de.wikipedia.org/wiki/.onion). - Unterstützung [von Unteradressen](https://en.wikipedia.org/wiki/Email_address#Sub-addressing). -- Catch-All- oder Alias-Funktionalität für diejenigen, die ihre eigenen Domains besitzen. -- Verwendung von Standard-E-Mail-Zugangsprotokollen wie IMAP, SMTP oder [JMAP](https://de.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standardzugriffsprotokolle stellen sicher, dass die Kunden alle ihre E-Mails problemlos herunterladen können, sollten sie zu einem anderen Anbieter wechseln wollen. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standardzugriffsprotokolle stellen sicher, dass die Kunden alle ihre E-Mails problemlos herunterladen können, sollten sie zu einem anderen Anbieter wechseln wollen. ### Datenschutz @@ -315,7 +314,7 @@ Wir ziehen es vor, dass die von uns empfohlenen Anbieter so wenig Daten wie mög **Mindestvoraussetzung um sich zu qualifizieren:** -- IP-Adresse des Absenders schützen. Der `Received`-Header wird aus der E-Mail entfernt. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Benötigt keine personenbezogenen Daten (PII) außer eines Benutzernamens und eines Passwortes. - Datenschutzrichtlinien, die den Anforderungen der DSGVO entsprechen. @@ -326,12 +325,12 @@ Wir ziehen es vor, dass die von uns empfohlenen Anbieter so wenig Daten wie mög ### Sicherheit -Auf E-Mail-Servern werden viele sehr sensible Daten verarbeitet. Wir erwarten, dass die Anbieter die besten Praktiken der Branche übernehmen, um ihre Nutzer zu schützen. +Auf E-Mail-Servern werden viele sehr sensible Daten verarbeitet. We expect that providers will adopt best industry practices in order to protect their customers. **Mindestvoraussetzung um sich zu qualifizieren:** - Schutz von Webmail mit 2FA, wie TOTP. -- Zero-Access-Verschlüsselung, baut auf Verschlüsselung im Ruhezustand auf. Der Anbieter verfügt nicht über die Entschlüsselungsschlüssel zu den Daten, die er besitzt. So wird verhindert, dass ein abtrünniger Mitarbeitender Daten preisgibt, auf die er/sie Zugriff hat, oder dass ein Angreifender Daten freigibt, die er/sie gestohlen hat, indem er/sie sich unbefugt Zugang zum Server verschafft. +- Zero access encryption, which builds on encryption at rest. Der Anbieter verfügt nicht über die Entschlüsselungsschlüssel zu den Daten, die er besitzt. So wird verhindert, dass ein abtrünniger Mitarbeitender Daten preisgibt, auf die er/sie Zugriff hat, oder dass ein Angreifender Daten freigibt, die er/sie gestohlen hat, indem er/sie sich unbefugt Zugang zum Server verschafft. - [DNSSEC](https://de.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) Unterstützung. - Keine TLS-Fehler oder -Schwachstellen beim Profiling durch Tools wie [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh)oder [Qualys SSL Labs](https://ssllabs.com/ssltest); dies schließt zertifikatsbezogene Fehler und schwache DH-Parameter ein, wie z. B. die, die zu [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)) führten. - Eine Server-Suite-Präferenz (optional bei TLSv1.3) für starke Cipher-Suites, die Forward Secrecy und authentifizierte Verschlüsselung unterstützen. @@ -344,13 +343,14 @@ Auf E-Mail-Servern werden viele sehr sensible Daten verarbeitet. Wir erwarten, d - Website-Sicherheitsstandards wie z. B.: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) wenn Dinge von externen Domains geladen werden. -- Muss die Anzeige von [Message Headers](https://de.wikipedia.org/wiki/Header_(E-Mail)) unterstützen, da dies eine wichtige forensische Funktion ist, um festzustellen, ob eine E-Mail ein Phishing-Versuch ist. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Im Besten Fall:** -- Unterstützung für Hardware-Authentisierung, z. B. U2F und [WebAuthn](https://de.wikipedia.org/wiki/WebAuthn). U2F und WebAuthn sind sicherer, da sie zur Authentifizierung von Personen einen privaten Schlüssel verwenden, der auf einem clientseitigen Hardware-Gerät gespeichert ist, im Gegensatz zu einem gemeinsam genutzten Geheimnis, das bei der Verwendung von TOTP auf dem Webserver und auf der Clientseite gespeichert ist. Darüber hinaus sind U2F und WebAuthn resistenter gegen Phishing, da ihre Authentisierungsantwort auf dem authentifizierten [Domainnamen](https://de.wikipedia.org/wiki/Domain_(Internet)) basiert. +- Unterstützung für Hardware-Authentisierung, z. B. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) zusätzlich zur DANE-Unterstützung. -- Implementierung von [Authenticated Received Chain (ARC)](https://de.wikipedia.org/wiki/Authenticated_Received_Chain), dies ist nützlich für Leute, die auf Mailinglisten posten [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Veröffentlichte Sicherheitsaudits durch ein angesehenes Drittunternehmen. - Bug-Bounty-Programme und/oder ein koordiniertes Verfahren zur Offenlegung von Sicherheitslücken. - Website-Sicherheitsstandards wie z. B.: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ Du würdest jemandem mit einer gefälschten Identität nicht deine Finanzen anve **Im Besten Fall:** -- Führung mit Öffentlichkeitsbezug. - Häufige Transparenzberichte. ### Marketing -Bei den von uns empfohlenen E-Mail-Anbietern legen wir Wert auf ein verantwortungsvolles Marketing. +With the email providers we recommend, we like to see responsible marketing. **Mindestvoraussetzung um sich zu qualifizieren:** -- Sie müssen Ihre Analyse-Werkzeuge selbst hosten (kein Google Analytics, Adobe Analytics, etc.). Die Website des Anbieters muss auch die Anforderungen von [DNT (Do Not Track)](https://de.wikipedia.org/wiki/Do_Not_Track_(Software)) für diejenigen erfüllen, die sich dagegen entscheiden möchten. +- Sie müssen Ihre Analyse-Werkzeuge selbst hosten (kein Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Es darf kein Marketing geben, das unverantwortlich ist: +Must not have any irresponsible marketing, which can include the following: - Behauptung einer "unknackbaren Verschlüsselung". Die Verschlüsselung sollte in der Voraussicht eingesetzt werden, dass sie in Zukunft möglicherweise nicht mehr geheim ist, wenn die Technologie vorhanden ist, um sie zu knacken. -- Gewährleistung eines 100%igen Schutzes der Anonymität. Wenn jemand behauptet, etwas sei zu 100% sicher, bedeutet das, dass es keine Sicherheit für ein Scheitern gibt. Wir wissen, dass Menschen sich auf verschiedene Weise recht einfach deanonymisieren können, z. B.: +- Gewährleistung eines 100%igen Schutzes der Anonymität. Wenn jemand behauptet, etwas sei zu 100% sicher, bedeutet das, dass es keine Sicherheit für ein Scheitern gibt. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Wiederverwendung persönlicher Informationen (z. B. E-Mail-Konten, eindeutige Pseudonyme usw.), auf die sie ohne Anonymisierungssoftware (Tor, VPN usw.) zugegriffen haben - [Browser-Fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Im besten Fall:** -- Klare und leicht zu lesende Dokumentation. Dazu gehören Dinge wie die Einrichtung von 2FA, E-Mail-Clients, OpenPGP, usw. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Zusätzliche Funktionalitäten diff --git a/i18n/el/email.md b/i18n/el/email.md index 5dc70197..fad946cd 100644 --- a/i18n/el/email.md +++ b/i18n/el/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - Το ηλεκτρονικό ταχυδρομείο είναι πρακτικά απαραίτητο για τη χρήση οποιασδήποτε διαδικτυακής υπηρεσίας, ωστόσο δεν το συνιστούμε για συνομιλίες από άτομο σε άτομο. Αντί να χρησιμοποιείτε το ηλεκτρονικό ταχυδρομείο για να επικοινωνείτε με άλλα άτομα, σκεφτείτε να χρησιμοποιήσετε ένα μέσο άμεσων μηνυμάτων που υποστηρίζει forward secrecy. [Προτεινόμενες εφαρμογές άμεσων μηνυμάτων](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ These providers store your emails with zero-knowledge encryption, making them gr ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Advanced system administrators may consider setting up their own email server. M ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } -**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. +**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ We regard these features as important in order to provide a safe and optimal ser - Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. - Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- Catch-all or alias functionality for those who own their own domains. -- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. ### Privacy @@ -315,7 +314,7 @@ We prefer our recommended providers to collect as little data as possible. **Minimum to Qualify:** -- Protect sender's IP address. Filter it from showing in the `Received` header field. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. - Privacy policy that meets the requirements defined by the GDPR. @@ -326,12 +325,12 @@ We prefer our recommended providers to collect as little data as possible. ### Security -Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. +Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their customers. **Minimum to Qualify:** - Protection of webmail with 2FA, such as TOTP. -- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. +- Zero access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support. - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption. @@ -344,13 +343,14 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. -- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Best Case:** -- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). +- Support for hardware authentication, i.e. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. -- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Published security audits from a reputable third-party firm. - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t **Best Case:** -- Public-facing leadership. - Frequent transparency reports. ### Marketing -With the email providers we recommend we like to see responsible marketing. +With the email providers we recommend, we like to see responsible marketing. **Minimum to Qualify:** -- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. +- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Must not have any marketing which is irresponsible: +Must not have any irresponsible marketing, which can include the following: - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: +- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.) - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Best Case:** -- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Additional Functionality diff --git a/i18n/eo/email.md b/i18n/eo/email.md index 9c7efcdd..105a00c2 100644 --- a/i18n/eo/email.md +++ b/i18n/eo/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. [Recommended Instant Messengers](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ These providers store your emails with zero-knowledge encryption, making them gr ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Advanced system administrators may consider setting up their own email server. M ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } -**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. +**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ We regard these features as important in order to provide a safe and optimal ser - Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. - Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- Catch-all or alias functionality for those who own their own domains. -- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. ### Privacy @@ -315,7 +314,7 @@ We prefer our recommended providers to collect as little data as possible. **Minimum to Qualify:** -- Protect sender's IP address. Filter it from showing in the `Received` header field. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. - Privacy policy that meets the requirements defined by the GDPR. @@ -326,12 +325,12 @@ We prefer our recommended providers to collect as little data as possible. ### Security -Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. +Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their customers. **Minimum to Qualify:** - Protection of webmail with 2FA, such as TOTP. -- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. +- Zero access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support. - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption. @@ -344,13 +343,14 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. -- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Best Case:** -- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). +- Support for hardware authentication, i.e. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. -- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Published security audits from a reputable third-party firm. - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t **Best Case:** -- Public-facing leadership. - Frequent transparency reports. ### Marketing -With the email providers we recommend we like to see responsible marketing. +With the email providers we recommend, we like to see responsible marketing. **Minimum to Qualify:** -- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. +- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Must not have any marketing which is irresponsible: +Must not have any irresponsible marketing, which can include the following: - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: +- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.) - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Best Case:** -- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Additional Functionality diff --git a/i18n/es/email.md b/i18n/es/email.md index d6d72b9e..254a6497 100644 --- a/i18n/es/email.md +++ b/i18n/es/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - Correo electrónico es prácticamente una necesidad para utilizar cualquier servicio en línea, sin embargo, no lo recomendamos para las conversaciones de persona a persona. En vez de utilizar el correo electrónico para comunicarte con otras personas, considera utilizar un servicio de mensajería instantánea que soporte el secreto hacia adelante. [Servicios de Mensajería Instantánea Recomendados](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP tampoco soporta Forward secrecy, lo que significa que si tu clave privad ![Logo Proton Mail](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** es un servicio de correo electrónico con un enfoque en privacidad, encriptación, seguridad, y la facilidad de uso. Han estado en operación desde **2013**. Proton AG tiene su sede en Ginebra, Suiza. El plan gratuito de Proton Mail incluye 500MB de almacenamiento, que puede ser aumentado hasta 1GB sin costo. +**Proton Mail** es un servicio de correo electrónico con un enfoque en privacidad, encriptación, seguridad, y la facilidad de uso. They have been in operation since 2013. Proton AG tiene su sede en Ginebra, Suiza. El plan gratuito de Proton Mail incluye 500MB de almacenamiento, que puede ser aumentado hasta 1GB sin costo. [:octicons-home-16: Página principal](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Servicio Onion" } @@ -189,10 +188,10 @@ Estos proveedores almacenan tus correos electrónicos con cifrado de cero-conoci
-![Logo de Tuta](assets/img/email/tuta.svg#only-light){ align=right } -![Logo de Tuta](assets/img/email/tuta-dark.svg#only-dark){ align=right } +![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } +![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** es un servicio de correo electrónico enfocado en la seguridad y la privacidad, a través del uso del cifrado. Tuta lleva en funcionamiento desde **2011** y tiene su sede en Hanóver, Alemania. Las cuentas gratuitas inician con 1GB de almacenamiento. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Las cuentas gratuitas inician con 1GB de almacenamiento. [:octicons-home-16: Página principal](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Política de privacidad" } @@ -257,7 +256,7 @@ Los administradores de sistemas avanzados pueden plantearse crear su propio serv ![Logo de Mailcow](assets/img/email/mailcow.svg){ align=right } -**Mailcow** es un servidor de correo más avanzado perfecto para aquellos con un poco más de experiencia en Linux. Tiene todo lo que necesitas en un contenedor Docker: Un servidor de correo con soporte DKIM, antivirus, monitorización de spam, webmail, ActiveSync con SOGo y administración basada en web con soporte 2FA. +**Mailcow** es un servidor de correo más avanzado perfecto para aquellos con un poco más de experiencia en Linux. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Página Principal](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentación} @@ -306,8 +305,8 @@ Consideramos que estas características son importantes para ofrecer un servicio - Soporte para un buzón temporal para usuarios externos. Esto es útil cuando quieres enviar un correo electrónico encriptado, sin enviar una copia real a tu destinatario. Estos correos electrónicos suelen tener una vida útil limitada y luego se eliminan automáticamente. Tampoco requieren que el destinatario configure ninguna criptografía como OpenPGP. - Disponibilidad de los servicios del proveedor de correo electrónico a través de un [ servicio onion](https://en.wikipedia.org/wiki/.onion). - Soporte de [subdireccionamiento](https://en.wikipedia.org/wiki/Email_address#Sub-addressing). -- Funcionalidad Catch-all o alias para aquellos que poseen sus propios dominios. -- Utilización de protocolos estándar de acceso al correo electrónico como IMAP, SMTP o [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Los protocolos de acceso estándar garantizan que los clientes puedan descargar fácilmente todo su correo electrónico en caso de que quieran cambiar de proveedor. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Los protocolos de acceso estándar garantizan que los clientes puedan descargar fácilmente todo su correo electrónico en caso de que quieran cambiar de proveedor. ### Privacidad @@ -315,7 +314,7 @@ Preferimos que nuestros proveedores recomendados recojan la menor cantidad de da **Mínimo para calificar:** -- Protege la dirección IP del remitente. La filtra para que no aparezca en el campo de cabecera `Recibido`. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - No requiere información personal identificable (PII) aparte de un nombre de usuario y una contraseña. - Política de privacidad que cumple los requisitos definidos por el RGPD. @@ -326,12 +325,12 @@ Preferimos que nuestros proveedores recomendados recojan la menor cantidad de da ### Seguridad -Los servidores de correo electrónico manejan muchos datos sensibles. Esperamos que los proveedores adopten las mejores prácticas de la industria para proteger a sus miembros. +Los servidores de correo electrónico manejan muchos datos sensibles. We expect that providers will adopt best industry practices in order to protect their customers. **Mínimo para calificar:** - Protección del correo web con 2FA, como TOTP. -- Cifrado de acceso cero, basado en el cifrado en reposo. El proveedor no disponga de las claves de descifrado de los datos que posee. Esto evita que un empleado deshonesto filtre datos a los que tiene acceso o que un adversario remoto divulgue datos que ha robado al obtener acceso no autorizado al servidor. +- Zero access encryption, which builds on encryption at rest. El proveedor no disponga de las claves de descifrado de los datos que posee. Esto evita que un empleado deshonesto filtre datos a los que tiene acceso o que un adversario remoto divulgue datos que ha robado al obtener acceso no autorizado al servidor. - Compatible con [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions). - Sin errores o vulnerabilidades TLS al ser perfilado por herramientas como [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh) o [Qualys SSL Labs](https://ssllabs.com/ssltest); esto incluye errores relacionados con certificados y parámetros DH débiles, como los que llevaron a [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - Una preferencia de suite de servidor (opcional en TLSv1.3) para suites de cifrado potentes que soporten forward secrecy y encriptación autenticada. @@ -344,13 +343,14 @@ Los servidores de correo electrónico manejan muchos datos sensibles. Esperamos - Estándares de seguridad del sitio web tales como: - [Seguridad de transporte estricta HTTP](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Integridad de subrecurso](https://en.wikipedia.org/wiki/Subresource_Integrity) si se cargan cosas desde dominios externos. -- Debe admitir la visualización de [Encabezados de mensaje](https://en.wikipedia.org/wiki/Email#Message_header), ya que es una característica forense crucial para determinar si un correo electrónico es un intento de phishing. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Mejor caso:** -- Soporte para autenticación de hardware, ej. U2F y [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F y WebAuthn son más seguros ya que utilizan una clave privada almacenada en un dispositivo de hardware del lado del cliente para autenticar a las personas, a diferencia de un secreto compartido que se almacena en el servidor web y en el lado del cliente cuando se utiliza TOTP. Además, U2F y WebAuthn son más resistentes al phishing ya que su respuesta de autenticación se basa en el [nombre de dominio](https://en.wikipedia.org/wiki/Domain_name) autenticado. +- Soporte para autenticación de hardware, ej. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [Registro de recursos de autorización de autoridad de certificación (CAA) de DNS](https://tools.ietf.org/html/rfc6844) además del soporte de DANE. -- Implementación de la [cadena recibida autenticada (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), esto es útil para las personas que publican en listas de correo [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Auditorías de seguridad publicadas por una empresa externa de prestigio. - Programas de recompensa de errores y/o un proceso coordinado de divulgación de vulnerabilidades. - Estándares de seguridad del sitio web tales como: - [Política de seguridad de contenido (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ No confiarías tus finanzas a alguien con una identidad falsa, así que ¿por qu **Mejor Caso:** -- Liderazgo de cara al público. - Informes de transparencia frecuentes. ### Marketing -Con los proveedores de correo electrónico que recomendamos nos gusta ver el marketing responsable. +With the email providers we recommend, we like to see responsible marketing. **Mejor caso:** -- Debe autoalojar las analíticas (no Google Analytics, Adobe Analytics, etc.). El sitio del proveedor también debe cumplir con [DNT (Do Not Track, sin rastreo)](https://en.wikipedia.org/wiki/Do_Not_Track) para las personas que deseen darse de baja. +- Debe autoalojar las analíticas (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -No debe tener ningún tipo de marketing que sea irresponsable: +Must not have any irresponsible marketing, which can include the following: - Reclamaciones de "cifrado irrompible" El cifrado debe usarse con la intención de que no sea secreto en el futuro cuando exista la tecnología para descifrarlo. -- Haciendo garantías de proteger el anonimato al 100%. Cuando alguien afirma que algo es 100% significa que no hay certeza de fracaso. Sabemos que la gente puede desanonimizarse fácilmente de varias maneras, por ejemplo: +- Haciendo garantías de proteger el anonimato al 100%. Cuando alguien afirma que algo es 100% significa que no hay certeza de fracaso. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reutilizar información personal (como cuentas de correo electrónico, seudónimos únicos, etc.) que ellos accesaron sin programas de anonimato (Tor, VPN, etc.) - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Mejor Caso:** -- Documentación clara y fácil de leer. Esto incluye cosas como configurar 2FA, clientes de correo electrónico, OpenPGP, etc. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Funcionalidad Adicional diff --git a/i18n/fa/email.md b/i18n/fa/email.md index 9ea39ea7..a4d2b808 100644 --- a/i18n/fa/email.md +++ b/i18n/fa/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - ایمیل عملاً برای استفاده از هر سرویس آنلاین ضروری است، اما ما آن را برای مکالمات فرد به فرد توصیه نمی کنیم. به جای استفاده از ایمیل برای تماس با افراد دیگر، از یک پیام‌رسان استفاده کنید که از محرمانگی رو به جلو (forward secrecy) پشتیبانی می‌کند. [پیام‌رسان‌های توصیه شده](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** یک سرویس ایمیل با تمرکز بر حریم خصوصی، رمزگذاری، امنیت و سهولت استفاده است. آن‌ها از **2013** شروع به کار کرده‌اند. شرکت Proton AG در ژنو سوئیس قرار دارد. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +**Proton Mail** یک سرویس ایمیل با تمرکز بر حریم خصوصی، رمزگذاری، امنیت و سهولت استفاده است. They have been in operation since 2013. شرکت Proton AG در ژنو سوئیس قرار دارد. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ Mailbox.org امکان به ارث بردن اطلاعات برای همه طر ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Tuta doesn't offer a digital legacy feature. ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } - **Mailcow** سرور ایمیل پیشرفته‌تری است که برای کسانی که تجربه لینوکس به نسبت بالایی دارند عالی است. هر آنچه را که در یک Docker Container نیاز دارید را شامل می‌شود: سرور ایمیل با پشتیبانی از DKIM، آنتی ویروس و نظارت بر هرزنامه، webmail و ActiveSync با SOGo، و مدیریت مبتنی بر وب با پشتیبانی 2FA. + **Mailcow** سرور ایمیل پیشرفته‌تری است که برای کسانی که تجربه لینوکس به نسبت بالایی دارند عالی است. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ We regard these features as important in order to provide a safe and optimal ser - Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. - Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- Catch-all or alias functionality for those who own their own domains. -- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. ### حریم خصوصی @@ -315,7 +314,7 @@ We prefer our recommended providers to collect as little data as possible. **Minimum to Qualify:** -- Protect sender's IP address. Filter it from showing in the `Received` header field. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. - Privacy policy that meets the requirements defined by the GDPR. @@ -326,12 +325,12 @@ We prefer our recommended providers to collect as little data as possible. ### Security -Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. +Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their customers. **حداقل شرایط صلاحیت:** - Protection of webmail with 2FA, such as TOTP. -- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. +- Zero access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support. - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption. @@ -344,13 +343,14 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. -- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **بهترین شرایط:** -- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). +- Support for hardware authentication, i.e. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. -- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Published security audits from a reputable third-party firm. - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ Email servers deal with a lot of very sensitive data. We expect that providers w **بهترین شرایط:** -- رهبری قابل رویت عمومی. - گزارش‌های شفافیت متناوب. ### تبلیغات و بازاریابی -با ارائه‌دهندگان ایمیلی که ما توصیه می‌کنیم، ما علاقه‌مند به بازاریابی مسئولانه هستیم. +With the email providers we recommend, we like to see responsible marketing. **حداقل شرایط صلاحیت:** -- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. +- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -نباید هیچ گونه بازاریابی نامسئولانه انجام شود: +Must not have any irresponsible marketing, which can include the following: - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: +- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.) - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Best Case:** -- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### قابلیت‌های اضافی diff --git a/i18n/fr/email.md b/i18n/fr/email.md index acd1ba8d..5ca66afe 100644 --- a/i18n/fr/email.md +++ b/i18n/fr/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - L'e-mail est pratiquement une nécessité pour utiliser n'importe quel service en ligne, mais nous ne le recommandons pas pour les conversations de particulier à particulier. Plutôt que d'utiliser l'e-mail pour contacter d'autres personnes, envisagez d'utiliser un support de messagerie instantanée qui prend en charge la confidentialité persistante. [Messageries instantanées recommandées](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP ne prend pas non plus en charge la confidentialité persistante, ce qui ![Logo Proton Mail](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** est un service d'e-mail qui met l'accent sur la confidentialité, le chiffrement, la sécurité et la facilité d'utilisation. Il est en activité depuis **2013**. Proton AG a son siège à Genève, en Suisse. L'offre Free de Proton Mail comprend 500 Mo de stockage d'e-mails, que vous pouvez augmenter jusqu'à 1 Go gratuitement. +**Proton Mail** est un service d'e-mail qui met l'accent sur la confidentialité, le chiffrement, la sécurité et la facilité d'utilisation. They have been in operation since 2013. Proton AG a son siège à Genève, en Suisse. L'offre Free de Proton Mail comprend 500 Mo de stockage d'e-mails, que vous pouvez augmenter jusqu'à 1 Go gratuitement. [:octicons-home-16: Page d'accueil](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Service onion" } @@ -189,10 +188,10 @@ Ces fournisseurs stockent vos e-mails avec un chiffrement à connaissance zéro,
-![Logo Tuta](assets/img/email/tuta.svg#only-light){ align=right } -![Logo Tuta](assets/img/email/tuta-dark.svg#only-dark){ align=right } +![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } +![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** est un service d'e-mail qui met l'accent sur la sécurité et la confidentialité grâce à l'utilisation du chiffrement. Tuta est en activité depuis **2011** et est basée à Hanovre, en Allemagne. Les comptes gratuits commencent avec 1 Go de stockage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Les comptes gratuits commencent avec 1 Go de stockage. [:octicons-home-16: Page d'accueil](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Politique de confidentialité" } @@ -257,7 +256,7 @@ Les administrateurs système peuvent envisager de mettre en place leur propre se ![Logo Mailcow](assets/img/email/mailcow.svg){ align=right } -**Mailcow** est un serveur d'e-mail plus avancé, parfait pour ceux qui ont un peu plus d'expérience de Linux. Il possède tout ce dont vous avez besoin dans un conteneur Docker : un serveur d'e-mail avec prise en charge de DKIM, une surveillance antivirus et spam, une interface d'e-mail web et ActiveSync avec SOGo, et une administration basée sur le web avec prise en charge de l'A2F. +**Mailcow** est un serveur d'e-mail plus avancé, parfait pour ceux qui ont un peu plus d'expérience de Linux. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Page d'accueil](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ Nous considérons ces caractéristiques comme importantes afin de fournir un ser - Prise en charge d'une boîte mail temporaire pour les utilisateurs externes. Cette fonction est utile lorsque vous souhaitez envoyer un e-mail chiffré, sans envoyer une copie réelle à votre destinataire. Ces e-mails ont généralement une durée de vie limitée et sont ensuite automatiquement supprimés. Ils n'obligent pas non plus le destinataire à configurer un système de chiffrement comme OpenPGP. - Disponibilité des services du fournisseur d'e-mail via un [service onion](https://en.wikipedia.org/wiki/.onion). - Support du [sous-adressage](https://en.wikipedia.org/wiki/Email_address#Sub-addressing). -- Fonctionnalité fourre-tout ou alias pour ceux qui possèdent leurs propres domaines. -- Utilisation de protocoles standard d'accès aux e-mails tels que IMAP, SMTP ou [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Les protocoles d'accès standard garantissent que les clients peuvent facilement télécharger l'ensemble de leurs e-mails, s'ils souhaitent changer de fournisseur. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Les protocoles d'accès standard garantissent que les clients peuvent facilement télécharger l'ensemble de leurs e-mails, s'ils souhaitent changer de fournisseur. ### Confidentialité @@ -315,7 +314,7 @@ Nous préférons que nos prestataires recommandés collectent le moins de donné **Minimum pour se qualifier :** -- Protéger l'adresse IP de l'expéditeur. Filtrez-la pour qu'elle n'apparaisse pas dans le champ d'en-tête `Received`. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Ne demandez pas de Données à Caractère Personnel (DCP) en plus d'un nom d'utilisateur et d'un mot de passe. - Politique de confidentialité répondant aux exigences définies par le RGPD. @@ -326,12 +325,12 @@ Nous préférons que nos prestataires recommandés collectent le moins de donné ### Sécurité -Les serveurs d'e-mail traitent un grand nombre de données très sensibles. Nous nous attendons à ce que les prestataires adoptent les meilleures pratiques du secteur afin de protéger leurs membres. +Les serveurs d'e-mail traitent un grand nombre de données très sensibles. We expect that providers will adopt best industry practices in order to protect their customers. **Minimum pour se qualifier :** - Protection de l'interface d'e-mail web avec une A2F, tel que TOTP. -- Le chiffrement à accès zéro, qui complète le chiffrement au repos. Le fournisseur ne dispose pas des clés de déchiffrement des données qu'il détient. Cela permet d'éviter qu'un employé malhonnête ne divulgue les données auxquelles il a accès ou qu'un adversaire distant ne divulgue les données qu'il a volées en obtenant un accès non autorisé au serveur. +- Zero access encryption, which builds on encryption at rest. Le fournisseur ne dispose pas des clés de déchiffrement des données qu'il détient. Cela permet d'éviter qu'un employé malhonnête ne divulgue les données auxquelles il a accès ou qu'un adversaire distant ne divulgue les données qu'il a volées en obtenant un accès non autorisé au serveur. - Prise en charge de [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions). - Aucune erreurs ou vulnérabilités TLS lors du profilage par des outils tels que [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), ou [Qualys SSL Labs](https://ssllabs.com/ssltest); cela inclut les erreurs liées aux certificats et les paramètres DH faibles, tels que ceux qui ont conduit à [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - Une préférence pour les serveurs (facultatif sur TLSv1.3) pour des suites de chiffrement fortes qui prennent en charge la confidentialité persistante et le chiffrement authentifié. @@ -344,13 +343,14 @@ Les serveurs d'e-mail traitent un grand nombre de données très sensibles. Nous - Des normes de sécurité des sites web telles que : - [HTTP Strict Transport Security](https://fr.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - Une [Intégrité des sous-ressources](https://en.wikipedia.org/wiki/Subresource_Integrity) si des éléments sont chargés depuis des domaines externes. -- Doit prendre en charge l'affichage des [en-têtes de message](https://en.wikipedia.org/wiki/Email#Message_header), car il s'agit d'une fonction d'analyse scientifique essentielle pour déterminer si un e-mail est une tentative de hammeçonnage. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Dans le meilleur des cas :** -- Prise en charge de l'authentification matérielle, à savoir U2F et [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F et WebAuthn sont plus sûrs car ils utilisent une clé privée stockée sur un dispositif matériel côté client pour authentifier les personnes, par opposition à un secret partagé qui est stocké sur le serveur web et côté client lors de l'utilisation de TOTP. De plus, U2F et WebAuthn sont plus résistants au phishing car leur réponse d'authentification est basée sur le [nom de domaine](https://en.wikipedia.org/wiki/Domain_name) authentifié. +- Prise en charge de l'authentification matérielle, à savoir U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - Un [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) en plus de la prise en charge de DANE. -- Prise en charge de [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), utile pour les personnes qui publient sur des listes de diffusion [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Des audits de sécurité publiés par une société tierce réputée. - Des programmes de primes aux bugs et/ou un processus coordonné de divulgation des vulnérabilités. - Des normes de sécurité des sites web telles que : - [Content Security Policy (CSP)](https://fr.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ Vous ne confieriez pas vos finances à une personne ayant une fausse identité, **Dans le meilleur des cas :** -- Une direction publique. - Rapports de transparence fréquents. ### Marketing -Avec les fournisseurs d'e-mail que nous recommandons, nous aimons voir un marketing responsable. +With the email providers we recommend, we like to see responsible marketing. **Minimum pour se qualifier :** -- Doit héberger lui-même ses outils d'analyse de traffic (pas de Google Analytics, Adobe Analytics, etc.). Le site du fournisseur doit également se conformer à [DNT (Do Not Track)](https://fr.wikipedia.org/wiki/Do_Not_Track) pour ceux qui souhaitent refuser. +- Doit héberger lui-même ses outils d'analyse de traffic (pas de Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Ne doit pas avoir de marketing irresponsable : +Must not have any irresponsible marketing, which can include the following: - Prétendre à un "chiffrement incassable". Le chiffrement doit être utilisé en supposant qu'il ne soit plus secret dans le futur, lorsque la technologie existera pour le décrypter. -- Garantir la protection de l'anonymat à 100%. Lorsque quelqu'un prétend que quelque chose est à 100%, cela signifie qu'il n'y a aucune certitude d'échec. Nous savons que les gens peuvent assez facilement se désanonymiser de plusieurs façons, par exemple : +- Garantir la protection de l'anonymat à 100%. Lorsque quelqu'un prétend que quelque chose est à 100%, cela signifie qu'il n'y a aucune certitude d'échec. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Réutiliser des informations personnelles (par exemple comptes d'e-mail, pseudonymes uniques, etc.) auxquelles ils ont eu accès sans logiciel d'anonymat (Tor, VPN, etc.) - [La capture d'empreinte numérique des navigateurs](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Dans le meilleur des cas :** -- Une documentation claire et facile à lire. Notamment pour la mise en place de l'A2F, des clients d'e-mail tiers, d'OpenPGP, etc. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Fonctionnalités supplémentaires diff --git a/i18n/he/email.md b/i18n/he/email.md index 5672f732..4e8fea60 100644 --- a/i18n/he/email.md +++ b/i18n/he/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - אימייל הוא למעשה הכרח לשימוש בכל שירות מקוון, אולם איננו ממליצים עליו לשיחות מאדם לאדם. דואר אלקטרוני הוא למעשה הכרח שימוש בכל שירות מקוון, אולם איננו ממליצים עליו לשיחות מאדם לאדם. [מסנג'רים (הודעות מיידיות) מומלצות](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the ![Proton Mail לוגו](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** הוא שירות דואר אלקטרוני עם התמקדות בפרטיות, הצפנה, אבטחה וקלות שימוש. הם פועלים מאז **2013**. Proton AG מבוססת בז'נב, שוויץ. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +**Proton Mail** הוא שירות דואר אלקטרוני עם התמקדות בפרטיות, הצפנה, אבטחה וקלות שימוש. They have been in operation since 2013. Proton AG מבוססת בז'נב, שוויץ. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ Mailbox.org כולל תכונת מורשת דיגיטלית לכל התוכני ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta פועלת מאז **2011** ובסיסה בהאנובר, גרמניה. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Tuta אינו מציע תכונה מורשת דיגיטלית. ![Mailcow לוגו](assets/img/email/mailcow.svg){ align=right } -**Mailcow** הוא שרת דואר מתקדם יותר המושלם עבור אלה עם קצת יותר ניסיון בלינוקס. יש לו את כל מה שאתה צריך במיכל Docker: שרת דואר עם תמיכה ב- DKIM, ניטור אנטי וירוס וספאם, דואר אינטרנט ו- ActiveSync עם SOGo, וניהול מבוסס אינטרנט עם תמיכה ב- 2FA. +**Mailcow** הוא שרת דואר מתקדם יותר המושלם עבור אלה עם קצת יותר ניסיון בלינוקס. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ Tuta אינו מציע תכונה מורשת דיגיטלית. - תמיכה בתיבת דואר זמנית למשתמשים חיצוניים. פעולה זו שימושית כאשר ברצונך לשלוח דוא"ל מוצפן, מבלי לשלוח עותק בפועל לנמען שלך. למיילים אלה יש בדרך כלל תוחלת חיים מוגבלת ולאחר מכן נמחקות אוטומטית. הם גם לא דורשים מהנמען להגדיר שום קריפטוגרפיה כמו OpenPGP. - זמינות שירותי ספק הדואר האלקטרוני באמצעות [שירות onion](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- פונקציונליות של תפוס - הכל או כינוי עבור בעלי דומיינים משלהם. -- שימוש בפרוטוקולי גישה סטנדרטיים למייל כגון IMAP, SMTP או [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). פרוטוקולי גישה סטנדרטיים מבטיחים שלקוחות יכולים להוריד בקלות את כל האימייל שלהם, אם הם רוצים לעבור לספק אחר. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). פרוטוקולי גישה סטנדרטיים מבטיחים שלקוחות יכולים להוריד בקלות את כל האימייל שלהם, אם הם רוצים לעבור לספק אחר. ### פרטיות @@ -315,7 +314,7 @@ Tuta אינו מציע תכונה מורשת דיגיטלית. **מינימום כדי לעמוד בדרישות:** -- להגן על כתובת ה - IP של השולח. מסנן אותו כך שלא יוצג בשדה `השולח` header. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - אין צורך במידע המאפשר זיהוי אישי (PII) מלבד שם משתמש וסיסמה. - מדיניות פרטיות העומדת בדרישות שהוגדרו ב-GDPR. @@ -326,12 +325,12 @@ Tuta אינו מציע תכונה מורשת דיגיטלית. ### אבטחה -שרתי דואר אלקטרוני עוסקים בהרבה מאוד נתונים רגישים. אנו מצפים שהספקים יאמצו שיטות עבודה מומלצות בתעשייה כדי להגן על חבריהם. +שרתי דואר אלקטרוני עוסקים בהרבה מאוד נתונים רגישים. We expect that providers will adopt best industry practices in order to protect their customers. **מינימום כדי לעמוד בדרישות:** - הגנה על דואר אינטרנט עם 2FA, כגון TOTP. -- הצפנת אפס גישה, מתבססת על הצפנה במנוחה. לספק אין את מפתחות הפענוח של הנתונים שברשותו. פעולה זו מונעת מעובד שסרח להדליף נתונים שיש לו גישה אליהם או מיריב מרחוק לשחרר נתונים שגנב על ידי השגת גישה בלתי מורשית לשרת. +- Zero access encryption, which builds on encryption at rest. לספק אין את מפתחות הפענוח של הנתונים שברשותו. פעולה זו מונעת מעובד שסרח להדליף נתונים שיש לו גישה אליהם או מיריב מרחוק לשחרר נתונים שגנב על ידי השגת גישה בלתי מורשית לשרת. - תמיכה ב [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions). - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - העדפת חבילת שרתים (אופציונלית ב-TLSv1.3) עבור חבילות צופן חזקות התומכות בסודיות קדימה ובהצפנה מאומתת. @@ -344,13 +343,14 @@ Tuta אינו מציע תכונה מורשת דיגיטלית. - תקני אבטחת אתר אינטרנט כגון: - [אבטחת תעבורה קפדנית של HTTP](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - שלמות [תת - מקור](https://en.wikipedia.org/wiki/Subresource_Integrity) אם מעמיסים דברים מדומיינים חיצוניים. -- חייב לתמוך בהצגה של [כותרות הודעות](https://en.wikipedia.org/wiki/Email#Message_header), מכיוון שזוהי תכונה משפטית חיונית כדי לקבוע אם הודעת דואר אלקטרוני היא ניסיון דיוג. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **המקרה הטוב ביותר:** -- תמיכה באימות חומרה, כלומר. U2F ו - [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F ו - WebAuthn מאובטחים יותר כאשר הם משתמשים במפתח פרטי המאוחסן בהתקן חומרה בצד הלקוח כדי לאמת אנשים, בניגוד לסוד משותף המאוחסן בשרת האינטרנט ובצד הלקוח בעת שימוש ב - TOTP. יתר על כן, U2F ו- WebAuthn עמידים יותר בפני דיוג מכיוון שתגובת האימות שלהם מבוססת על האימות [שם הדומיין](https://en.wikipedia.org/wiki/Domain_name). +- תמיכה באימות חומרה, כלומר. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [אישור רשות ההסמכה של DNS (CAA) רשומת משאבים](https://tools.ietf.org/html/rfc6844) בנוסף לתמיכת DANE. -- יישום של [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), זה שימושי עבור אנשים שמפרסמים לרשימות דיוור [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- פירסם ביקורות אבטחה מחברת צד שלישי מכובדת. - תוכניות לחיפוש באגים ו/או תהליך גילוי - פגיעות מתואם. - תקני אבטחת אתר אינטרנט כגון: - [מדיניות אבטחת תוכן (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ Tuta אינו מציע תכונה מורשת דיגיטלית. **המקרה הטוב ביותר:** -- מנהיגות מול הציבור. - דוחות שקיפות תכופים. ### שיווק -עם ספקי הדוא"ל אנו ממליצים לראות שיווק אחראי. +With the email providers we recommend, we like to see responsible marketing. **מינימום כדי לעמוד בדרישות:** -- חייב לארח ניתוח עצמי (ללא Google Analytics, Adobe Analytics וכו'). האתר של הספק חייב גם לציית ל [DNT (לא לעקוב)](https://en.wikipedia.org/wiki/Do_Not_Track) למי שרוצה לבטל את הסכמתו. +- חייב לארח ניתוח עצמי (ללא Google Analytics, Adobe Analytics וכו'). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -אסור שיהיה שיווק שהוא חסר אחריות: +Must not have any irresponsible marketing, which can include the following: - טענות של "הצפנה בלתי שבירה " יש להשתמש בהצפנה מתוך כוונה שהיא לא תהיה סודית בעתיד כאשר הטכנולוגיה קיימת כדי לפצח אותה. -- ביצוע ערבויות של הגנה על 100% אנונימיות. כשמישהו טוען שמשהו הוא 100% זה אומר שאין ודאות לכישלון. אנחנו יודעים שאנשים יכולים בקלות להפוך את עצמם לאיאנונימיים במספר דרכים, למשל.: +- ביצוע ערבויות של הגנה על 100% אנונימיות. כשמישהו טוען שמשהו הוא 100% זה אומר שאין ודאות לכישלון. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - שימוש חוזר במידע אישי, למשל. (חשבונות אימיילים, שמות בדויים ייחודיים וכו') שאליהם הם ניגשו ללא תוכנת אנונימיות (Tor, VPN וכו') - [טביעת אצבע של דפדפן](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **המקרה הטוב ביותר:** -- ברור וקל לקריאה. זה כולל דברים כמו, הגדרת 2FA, קליינט דוא"ל, OpenPGP וכו '. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### פונקציונליות נוספת diff --git a/i18n/hi/email.md b/i18n/hi/email.md index 9c7efcdd..105a00c2 100644 --- a/i18n/hi/email.md +++ b/i18n/hi/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. [Recommended Instant Messengers](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ These providers store your emails with zero-knowledge encryption, making them gr ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Advanced system administrators may consider setting up their own email server. M ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } -**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. +**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ We regard these features as important in order to provide a safe and optimal ser - Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. - Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- Catch-all or alias functionality for those who own their own domains. -- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. ### Privacy @@ -315,7 +314,7 @@ We prefer our recommended providers to collect as little data as possible. **Minimum to Qualify:** -- Protect sender's IP address. Filter it from showing in the `Received` header field. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. - Privacy policy that meets the requirements defined by the GDPR. @@ -326,12 +325,12 @@ We prefer our recommended providers to collect as little data as possible. ### Security -Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. +Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their customers. **Minimum to Qualify:** - Protection of webmail with 2FA, such as TOTP. -- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. +- Zero access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support. - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption. @@ -344,13 +343,14 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. -- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Best Case:** -- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). +- Support for hardware authentication, i.e. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. -- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Published security audits from a reputable third-party firm. - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t **Best Case:** -- Public-facing leadership. - Frequent transparency reports. ### Marketing -With the email providers we recommend we like to see responsible marketing. +With the email providers we recommend, we like to see responsible marketing. **Minimum to Qualify:** -- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. +- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Must not have any marketing which is irresponsible: +Must not have any irresponsible marketing, which can include the following: - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: +- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.) - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Best Case:** -- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Additional Functionality diff --git a/i18n/hu/email.md b/i18n/hu/email.md index 5f07620f..724cf643 100644 --- a/i18n/hu/email.md +++ b/i18n/hu/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - Az email gyakorlatilag elengedhetetlen bármilyen online szolgáltatás használatához, azonban nem ajánljuk személyes beszélgetésekhez. Ahelyett, hogy e-mailben lépnél kapcsolatba másokkal, fontold meg egy olyan azonnali üzenetküldő használatát, amely támogatja a forward secrecy-t, vagyis szó szerint az előre titkosítást. [Ajánlott azonnali üzenetküldők](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ Az OpenPGP nem támogatja a Forward secrecy-t sem, ami azt jelenti, hogy ha a t ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } -A **Proton Mail** egy olyan e-mail szolgáltatás, amely a magánéletre, a titkosításra, a biztonságra és az egyszerű használatra helyezi a hangsúlyt. **2013** óta működnek. A Proton AG székhelye Genfben, Svájcban található. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +A **Proton Mail** egy olyan e-mail szolgáltatás, amely a magánéletre, a titkosításra, a biztonságra és az egyszerű használatra helyezi a hangsúlyt. They have been in operation since 2013. A Proton AG székhelye Genfben, Svájcban található. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Főoldal](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion szolgáltatás" } @@ -192,7 +191,7 @@ Ezek a szolgáltatók zéró hozzáférésű titkosítással tárolják az e-mai ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. A Tuta **2011** óta működik, székhelye Hannoverben, Németországban található. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ A haladó rendszergazdák fontolóra vehetik saját e-mail szerver felállítás ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } -A **Mailcow** egy fejlettebb levelezőszerver, amely tökéletes azok számára, akik kicsit több Linux-tapasztalattal rendelkeznek. Mindent tartalmaz, amire egy Docker konténerben szükséged van: DKIM-támogatással rendelkező levelezőszerver, vírusirtó és spamfigyelés, webmail és ActiveSync a SOGo-val, valamint webalapú adminisztráció 2FA-támogatással. +A **Mailcow** egy fejlettebb levelezőszerver, amely tökéletes azok számára, akik kicsit több Linux-tapasztalattal rendelkeznek. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Honlap](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Dokumentáció} @@ -306,8 +305,8 @@ Ezeket a funkciókat fontosnak tartjuk a biztonságos és optimális szolgáltat - Ideiglenes postafiók támogatása külső felhasználók számára. Ez akkor hasznos, ha titkosított e-mailt szeretne küldeni anélkül, hogy a címzettnek tényleges másolatot küldene. Ezek az e-mailek általában korlátozott élettartamúak, majd automatikusan törlődnek. A címzettnek nem kell semmilyen titkosítást konfigurálnia, mint az OpenPGP esetében. - Az emailszolgáltató weboldalának elérhetősége egy [.onion szolgáltatáson](https://en.wikipedia.org/wiki/.onion) keresztül. - Az [alcímzés](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) támogatása. -- Catch-all (gyűjtő email cím) vagy alias funkció azok számára, akiknek saját domainjeik vannak. -- A szabványos e-mail hozzáférési protokollok, például IMAP, SMTP vagy [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol) használata. A szabványos hozzáférési protokollok biztosítják, hogy az ügyfelek könnyen letölthessék az összes e-mailjüket, ha másik szolgáltatóhoz szeretnének váltani. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). A szabványos hozzáférési protokollok biztosítják, hogy az ügyfelek könnyen letölthessék az összes e-mailjüket, ha másik szolgáltatóhoz szeretnének váltani. ### Adatvédelem @@ -315,7 +314,7 @@ Jobban szeretjük, ha az általunk ajánlott szolgáltatók a lehető legkeveseb **Alap elvárások minősítéshez:** -- A feladó IP-címének védelme. Szűrje ki, hogy ne jelenjen meg a `Fogadott` fejléc mezőben. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - A felhasználónevet és jelszót leszámítva ne kérjen személyazonosításra alkalmas adatokat (PII). - A GDPR által meghatározott követelményeknek megfelelő adatvédelmi politika. @@ -326,12 +325,12 @@ Jobban szeretjük, ha az általunk ajánlott szolgáltatók a lehető legkeveseb ### Adatbiztonság -Az e-mail szerverek sok nagyon érzékeny adatot kezelnek. Elvárjuk, hogy a szolgáltatók a legjobb iparági gyakorlatokat alkalmazzák tagjaik adatainak védelme érdekében. +Az e-mail szerverek sok nagyon érzékeny adatot kezelnek. We expect that providers will adopt best industry practices in order to protect their customers. **Alap elvárások minősítéshez:** - A webmail védelme 2FA-val, például TOTP-vel. -- Zéró hozzáférésű titkosítás, ami a nyugalmi titkosításra épül. A szolgáltató nem rendelkezik a birtokában lévő adatok visszafejtési kulcsaival. Ez megakadályozza, hogy egy rosszhiszemű alkalmazott kiszivárogtassa az adatokat, amelyekhez hozzáfér, vagy egy távoli ellenfél a szerverhez való jogosulatlan hozzáféréssel kiadja az ellopott adatokat. +- Zero access encryption, which builds on encryption at rest. A szolgáltató nem rendelkezik a birtokában lévő adatok visszafejtési kulcsaival. Ez megakadályozza, hogy egy rosszhiszemű alkalmazott kiszivárogtassa az adatokat, amelyekhez hozzáfér, vagy egy távoli ellenfél a szerverhez való jogosulatlan hozzáféréssel kiadja az ellopott adatokat. - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) támogatás. - Nincsenek TLS-hibák vagy sebezhetőségek, amikor olyan eszközökkel profilozzák, mint a [Hardenize](https://hardenize.com), a [testssl.sh](https://testssl.sh) vagy a [Qualys SSL Labs](https://ssllabs.com/ssltest); ez magában foglalja a tanúsítványokkal kapcsolatos hibákat és a gyenge DH-paramétereket, például azokat, amelyek a [Logjamhoz](https://en.wikipedia.org/wiki/Logjam_(computer_security)) vezettek. - Kiszolgálói csomag preferencia (a TLSv1.3 esetében opcionális) az erős titkosítási csomagok számára, amelyek támogatják a továbbított titkosítást és a hitelesített titkosítást. @@ -344,13 +343,14 @@ Az e-mail szerverek sok nagyon érzékeny adatot kezelnek. Elvárjuk, hogy a szo - Weboldal biztonsági szabványok, mint például: - [HTTP szigorú szállítási biztonság (Strict Transport Security)](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Alforrás integritás](https://en.wikipedia.org/wiki/Subresource_Integrity), ha külső tartományokból tölt be dolgokat. -- Támogatnia kell az [üzenetfejlécek](https://en.wikipedia.org/wiki/Email#Message_header) megtekintését, mivel ez egy kulcsfontosságú funkció annak megállapításához, hogy egy e-mail adathalász kísérlet-e. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Legjobb esetben:** -- A hardveres hitelesítés támogatása, pl. U2F és [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). Az U2F és a WebAuthn biztonságosabb, mivel az ügyféloldali hardvereszközön tárolt privát kulcsot használnak a hitelesítéshez, szemben a TOTP használatakor a webkiszolgálón és az ügyféloldalon tárolt megosztott titokkal. Továbbá az U2F és a WebAuthn ellenállóbb az adathalászattal szemben, mivel a hitelesítési válasz a hitelesített [tartománynév](https://en.wikipedia.org/wiki/Domain_name) alapján történik. +- A hardveres hitelesítés támogatása, pl. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS-hitelesítésszolgáltatói engedélyezési (CAA) erőforrásrekord](https://tools.ietf.org/html/rfc6844) a DANE-támogatás mellett. -- Az [ARC (Authenticated Received Chain)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) megvalósítása, ez azoknak hasznos, akik [RFC8617](https://tools.ietf.org/html/rfc8617) levelezési listákra írnak. +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Közzétett biztonsági felülvizsgálatok egy megbízható harmadik feles cégtől. - Bug-bounty programok és/vagy összehangolt sebezhetőség-közzétételi folyamat. - Weboldal biztonsági szabványok, mint például: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ A pénzügyeidet sem bíznád egy hamis személyazonosságú emberre, akkor mié **Legjobb esetben:** -- Nyilvános vezetés. - Gyakori átláthatósági jelentések. ### Marketing -Az általunk ajánlott emailszolgáltatóknál felelős marketinget szeretnénk látni. +With the email providers we recommend, we like to see responsible marketing. **Alap elvárások minősítéshez:** -- Saját analitikát kell üzemeltetnie (nem Google Analytics, Adobe Analytics stb.). A szolgáltató webhelyének szintén be kell tartania a [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) kéréseket is, a követést elutasítani kívánó személyek számára. +- Saját analitikát kell üzemeltetnie (nem Google Analytics, Adobe Analytics stb.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Nem használhat felelőtlen marketinget: +Must not have any irresponsible marketing, which can include the following: - A "feltörhetetlen titkosítás" állítása. A titkosítást úgy kell használni, hogy annak nem titkos jellege is figyelembe legyen véve a jövőben, amikor már rendelkezésre áll a feltörésére alkalmas technológia. -- Az anonimitás 100%-os védelmének garantálása. Ha valaki azt állítja, hogy valami 100%-os, az azt jelenti, hogy nem merülhet fel meghibásodás. Tudjuk, hogy személyek elég könnyen és számos módon deanonimizálni tudják magukat, pl.: +- Az anonimitás 100%-os védelmének garantálása. Ha valaki azt állítja, hogy valami 100%-os, az azt jelenti, hogy nem merülhet fel meghibásodás. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Olyan személyes adatok újrafelhasználása (pl. e-mail fiókok, egyedi álnevek stb.), amelyekhez anonimitási szoftverek (Tor, VPN stb.) nélkül jutottak hozzá. - [Böngésző ujjlenyomatolás](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Legjobb esetben:** -- Letisztult és könnyen érthető dokumentáció. Ez többek között olyan dolgokat foglal magában, mint a kétlépcsős hitelesítés, az e-mail kliensek, vagy az OpenPGP beállítása. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### További funkciók diff --git a/i18n/id/email.md b/i18n/id/email.md index 135e4034..530d5320 100644 --- a/i18n/id/email.md +++ b/i18n/id/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - Surel bisa dibilang merupakan kebutuhan untuk menggunakan layanan daring apa pun, namun kami tidak merekomendasikannya untuk percakapan antar orang. Daripada menggunakan surel untuk menghubungi orang lain, pertimbangkan untuk menggunakan media pesan instan yang mendukung kerahasiaan penerusan. [Perpesanan Instan yang Direkomendasikan](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the ![ Proton Mail logo ]( assets/img/email/protonmail.svg){ align=right } -**Proton Mail** adalah layanan surel dengan fokus pada privasi, enkripsi, keamanan, dan kemudahan penggunaan. Mereka telah beroperasi sejak **2013**. Proton AG berbasis di Genewa, Swiss. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +**Proton Mail** adalah layanan surel dengan fokus pada privasi, enkripsi, keamanan, dan kemudahan penggunaan. They have been in operation since 2013. Proton AG berbasis di Genewa, Swiss. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ These providers store your emails with zero-knowledge encryption, making them gr ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Advanced system administrators may consider setting up their own email server. M ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } -**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. +**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ We regard these features as important in order to provide a safe and optimal ser - Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. - Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- Catch-all or alias functionality for those who own their own domains. -- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. ### Privasi @@ -315,7 +314,7 @@ Kami lebih memilih penyedia yang kami rekomendasikan untuk mengumpulkan data ses **Minimum untuk Memenuhi Syarat:** -- Protect sender's IP address. Filter it from showing in the `Received` header field. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. - Privacy policy that meets the requirements defined by the GDPR. @@ -326,12 +325,12 @@ Kami lebih memilih penyedia yang kami rekomendasikan untuk mengumpulkan data ses ### Keamanan -Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. +Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their customers. **Minimum untuk Memenuhi Syarat:** - Protection of webmail with 2FA, such as TOTP. -- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. +- Zero access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support. - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption. @@ -344,13 +343,14 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. -- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Kasus Terbaik:** -- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). +- Support for hardware authentication, i.e. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. -- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Audit keamanan yang dipublikasikan dari perusahaan pihak ketiga yang memiliki reputasi baik. - Program bug-bounty dan/atau proses pengungkapan kerentanan yang terkoordinasi. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ Anda tidak akan mempercayakan keuangan Anda pada seseorang dengan identitas pals **Kasus Terbaik:** -- Kepemimpinan yang berhadapan dengan publik. - Laporan transparansi yang sering. ### Pemasaran -With the email providers we recommend we like to see responsible marketing. +With the email providers we recommend, we like to see responsible marketing. **Minimum untuk Memenuhi Syarat:** -- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. +- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Tidak boleh melakukan pemasaran yang tidak bertanggung jawab: +Must not have any irresponsible marketing, which can include the following: - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. -- Menjamin perlindungan anonimitas 100%. Ketika seseorang membuat klaim bahwa sesuatu itu 100%, itu berarti tidak ada kepastian untuk gagal. Kami tahu bahwa orang dapat dengan mudah menyamarkan nama mereka dengan beberapa cara, misalnya: +- Menjamin perlindungan anonimitas 100%. Ketika seseorang membuat klaim bahwa sesuatu itu 100%, itu berarti tidak ada kepastian untuk gagal. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Menggunakan kembali informasi pribadi (akun surel, nama samaran unik, dll.) yang mereka akses tanpa perangkat lunak anonimitas (Tor, VPN, dll.) - [Sidik jari peramban](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Kasus Terbaik:** -- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Fungsionalitas Tambahan diff --git a/i18n/it/email.md b/i18n/it/email.md index c230c3a4..244ef2ff 100644 --- a/i18n/it/email.md +++ b/i18n/it/email.md @@ -10,7 +10,6 @@ global: - "tabella tbody" --- - L'email è praticamente una necessità per utilizzare qualsiasi servizio online, tuttavia, la sconsigliamo per le conversazioni personali. Piuttosto che utilizzare l'email per contattare altre persone, considera di utilizzare un mezzo di messaggistica istantanea che supporti la Forward Secrecy, letteralmente, Segretezza in avanti. [Messaggistica istantanea consigliata](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ Inoltre, OpenPGP non supporta la Forward Secrecy, ciò significa che se la chiav ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** è un servizio di posta elettronica incentrato su privacy, crittografia, sicurezza e facilità d'uso. Operano dal **2013**. Proton AG ha sede a Ginevra, Svizzera. Il piano gratuito di Proton Mail prevede 500 MB di spazio di archiviazione per la posta, che può essere aumentato gratuitamente fino a 1 GB. +**Proton Mail** è un servizio di posta elettronica incentrato su privacy, crittografia, sicurezza e facilità d'uso. They have been in operation since 2013. Proton AG ha sede a Ginevra, Svizzera. Il piano gratuito di Proton Mail prevede 500 MB di spazio di archiviazione per la posta, che può essere aumentato gratuitamente fino a 1 GB. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Servizio Onion" } @@ -189,10 +188,10 @@ Questi fornitori memorizzano le tue email con la crittografia a conoscenza zero,
-![Logo di Tuta](assets/img/email/tuta.svg#only-light){ align=right } -![Logo di Tuta](assets/img/email/tuta-dark.svg#only-dark){ align=right } +![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } +![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** è un servizio di posta elettronica incentrato sulla sicurezza e sulla privacy attraverso l'uso della crittografia. Tuta è operativo dal **2011** e ha sede ad Hannover, in Germania. Gli account gratuiti partono da 1 GB di spazio di archiviazione. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Gli account gratuiti partono da 1 GB di spazio di archiviazione. [:octicons-home-16: Homepage](https://tuta.com/it){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/it/privacy-policy){ .card-link title="Termini e condizioni" } @@ -257,7 +256,7 @@ Gli amministratori di sistema avanzati potrebbero considerare la configurazione ![Logo di Mailcow](assets/img/email/mailcow.svg){ align=right } -**Mailcow** è un server email più avanzato, perfetto per chi ha un po' più d'esperienza con Linux. Ha tutto il necessario in un contenitore Docker: Un server email con supporto DKIM, antivirus e monitoraggio dello spam, webmail e ActiveSync con SOGo e amministrazione basata sul web con supporto A2F. +**Mailcow** è un server email più avanzato, perfetto per chi ha un po' più d'esperienza con Linux. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentazione} @@ -306,8 +305,8 @@ Consideriamo queste funzionalità come importanti per poter fornire un servizio - Supporto per una casella temporanea per gli utenti esterni. Questo è utile quando desideri inviare un'email crittografata, senza inviare una copia effettiva al tuo destinatario. Queste email, solitamente, hanno una durata limitata, prima di essere eliminate automaticamente. Inoltre, non richiedono al destinatario di configurare alcuna crittografia, come OpenPGP. - Disponibilità dei servizi del fornitore email tramite un [servizio onion](https://en.wikipedia.org/wiki/.onion). - Supporto per il [sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing). -- Funzionalità di catch-all o alias per coloro che possiedono i propri domini. -- Utilizzo di protocolli d'accesso email standard, quali IMAP, SMTP o [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). I protocolli d'accesso standard assicurano ai clienti di scaricare facilmente tutte le proprie email, qualora dovessero passare a un altro fornitore. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). I protocolli d'accesso standard assicurano ai clienti di scaricare facilmente tutte le proprie email, qualora dovessero passare a un altro fornitore. ### Privacy @@ -315,7 +314,7 @@ Preferiamo che i fornitori consigliati raccolgano il minor numero di dati possib **Requisiti minimi:** -- Protezione dell'indirizzo IP del mittente. Filtraggio dello stesso dalla visualizzazione nel campo dell'intestazione `Ricevuto`. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Non richiedere informazioni d'identificazione personale (PII), tranne un nome utente e una password. - Politica sulla privacy che soddisfi i requisiti definiti dal GDPR. @@ -326,12 +325,12 @@ Preferiamo che i fornitori consigliati raccolgano il minor numero di dati possib ### Sicurezza -I server email gestiscono molti dati, estremamente sensibili. Ci aspettiamo che i fornitori adotteranno le migliori pratiche del settore, per proteggere i propri membri. +I server email gestiscono molti dati, estremamente sensibili. We expect that providers will adopt best industry practices in order to protect their customers. **Requisiti minimi:** - Protezione della webmail con 2FA, ad esempio TOTP. -- Crittografia ad accesso zero, basata sulla crittografia a riposo. Il provider non deve disporre delle chiavi di decrittazione dei dati in loro possesso. Questo previene che dipendenti disonesti possano trapelare i dati sensibili, o che un avversario remoto possa rilasciarli, dopo averli rubati, ottenendo un accesso non autorizzato al server. +- Zero access encryption, which builds on encryption at rest. Il provider non deve disporre delle chiavi di decrittazione dei dati in loro possesso. Questo previene che dipendenti disonesti possano trapelare i dati sensibili, o che un avversario remoto possa rilasciarli, dopo averli rubati, ottenendo un accesso non autorizzato al server. - Supporto [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions). - Nessun errore o vulnerabilità TLS quando si viene profilato da strumenti come [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh) o [Qualys SSL Labs](https://ssllabs.com/ssltest); questo include errori relativi ai certificati e parametri DH deboli, come quelli che hanno portato a [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - Una preferenza della suite del server (facoltativa su TLSv1.3), per forti suite di cifratura che supportino la segretezza in avanti e la crittografia autenticata. @@ -344,13 +343,14 @@ I server email gestiscono molti dati, estremamente sensibili. Ci aspettiamo che - Standard di sicurezza del sito web come: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Integrità Subresource](https://en.wikipedia.org/wiki/Subresource_Integrity) se si caricano oggetti da domini esterni. -- Deve supportare la visualizzazione delle [Intestazioni dei messaggi](https://en.wikipedia.org/wiki/Email#Message_header), essendo una funzionalità forense cruciale per determinare se un'email è un tentativo di phishing. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Miglior Caso:** -- Supporto all'autenticazione hardware, cioè U2F e [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F e WebAuthn sono più sicuri, utilizzando una chiave privata, memorizzata su un dispositivo hardware dal lato del client per autenticare le persone, rispetto a un codice segreto condiviso, memorizzato sul server web e dal lato del client, utilizzando TOTP. Inoltre, U2F e WebAuthn sono più resistenti al phishing, poiché la loro risposta d'autenticazione si basa sul [nome di dominio](https://en.wikipedia.org/wiki/Domain_name) autenticato. +- Supporto all'autenticazione hardware, cioè U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [Registro Risorse di Autorizzazione dell'Autorità del Certificato (CAA) DNS](https://tools.ietf.org/html/rfc6844), oltre al supporto DANE. -- Implementazione della [Catena Autenticata Ricevuta (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), utile per le persone che pubblicano alle mailing list [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Controlli di sicurezza pubblicati da uno studio di terze parti affidabile. - Programmi di caccia ai bug e/o un processo di divulgazione delle vulnerabilità coordinato. - Standard di sicurezza del sito web, quali: - [Politica sulla Sicurezza dei Contenuti (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ Non affideresti le tue finanze a qualcuno con un'identità falsa, quindi, perch **Miglior Caso:** -- Dirigenza rivolta al pubblico. - Rapporti di trasparenza frequenti. ### Marketing -Con i fornitori email che consigliamo, vorremmo vedere del marketing responsabile. +With the email providers we recommend, we like to see responsible marketing. **Requisiti minimi:** -- Deve auto-ospitare le statistiche (senza Google Analytics, Adobe Analytics, etc.). Il sito del fornitore, inoltre, deve essere conforme a [DNT (Non Tracciare)](https://en.wikipedia.org/wiki/Do_Not_Track), per coloro che desiderano rinunciare. +- Deve auto-ospitare le statistiche (senza Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Non deve avere alcun marketing irresponsabile: +Must not have any irresponsible marketing, which can include the following: - Dichiarazioni di "crittografia impenetrabile." La crittografia dovrebbe essere utilizzata con l'intenzione che possa non essere segreta in futuro, quando esisterà la tecnologia per decifrarla. -- Garantire la protezione dell'anonimato al 100%. Quando qualcuno afferma che qualcosa è al 100%, significa che non vi è certezza di fallimento. Sappiamo che le persone possono facilmente deanonimizzarsi in numerosi modi, es.: +- Garantire la protezione dell'anonimato al 100%. Quando qualcuno afferma che qualcosa è al 100%, significa che non vi è certezza di fallimento. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Riutilizzo di informazioni personali, es. (profili email, pseudonimi univoci, etc.), accessibili senza software di anonimato (Tor, VPN, etc.) - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Caso migliore:** -- Documentazione chiara e di facile lettura. Ciò include cose come la configurazione dell'A2F, client email, OpenPGP, etc. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Funzionalità aggiuntive diff --git a/i18n/ja/email.md b/i18n/ja/email.md index eb53e805..deabaf58 100644 --- a/i18n/ja/email.md +++ b/i18n/ja/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - 実質的に、電子メールはどんなオンラインサービスを使うにも必要ですが、個人間での会話にはお勧めしません。 他人との連絡には電子メールを使うよりも、前方秘匿性のあるインスタントメッセンジャの使用を検討してください。 [おすすめのインスタントメッセンジャー](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** は、プライバシー、暗号化、セキュリティ、使いやすさを重視したメールサービスです。 2013年から運営をされています。 Proton AGはスイスのジュネーブに拠点を置いています。 The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +**Proton Mail** は、プライバシー、暗号化、セキュリティ、使いやすさを重視したメールサービスです。 They have been in operation since 2013. Proton AGはスイスのジュネーブに拠点を置いています。 The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ Mailbox.orgの全てのプランにはデジタル遺産機能があります。 ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Advanced system administrators may consider setting up their own email server. M ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } -**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. +**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ We regard these features as important in order to provide a safe and optimal ser - Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. - Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- Catch-all or alias functionality for those who own their own domains. -- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. ### プライバシー @@ -315,7 +314,7 @@ We regard these features as important in order to provide a safe and optimal ser **最低条件:** -- 送信者IPアドレスを保護している。 `Received`ヘッダーフィールドに表示されないようフィルターしている。 +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - ユーザー名とパスワード以外に、個人情報(PII)を必要としない。 - プライバシーポリシーがGDPRの要件を満たしている。 @@ -326,12 +325,12 @@ We regard these features as important in order to provide a safe and optimal ser ### セキュリティー -メールサーバーは、非常に機密性の高いデータを大量に扱います。 私たちは、プロバイダーがユーザーを保護するために最も優れた業界の慣行を採用することを期待します。 +メールサーバーは、非常に機密性の高いデータを大量に扱います。 We expect that providers will adopt best industry practices in order to protect their customers. **最低条件:** - TOTPなどの二要素認証によるウェブメールの保護。 -- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. +- Zero access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions)のサポート。 - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption. @@ -344,13 +343,14 @@ We regard these features as important in order to provide a safe and optimal ser - 以下のようなウェブサイトのセキュリティ基準: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. -- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **満たされることが望ましい基準:** -- ハードウェア認証のサポート、つまり U2Fと[WebAuthn](https://en.wikipedia.org/wiki/WebAuthn)。 U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). +- ハードウェア認証のサポート、つまり U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. -- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- 信頼できる第三者機関によるセキュリティ監査を公表 - バグ報奨金プログラム、協調的な脆弱性開示プロセス。 - 以下のようなウェブサイトのセキュリティ基準: - [コンテンツセキュリティポリシー(CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ We regard these features as important in order to provide a safe and optimal ser **満たされることが望ましい基準:** -- 公的なリーダーシップ。 - 頻繁な透明性レポート。 ### マーケティング -私たちが推奨する電子メールプロバイダーには、責任あるマーケティングを求めます。 +With the email providers we recommend, we like to see responsible marketing. **最低条件:** -- アナリティクスを自己でホストすること(つまり、GoogleアナリティクスやAdobe Analyticsなどは不可)。 プロバイダーのサイトは、オプトアウトを希望するユーザーのために[DNT(Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track)に準拠しなければなりません。 +- アナリティクスを自己でホストすること(つまり、GoogleアナリティクスやAdobe Analyticsなどは不可)。 The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -無責任なマーケティングを行わないこと。 +Must not have any irresponsible marketing, which can include the following: - 「破れない暗号化」という主張。 暗号化は、その暗号化を破る技術が将来になって現れた際には、それがもはや秘密ではなくなってしまうかもしれないということを念頭に置いて使用されるべきものです。 -- 匿名性を100%保証するという主張。 誰かが何かを100%だと主張するとき、それは失敗の確実性が全く存在しないということを意味します。 私たちは、人々が以下のような多くの方法で簡単に匿名化を解除できることを知っています。 +- 匿名性を100%保証するという主張。 誰かが何かを100%だと主張するとき、それは失敗の確実性が全く存在しないということを意味します。 We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.) - [ブラウザーのフィンガープリンティングを行うこと。](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **満たされることが望ましい基準:** -- 明確で読みやすいドキュメント。 これには、2FAの設定、電子メールクライアント、OpenPGPなどが含まれます。 +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### 追加機能 diff --git a/i18n/ko/email.md b/i18n/ko/email.md index 93a2feca..8cadbb07 100644 --- a/i18n/ko/email.md +++ b/i18n/ko/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - 이메일은 모든 온라인 서비스 이용에 사실상 필수적이지만, 개인 간 대화에는 권장드리지 않습니다. 다른 사람에게 연락할 때는 이메일보다는 순방향 비밀성을 지원하는 메신저를 사용하는 것이 좋습니다. [권장 메신저](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the ![Proton Mail 로고](assets/img/email/protonmail.svg){ align=right } -**Proton Mail**은 프라이버시, 암호화, 보안, 사용 편의성에 중점을 둔 이메일 서비스입니다. **2013년**부터 운영되었습니다. Proton AG 본사는 스위스 제네바에 위치하고 있습니다. Proton Mail 무료 요금제에는 500MB의 메일 저장 용량이 제공되며, 최대 1GB까지 무료로 늘릴 수 있습니다. +**Proton Mail**은 프라이버시, 암호화, 보안, 사용 편의성에 중점을 둔 이메일 서비스입니다. They have been in operation since 2013. Proton AG 본사는 스위스 제네바에 위치하고 있습니다. Proton Mail 무료 요금제에는 500MB의 메일 저장 용량이 제공되며, 최대 1GB까지 무료로 늘릴 수 있습니다. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ Mailbox.org는 모든 플랜에 디지털 유산 상속 기능을 제공합니 ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Tuta doesn't offer a digital legacy feature. ![Mailcow 로고](assets/img/email/mailcow.svg){ align=right } -**Mailcow**는 Linux 사용 경험이 많은 분에게 적합한 고급 메일 서버입니다. DKIM 지원 메일 서버, 안티바이러스, 스팸 모니터링, SOGo 웹메일 및 ActiveSync, 이중 인증 지원 웹 기반 관리 등 필요한 모든 것을 Docker 컨테이너에 갖추고 있습니다. +**Mailcow**는 Linux 사용 경험이 많은 분에게 적합한 고급 메일 서버입니다. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ Tuta doesn't offer a digital legacy feature. - 외부 사용자를 위해 임시 메일함을 지원해야 합니다. 수신자에게 실제 사본을 보내지 않고 암호화된 이메일을 보내고자 할 때 유용합니다. 이러한 이메일은 보통 수명이 제한돼 있으며 이후 자동으로 삭제됩니다. 수신자가 OpenPGP 등의 암호화를 설정할 필요가 없습니다. - [Onion 서비스](https://en.wikipedia.org/wiki/.onion)를 통해 이메일 서비스를 이용할 수 있어야 합니다. - [하위 주소](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) 지원. -- 자체 도메인을 소유한 사용자를 위해 Catch-all 이나 별칭 기능을 제공해야 합니다. -- IMAP, SMTP, [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol) 등 표준 이메일 접근 프로토콜을 사용해야 합니다. 표준 액세스 프로토콜을 사용함으로써, 사용자는 다른 서비스 제공 업체로 전환하고자 할 경우 모든 이메일을 쉽게 다운로드할 수 있습니다. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). 표준 액세스 프로토콜을 사용함으로써, 사용자는 다른 서비스 제공 업체로 전환하고자 할 경우 모든 이메일을 쉽게 다운로드할 수 있습니다. ### 프라이버시 @@ -315,7 +314,7 @@ Privacy Guides이 권장하는 제공자들은 최소한의 데이터만을 수 **최소 요구 사항:** -- 발신자의 IP 주소를 보호해야 합니다. `Received` 헤더 필드에 표시되지 않도록 필터링해야 합니다. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - 사용자 이름과 비밀번호 외에 개인 식별 정보(PII, Personally Identifiable Information)를 요구하지 않아야 합니다. - 프라이버시 정책은 GDPR에서 정의한 요구 사항을 충족해야 합니다. @@ -326,12 +325,12 @@ Privacy Guides이 권장하는 제공자들은 최소한의 데이터만을 수 ### 보안 -이메일 서버는 매우 민감한 데이터를 대량으로 처리합니다. We expect that providers will adopt best industry practices in order to protect their members. +이메일 서버는 매우 민감한 데이터를 대량으로 처리합니다. We expect that providers will adopt best industry practices in order to protect their customers. **최소 요구 사항:** - 웹메일은 2FA(TOTP 등)로 보호되어야 합니다. -- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. +- Zero access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions)를 지원해야 합니다. - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption. @@ -344,13 +343,14 @@ Privacy Guides이 권장하는 제공자들은 최소한의 데이터만을 수 - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. -- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **우대 사항:** -- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). +- Support for hardware authentication, i.e. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. -- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- 검증된 제 3자로부터 보안 감사 결과가 게시됨 - 버그 바운티 프로그램 또는 체계적인 취약점 공개 프로세스가 있음 - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t **우대 사항:** -- Public-facing leadership. - 투명성 보고서를 자주 발간해야 합니다. ### 마케팅 -Privacy Guides는 권장 이메일 제공 업체가 책임감 있는 마케팅을 할 것을 기대하고 있습니다. +With the email providers we recommend, we like to see responsible marketing. **최소 요구 사항:** -- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. +- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -다음과 같은 무책임한 마케팅은 일절 없어야 합니다: +Must not have any irresponsible marketing, which can include the following: - "절대 뚫리지 않는 암호화" 등의 주장을 해선 안 됩니다. 암호화는 미래에 해당 암호화를 무력화할 수 있는 기술이 등장할 수 있다는 것을 항상 염두에 두고 사용해야 합니다. -- "100% 익명성 보장" 만약 누군가가 100%라고 주장한다면, 이는 절대 실패할 수 없다고 하는 것과 같습니다. 익명성을 잃는 방법은 간단하면서도 다양하다는 것은 잘 알려져 있습니다. 예시로는 다음과 같습니다: +- "100% 익명성 보장" 만약 누군가가 100%라고 주장한다면, 이는 절대 실패할 수 없다고 하는 것과 같습니다. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.) - [브라우저 핑거프린팅](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **우대 사항:** -- 명확하고 읽기 쉬운 문서를 제공해야 합니다. 2FA/이메일 클라이언트/OpenPGP 설정 방법 안내 등의 문서도 제공해야 합니다. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### 추가 기능 diff --git a/i18n/ku-IQ/email.md b/i18n/ku-IQ/email.md index 57dc2a0f..4b3859e8 100644 --- a/i18n/ku-IQ/email.md +++ b/i18n/ku-IQ/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - پۆستەی ئەلکتڕۆنی بەتایبەتی گرنگە بۆ بەکارهێنانی هەر خزمەتگوزاریەکی سەرهێڵ، بەڵام ئێمە پێشنیاری ناکەین بۆ گفتوفۆی دوو کەسی. لەجیاتی بەکارهێنانی پۆستەی ئەلکتڕۆنی بۆ پەیوەندی کردن بە کەسانی تر، ڕەچاوی بەکارهێنانی ئامرازێکی نامەبەری دەستبەجێ بکە، کە پشتگیری لە نهێنیکردنی بەردەوام دەکات. [نامەبەرە دەستبەجێیە پێشنیارکراوەکان](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the ![لۆگۆی Proton Mail](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** خزمەتگوزاریەکی پۆستەی ئەلکتڕۆنیە، کە سەرنجی هەبوونی تایبەتێتی، شفرکردن، پارێزراوی، وە ئاسان لە بەکارهێنان دروست کراوە. ئەوان لە **2013**ـەوە لە کاردان. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +**Proton Mail** خزمەتگوزاریەکی پۆستەی ئەلکتڕۆنیە، کە سەرنجی هەبوونی تایبەتێتی، شفرکردن، پارێزراوی، وە ئاسان لە بەکارهێنان دروست کراوە. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ These providers store your emails with zero-knowledge encryption, making them gr ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Advanced system administrators may consider setting up their own email server. M ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } -**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. +**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ We regard these features as important in order to provide a safe and optimal ser - Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. - Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- Catch-all or alias functionality for those who own their own domains. -- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. ### Privacy @@ -315,7 +314,7 @@ We prefer our recommended providers to collect as little data as possible. **Minimum to Qualify:** -- Protect sender's IP address. Filter it from showing in the `Received` header field. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. - Privacy policy that meets the requirements defined by the GDPR. @@ -326,12 +325,12 @@ We prefer our recommended providers to collect as little data as possible. ### Security -Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. +Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their customers. **Minimum to Qualify:** - Protection of webmail with 2FA, such as TOTP. -- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. +- Zero access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support. - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption. @@ -344,13 +343,14 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. -- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Best Case:** -- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). +- Support for hardware authentication, i.e. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. -- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Published security audits from a reputable third-party firm. - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t **Best Case:** -- Public-facing leadership. - Frequent transparency reports. ### Marketing -With the email providers we recommend we like to see responsible marketing. +With the email providers we recommend, we like to see responsible marketing. **Minimum to Qualify:** -- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. +- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Must not have any marketing which is irresponsible: +Must not have any irresponsible marketing, which can include the following: - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: +- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.) - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Best Case:** -- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Additional Functionality diff --git a/i18n/nl/email.md b/i18n/nl/email.md index ade630e4..7814f510 100644 --- a/i18n/nl/email.md +++ b/i18n/nl/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - E-mail is bijna een noodzaak voor het gebruik van elke online dienst, maar wij raden het niet aan voor gesprekken van persoon tot persoon. In plaats van e-mail te gebruiken om andere mensen te contacteren, kunt u overwegen een instant messenger te gebruiken die forward secrecy ondersteunt. [Aanbevolen Instant Messengers](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** is een e-maildienst met focus op privacy, encryptie, veiligheid en gebruiksgemak. Ze zijn al actief sinds **2013**. Proton AG is gevestigd in Genève, Zwitserland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +**Proton Mail** is een e-maildienst met focus op privacy, encryptie, veiligheid en gebruiksgemak. They have been in operation since 2013. Proton AG is gevestigd in Genève, Zwitserland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ Deze providers slaan je e-mails op met zero-knowledge encryptie, waardoor ze gew ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Gevorderde systeembeheerders kunnen overwegen hun eigen e-mailserver op te zette ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } -**Mailcow** is een meer geavanceerde mailserver, perfect voor mensen met wat meer Linux ervaring. Het heeft alles wat je nodig hebt in een Docker container: Een mailserver met DKIM-ondersteuning, antivirus- en spammonitoring, webmail en ActiveSync met SOGo, en webgebaseerd beheer met 2FA-ondersteuning. +**Mailcow** is een meer geavanceerde mailserver, perfect voor mensen met wat meer Linux ervaring. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ Wij beschouwen deze kenmerken als belangrijk om een veilige en optimale dienst t - Ondersteuning voor een tijdelijke mailbox voor externe gebruikers. Dit is handig wanneer je een versleutelde e-mail wilt verzenden, zonder een echte kopie naar jouw ontvanger te sturen. Deze e-mails hebben meestal een beperkte levensduur en worden daarna automatisch verwijderd. Zij vereisen ook niet dat de ontvanger cryptografie configureert zoals OpenPGP. - Beschikbaarheid van de diensten van de e-mailprovider via een [onion service](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- Catch-all of alias functionaliteit voor diegenen die hun eigen domeinen bezitten. -- Gebruik van standaard e-mail toegangsprotocollen zoals IMAP, SMTP of [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standaard toegangsprotocollen zorgen ervoor dat klanten al hun e-mail gemakkelijk kunnen downloaden, mochten zij naar een andere provider willen overstappen. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standaard toegangsprotocollen zorgen ervoor dat klanten al hun e-mail gemakkelijk kunnen downloaden, mochten zij naar een andere provider willen overstappen. ### Privacy @@ -315,7 +314,7 @@ Wij geven er de voorkeur aan dat de door ons aanbevolen aanbieders zo weinig mog **Minimum om in aanmerking te komen:** -- Beschermt het IP adres van de afzender. Filter het uit de weergave in het `Received` header veld. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Vereisen geen persoonlijk identificeerbare informatie (PII) naast een gebruikersnaam en een wachtwoord. - Privacybeleid dat voldoet aan de vereisten van de GDPR. @@ -326,12 +325,12 @@ Wij geven er de voorkeur aan dat de door ons aanbevolen aanbieders zo weinig mog ### Veiligheid -Email servers verwerken veel zeer gevoelige gegevens. We verwachten dat providers de beste praktijken in de branche zullen toepassen om hun gebruikers te beschermen. +Email servers verwerken veel zeer gevoelige gegevens. We expect that providers will adopt best industry practices in order to protect their customers. **Minimum om in aanmerking te komen:** - Bescherming van webmail met 2FA, zoals TOTP. -- Zero access encryptie, bouwt voort op encryptie in rust. De provider heeft geen decryptiesleutels voor de gegevens die ze hebben. Dit voorkomt dat een malafide werknemer gegevens lekt waartoe hij toegang heeft, of dat een tegenstander op afstand gegevens vrijgeeft die hij heeft gestolen door ongeoorloofde toegang tot de server te verkrijgen. +- Zero access encryption, which builds on encryption at rest. De provider heeft geen decryptiesleutels voor de gegevens die ze hebben. Dit voorkomt dat een malafide werknemer gegevens lekt waartoe hij toegang heeft, of dat een tegenstander op afstand gegevens vrijgeeft die hij heeft gestolen door ongeoorloofde toegang tot de server te verkrijgen. - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) ondersteuning. - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - Een geldig [MTA-STS](https://tools.ietf.org/html/rfc8461) en [TLS-RPT](https://tools.ietf.org/html/rfc8460) beleid. @@ -344,13 +343,14 @@ Email servers verwerken veel zeer gevoelige gegevens. We verwachten dat provider - Beveiligingsnormen voor websites, zoals: - [HTTP Strict Transport Security](https://nl.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subbron Integriteit](https://en.wikipedia.org/wiki/Subresource_Integrity) als dingen van externe domeinen worden geladen. -- Moet het bekijken van [Message headers](https://en.wikipedia.org/wiki/Email#Message_header)ondersteunen, aangezien dit een cruciale forensische functie is om te bepalen of een e-mail een phishing-poging is. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Beste geval:** -- Ondersteuning voor hardware-authenticatie, d.w.z. U2F en [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F en WebAuthn zijn veiliger omdat zij een privésleutel gebruiken die is opgeslagen op een hardware-apparaat aan de clientzijde om mensen te authenticeren, in tegenstelling tot een gedeeld geheim dat is opgeslagen op de webserver en aan de clientzijde wanneer TOTP wordt gebruikt. Bovendien zijn U2F en WebAuthn beter bestand tegen phishing omdat hun authenticatierespons gebaseerd is op de geauthenticeerde [domeinnaam](https://en.wikipedia.org/wiki/Domain_name). +- Ondersteuning voor hardware-authenticatie, d.w.z. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS Certificatie Autoriteit Autorisatie (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in aanvulling op DANE ondersteuning. -- Implementatie van [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), dit is nuttig voor mensen die posten naar mailinglijsten [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Gepubliceerde veiligheidscontroles van een gerenommeerde derde partij. - Programma's voor bug-bounty's en/of een gecoördineerd proces voor de openbaarmaking van kwetsbaarheden. - Beveiligingsnormen voor websites, zoals: - [Inhoud beveiligingsbeleid (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ Je zou je financiën niet toevertrouwen aan iemand met een valse identiteit, dus **Beste geval:** -- Publieksgericht leiderschap. - Frequente transparantieverslagen. ### Marketing -Bij de e-mail providers die we aanbevelen zien we graag verantwoorde marketing. +With the email providers we recommend, we like to see responsible marketing. **Minimum om in aanmerking te komen:** -- Moet zelf analytics hosten (geen Google Analytics, Adobe Analytics, etc.). De site van de aanbieder moet ook voldoen aan [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) voor degenen die zich willen afmelden. +- Moet zelf analytics hosten (geen Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Mag geen marketing hebben die onverantwoord is: +Must not have any irresponsible marketing, which can include the following: - Claims van "onbreekbare encryptie." Encryptie moet worden gebruikt met de bedoeling dat zij in de toekomst niet meer geheim is wanneer de technologie bestaat om haar te kraken. -- Garanties van 100% bescherming van de anonimiteit. Wanneer iemand beweert dat iets 100% is, betekent dit dat er geen zekerheid is voor mislukking. We weten dat mensen zichzelf vrij gemakkelijk kunnen deanonimiseren op een aantal manieren, bv.: +- Garanties van 100% bescherming van de anonimiteit. Wanneer iemand beweert dat iets 100% is, betekent dit dat er geen zekerheid is voor mislukking. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.) - [Browser vingerafdrukken](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Beste geval:** -- Duidelijke en gemakkelijk te lezen documentatie. Dit omvat zaken als het instellen van 2FA, e-mailclients, OpenPGP, enz. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Extra functionaliteit diff --git a/i18n/pl/email.md b/i18n/pl/email.md index 105e77ca..240552a8 100644 --- a/i18n/pl/email.md +++ b/i18n/pl/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. [Recommended Instant Messengers](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ These providers store your emails with zero-knowledge encryption, making them gr ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Advanced system administrators may consider setting up their own email server. M ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } -**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. +**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ We regard these features as important in order to provide a safe and optimal ser - Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. - Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- Catch-all or alias functionality for those who own their own domains. -- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. ### Privacy @@ -315,7 +314,7 @@ We prefer our recommended providers to collect as little data as possible. **Minimum to Qualify:** -- Protect sender's IP address. Filter it from showing in the `Received` header field. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. - Privacy policy that meets the requirements defined by the GDPR. @@ -326,12 +325,12 @@ We prefer our recommended providers to collect as little data as possible. ### Security -Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. +Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their customers. **Minimum to Qualify:** - Protection of webmail with 2FA, such as TOTP. -- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. +- Zero access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support. - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption. @@ -344,13 +343,14 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. -- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Best Case:** -- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). +- Support for hardware authentication, i.e. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. -- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Published security audits from a reputable third-party firm. - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t **Best Case:** -- Public-facing leadership. - Frequent transparency reports. ### Marketing -With the email providers we recommend we like to see responsible marketing. +With the email providers we recommend, we like to see responsible marketing. **Minimum to Qualify:** -- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. +- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Must not have any marketing which is irresponsible: +Must not have any irresponsible marketing, which can include the following: - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: +- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.) - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Best Case:** -- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Additional Functionality diff --git a/i18n/pt-BR/email.md b/i18n/pt-BR/email.md index 30c1f4e3..7887b904 100644 --- a/i18n/pt-BR/email.md +++ b/i18n/pt-BR/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - O "email" é praticamente uma necessidade para usar qualquer serviço “online”, contudo não o recomendamos para conversas pessoais. Ao invés de utilizar email para falar com outras pessoas, considere utilizar um meio de mensagens instantâneas que suporte sigilo encaminhado. [Mensageiros Instantâneos Recomendados](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the ![logo do Proton Mail](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** é um serviço de email com foco na privacidade, criptografia, segurança, e facilidade de uso. Eles estão operando desde **2013**. Proton AG é localizado em Genève, Suíça. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +**Proton Mail** é um serviço de email com foco na privacidade, criptografia, segurança, e facilidade de uso. They have been in operation since 2013. Proton AG é localizado em Genève, Suíça. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ Estes provedores armazenam os seus e-mails com criptografia de conhecimento zero ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Administratores de sistema avançados podem considerar a possibilidade de config ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } -**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. +**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ Consideramos esses recursos importantes para fornecer um serviço seguro e otimi - Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. - Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- Catch-all or alias functionality for those who own their own domains. -- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. ### Privacidade @@ -315,7 +314,7 @@ Preferimos que nossos provedores recomendados coletem o mínimo possível de dad **Mínimo Para Qualificação:** -- Protect sender's IP address. Filter it from showing in the `Received` header field. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. - Privacy policy that meets the requirements defined by the GDPR. @@ -326,12 +325,12 @@ Preferimos que nossos provedores recomendados coletem o mínimo possível de dad ### Segurança -Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. +Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their customers. **Mínimo Para Qualificação:** - Protection of webmail with 2FA, such as TOTP. -- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. +- Zero access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support. - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption. @@ -344,13 +343,14 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. -- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Melhor Caso:** -- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). +- Support for hardware authentication, i.e. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. -- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Auditorias de segurança publicadas por uma empresa terceirizada de boa reputação. - Programas de recompensa por bugs e/ou um processo coordenado de divulgação de vulnerabilidades. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t **Melhor Caso:** -- Liderança orientada para o público (usuário). - Relatórios de transparência frequentes. ### Marketing -With the email providers we recommend we like to see responsible marketing. +With the email providers we recommend, we like to see responsible marketing. **Mínimo Para Qualificação:** -- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. +- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Não deve ter nenhum marketing irresponsável: +Must not have any irresponsible marketing, which can include the following: - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. -- Garantir 100% de proteção ao anonimato. When someone makes a claim that something is 100% it means there is no certainty for failure. Sabemos que as pessoas podem se desanonimizar facilmente de várias maneiras, por exemplo: +- Garantir 100% de proteção ao anonimato. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.) - [Impressão digital do navegador](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Melhor Caso:** -- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Funções Adicionais diff --git a/i18n/pt/email.md b/i18n/pt/email.md index 9afa5ce2..3b5dd8c1 100644 --- a/i18n/pt/email.md +++ b/i18n/pt/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - O correio eletrónico é praticamente uma necessidade para subscrever qualquer serviço online, mas não o recomendamos para conversas pessoais. Em vez de utilizar o correio eletrónico para contactar outras pessoas, considere a possibilidade de utilizar uma aplicação de mensagens instantâneas que suporte encaminhamento sigiloso. [Aplicações de Mensagens Instantâneas Recomendadas](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the ![Logótipo Proton Mail](assets/img/email/protonmail.svg){ align=right } -O **Proton Mail** é um serviço de e-mail que privilegia a privacidade, a encriptação, a segurança e a facilidade de utilização. Estão em funcionamento desde **2013**. A Proton AG tem sede em Genebra, na Suíça. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +O **Proton Mail** é um serviço de e-mail que privilegia a privacidade, a encriptação, a segurança e a facilidade de utilização. They have been in operation since 2013. A Proton AG tem sede em Genebra, na Suíça. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ Estes fornecedores armazenam as suas mensagens eletrónicas com encriptação de ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Os administradores de sistemas avançados podem considerar a possibilidade de co ![Logótipo Mailcow](assets/img/email/mailcow.svg){ align=right } -**Mailcow** é um servidor de e-mail mais avançado, perfeito para quem tem um pouco mais de experiência em Linux. Tem tudo o que é necessário num contentor Docker: um servidor de e-mail com suporte DKIM, antivírus e monitorização de spam, webmail e ActiveSync com SOGo, e administração baseada na Web com suporte 2FA. +**Mailcow** é um servidor de e-mail mais avançado, perfeito para quem tem um pouco mais de experiência em Linux. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ Consideramos que estas características são importantes para podermos prestar u - Suporte para uma caixa de correio temporária para utilizadores externos. Isto é útil quando se pretende enviar uma mensagem de e-mail encriptada, sem enviar uma cópia real ao destinatário. Estas mensagens de e-mail têm normalmente um tempo de vida limitado e depois são automaticamente eliminadas. Também não requerem que o destinatário configure qualquer criptografia como o OpenPGP. - Disponibilidade dos serviços do fornecedor de e-mail através de um serviço onion [](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- Funcionalidade de Catch-all ou alias para quem possui os seus próprios domínios. -- Utilização de protocolos normais de acesso ao e-mail, como IMAP, SMTP ou [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Os protocolos de acesso normalizados garantem que os clientes podem transferir facilmente todo o seu e-mail, caso pretendam mudar para outro fornecedor. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Os protocolos de acesso normalizados garantem que os clientes podem transferir facilmente todo o seu e-mail, caso pretendam mudar para outro fornecedor. ### Privacidade @@ -315,7 +314,7 @@ Preferimos que os nossos fornecedores recomendados recolham o mínimo de dados p **Mínimos de qualificação:** -- Proteção do endereço IP do remetente. Filtrar o IP para que não apareça no campo de cabeçalho `Recebido`. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Não exigir informações de identificação pessoal (PII) para além de um nome de utilizador e uma palavra-passe. - Política de privacidade que cumpra os requisitos definidos pelo RGPD. @@ -326,12 +325,12 @@ Preferimos que os nossos fornecedores recomendados recolham o mínimo de dados p ### Segurança -Os servidores de e-mail lidam com uma grande quantidade de dados muito sensíveis. É esperado que os fornecedores adotem as melhores práticas do setor para proteger os seus membros. +Os servidores de e-mail lidam com uma grande quantidade de dados muito sensíveis. We expect that providers will adopt best industry practices in order to protect their customers. **Mínimos de qualificação:** - Proteção do webmail com 2FA, como o TOTP. -- Encriptação de acesso zero, baseada na encriptação em estado de repouso. Vedar o acesso do fornecedor às chaves de desencriptação dos dados. Isto impede que um funcionário desonesto divulgue os dados a que tem acesso ou que um adversário remoto divulgue os dados que roubou ao obter acesso não autorizado ao servidor. +- Zero access encryption, which builds on encryption at rest. Vedar o acesso do fornecedor às chaves de desencriptação dos dados. Isto impede que um funcionário desonesto divulgue os dados a que tem acesso ou que um adversário remoto divulgue os dados que roubou ao obter acesso não autorizado ao servidor. - [Suporte DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions). - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - Uma opção de suite de servidor (opcional no TLSv1.3) para suites de cifras fortes que suportem encaminhamento sigiloso e encriptação autenticada. @@ -344,13 +343,14 @@ Os servidores de e-mail lidam com uma grande quantidade de dados muito sensívei - Normas de segurança de sites Web, tais como: - [Segurança de transporte estrito HTTP](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Integridade do sub-recurso](https://en.wikipedia.org/wiki/Subresource_Integrity) se estiver a carregar dados de domínios externos. -- Suporte para visualização dos cabeçalhos de mensagens [](https://en.wikipedia.org/wiki/Email#Message_header), uma vez que se trata de uma caraterística forense crucial para determinar se uma mensagem de e-mail é uma tentativa de phishing. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Melhor caso:** -- Suporte para autenticação de hardware, isto é. U2F e [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). O U2F e o WebAuthn são mais seguros porque utilizam uma chave privada, armazenada num dispositivo de hardware do lado do cliente, para efeitos de autenticação, ao contrário de um segredo partilhado que é armazenado no servidor Web e no lado do cliente quando se utiliza o TOTP. Além disso, o U2F e o WebAuthn são mais resistentes ao phishing, uma vez que a sua resposta de autenticação se baseia no nome de domínio autenticado [](https://en.wikipedia.org/wiki/Domain_name). +- Suporte para autenticação de hardware, isto é. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [Registo de Recursos de Autorização de Autoridade de Certificação (CAA) do DNS](https://tools.ietf.org/html/rfc6844), para além do suporte DANE. -- Implementação de [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), útil para pessoas que enviam mensagens para listas de e-mail [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Auditorias de segurança publicadas por uma empresa terceira de renome. - Programas de recompensa de bugs e/ou um processo coordenado de divulgação de vulnerabilidades. - Normas de segurança de sites Web, tais como: - [Política de segurança de conteúdo (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ Se não confiaria as suas finanças a alguém com uma identidade falsa, por que **Melhor caso:** -- Liderança virada para o público. - Relatórios de transparência frequentes. ### Marketing -Gostaríamos que os fornecedores de e-mail que recomendamos tivessem uma política de marketing responsável. +With the email providers we recommend, we like to see responsible marketing. **Mínimos de qualificação:** -- As estatísticas de análise devem ser auto-hospedados (evitar Google Analytics, Adobe Analytics, etc.). O site do fornecedor deve também estar em conformidade com a política [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track), para quem opte por não participar. +- As estatísticas de análise devem ser auto-hospedados (evitar Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Não deverão ter políticas de marketing irresponsáveis: +Must not have any irresponsible marketing, which can include the following: - Reivindicações de "encriptação inquebrável" A encriptação deve ser utilizada com a consciência de poder vir a não ser secreta no futuro, quando existir tecnologia para a decifrar. -- Garantir a proteção do anonimato a 100%. Quando alguém afirma que algo é 100%, significa que não há possibilidade de falha. Sabemos que as pessoas podem desanonimizar-se muito facilmente de várias formas, por exemplo: +- Garantir a proteção do anonimato a 100%. Quando alguém afirma que algo é 100%, significa que não há possibilidade de falha. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.) - [Impressão digital do browser](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Melhor caso:** -- Documentação clara e fácil de ler. Isto inclui questões como a configuração de 2FA, clientes de e-mail, OpenPGP, etc. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Funcionalidade adicional diff --git a/i18n/ru/email.md b/i18n/ru/email.md index f6dd04ca..1489063c 100644 --- a/i18n/ru/email.md +++ b/i18n/ru/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - Электронная почта практически всегда необходима для использования любого онлайн-сервиса, однако мы не рекомендуем использовать её для общения с людьми. Вместо того, чтобы использовать электронную почту для связи с другими людьми, мы советуем использовать мессенджеры, которые поддерживают прямую секретность. [Рекомендуемые мессенджеры](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP также не поддерживает прямую секретнос ![Логотип Proton Mail](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** — это сервис электронной почты, фокусирующийся на приватности, шифровании, безопасности и простоте использования. Они работают с **2013** года. Компания Proton AG базируется в Женеве, Швейцария. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +**Proton Mail** — это сервис электронной почты, фокусирующийся на приватности, шифровании, безопасности и простоте использования. They have been in operation since 2013. Компания Proton AG базируется в Женеве, Швейцария. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ Mailbox.org имеет функцию цифрового наследия для ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Tuta doesn't offer a digital legacy feature. ![Логотип Mailcow](assets/img/email/mailcow.svg){ align=right } -**Mailcow** - это более продвинутый почтовый сервер, идеально подходящий для тех, у кого есть опыт работы с Linux. В его контейнере Docker есть всё, что тебе нужно: почтовый сервер с поддержкой DKIM, антивирус и мониторинг спама, веб-почта и ActiveSync с SOGo, а также веб-администрирование с поддержкой 2FA. +**Mailcow** - это более продвинутый почтовый сервер, идеально подходящий для тех, у кого есть опыт работы с Linux. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ Tuta doesn't offer a digital legacy feature. - Поддержка временного почтового ящика для внешних пользователей. Это полезно, когда вы хотите отправить зашифрованное сообщение электронной почты, не отправляя фактическую копию получателю. Такие письма обычно имеют ограниченный срок действия, а затем автоматически удаляются. Они также не требуют от получателя настройки какой-либо криптографии, как OpenPGP. - Доступность услуг провайдера электронной почты через [службу .onion](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- Функциональность поймать-все или псевдонимов для тех, кто владеет собственными доменами. -- Использование стандартных протоколов доступа к электронной почте, таких как IMAP, SMTP или [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Стандартные протоколы доступа обеспечивают клиентам возможность легко скачать всю свою электронную почту, если они захотят перейти к другому провайдеру. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Стандартные протоколы доступа обеспечивают клиентам возможность легко скачать всю свою электронную почту, если они захотят перейти к другому провайдеру. ### Конфиденциальность @@ -315,7 +314,7 @@ Tuta doesn't offer a digital legacy feature. **Минимальные требования:** -- Защищает IP-адрес отправителя. Отфильтрует его от отображения в поле заголовка `Received`. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Не требуйте личной идентификационной информации (PII), кроме имени пользователя и пароля. - Политика конфиденциальности, отвечающая требованиям GDPR. @@ -326,12 +325,12 @@ Tuta doesn't offer a digital legacy feature. ### Безопасность -Серверы электронной почты работают с большим количеством очень конфиденциальных данных. Мы ожидаем, что поставщики услуг будут использовать лучшие отраслевые практики для защиты своих клиентов. +Серверы электронной почты работают с большим количеством очень конфиденциальных данных. We expect that providers will adopt best industry practices in order to protect their customers. **Минимальные требования:** - Защита веб-почты с помощью 2FA, например, TOTP. -- Шифрование с нулевым доступом, основанное на шифровании в состоянии покоя. Провайдер не имеет ключей расшифровки для хранящихся у него данных. Это предотвращает утечку данных, к которым имеет доступ недобросовестный сотрудник. Или утечку данных, которые злоумышленник украл, получив несанкционированный доступ к серверу. +- Zero access encryption, which builds on encryption at rest. Провайдер не имеет ключей расшифровки для хранящихся у него данных. Это предотвращает утечку данных, к которым имеет доступ недобросовестный сотрудник. Или утечку данных, которые злоумышленник украл, получив несанкционированный доступ к серверу. - Поддержка [DNSSEC](https://ru.wikipedia.org/wiki/DNSSEC). - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - Настройки сервера (опционально для TLSv1.3) для сильных наборов шифров, которые поддерживают прямую секретность и аутентифицированное шифрование. @@ -344,13 +343,14 @@ Tuta doesn't offer a digital legacy feature. - Стандарты безопасности веб-сайта, такие как: - [Строгая транспортная безопасность HTTP](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Целостность субресурса](https://en.wikipedia.org/wiki/Subresource_Integrity) при загрузке вещей из внешних доменов. -- Должен поддерживать просмотр [заголовков сообщений](https://ru.wikipedia.org/wiki/%D0%AD%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE%D0%BD%D0%BD%D0%B0%D1%8F_%D0%BF%D0%BE%D1%87%D1%82%D0%B0#%D0%97%D0%B0%D0%B3%D0%BE%D0%BB%D0%BE%D0%B2%D0%BA%D0%B8_%D0%BF%D0%B8%D1%81%D1%8C%D0%BC%D0%B0), поскольку это важнейшая криминалистическая функция, позволяющая определить, является ли письмо попыткой фишинга. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **В лучшем случае:** -- Поддержка аппаратной аутентификации, т.е. U2F и [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F и WebAuthn являются более безопасными, поскольку для аутентификации людей они используют закрытый ключ, хранящийся на аппаратном устройстве на стороне клиента, в отличие от общего секрета, который хранится на веб-сервере и на стороне клиента при использовании TOTP. Кроме того, U2F и WebAuthn более устойчивы к фишингу, поскольку их ответ аутентификации основан на аутентифицированном [доменном имени](https://ru.wikipedia.org/wiki/%D0%94%D0%BE%D0%BC%D0%B5%D0%BD%D0%BD%D0%BE%D0%B5_%D0%B8%D0%BC%D1%8F). +- Поддержка аппаратной аутентификации, т.е. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [Запись ресурса DNS Certification Authority Authorization (CAA)](https://tools.ietf.org/html/rfc6844) в дополнение к поддержке DANE. -- Реализация [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), это полезно для людей, которые пишут в списки рассылки [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Опубликованные аудиты безопасности от авторитетной сторонней фирмы. - Программы "bug-bounty" и/или скоординированный процесс раскрытия информации об уязвимостях. - Стандарты безопасности веб-сайта, такие как: - [Политика безопасности контента (CSP, Content-Security-Policy)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ Tuta doesn't offer a digital legacy feature. **В лучшем случае:** -- Лидерство, ориентированное на общественность. - Частые отчеты о прозрачности. ### Маркетинг -Провайдеры электронной почты, которых мы рекомендуем, предпочитают ответственный маркетинг. +With the email providers we recommend, we like to see responsible marketing. **Минимальные требования:** -- Должен самостоятельно хостить аналитику (без Google Analytics, Adobe Analytics и т.д.). Сайт провайдера также должен соответствовать требованиям [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) для тех, кто желает отказаться от отслеживания. +- Должен самостоятельно хостить аналитику (без Google Analytics, Adobe Analytics и т.д.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Не должно быть никакого маркетинга, который является безответственным: +Must not have any irresponsible marketing, which can include the following: - Заявления о "невзламываемом шифровании." Шифрование должно использоваться с тем расчетом, что в будущем, когда появится технология для его взлома, оно может оказаться не секретным. -- Предоставление гарантий защиты анонимности на 100%. Когда кто-то утверждает: "Это является на 100% ..." - это не означает, что кто-то не может ошибиться. Мы знаем, что люди могут довольно легко деанонимизировать себя различными способами, например: +- Предоставление гарантий защиты анонимности на 100%. Когда кто-то утверждает: "Это является на 100% ..." - это не означает, что кто-то не может ошибиться. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.) - [Цифровые отпечатки браузера](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **В лучшем случае:** -- Понятная и легко читаемая документация. Сюда входят такие вещи, как настройка 2FA, почтовые клиенты, OpenPGP и т.д. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Дополнительная функциональность diff --git a/i18n/sv/email.md b/i18n/sv/email.md index f143ee05..77e641f5 100644 --- a/i18n/sv/email.md +++ b/i18n/sv/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - E-post är i praktiken en nödvändighet för att använda internettjänster, men vi rekommenderar det inte för personliga konversationer. Istället för att kontakta andra personer genom e-post kan du överväga att använda en meddelandetjänst som stödjer vidarebefordingsekretess (forward secrecy). [Rekommenderade meddelandetjänster](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** är en e-posttjänst med fokus på ,integritet, kryptering, säkerhet, och användarvänlighet. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +**Proton Mail** är en e-posttjänst med fokus på ,integritet, kryptering, säkerhet, och användarvänlighet. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ These providers store your emails with zero-knowledge encryption, making them gr ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Advanced system administrators may consider setting up their own email server. M ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } -**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. +**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ We regard these features as important in order to provide a safe and optimal ser - Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. - Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- Catch-all or alias functionality for those who own their own domains. -- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. ### Privacy @@ -315,7 +314,7 @@ We prefer our recommended providers to collect as little data as possible. **Minimum to Qualify:** -- Protect sender's IP address. Filter it from showing in the `Received` header field. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. - Privacy policy that meets the requirements defined by the GDPR. @@ -326,12 +325,12 @@ We prefer our recommended providers to collect as little data as possible. ### Security -Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. +Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their customers. **Minimum to Qualify:** - Protection of webmail with 2FA, such as TOTP. -- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. +- Zero access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support. - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption. @@ -344,13 +343,14 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. -- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Best Case:** -- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). +- Support for hardware authentication, i.e. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. -- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Published security audits from a reputable third-party firm. - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t **Best Case:** -- Public-facing leadership. - Frequent transparency reports. ### Marketing -With the email providers we recommend we like to see responsible marketing. +With the email providers we recommend, we like to see responsible marketing. **Minimum to Qualify:** -- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. +- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Must not have any marketing which is irresponsible: +Must not have any irresponsible marketing, which can include the following: - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: +- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.) - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Best Case:** -- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Additional Functionality diff --git a/i18n/tr/email.md b/i18n/tr/email.md index 22eed968..fe5851c5 100644 --- a/i18n/tr/email.md +++ b/i18n/tr/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - E-posta, herhangi bir çevrimiçi hizmeti kullanmak için pratikte bir gerekliliktir, ancak bireysel görüşmeler için e-posta kullanılmasını önermiyoruz. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. [Önerilen Anlık Mesajlaşma Programları](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the ![Proton Mail logosu](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** gizlilik, şifreleme, güvenlik ve kullanım kolaylığına odaklanan bir e-posta hizmetidir. **2013** yılından beri faaliyet göstermektedirler. Proton AG'nin merkezi İsviçre'nin Cenevre kentindedir. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +**Proton Mail** gizlilik, şifreleme, güvenlik ve kullanım kolaylığına odaklanan bir e-posta hizmetidir. They have been in operation since 2013. Proton AG'nin merkezi İsviçre'nin Cenevre kentindedir. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ These providers store your emails with zero-knowledge encryption, making them gr ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Advanced system administrators may consider setting up their own email server. M ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } -**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. +**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ We regard these features as important in order to provide a safe and optimal ser - Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. - Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- Catch-all or alias functionality for those who own their own domains. -- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. ### Privacy @@ -315,7 +314,7 @@ We prefer our recommended providers to collect as little data as possible. **Minimum to Qualify:** -- Protect sender's IP address. Filter it from showing in the `Received` header field. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. - Privacy policy that meets the requirements defined by the GDPR. @@ -326,12 +325,12 @@ We prefer our recommended providers to collect as little data as possible. ### Security -Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. +Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their customers. **Minimum to Qualify:** - Protection of webmail with 2FA, such as TOTP. -- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. +- Zero access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support. - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption. @@ -344,13 +343,14 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. -- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Best Case:** -- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). +- Support for hardware authentication, i.e. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. -- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Published security audits from a reputable third-party firm. - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t **Best Case:** -- Public-facing leadership. - Frequent transparency reports. ### Marketing -With the email providers we recommend we like to see responsible marketing. +With the email providers we recommend, we like to see responsible marketing. **Minimum to Qualify:** -- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. +- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Must not have any marketing which is irresponsible: +Must not have any irresponsible marketing, which can include the following: - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: +- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.) - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Best Case:** -- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Additional Functionality diff --git a/i18n/uk/email.md b/i18n/uk/email.md index 6e210c44..9045e6c0 100644 --- a/i18n/uk/email.md +++ b/i18n/uk/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - Електронна пошта це практично необхідність для користування будь-яким онлайн-сервісом, проте ми не рекомендуємо використовувати її для особистих розмов. Замість того, щоб використовувати електронну пошту для зв'язку з іншими людьми, розгляньте можливість використання засобів обміну повідомленнями, які підтримують таємницю. [Рекомендовані месенджери](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the ![Логотип Proton Mail](assets/img/email/protonmail.svg){ align=right } -**Proton Mail — це поштовий сервіс з акцентом на конфіденційності, шифруванні, безпеці та простоті використання. Вони працюють з **2013 року**. Компанія Proton AG базується в Женеві, Швейцарія. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +**Proton Mail — це поштовий сервіс з акцентом на конфіденційності, шифруванні, безпеці та простоті використання. They have been in operation since 2013. Компанія Proton AG базується в Женеві, Швейцарія. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ Mailbox.org має функцію цифрової спадщини для вс ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Tuta doesn't offer a digital legacy feature. ![Логотип Mailcow](assets/img/email/mailcow.svg){ align=right } -**Mailcow** — це більш просунутий поштовий сервер, який ідеально підходить для тих, хто має трохи більше досвіду роботи з Linux. У ньому є все необхідне в Docker-контейнері: Поштовий сервер з підтримкою DKIM, антивірус та спам-моніторинг, електронна пошта та ActiveSync з SOGo, а також веб-адміністрування з підтримкою 2FA. +**Mailcow** — це більш просунутий поштовий сервер, який ідеально підходить для тих, хто має трохи більше досвіду роботи з Linux. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ We regard these features as important in order to provide a safe and optimal ser - Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. - Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- Catch-all or alias functionality for those who own their own domains. -- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. ### Privacy @@ -315,7 +314,7 @@ We prefer our recommended providers to collect as little data as possible. **Minimum to Qualify:** -- Protect sender's IP address. Filter it from showing in the `Received` header field. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. - Privacy policy that meets the requirements defined by the GDPR. @@ -326,12 +325,12 @@ We prefer our recommended providers to collect as little data as possible. ### Security -Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. +Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their customers. **Minimum to Qualify:** - Protection of webmail with 2FA, such as TOTP. -- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. +- Zero access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support. - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption. @@ -344,13 +343,14 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. -- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Best Case:** -- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). +- Support for hardware authentication, i.e. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. -- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Published security audits from a reputable third-party firm. - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t **Best Case:** -- Public-facing leadership. - Frequent transparency reports. ### Marketing -With the email providers we recommend we like to see responsible marketing. +With the email providers we recommend, we like to see responsible marketing. **Minimum to Qualify:** -- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. +- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Must not have any marketing which is irresponsible: +Must not have any irresponsible marketing, which can include the following: - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: +- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.) - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Best Case:** -- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Additional Functionality diff --git a/i18n/vi/email.md b/i18n/vi/email.md index b94273f9..38c6b454 100644 --- a/i18n/vi/email.md +++ b/i18n/vi/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. [Recommended Instant Messengers](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ These providers store your emails with zero-knowledge encryption, making them gr ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Advanced system administrators may consider setting up their own email server. M ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } -**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. +**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ We regard these features as important in order to provide a safe and optimal ser - Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. - Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- Catch-all or alias functionality for those who own their own domains. -- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. ### Privacy @@ -315,7 +314,7 @@ We prefer our recommended providers to collect as little data as possible. **Minimum to Qualify:** -- Protect sender's IP address. Filter it from showing in the `Received` header field. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. - Privacy policy that meets the requirements defined by the GDPR. @@ -326,12 +325,12 @@ We prefer our recommended providers to collect as little data as possible. ### Security -Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. +Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their customers. **Minimum to Qualify:** - Protection of webmail with 2FA, such as TOTP. -- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. +- Zero access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support. - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption. @@ -344,13 +343,14 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. -- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Best Case:** -- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). +- Support for hardware authentication, i.e. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. -- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Published security audits from a reputable third-party firm. - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t **Best Case:** -- Public-facing leadership. - Frequent transparency reports. ### Marketing -With the email providers we recommend we like to see responsible marketing. +With the email providers we recommend, we like to see responsible marketing. **Minimum to Qualify:** -- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. +- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Must not have any marketing which is irresponsible: +Must not have any irresponsible marketing, which can include the following: - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: +- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.) - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Best Case:** -- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Additional Functionality diff --git a/i18n/zh-Hant/email.md b/i18n/zh-Hant/email.md index 1954eb79..6802f01e 100644 --- a/i18n/zh-Hant/email.md +++ b/i18n/zh-Hant/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - 電子郵件實際上是使用任何線上服務的必需品,但我們不建議把它應用於人與人之間的對話。 與其使用電子郵件聯繫他人,不如考慮使用支援前向保密的即時通訊媒介。 [推薦的即時通訊工具](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ OpenPGP 也不支持前向保密,這意味著如果你或收件人的私鑰被 ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } -**Proton Mail** 是一個專注於隱私、加密、安全性和易用性的電子郵件服務。 自 **2013 年** 開始運營。 Proton AG 總部位於瑞士日內瓦。 Proton Mail Free 方案隨附 500MB 的郵件儲存空間,可以免費增加至 1GB。 +**Proton Mail** 是一個專注於隱私、加密、安全性和易用性的電子郵件服務。 他們自 2013 年起開始營運。 Proton AG 總部位於瑞士日內瓦。 Proton Mail Free 方案隨附 500MB 的郵件儲存空間,可以免費增加至 1GB。 [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -200,7 +199,7 @@ Mailbox.org 所有方案都提供了數位遺產功能。 你可以選擇是否 ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** 電子郵件服務透由加密應用以專注安全和隱私。 Tuta 自 **2011 年** 開始運營,總部位於德國漢諾威。 免費帳戶提供 10GB 容量。 +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta 自 2011 年開始營運,總部位於德國漢諾威。 免費帳戶提供 10GB 容量。 [:octicons-home-16: 首頁](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="隱私權政策" } @@ -283,7 +282,7 @@ Tuta 不提供數位遺產功能。 ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } -**Mailcow** 是一個更先進的郵件伺服器,非常適合有豐富 Linux 經驗者。 它的 Docke r容器中擁有您需要的一切:支援 DKIM 的郵件伺服器、防毒和垃圾郵件監控、具有SOGo 的 Webmail 和 ActiveSync ,以及具有2FA 支援的網頁管理介面。 +**Mailcow** 是一個更先進的郵件伺服器,非常適合有豐富 Linux 經驗者。 It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -336,8 +335,8 @@ Tuta 不提供數位遺產功能。 - 支援外部使用者的臨時信箱。 當您想要發送加密的電子郵件時,這非常有用,而無需將實際副本發送給您的收件人。 這些電子郵件通常具有限定時效,之後會被自動刪除。 它們也不需要收件人配置任何像OpenPGP這樣的加密技術。 - 可提供 [onion 服務](https://en.wikipedia.org/wiki/.onion)的電子郵件服務供應商。 - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- 為擁有自己網域的用戶提供通用地址或別名功能。 -- 使用標準電子郵件存取協定,例如 IMAP、SMTP 或 [ JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol)。 標準存取協議確保客戶可以輕鬆下載所有電子郵件,一旦他們想切換到其它提供商。 +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). 標準存取協議確保客戶可以輕鬆下載所有電子郵件,一旦他們想切換到其它提供商。 @@ -347,7 +346,7 @@ Tuta 不提供數位遺產功能。 **最低合格要求:** -- 保護發件人的IP位址。 在 `Received` 標題欄位中過濾它。 +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - 除了使用者名稱和密碼外,不要求提供個人身份識別資訊(PII)。 - 隱私政策符合 GDPR 之要求。 @@ -360,12 +359,12 @@ Tuta 不提供數位遺產功能。 ### 安全 -電子郵件伺服器處理大量非常敏感的資料。 我們期望供應商採用行業最佳實踐來保護其會員。 +電子郵件伺服器處理大量非常敏感的資料。 We expect that providers will adopt best industry practices in order to protect their customers. **最低合格要求:** - 使用 2FA 保護網頁郵件,如TOTP。 -- 無存取的靜態加密,如零存取加密。 提供者沒有其所持有資料的解密金鑰。 這可以防止流氓員工外洩所存取的資料或遠程對手通過獲得對伺服器的未經授權的訪問來竊取資料。 +- Zero access encryption, which builds on encryption at rest. 提供者沒有其所持有資料的解密金鑰。 這可以防止流氓員工外洩所存取的資料或遠程對手通過獲得對伺服器的未經授權的訪問來竊取資料。 - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) 支持。 - 使用 [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh) 或[Qualys SSL Labs](https://ssllabs.com/ssltest)等工具沒發現 TLS 錯誤或漏洞; 這包括與憑證相關的錯誤和弱 DH 參數,例如 [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)) 錯誤。 - 伺服器套件偏好(在TLS v1.3上可選),適用於支持正向保密和已驗證加密的強大密碼套件。 @@ -378,13 +377,14 @@ Tuta 不提供數位遺產功能。 - 網站安全標準,例如: - [HTTP 嚴格傳輸安全性](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - 如果從外部網域加載東西時,[子資源完整性](https://en.wikipedia.org/wiki/Subresource_Integrity) 。 -- 必須支援檢視 [訊息表頭](https://en.wikipedia.org/wiki/Email#Message_header),因為它是確定電子郵件是否為網路釣魚嘗試的關鍵取證功能。 +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **最佳案例:** -- 支持硬體驗證,即 U2F 和 [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn)。 U2F 和 WebAuthn 更安全,因為它們使用儲存於客戶端硬體設備上的私鑰來驗證人員,而使用 TOTP 時共享祕密則直接儲存在網頁伺服器和客戶端。 再者 U2F 和 WebAuthn 更能抵抗網絡釣魚,因為它們的驗證回應是基於已驗證過的 [域名](https://en.wikipedia.org/wiki/Domain_name)。 +- 支持硬體驗證,即 U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS憑證授權機構授權(CAA)資源記錄](https://tools.ietf.org/html/rfc6844) 除了DANE支持。 -- 實現 [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain),這對於發佈郵件列表 [RFC8617](https://tools.ietf.org/html/rfc8617)非常有用。 +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- 由信譽良好的第三方公司執行公佈的全面安全審計。 - 漏洞獎勵計劃和/或協調漏洞披露過程。 - 網站安全標準,例如: - [內容安全策略(CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -402,30 +402,29 @@ Tuta 不提供數位遺產功能。 **最佳案例:** -- 面向公眾的領導 - 頻繁的透明度報告。 ### 行銷 -對於所推薦的電子郵件供應商,我們樂見其負責任的營銷。 +With the email providers we recommend, we like to see responsible marketing. **最低合格要求:** -- 必須自行託管分析 (不使用 Google Analytics、Adobe Analytics 等)。 供應商的網站還必須遵守 [DNT (Do Not Track, 請勿追蹤) ](https://en.wikipedia.org/wiki/Do_Not_Track) 的要求,以供選擇退出的人使用。 +- 必須自行託管分析 (不使用 Google Analytics、Adobe Analytics 等)。 The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -不得有任何不負責任的行銷: +Must not have any irresponsible marketing, which can include the following: - 宣稱破解不了的加密 使用加密時應意識到,當有一天技術足以破解它時,它就不再是祕密的。 -- 保證 100% 匿名性保護。 當有人聲稱某件事是100 %時,這意味著失敗沒有確定性。 我們知道人們可以很容易地以多種方式去匿名化自己,例如: +- 保證 100% 匿名性保護。 當有人聲稱某件事是100 %時,這意味著失敗沒有確定性。 We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - 重覆使用個人資訊 (如電子郵件帳戶、獨特的假名等等 pseudonyms, etc.) 而沒透過匿名軟體 (如 Tor, VPN 之類)。 - [瀏覽器指紋](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **最佳案例:** -- 清晰易讀的文件。 這包括諸如設置 2FA 、電子郵件客戶端、OpenPGP等。 +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. diff --git a/i18n/zh/email.md b/i18n/zh/email.md index 2173f260..1f8d9c49 100644 --- a/i18n/zh/email.md +++ b/i18n/zh/email.md @@ -10,7 +10,6 @@ global: - "table tbody" --- - 电子邮件实际上是使用任何在线服务的必需品,但我们不建议使用它进行人与人之间的对话。 与其使用电子邮件与他人联系,不如考虑使用支持前向保密的即时通讯媒介。 [推荐的即时通讯工具](real-time-communication.md ""){.md-button} @@ -55,7 +54,7 @@ These providers natively support OpenPGP encryption/decryption and the [Web Key ! [Proton Mail徽标] (assets/img/email/protonmail.svg) {align = right} -* * Proton Mail * *是一项专注于隐私、加密、安全性和易用性的电子邮件服务。 他们自**2013年**以来一直在运作。 Proton公司总部位于瑞士日内瓦。 The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. +* * Proton Mail * *是一项专注于隐私、加密、安全性和易用性的电子邮件服务。 They have been in operation since 2013. Proton公司总部位于瑞士日内瓦。 The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -192,7 +191,7 @@ These providers store your emails with zero-knowledge encryption, making them gr ![Tuta logo](assets/img/email/tuta.svg#only-light){ align=right } ![Tuta logo](assets/img/email/tuta-dark.svg#only-dark){ align=right } -**Tuta** is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since **2011** and is based in Hanover, Germany. Free accounts start with 1GB of storage. +**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage. [:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" } @@ -257,7 +256,7 @@ Advanced system administrators may consider setting up their own email server. M ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } -**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. +**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: a mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://docs.mailcow.email){ .card-link title=Documentation} @@ -306,8 +305,8 @@ We regard these features as important in order to provide a safe and optimal ser - Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. - Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). - [Sub-addressing](https://en.wikipedia.org/wiki/Email_address#Sub-addressing) support. -- Catch-all or alias functionality for those who own their own domains. -- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. +- Catch-all or alias functionality for those who use their own domains. +- Use of standard email access protocols such as IMAP, SMTP, or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. ### 隐私 @@ -315,7 +314,7 @@ We prefer our recommended providers to collect as little data as possible. **符合条件的最低要求。** -- Protect sender's IP address. Filter it from showing in the `Received` header field. +- Protect sender's IP address, which can involve filtering it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. - Privacy policy that meets the requirements defined by the GDPR. @@ -326,12 +325,12 @@ We prefer our recommended providers to collect as little data as possible. ### 安全性 -Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. +Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their customers. **符合条件的最低要求。** - Protection of webmail with 2FA, such as TOTP. -- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. +- Zero access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support. - No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). - A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption. @@ -344,13 +343,14 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. -- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. +- Must support viewing of [message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. **Best Case:** -- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). +- Support for hardware authentication, i.e. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. -- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Published security audits from a reputable third-party firm. - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) @@ -366,28 +366,27 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t **Best Case:** -- Public-facing leadership. - Frequent transparency reports. ### Marketing -With the email providers we recommend we like to see responsible marketing. +With the email providers we recommend, we like to see responsible marketing. **符合条件的最低要求。** -- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. +- Must self-host analytics (no Google Analytics, Adobe Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt out. -Must not have any marketing which is irresponsible: +Must not have any irresponsible marketing, which can include the following: - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: +- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily de-anonymize themselves in a number of ways, e.g.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software (Tor, VPN, etc.) - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Best Case:** -- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. +- Clear and easy to read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc. ### Additional Functionality