diff --git a/i18n/ar/basics/account-creation.md b/i18n/ar/basics/account-creation.md
index dcd9f988..30337e41 100644
--- a/i18n/ar/basics/account-creation.md
+++ b/i18n/ar/basics/account-creation.md
@@ -53,17 +53,21 @@ When you sign in with OAuth, it will open a login page with the provider you cho
The main advantages are:
-- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Ease of use**: multiple accounts are managed by a single login.
But there are disadvantages:
- **Privacy**: the OAuth provider you log in with will know the services you use.
-- **Centralization**: if the account you use for OAuth is compromised or you aren't able to login to it, all other accounts connected to it are affected.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth authentication can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
-All the services that use OAuth will be as secure as your underlying provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Phone number
diff --git a/i18n/bn-IN/basics/account-creation.md b/i18n/bn-IN/basics/account-creation.md
index dcd9f988..30337e41 100644
--- a/i18n/bn-IN/basics/account-creation.md
+++ b/i18n/bn-IN/basics/account-creation.md
@@ -53,17 +53,21 @@ When you sign in with OAuth, it will open a login page with the provider you cho
The main advantages are:
-- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Ease of use**: multiple accounts are managed by a single login.
But there are disadvantages:
- **Privacy**: the OAuth provider you log in with will know the services you use.
-- **Centralization**: if the account you use for OAuth is compromised or you aren't able to login to it, all other accounts connected to it are affected.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth authentication can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
-All the services that use OAuth will be as secure as your underlying provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Phone number
diff --git a/i18n/bn/basics/account-creation.md b/i18n/bn/basics/account-creation.md
index dcd9f988..30337e41 100644
--- a/i18n/bn/basics/account-creation.md
+++ b/i18n/bn/basics/account-creation.md
@@ -53,17 +53,21 @@ When you sign in with OAuth, it will open a login page with the provider you cho
The main advantages are:
-- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Ease of use**: multiple accounts are managed by a single login.
But there are disadvantages:
- **Privacy**: the OAuth provider you log in with will know the services you use.
-- **Centralization**: if the account you use for OAuth is compromised or you aren't able to login to it, all other accounts connected to it are affected.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth authentication can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
-All the services that use OAuth will be as secure as your underlying provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Phone number
diff --git a/i18n/cs/basics/account-creation.md b/i18n/cs/basics/account-creation.md
index dcd9f988..30337e41 100644
--- a/i18n/cs/basics/account-creation.md
+++ b/i18n/cs/basics/account-creation.md
@@ -53,17 +53,21 @@ When you sign in with OAuth, it will open a login page with the provider you cho
The main advantages are:
-- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Ease of use**: multiple accounts are managed by a single login.
But there are disadvantages:
- **Privacy**: the OAuth provider you log in with will know the services you use.
-- **Centralization**: if the account you use for OAuth is compromised or you aren't able to login to it, all other accounts connected to it are affected.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth authentication can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
-All the services that use OAuth will be as secure as your underlying provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Phone number
diff --git a/i18n/de/basics/account-creation.md b/i18n/de/basics/account-creation.md
index 4530a55e..a1f7aa5b 100644
--- a/i18n/de/basics/account-creation.md
+++ b/i18n/de/basics/account-creation.md
@@ -53,17 +53,21 @@ When you sign in with OAuth, it will open a login page with the provider you cho
The main advantages are:
-- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Ease of use**: multiple accounts are managed by a single login.
But there are disadvantages:
- **Privacy**: the OAuth provider you log in with will know the services you use.
-- **Centralization**: if the account you use for OAuth is compromised or you aren't able to login to it, all other accounts connected to it are affected.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth authentication can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
-All the services that use OAuth will be as secure as your underlying provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Phone number
diff --git a/i18n/el/basics/account-creation.md b/i18n/el/basics/account-creation.md
index dcd9f988..30337e41 100644
--- a/i18n/el/basics/account-creation.md
+++ b/i18n/el/basics/account-creation.md
@@ -53,17 +53,21 @@ When you sign in with OAuth, it will open a login page with the provider you cho
The main advantages are:
-- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Ease of use**: multiple accounts are managed by a single login.
But there are disadvantages:
- **Privacy**: the OAuth provider you log in with will know the services you use.
-- **Centralization**: if the account you use for OAuth is compromised or you aren't able to login to it, all other accounts connected to it are affected.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth authentication can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
-All the services that use OAuth will be as secure as your underlying provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Phone number
diff --git a/i18n/eo/basics/account-creation.md b/i18n/eo/basics/account-creation.md
index dcd9f988..30337e41 100644
--- a/i18n/eo/basics/account-creation.md
+++ b/i18n/eo/basics/account-creation.md
@@ -53,17 +53,21 @@ When you sign in with OAuth, it will open a login page with the provider you cho
The main advantages are:
-- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Ease of use**: multiple accounts are managed by a single login.
But there are disadvantages:
- **Privacy**: the OAuth provider you log in with will know the services you use.
-- **Centralization**: if the account you use for OAuth is compromised or you aren't able to login to it, all other accounts connected to it are affected.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth authentication can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
-All the services that use OAuth will be as secure as your underlying provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Phone number
diff --git a/i18n/es/basics/account-creation.md b/i18n/es/basics/account-creation.md
index ec24db4e..60d5caf2 100644
--- a/i18n/es/basics/account-creation.md
+++ b/i18n/es/basics/account-creation.md
@@ -53,17 +53,21 @@ Cuando inicies sesión con OAuth, se abrirá una página de inicio de sesión co
Las principales ventajas son:
-- **Seguridad**: no hay riesgo de verse implicado en una [violación de datos ](https://en.wikipedia.org/wiki/Data_breach) porque el sitio web no almacena tus credenciales.
+- **Seguridad**: no tienes que confiar en las prácticas de seguridad del servicio al que te conectas cuando se trata de almacenar tus credenciales de inicio de sesión, porque se almacenan con el proveedor externo de OAuth, que cuando se trata de servicios como Apple y Google suelen seguir las mejores prácticas de seguridad, auditan continuamente sus sistemas de autenticación y no almacenan credenciales de forma inapropiada (como en texto plano).
- **Facilidad de uso**: varias cuentas se gestionan con un solo inicio de sesión.
Pero hay desventajas:
- **Privacidad**: el proveedor de OAuth con el que te conectes sabrá los servicios que utilizas.
-- **Centralización**: si la cuenta que utilizas para OAuth se ve comprometida o no puedes iniciar sesión en ella, todas las demás cuentas conectadas a ella se verán afectadas.
+- **Centralización**: si la cuenta que utilizas para OAuth se ve comprometida, o no eres capaz de iniciar sesión en ella, todas las demás cuentas conectadas a ella se verán afectadas.
-La autenticación OAuth puede ser especialmente útil en situaciones en las que podrías beneficiarte de una integración más profunda entre servicios. Nuestra recomendación es limitar el uso de OAuth solamente donde lo necesites, y proteger siempre la cuenta principal con [MFA](multi-factor-authentication.md).
+OAuth puede ser especialmente útil en aquellas situaciones en las que podrías beneficiarte de una integración más profunda entre servicios. Nuestra recomendación es limitar el uso de OAuth solamente donde lo necesites, y proteger siempre la cuenta principal con [MFA](multi-factor-authentication.md).
-Todos los servicios que utilicen OAuth serán tan seguros como la cuenta de tu proveedor subyacente. Por ejemplo, si quieres proteger una cuenta con una llave de hardware, pero ese servicio no admite llaves de hardware, puedes proteger la cuenta que utilizas con OAuth con una llave de hardware en su lugar, y ahora básicamente tienes MFA por hardware en todas tus cuentas. Vale la pena señalar, sin embargo, que una autenticación débil en su cuenta de proveedor de OAuth significa que cualquier cuenta vinculada a ese inicio de sesión también será débil.
+Todos los servicios que utilicen OAuth serán tan seguros como la cuenta de tu proveedor de OAuth subyacente. Por ejemplo, si quieres proteger una cuenta con una llave de hardware, pero ese servicio no admite llaves de hardware, puedes proteger la cuenta que utilizas con OAuth con una llave de hardware en su lugar, y ahora básicamente tienes MFA por hardware en todas tus cuentas. Vale la pena señalar, sin embargo, que una autenticación débil en su cuenta de proveedor de OAuth significa que cualquier cuenta vinculada a ese inicio de sesión también será débil.
+
+Existe un peligro adicional cuando se utiliza *Iniciar sesión con Google*, *Facebook*, u otro servicio, y es que normalmente el proceso OAuth permite una compartición de datos *bidireccional*. Por ejemplo, iniciar sesión en un foro con tu cuenta de Twitter podría conceder a ese foro acceso para hacer cosas en tu cuenta de Twitter como publicar, leer tus mensajes o acceder a otros datos personales. Los proveedores de OAuth normalmente te presentarán una lista de cosas a las que estás concediendo acceso al servicio externo, y siempre debes asegurarte de que lees esa lista y no concedes inadvertidamente al servicio externo acceso a algo que no necesita.
+
+Las aplicaciones maliciosas, especialmente en dispositivos móviles en los que la aplicación tiene acceso a la sesión WebView utilizada para iniciar sesión en el proveedor OAuth, también pueden abusar de este proceso secuestrando tu sesión con el proveedor OAuth y obteniendo acceso a tu cuenta OAuth a través de esos medios. El uso de la opción *Iniciar sesión con* con cualquier proveedor debe considerarse normalmente una cuestión de comodidad que solo se utiliza con servicios en los que se confía que no son activamente maliciosos.
### Número de teléfono
diff --git a/i18n/es/device-integrity.md b/i18n/es/device-integrity.md
index ede8f050..87876643 100644
--- a/i18n/es/device-integrity.md
+++ b/i18n/es/device-integrity.md
@@ -1,76 +1,76 @@
---
-title: Device Integrity
+title: Integridad del Dispositivo
icon: material/security
-description: These tools can be used to check your devices for compromise.
+description: Estas herramientas pueden utilizarse para comprobar si tus dispositivos están comprometidos.
cover: device-integrity.webp
---
-These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
+Estas herramientas pueden utilizarse para validar la integridad de tus dispositivos móviles y comprobar si presentan indicadores de compromiso por programas espía y maliciosos como Pegasus, Predator o KingsPawn. Esta página se centra en la **seguridad móvil**, porque los dispositivos móviles suelen tener sistemas de solo lectura con configuraciones bien conocidas, por lo que detectar modificaciones maliciosas es más fácil que en los sistemas de escritorio tradicionales. Es posible que en el futuro ampliemos el contenido de esta página.
-!!! note "This is an advanced topic"
+!!! nota "Este es un tema avanzado"
```
-These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
+Estas herramientas pueden resultar útiles para determinadas personas. Proporcionan funcionalidades de las que la mayoría de la gente no necesita preocuparse, y a menudo requieren conocimientos técnicos más profundos para utilizarlas con eficacia.
```
-It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
+Es **crítico** entender que escanear tu dispositivo en busca de indicadores públicos de compromiso no es **suficiente** para determinar que un dispositivo está "limpio" y no es el objetivo de una herramienta de spyware en particular. Confiar en estas herramientas de escaneado de acceso público puede pasar por alto los últimos avances en materia de seguridad y darte una falsa sensación de seguridad.
-## General Advice
+## Consejo General
-The majority of system-level exploits on modern mobile devices—especially zero-click compromises—are non-persistent, meaning they will not remain or run automatically after a reboot. For this reason, we highly recommend rebooting your device regularly. We recommend everybody reboot their devices once a week at minimum, but if non-persistent malware is of particular concern for you, we and many security experts recommend a daily reboot schedule.
+La mayoría de los exploits a nivel de sistema en los dispositivos móviles modernos -especialmente los de tipo zero-click- no son persistentes, lo que significa que no permanecen ni se ejecutan automáticamente tras un reinicio. Por este motivo, recomendamos encarecidamente reiniciar el dispositivo con regularidad. Recomendamos a todo el mundo que reinicie sus dispositivos una vez a la semana como mínimo, pero si el malware no persistente te preocupa especialmente, nosotros y muchos expertos en seguridad recomendamos un programa de reinicio diario.
-This means an attacker would have to regularly re-infect your device to retain access, although we'll note this is not impossible. Rebooting your device also will not protect you against _persistent_ malware, but this is less common on mobile devices due to modern security features like secure/verified boot.
+Esto significa que un atacante tendría que reinfectar regularmente tu dispositivo para mantener el acceso, aunque cabe señalar que esto no es imposible. Reiniciar tu dispositivo tampoco te protegerá contra el malware _persistente_, pero esto es menos común en los dispositivos móviles debido a las modernas características de seguridad como el arranque seguro/verificado.
-## Post-Compromise Information & Disclaimer
+## Información Posterior al Compromiso y Descargo de Responsabilidad
-If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
+Si alguna de las siguientes herramientas indica un posible compromiso por parte de programas espía como Pegasus, Predator o KingsPawn, te aconsejamos que te pongas en contacto con:
-- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us/)
-- If a business or government device is compromised: Contact the appropriate security liason at your enterprise, department, or agency
-- Local law enforcement
+- Si eres un defensor de los derechos humanos, periodista o perteneces a una organización de la sociedad civil: [Laboratorio de Seguridad de Amnistía Internacional](https://securitylab.amnesty.org/contact-us/)
+- Si un dispositivo empresarial o gubernamental se ve comprometido: Ponte en contacto con el responsable de seguridad de tu empresa, departamento o agencia
+- Fuerzas y cuerpos de seguridad locales
-**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
+**No podemos ayudarte directamente más allá de esto.** Estamos encantados de discutir tu situación específica o circunstancias y de revisar tus resultados en nuestros espacios de \[community]\(https\://discuss. rivacyguides.net), pero es poco probable que podamos ayudarte más allá de lo que está escrito en esta página.
-The tools on this page are only capable of detecting indicators of compromise, not removing them. If you are concerned about having been compromised, we advise that you:
+Las herramientas de esta página solo son capaces de detectar indicadores de compromiso, no de eliminarlos. Si te preocupa haber sido comprometido, te aconsejamos que:
-- Consider replacing the device completely
-- Consider changing your SIM/eSIM number
-- Not restore from a backup, because that backup may be compromised
+- Considera la posibilidad de sustituir el dispositivo por completo
+- Considera cambiar tu número SIM/eSIM
+- No restaures a partir de una copia de seguridad, porque esa copia puede estar comprometida
-These tools provide analysis based on the information they have the ability to access from your device, and publicly-accessible indicators of compromise. It is important to keep in mind two things:
+Estas herramientas ofrecen análisis basados en la información a la que pueden acceder desde tu dispositivo, así como indicadores de compromiso de acceso público. Es importante tener en cuenta dos cosas:
-1. Indicators of compromise are just that: _indicators_. They are not a definitive finding, and may occasionally be **false positives**. If an indicator of compromise is detected, it means you should do additional research into the _potential_ threat.
-2. The indicators of compromise these tools look for are published by threat research organizations, but not all indicators are made available to the public! This means that these tools can present a **false negative**, if your device is infected with spyware which is not detected by any of the public indicators. Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
+1. Los indicadores de compromiso son solo eso: _indicadores_. No son un hallazgo definitivo, y ocasionalmente pueden ser **falsos positivos**. Si se detecta un indicador de compromiso, significa que debes realizar una investigación adicional sobre la amenaza _potencial_.
+2. Los indicadores de peligro que buscan estas herramientas son publicados por organizaciones de investigación de amenazas, ¡pero no todos los indicadores se ponen a disposición del público! Esto significa que estas herramientas pueden presentar un **falso negativo**, si tu dispositivo está infectado con spyware que no es detectado por ninguno de los indicadores públicos. Un apoyo y triaje forense digital fiable y completo requiere acceso a indicadores no públicos, investigación e inteligencia sobre amenazas.
-## External Verification Tools
+## Herramientas de Verificación Externas
-External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
+Las herramientas de verificación externas se ejecutan en el ordenador y escanean el dispositivo móvil en busca de rastros forenses que resulten útiles para identificar un posible compromiso.
!!! danger "Peligro"
```
-Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
+Los indicadores públicos de compromiso son insuficientes para determinar que un dispositivo está "limpio" y no es el objetivo de una herramienta espía concreta. Confiar únicamente en indicadores públicos puede pasar por alto rastros forenses recientes y dar una falsa sensación de seguridad.
-Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
+Un apoyo y un triaje forenses digitales fiables y completos requieren acceso a indicadores no públicos, investigación e inteligencia sobre amenazas.
-Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Now’s Digital Security Helpline](https://www.accessnow.org/help/).
+Este tipo de apoyo está disponible para la sociedad civil a través de [Laboratorio de Seguridad de Amnistía Internacional](https://www.amnesty.org/es/tech/) o [Línea de Ayuda de Seguridad Digital de Access Now](https://www.accessnow.org/help/).
```
-These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
+Estas herramientas pueden desencadenar falsos positivos. Si alguna de estas herramientas detecta indicadores de peligro, debes profundizar para determinar el riesgo real. Algunos informes pueden ser falsos positivos basados en sitios web que has visitado en el pasado, y los hallazgos que tienen muchos años de antigüedad probablemente sean falsos positivos o indiquen un compromiso anterior (y ya no activo).
### Mobile Verification Toolkit
-!!! recommendation
+!!! recommendation "Recomendación"
```
{ align=right }
-**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
+**Mobile Verification Toolkit** (**MVT**) es una colección de utilidades que simplifica y automatiza el proceso de escaneo de dispositivos móviles en busca de posibles rastros de ataques o infecciones por campañas de spyware conocidas. MVT fue desarrollado por Amnistía Internacional y publicado en 2021 en el contexto del [Proyecto Pegasus](https://forbiddenstories.org/about-the-pegasus-project/).
-[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
-[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
+[:octicons-home-16: Página Principal](https://mvt.re/){ .md-button .md-button--primary }
+[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Código Fuente" }
-??? downloads
+??? downloads "Descargas"
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
@@ -79,128 +79,128 @@ These tools can trigger false-positives. If any of these tools finds indicators
!!! warning "Advertencia"
```
-Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
+El uso de MVT no es suficiente para determinar que un dispositivo está "limpio" y no es objetivo de una herramienta espía concreta.
```
-MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
+MVT es _más_ útil para escanear dispositivos iOS. Android almacena muy poca información de diagnóstico útil para triar posibles compromisos, y debido a esto las capacidades de `mvt-android` también son limitadas. Por otro lado, las copias de seguridad cifradas de iTunes para iOS proporcionan un subconjunto de archivos almacenados en el dispositivo lo suficientemente grande como para detectar artefactos sospechosos en muchos casos. Dicho esto, MVT sigue proporcionando herramientas bastante útiles para el análisis tanto de iOS como de Android.
-If you use iOS and are at high-risk, we have three additional suggestions for you:
+Si utilizas iOS y estás en situación de alto riesgo, tenemos tres sugerencias adicionales para ti:
-1. Create and keep regular (monthly) iTunes backups. This allows you to find and diagnose past infections later with MVT, if new threats are discovered in the future.
+1. Crea y mantén copias de seguridad periódicas (mensuales) de iTunes. Esto te permite encontrar y diagnosticar infecciones pasadas más tarde con MVT, si se descubren nuevas amenazas en el futuro.
-2. Trigger _sysdiagnose_ logs often and back them up externally. These logs can provide invaluable data to future forensic investigators if need be.
+2. Activa los registros de _sysdiagnose_ a menudo y respáldalos externamente. Estos registros pueden proporcionar datos muy valiosos a futuros investigadores forenses en caso necesario.
- The process to do so varies by model, but you can trigger it on newer phones by holding down _Power_ + _Volume Up_ + _Volume Down_ until you feel a brief vibration. After a few minutes, the timestamped _sysdiagnose_ log will appear in **Settings** > **Privacy & Security** > **Analytics & Improvements** > **Analytics Data**.
+ El proceso para hacerlo varía según el modelo, pero puedes activarlo en los teléfonos más nuevos manteniendo pulsados _Apagar_ + _Subir volumen_ + _Bajar volumen_ hasta que sientas una breve vibración. Transcurridos unos minutos, el registro _sysdiagnose_ con fecha y hora aparecerá en **Configuración** > **Privacidad y seguridad** > **Análisis y Mejoras** > **Datos de Análisis**.
-3. Enable [Lockdown Mode](https://blog.privacyguides.org/2022/10/27/macos-ventura-privacy-security-updates/#lockdown-mode).
+3. Activa eñ [Modo de Bloqueo](https://blog.privacyguides.org/2022/10/27/macos-ventura-privacy-security-updates/#lockdown-mode).
-MVT allows you to perform deeper scans/analysis if your device is jailbroken. Unless you know what you are doing, **do not jailbreak or root your device.** Jailbreaking your device exposes it to considerable security risks.
+MVT te permite realizar escaneos/análisis más profundos si tu dispositivo tiene jailbreak. A menos que sepas lo que estás haciendo, **no hagas jailbreak ni root a tu dispositivo.** Hacer jailbreak a tu dispositivo lo expone a considerables riesgos de seguridad.
### iMazing (iOS)
-!!! recommendation
+!!! recommendation "Recomendación"
```
{ align=right }
-**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
+**iMazing** proporciona una herramienta gratuita de análisis de spyware para dispositivos iOS que actúa como un GUI-wrapper para [MVT](#mobile-verification-toolkit). Esto puede ser mucho más fácil de ejecutar en comparación con el propio MVT, que es una herramienta de línea de comandos diseñada para tecnólogos e investigadores forenses.
-[:octicons-home-16: Homepage](https://imazing.com/){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
+[:octicons-home-16: Página Principal](https://imazing.com/){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Política de Privacidad" }
+[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentación}
-??? downloads
+??? downloads "Descargas"
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automatiza y te guía de forma interactiva a través del proceso de uso de [MVT](#mobile-verification-toolkit) para escanear tu dispositivo en busca de indicadores de compromiso de acceso público publicados por varios investigadores de amenazas. Toda la información y advertencias que se aplican a MVT se aplican también a esta herramienta, por lo que te sugerimos que te familiarices también con las notas sobre MVT de las secciones anteriores.
-## On-Device Verification
+## Verificación en el Dispositivo
-These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
+Se trata de aplicaciones que puedes instalar y que comprueban el dispositivo y el sistema operativo en busca de signos de manipulación y validan la identidad del dispositivo.
!!! warning "Advertencia"
```
-Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
+El uso de estas aplicaciones no basta para determinar que un dispositivo está "limpio" y no es objetivo de una herramienta de spyware concreta.
```
### Auditor (Android)
-!!! recommendation
+!!! recommendation "Recomendación"
```
{ align=right }
{ align=right }
-**Auditor** is an app which leverages hardware security features to provide device integrity monitoring by actively validating the identity of a device and the integrity of its operating system. Currently, it only works with GrapheneOS or the stock operating system for [supported devices](https://attestation.app/about#device-support).
+**Auditor** es una aplicación que aprovecha las características de seguridad del hardware para supervisar la integridad del dispositivo validando activamente la identidad de un dispositivo y la integridad de su sistema operativo. Actualmente, solo funciona con GrapheneOS o con el sistema operativo original de [dispositivos compatibles](https://attestation.app/about#device-support).
-[:octicons-home-16: Homepage](https://attestation.app){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://attestation.app/about){ .card-link title=Documentation}
-[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
+[:octicons-home-16: Página Principal](https://attestation.app){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Política de Privacidad" }
+[:octicons-info-16:](https://attestation.app/about){ .card-link title=Documentación}
+[:octicons-code-16:](https://attestation.app/source){ .card-link title="Código Fuente" }
+[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribuir }
-??? downloads
+??? downloads "Descargas"
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
-Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
+Auditor no es una herramienta de escaneo/análisis como otras herramientas de esta página, sino que utiliza el almacén de claves respaldado por hardware de tu dispositivo para permitirte verificar la identidad de tu dispositivo y asegurarte de que el propio sistema operativo no ha sido manipulado o degradado a través de un arranque verificado. Esto proporciona una comprobación muy sólida de la integridad del propio dispositivo, pero no comprueba necesariamente si las aplicaciones a nivel de usuario que se ejecutan en el dispositivo son maliciosas.
-Auditor performs attestation and intrusion detection with **two** devices, an _auditee_ (the device being verified) and an _auditor_ (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
+El auditor realiza la atestación y la detección de intrusiones con **dos** dispositivos, uno _auditado_ (el dispositivo que se verifica) y un _auditor_ (el dispositivo que realiza la verificación). El auditor puede ser cualquier dispositivo Android 10+ (o un servicio web remoto operado por [GrapheneOS](android.md#grapheneos)), mientras que el auditado debe ser específicamente un [dispositivo soportado](https://attestation.app/about#device-support). Auditor funciona así:
-- Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an _auditor_ and _auditee_, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore/) of the _Auditor_.
-- The _auditor_ can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
-- The _auditor_ records the current state and configuration of the _auditee_.
-- Should tampering with the operating system of the _auditee_ happen after the pairing is complete, the auditor will be aware of the change in the device state and configurations.
-- You will be alerted to the change.
+- Utilizando un modelo [Confiar en el Primer Uso (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) entre un _auditor_ y un _auditado_, la pareja establece una clave privada en el [almacén de claves respaldado por hardware](https://source.android.com/security/keystore/) de _Auditor_.
+- El _auditor_ puede ser otra instancia de la aplicación Auditor o el [Servicio de Certificación a Distancia](https://attestation.app).
+- El _auditor_ registra el estado actual y la configuración del _auditado_.
+- En caso de que se produzca una manipulación del sistema operativo del _auditado_ una vez completado el emparejamiento, el auditor será consciente del cambio en el estado y las configuraciones del dispositivo.
+- Se te avisará del cambio.
-It is important to note that Auditor can only effectively detect changes **after** the initial pairing, not necessarily during or before due to its TOFU model. To make sure that your hardware and operating system is genuine, [perform local attestation](https://grapheneos.org/install/web#verifying-installation) immediately after the device has been installed and prior to any internet connection.
+Es importante señalar que Auditor solo puede detectar eficazmente cambios **después** del emparejamiento inicial, no necesariamente durante o antes debido a su modelo TOFU. Para asegurarte de que el hardware y el sistema operativo son auténticos, [realiza una atestación local](https://grapheneos.org/install/web#verifying-installation) inmediatamente después de instalar el dispositivo y antes de cualquier conexión a Internet.
-No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring.
+No se envía información personal identificable al servicio de certificación. Recomendamos que te registres con una cuenta anónima y actives la atestación remota para una supervisión continua.
-If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using [Orbot](tor.md#orbot) or a VPN to hide your IP address from the attestation service.
+Si tu [modelo de amenaza](basics/threat-modeling.md) requiere privacidad, podrías considerar utilizar [Orbot](tor.md#orbot) o una VPN para ocultar tu dirección IP al servicio de atestación.
-## On-Device Scanners
+## Escáneres en el Dispositivo
-These are apps you can install on your device which scan your device for signs of compromise.
+Se trata de aplicaciones que puedes instalar en tu dispositivo y que lo escanean en busca de señales de peligro.
!!! warning "Advertencia"
```
-Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
+El uso de estas aplicaciones no basta para determinar que un dispositivo está "limpio" y no es objetivo de una herramienta de spyware concreta.
```
### Hypatia (Android)
-!!! recommendation
+!!! recommendation "Recomendación"
```
{ align=right }
{ align=right }
-**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
+**Hypatia** es un escáner de malware en tiempo real de código abierto para Android, del desarrollador de [DivestOS](android.md#divestos). Accede a Internet para descargar actualizaciones de la base de datos de firmas, pero no sube tus archivos ni ningún metadato a la nube (los escaneos se realizan de forma totalmente local).
-[:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
-[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
+[:octicons-home-16: Página Principal](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Política de Privacidad" }
+[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Código Fuente" }
+[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribuir }
-??? downloads
+??? downloads "Descargas"
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
-Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
+Hypatia es especialmente bueno en la detección de stalkerware común: Si sospechas que eres víctima de stalkerware, deberías [visitar esta página](https://stopstalkerware.org/information-for-survivors/) para obtener asesoramiento.
### iVerify (iOS)
-!!! recommendation
+!!! recommendation "Recomendación"
```
{ align=right }
diff --git a/i18n/es/photo-management.md b/i18n/es/photo-management.md
index 030935db..dc2d21ed 100644
--- a/i18n/es/photo-management.md
+++ b/i18n/es/photo-management.md
@@ -1,28 +1,28 @@
---
title: Gestión de Fotografías
icon: material/image
-description: Photo management tools to keep your personal photos safe from the prying eyes of cloud storage providers and other unauthorized access.
+description: Herramientas de gestión de fotos para mantener tus fotos personales a salvo de las miradas indiscretas de los proveedores de almacenamiento en la nube y de otros accesos no autorizados.
cover: photo-management.webp
---
-Most cloud photo management solutions like Google Photos, Flickr, and Amazon Photos don't secure your photos against being accessed by the cloud storage provider themselves. These options keep your personal photos private, while allowing you to share them only with family and trusted people.
+La mayoría de las soluciones de gestión de fotos en la nube, como Google Photos, Flickr y Amazon Photos, no protegen tus fotos contra el acceso del propio proveedor de almacenamiento en la nube. Estas opciones mantienen la privacidad de tus fotos personales y te permiten compartirlas solo con familiares y personas de confianza.
## ente
-!!! recommendation
+!!! recommendation "Recomendación"
```
{ align=right }
{ align=right }
-**ente** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. It underwent an [audit by Cure53](https://ente.io/blog/cryptography-audit/) in March 2023.
+**ente** es un servicio de copia de seguridad de fotos cifrado de extremo a extremo que permite realizar copias de seguridad automáticas en iOS y Android. Se sometió a una [auditoría por parte de Cure53](https://ente.io/blog/cryptography-audit/) en marzo de 2023.
-[:octicons-home-16: Homepage](https://ente.io/){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://ente.io/faq){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/ente-io){ .card-link title="Source Code" }
+[:octicons-home-16: Página Principal](https://ente.io/){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Política de Privacidad" }
+[:octicons-info-16:](https://ente.io/faq){ .card-link title=Documentación}
+[:octicons-code-16:](https://github.com/ente-io){ .card-link title="Código Fuente" }
-??? downloads
+??? downloads "Descargas"
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.ente.photos)
- [:simple-android: Android](https://ente.io/download)
@@ -36,18 +36,18 @@ Most cloud photo management solutions like Google Photos, Flickr, and Amazon Pho
## Stingle
-!!! recommendation
+!!! recommendation "Recomendación"
```
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** es una aplicación de galería y cámara con funciones integradas de copia de seguridad cifrada de extremo a extremo y sincronización de fotos y vídeos. El almacenamiento comienza en 1GB para cuentas gratuitas en su nube, o puedes alojar tu propio servidor API Stingle para una independencia total.
-[:octicons-home-16: Homepage](https://stingle.org/){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://stingle.org/privacy/){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://stingle.org/faq/){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/stingle){ .card-link title="Source Code" }
+[:octicons-home-16: Página Principal](https://stingle.org/){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://stingle.org/privacy/){ .card-link title="Política de Privacidad" }
+[:octicons-info-16:](https://stingle.org/faq/){ .card-link title=Documentación}
+[:octicons-code-16:](https://github.com/stingle){ .card-link title="Código Fuente" }
??? downloads
@@ -59,36 +59,36 @@ Most cloud photo management solutions like Google Photos, Flickr, and Amazon Pho
## PhotoPrism
-!!! recommendation
+!!! recommendation "Recomendación"
```
{ align=right }
-**PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://www.photoprism.app/features). It does not include E2EE, so it's best hosted on a server that you trust and is under your control.
+**PhotoPrism** es una plataforma autoalojable para la gestión de fotos. Admite la sincronización y compartición de álbumes, así como una variedad de otras [features](https://www.photoprism.app/features). No incluye E2EE, por lo que es mejor alojarlo en un servidor en el que confíes y que esté bajo tu control.
-[:octicons-home-16: Homepage](https://www.photoprism.app){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://www.photoprism.app/privacy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://www.photoprism.app/kb){ .card-link title=Documentation}
-[:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
+[:octicons-home-16: Página Principal](https://www.photoprism.app){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://www.photoprism.app/privacy){ .card-link title="Política de Privacidad" }
+[:octicons-info-16:](https://www.photoprism.app/kb){ .card-link title=Documentación}
+[:octicons-code-16:](https://github.com/photoprism){ .card-link title="Código Fuente" }
-??? downloads
+??? downloads "Descargas"
- [:simple-github: GitHub](https://github.com/photoprism)
```
## Criterios
-**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Sugerimos que te familiarices con esta lista, antes de decidir utilizar un proyecto y realizar tu propia investigación para asegurarte de que es la elección ideal para ti.
+**Por favor, ten en cuenta que no estamos afiliados con ninguno de los proyectos que recomendamos.** Además de [nuestros criterios estándar](about/criteria.md), hemos desarrollado un conjunto claro de requisitos que nos permiten ofrecer recomendaciones objetivas. Sugerimos que te familiarices con esta lista, antes de decidir utilizar un proyecto y realizar tu propia investigación para asegurarte de que es la elección ideal para ti.
!!! example "Esta sección es nueva"
```
-We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
+Estamos trabajando para establecer criterios definidos para cada sección de nuestro sitio, y esto puede estar sujeto a cambios. Si tienes alguna pregunta sobre nuestros criterios, por favor [pregunta en nuestro foro](https://discuss.privacyguides.net/latest) y no asumas que no hemos tenido en cuenta algo al hacer nuestras recomendaciones si no aparece aquí. Son muchos los factores que se tienen en cuenta y se discuten cuando recomendamos un proyecto, y documentar cada uno de ellos es un trabajo en curso.
```
### Requisitos Mínimos
-- Cloud-hosted providers must enforce end-to-end encryption.
+- Los proveedores alojados en la nube deben aplicar cifrado de extremo a extremo.
- Debe ofrecer un plan gratuito o un periodo de prueba.
- Debe ser compatible con la autenticación multifactor TOTP o FIDO2, o con los inicios de sesión Passkey.
- Debe ofrecer una interfaz web que admita funciones básicas de gestión de archivos.
diff --git a/i18n/fa/basics/account-creation.md b/i18n/fa/basics/account-creation.md
index dcd9f988..30337e41 100644
--- a/i18n/fa/basics/account-creation.md
+++ b/i18n/fa/basics/account-creation.md
@@ -53,17 +53,21 @@ When you sign in with OAuth, it will open a login page with the provider you cho
The main advantages are:
-- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Ease of use**: multiple accounts are managed by a single login.
But there are disadvantages:
- **Privacy**: the OAuth provider you log in with will know the services you use.
-- **Centralization**: if the account you use for OAuth is compromised or you aren't able to login to it, all other accounts connected to it are affected.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth authentication can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
-All the services that use OAuth will be as secure as your underlying provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Phone number
diff --git a/i18n/fr/basics/account-creation.md b/i18n/fr/basics/account-creation.md
index 3c1020e8..03a3fece 100644
--- a/i18n/fr/basics/account-creation.md
+++ b/i18n/fr/basics/account-creation.md
@@ -53,17 +53,21 @@ Lorsque vous vous connectez avec OAuth, une page de connexion s'ouvre avec le fo
Les principaux avantages sont les suivants :
-- **Sécurité**: aucun risque d'être impliqué dans une [fuite de données](https://fr.wikipedia.org/wiki/Violation_de_donn%C3%A9es) car le site ne stocke pas vos informations d'identification.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Facilité d'utilisation**: plusieurs comptes sont gérés par un seul login.
Mais il y a des inconvénients :
- **Vie privée**: le fournisseur OAuth avec lequel vous vous connectez connaîtra les services que vous utilisez.
-- **Centralisation**: si le compte que vous utilisez pour OAuth est compromis ou si vous n'êtes pas en mesure de vous y connecter, tous les autres comptes qui y sont connectés sont affectés.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-L'authentification OAuth peut être particulièrement utile dans les situations où vous pourriez bénéficier d'une intégration plus poussée entre les services. Nous recommandons de limiter l'utilisation d'OAuth aux seuls cas où vous en avez besoin et de toujours protéger le compte principal à l'aide de [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Nous recommandons de limiter l'utilisation d'OAuth aux seuls cas où vous en avez besoin et de toujours protéger le compte principal à l'aide de [MFA](multi-factor-authentication.md).
-Tous les services qui utilisent OAuth seront aussi sûrs que le compte de votre fournisseur sous-jacent. Par exemple, si vous souhaitez sécuriser un compte avec une clé matérielle, mais que ce service ne prend pas en charge les clés matérielles, vous pouvez sécuriser le compte que vous utilisez avec OAuth avec une clé matérielle à la place, et vous disposez alors d'une MFA matérielle sur tous vos comptes. Il convient toutefois de noter qu'une authentification faible sur votre compte de fournisseur OAuth signifie que tout compte lié à cette connexion sera également faiblement sécurisé.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. Par exemple, si vous souhaitez sécuriser un compte avec une clé matérielle, mais que ce service ne prend pas en charge les clés matérielles, vous pouvez sécuriser le compte que vous utilisez avec OAuth avec une clé matérielle à la place, et vous disposez alors d'une MFA matérielle sur tous vos comptes. Il convient toutefois de noter qu'une authentification faible sur votre compte de fournisseur OAuth signifie que tout compte lié à cette connexion sera également faiblement sécurisé.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Numéro de téléphone
diff --git a/i18n/fr/os/android-overview.md b/i18n/fr/os/android-overview.md
index f9d89ba7..1b60e76b 100644
--- a/i18n/fr/os/android-overview.md
+++ b/i18n/fr/os/android-overview.md
@@ -12,7 +12,7 @@ description: Android est un système d'exploitation open source doté de solides
### Choisir une distribution Android
-Lorsque vous achetez un téléphone Android, le système d'exploitation par défaut est livré avec des applications et des fonctionnalités qui ne font pas partie de l'Android Open-Source Project. Many of these apps—even apps like the dialer which provide basic system functionality—require invasive integrations with Google Play Services, which in turn asks for privileges to access your files, contacts storage, call logs, SMS messages, location, camera, microphone, and numerous other things on your device in order for those basic system apps and many other apps to function in the first place. Frameworks like Google Play Services increase the attack surface of your device and are the source of various privacy concerns with Android.
+Lorsque vous achetez un téléphone Android, le système d'exploitation par défaut est livré avec des applications et des fonctionnalités qui ne font pas partie de l'Android Open-Source Project. Un grand nombre de ces applications - même des applications comme l'app Téléphone qui fournissent des fonctions système de base - nécessitent des intégrations invasives avec les services Google Play, qui demandent à leur tour des privilèges pour accéder à vos fichiers, au stockage de vos contacts, aux journaux d'appels, aux messages SMS, à la localisation, à l'appareil photo, au microphone et à de nombreux autres éléments de votre appareil afin que ces applications systèmes de base et beaucoup d'autres applications puissent simplement fonctionner. Les environnements tels que les services Google Play augmentent la surface d'attaque de votre appareil et sont à l'origine de divers problèmes de confidentialité liés à Android.
Ce problème pourrait être résolu en utilisant une distribution Android qui n'est pas fournie avec une intégration de ces applications invasives. Malheureusement, de nombreuses distributions d'Android enfreignent souvent le modèle de sécurité d'Android en ne prenant pas en charge les fonctions de sécurité essentielles telles que l'AVB, le rollback protection, les mises à jour du firmware, etc. Certaines distributions fournissent également des builds [`userdebug`](https://source.android.com/setup/build/building#choose-a-target) qui permettent le root via [ADB](https://developer.android.com/studio/command-line/adb) et nécessitent [des politiques SELinux plus permissives](https://github.com/LineageOS/android_system_sepolicy/search?q=userdebug&type=code) pour prendre en compte les fonctionnalités de débogage, ce qui augmente encore plus la surface d'attaque et affaiblit grandement le modèle de sécurité.
@@ -60,11 +60,11 @@ De nombreux contructeurs ont également une implémentation défectueuse du Dém
Les mises à jour du micrologiciel sont essentielles au maintien de la sécurité. Sans elles, votre appareil ne peut être sécurisé. Les fabriquants ont conclu des accords de prise de en charge avec leurs partenaires pour fournir les mises à jour des composants closed-source pendant une période limitée. Celles-ci sont détaillées dans les [Bulletins de Sécurité Android](https://source.android.com/security/bulletin) mensuels.
-Comme les composants du téléphone, tels que le processeur et les technologies radio, reposent sur des composants closed-source, les mises à jour doivent être fournies par leur fabricants respectifs. Par conséquent, il est important que vous achetiez un appareil qui reçoit activement des mises à jours. [Qualcomm](https://www.qualcomm.com/news/releases/2020/12/16/qualcomm-and-google-announce-collaboration-extend-android-os-support-and) et [Samsung](https://news.samsung.com/us/samsung-galaxy-security-extending-updates-knox/) prennent en charge leurs appareils pendant 4 ans, tandis que les produits moins chers ont souvent des cycles de mises à jour plus courts. With the introduction of the [Pixel 6](https://support.google.com/pixelphone/answer/4457705), Google now makes their own SoC, and they will provide a minimum of 5 years of support. With the introduction of the Pixel 8 series, Google increased that support window to 7 years.
+Comme les composants du téléphone, tels que le processeur et les technologies radio, reposent sur des composants closed-source, les mises à jour doivent être fournies par leur fabricants respectifs. Par conséquent, il est important que vous achetiez un appareil qui reçoit activement des mises à jours. [Qualcomm](https://www.qualcomm.com/news/releases/2020/12/16/qualcomm-and-google-announce-collaboration-extend-android-os-support-and) et [Samsung](https://news.samsung.com/us/samsung-galaxy-security-extending-updates-knox/) prennent en charge leurs appareils pendant 4 ans, tandis que les produits moins chers ont souvent des cycles de mises à jour plus courts. Avec l'introduction du [Pixel 6](https://support.google.com/pixelphone/answer/4457705), Google fabrique maintenant son propre SoC et fournira un minimum de 5 ans de mises à jour. Avec l'introduction de la série Pixel 8, Google a porté cette intervalle de prise en charge à 7 ans.
Les appareils qui ne sont plus pris en charge par le fabricant du SoC ne peuvent pas recevoir de mises à jour du micrologiciel de la part des fabricants ou des distributeurs. Cela signifie que les problèmes de sécurité de ces appareils ne seront pas corrigés.
-Fairphone, for example, markets their Fairphone 4 device as receiving 6 years of support. Cependant, le SoC (Qualcomm Snapdragon 750G sur le Fairphone 4) a une date de fin de vie (EOL) beaucoup plus courte. Cela signifie que les mises à jour de sécurité du micrologiciel de Qualcomm pour le Fairphone 4 prendront fin en septembre 2023, que Fairphone continue ou non à publier des mises à jour de sécurité logicielle.
+Fairphone, par exemple, commercialise son appareil Fairphone 4 comme bénéficiant de 6 ans de mises à jour. Cependant, le SoC (Qualcomm Snapdragon 750G sur le Fairphone 4) a une date de fin de vie (EOL) beaucoup plus courte. Cela signifie que les mises à jour de sécurité du micrologiciel de Qualcomm pour le Fairphone 4 prendront fin en septembre 2023, que Fairphone continue ou non à publier des mises à jour de sécurité logicielle.
### Autorisations d'Android
@@ -91,7 +91,7 @@ Android 12 :
Android 13 :
-- A permission for [nearby Wi-Fi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby Wi-Fi access points was a popular way for apps to track a user's location.
+- Une autorisation pour un [accès aux wifi à proximité](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). Utiliser les adresses MAC des points d'accès WiFi à proximité était une technique populaire des applications pour suivre la position d'un utilisateur.
- Des [autorisations plus granulaires pour les médias](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), ce qui signifie que vous pouvez accorder l'accès uniquement aux images, aux vidéos ou aux fichiers audio.
- L'utilisation de capteurs en arrière-plan nécessite désormais l'autorisation [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission).
@@ -121,13 +121,13 @@ Les [Profils Professionnels](https://support.google.com/work/android/answer/6191
Une application de **gestionnaire d'appareil** telle que [Shelter](../android.md#shelter) est nécessaire pour créer un profil professionnel sans MDM d'entreprise, à moins que vous n'utilisiez un système d'exploitation Android personnalisé qui en comprend une.
-Le profil professionnel dépend d'un gestionnaire d'appareil pour fonctionner. Les fonctionnalités telles que la *Navigation de Fichiers* et le *blocage de la recherche de contacts* ou tout autre type de fonctionnalités d'isolation doivent être implémentées par le gestionnaire. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
+Le profil professionnel dépend d'un gestionnaire d'appareil pour fonctionner. Les fonctionnalités telles que la *Navigation de Fichiers* et le *blocage de la recherche de contacts* ou tout autre type de fonctionnalités d'isolation doivent être implémentées par le gestionnaire. Vous devez également faire entièrement confiance à l'application de gestionnaire d'appareil, car elle a un accès total à vos données au sein du profil professionnel.
Cette méthode est généralement moins sûre qu'un profil utilisateur secondaire, mais elle vous permet d'exécuter simultanément des applications dans les profils professionnel et personnel.
### Arrêt d'urgence VPN
-Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. Cette fonction permet d'éviter les fuites si le VPN est déconnecté. Il se trouve dans :gear: **Paramètres** → **Réseau & internet** → **VPN** → :gear: → **Bloquer les connexions sans VPN**.
+Android 7 et plus prennent en charge un arrêt d'urgence du VPN et il est disponible sans qu'il soit nécessaire d'installer des applications tierces. Cette fonction permet d'éviter les fuites si le VPN est déconnecté. Il se trouve dans :gear: **Paramètres** → **Réseau & internet** → **VPN** → :gear: → **Bloquer les connexions sans VPN**.
### Boutons à bascule globaux
@@ -143,7 +143,7 @@ Si vous avez un compte Google, nous vous suggérons de vous inscrire au [Program
Le Programme de Protection Avancée offre une surveillance accrue des menaces et permet :
-- Stricter two-factor authentication; e.g. that [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) **must** be used and disallows the use of [SMS OTPs](../basics/multi-factor-authentication.md#sms-or-email-mfa), [TOTP](../basics/multi-factor-authentication.md#time-based-one-time-password-totp) and [OAuth](https://en.wikipedia.org/wiki/OAuth)
+- Une authentification à deux facteurs plus stricte; par exemple, seul [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) **doit** être utilisé et toute autre type de double autentification tels que [SMS OTP](../basics/multi-factor-authentication.md#sms-or-email-mfa), [TOTP](../basics/multi-factor-authentication.md#time-based-one-time-password-totp) et [OAuth](https://en.wikipedia.org/wiki/OAuth) sont bloqués
- Seul Google et les applications tierces vérifiées peuvent accéder aux données du compte
- Une analyse des e-mails entrants sur les comptes Gmail pour détecter les tentatives de [hameçonnage](https://en.wikipedia.org/wiki/Phishing#Email_phishing)
- Une plus stricte [analyse de sécurité du navigateur](https://www.google.com/chrome/privacy/whitepaper.html#malware) avec Google Chrome
@@ -151,7 +151,7 @@ Le Programme de Protection Avancée offre une surveillance accrue des menaces et
Si vous utilisez des services Google Play non sandboxés (courants sur les systèmes d'exploitation d'origine), l'Advanced Protection Program est également accompagné d'[avantages supplémentaires](https://support.google.com/accounts/answer/9764949?hl=en) tels que :
-- Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge)
+- Ne pas autoriser l'installation d'applications en dehors du Google Play Store, en dehors de la boutique d'applications du fournisseur du système d'exploitation ou via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge)
- Analyse automatique obligatoire des appareils avec [Play Protect](https://support.google.com/googleplay/answer/2812853?hl=en#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work)
- Avertissement des applications non vérifiées
@@ -178,4 +178,4 @@ Vous aurez la possibilité de supprimer votre identifiant publicitaire ou de *re
[SafetyNet](https://developer.android.com/training/safetynet/attestation) et les [API Play Integrity](https://developer.android.com/google/play/integrity) sont généralement utilisés pour des [applications bancaires](https://grapheneos.org/usage#banking-apps). De nombreuses applications bancaires fonctionneront sans problème sur GrapheneOS avec les services Google Play en sandbox, mais certaines applications non financières ont leurs propres mécanismes anti-tampering rudimentaires qui peuvent échouer. GrapheneOS passe le contrôle `basicIntegrity`, mais pas le contrôle de certification `ctsProfileMatch`. Les appareils équipés d'Android 8 ou d'une version ultérieure sont dotés d'un système d'attestation matérielle qui ne peut être contourné qu'en cas de fuite de clés ou de vulnérabilité grave.
-As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt out if you don't want your credit rating and personal information shared with affiliate marketing services.
+Quant à Google Wallet, nous ne le recommandons pas en raison de sa [politique de confidentialité](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), qui stipule que vous devez manuellement refuser si vous ne voulez pas que votre note de crédit et vos informations personnelles soient partagées avec des services de marketing affiliés.
diff --git a/i18n/he/basics/account-creation.md b/i18n/he/basics/account-creation.md
index 8c997ca7..7733b184 100644
--- a/i18n/he/basics/account-creation.md
+++ b/i18n/he/basics/account-creation.md
@@ -53,17 +53,21 @@ OAuth הוא פרוטוקול אימות המאפשר לך להירשם לשיר
היתרונות העיקריים הם:
-- **אבטחה**: אין סיכון להיות מעורב ב[הפרת נתונים](https://en.wikipedia.org/wiki/Data_breach) מכיוון האתר אינו שומר את האישורים שלך.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **קלות שימוש**: מספר חשבונות מנוהלים על ידי התחברות אחת.
אבל יש חסרונות:
- **פרטיות**: ספק ה-OAuth שאיתו אתה מתחבר יידע באילו שירותים אתה משתמש.
-- **ריכוזיות**: אם החשבון שבו אתה משתמש עבור OAuth נפגע או שאינך יכול להתחבר אליו, כל שאר החשבונות המחוברים אליו מושפעים.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-אימות OAuth יכול להיות שימושי במיוחד במצבים שבהם תוכל להפיק תועלת מאינטגרציה עמוקה יותר בין שירותים. ההמלצה שלנו היא להגביל את השימוש ב-OAuth רק למקום שבו אתה זקוק לו, ולהגן תמיד על החשבון הראשי באמצעות [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. ההמלצה שלנו היא להגביל את השימוש ב-OAuth רק למקום שבו אתה זקוק לו, ולהגן תמיד על החשבון הראשי באמצעות [MFA](multi-factor-authentication.md).
-כל השירותים המשתמשים ב-OAuth יהיו מאובטחים כמו החשבון של הספק הבסיסי שלך. לדוגמה, אם אתה רוצה לאבטח חשבון עם מפתח חומרה, אבל השירות הזה לא תומך במפתחות חומרה, אתה יכול לאבטח את החשבון שבו אתה משתמש עם OAuth עם מפתח חומרה במקום, ועכשיו יש לך בעצם MFA חומרה בכל חשבונות. עם זאת, ראוי לציין שאימות חלש בחשבון ספק ה-OAuth שלך אומר שכל חשבון הקשור לכניסה זו יהיה גם חלש.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. לדוגמה, אם אתה רוצה לאבטח חשבון עם מפתח חומרה, אבל השירות הזה לא תומך במפתחות חומרה, אתה יכול לאבטח את החשבון שבו אתה משתמש עם OAuth עם מפתח חומרה במקום, ועכשיו יש לך בעצם MFA חומרה בכל חשבונות. עם זאת, ראוי לציין שאימות חלש בחשבון ספק ה-OAuth שלך אומר שכל חשבון הקשור לכניסה זו יהיה גם חלש.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### מספר טלפון
diff --git a/i18n/hi/basics/account-creation.md b/i18n/hi/basics/account-creation.md
index dcd9f988..30337e41 100644
--- a/i18n/hi/basics/account-creation.md
+++ b/i18n/hi/basics/account-creation.md
@@ -53,17 +53,21 @@ When you sign in with OAuth, it will open a login page with the provider you cho
The main advantages are:
-- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Ease of use**: multiple accounts are managed by a single login.
But there are disadvantages:
- **Privacy**: the OAuth provider you log in with will know the services you use.
-- **Centralization**: if the account you use for OAuth is compromised or you aren't able to login to it, all other accounts connected to it are affected.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth authentication can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
-All the services that use OAuth will be as secure as your underlying provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Phone number
diff --git a/i18n/hu/basics/account-creation.md b/i18n/hu/basics/account-creation.md
index dcd9f988..30337e41 100644
--- a/i18n/hu/basics/account-creation.md
+++ b/i18n/hu/basics/account-creation.md
@@ -53,17 +53,21 @@ When you sign in with OAuth, it will open a login page with the provider you cho
The main advantages are:
-- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Ease of use**: multiple accounts are managed by a single login.
But there are disadvantages:
- **Privacy**: the OAuth provider you log in with will know the services you use.
-- **Centralization**: if the account you use for OAuth is compromised or you aren't able to login to it, all other accounts connected to it are affected.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth authentication can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
-All the services that use OAuth will be as secure as your underlying provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Phone number
diff --git a/i18n/id/basics/account-creation.md b/i18n/id/basics/account-creation.md
index 410d9ad8..ee7613e9 100644
--- a/i18n/id/basics/account-creation.md
+++ b/i18n/id/basics/account-creation.md
@@ -53,17 +53,21 @@ When you sign in with OAuth, it will open a login page with the provider you cho
Keuntungan utama adalah:
-- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Ease of use**: multiple accounts are managed by a single login.
Tetapi ada kelemahan:
- **Privacy**: the OAuth provider you log in with will know the services you use.
-- **Centralization**: if the account you use for OAuth is compromised or you aren't able to login to it, all other accounts connected to it are affected.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth authentication can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
-All the services that use OAuth will be as secure as your underlying provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Nomor telepon
diff --git a/i18n/it/advanced/tor-overview.md b/i18n/it/advanced/tor-overview.md
index 70d6deec..101c41ff 100644
--- a/i18n/it/advanced/tor-overview.md
+++ b/i18n/it/advanced/tor-overview.md
@@ -47,25 +47,25 @@ Alcuni provider di VPN e altre pubblicazioni raccomandano occasionalmente queste
!!! info "VPN/SSH Fingerprinting"
- The Tor Project [notes](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN#vpnssh-fingerprinting) that *theoretically* using a VPN to hide Tor activities from your ISP may not be foolproof. VPNs have been found to be vulnerable to website traffic fingerprinting, where an adversary can still guess what website is being visited, because all websites have specific traffic patterns.
+ Il Tor Project [notes](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN#vpnssh-fingerprinting) afferma che *teoricamente* l'utilizzo di una VPN per nascondere le attività Tor al proprio ISP potrebbe non essere infallibile. Le VPN sono risultate vulnerabili al fingerprinting del traffico dei siti web, in cui un avversario può comunque indovinare quale sito web viene visitato, perché tutti i siti web hanno modelli di traffico specifici.
- Therefore, it's not unreasonable to believe that encrypted Tor traffic hidden by a VPN could also be detected via similar methods. There are no research papers on this subject, and we still consider the benefits of using a VPN to far outweigh these risks, but it is something to keep in mind.
+ Pertanto, non è irragionevole credere che anche il traffico Tor crittografato nascosto da una VPN possa essere rilevato con metodi simili. Non esistono ricerche in merito e riteniamo che i vantaggi dell'utilizzo di una VPN siano di gran lunga superiori a questi rischi, ma è un aspetto da tenere presente.
- If you still believe that pluggable transports (bridges) provide additional protection against website traffic fingerprinting that a VPN does not, you always have the option to use a bridge **and** a VPN in conjunction.
+ Se sei ancora convinto che i trasporti collegabili (bridge) forniscano una protezione aggiuntiva contro il fingerprinting del traffico dei siti web che una VPN non offre, hai sempre la possibilità di utilizzare un bridge **e** una VPN insieme.
-Determining whether you should first use a VPN to connect to the Tor network will require some common sense and knowledge of your own government's and ISP's policies relating to what you're connecting to. However, again in most cases you will be better off being seen as connecting to a commercial VPN network than directly to the Tor network. If VPN providers are censored in your area, then you can also consider using Tor pluggable transports (e.g. Snowflake or meek bridges) as an alternative, but using these bridges may arouse more suspicion than standard WireGuard/OpenVPN tunnels.
+Per stabilire se sia il caso di utilizzare una VPN per connettersi alla rete Tor è necessario un po' di buon senso e la conoscenza delle politiche del proprio governo e del proprio ISP in merito a ciò a cui ci si connette. Tuttavia, anche in questo caso, nella maggior parte dei casi sarà meglio essere visti come connessi a una rete VPN commerciale piuttosto che direttamente alla rete Tor. Se i provider di VPN sono censurati nella tua zona, puoi anche considerare l'utilizzo di trasporti Tor pluggable (ad esempio Snowflake o meek bridge) come alternativa, ma l'uso di questi bridge può destare più sospetti rispetto ai tunnel WireGuard/OpenVPN standard.
## Cosa NON è Tor
-The Tor network is not the perfect privacy protection tool in all cases, and has a number of drawbacks which should be carefully considered. These things should not discourage you from using Tor if it is appropriate for your needs, but they are still things to think about when deciding which solution is most appropriate for you.
+La rete Tor non è uno strumento di protezione della privacy perfetto in tutti i casi e presenta una serie di svantaggi che devono essere considerati con attenzione. Questi elementi non ti devono scoraggiare dall'utilizzare Tor se è adatto alle tue esigenze, ma sono comunque elementi su cui riflettere per decidere la soluzione più adatta a te.
### Tor non è una VPN gratuita
-The release of the *Orbot* mobile app has lead many people to describe Tor as a "free VPN" for all of your device traffic. However, treating Tor like this poses some dangers compared to a typical VPN.
+Il rilascio dell'applicazione mobile *Orbot* ha portato molte persone a descrivere Tor come una "VPN gratuita" per tutto il traffico del tuo dispositivo. Tuttavia, trattare Tor in questo modo comporta alcuni pericoli rispetto a una tipica VPN.
-Unlike Tor exit nodes, VPN providers are usually not *actively* [malicious](#caveats). Because Tor exit nodes can be created by anybody, they are hotspots for network logging and modification. In 2020, many Tor exit nodes were documented to be downgrading HTTPS traffic to HTTP in order to [hijack cryptocurrency transactions](https://therecord.media/thousands-of-tor-exit-nodes-attacked-cryptocurrency-users-over-the-past-year). Other exit node attacks such as replacing downloads via unencrypted channels with malware have also been observed. HTTPS does mitigate these threats to an extent.
+A differenza dei nodi di uscita di Tor, i fornitori di VPN di solito non sono *attivamente* [malintenzionati](#caveats). Poiché i nodi di uscita Tor possono essere creati da chiunque, sono punti caldi per il monitoraggio della rete e per le modifiche. Nel 2020, è stato documentato che molti nodi di uscita Tor effettuavano il downgrade del traffico HTTPS in HTTP al fine di [dirottare le transazioni in criptovaluta](https://therecord.media/thousands-of-tor-exit-nodes-attacked-cryptocurrency-users-over-the-past-year). Sono stati osservati anche altri attacchi ai nodi di uscita, come la sostituzione dei download tramite canali non crittografati con malware. HTTPS attenua in una certa misura queste minacce.
-As we've alluded to already, Tor is also easily identifiable on the network. Unlike an actual VPN provider, using Tor will make you stick out as a person likely attempting to evade authorities. In a perfect world, Tor would be seen by network administrators and authorities as a tool with many uses (like how VPNs are viewed), but in reality the perception of Tor is still far less legitimate than the perception of commercial VPNs, so using a real VPN provides you with plausible deniability, e.g. "I was just using it to watch Netflix," etc.
+Come abbiamo già accennato, Tor è anche facilmente identificabile sulla rete. A differenza di un vero e proprio provider VPN, l'utilizzo di Tor ti farà passare per una persona che probabilmente sta cercando di eludere le autorità. In a perfect world, Tor would be seen by network administrators and authorities as a tool with many uses (like how VPNs are viewed), but in reality the perception of Tor is still far less legitimate than the perception of commercial VPNs, so using a real VPN provides you with plausible deniability, e.g. "I was just using it to watch Netflix," etc.
### L'utilizzo di Tor non è irrivelabile
diff --git a/i18n/it/basics/account-creation.md b/i18n/it/basics/account-creation.md
index 2fa33757..6cc8ff27 100644
--- a/i18n/it/basics/account-creation.md
+++ b/i18n/it/basics/account-creation.md
@@ -53,17 +53,21 @@ Quando accedi con OAuth, si aprirà una pgina d'accesso con il fornitore di tua
I principali vantaggi sono:
-- **Sicurezza**: nessun rischio di essere coinvolti in una [violazione dei dati](https://en.wikipedia.org/wiki/Data_breach), poiché il sito non memorizza le tue credenziali.
+- **Sicurezza**: non è necessario fidarsi delle pratiche di sicurezza del servizio a cui si accede quando si tratta di memorizzare le credenziali di accesso, perché queste vengono memorizzate presso il provider esterno di OAuth, che quando si tratta di servizi come Apple e Google di solito seguono le migliori pratiche di sicurezza, effettuando audit continui dei propri sistemi di autenticazione e non memorizzano le credenziali in modo inappropriato (ad esempio in testo in chiaro).
- **Facilità d'uso**: i profili multipli sono gestiti da un unico accesso.
Ma esistono degli svantaggi:
- **Privacy**: il fornitore di OAuth con cui effettui l'accesso conoscerà i servizi che utilizzi.
-- **Centralizzazione**: se il profilo utilizzato per OAuth viene compromesso o non riesci ad effettuare l'accesso, tutti gli altri profili a esso collegati saranno a influenzati.
+- **Centralizzazione**: se l'account utilizzato per OAuth è compromesso o non si è in grado di accedervi, tutti gli altri account a esso collegati ne saranno interessati.
-L'autenticazione OAuth può essere specialmente utile in quelle situazioni in cui potresti beneficiare da una migliore integrazione tra servizi. Il nostro consiglio è quello di limitare l'utilizzo di OAuth soltanto laddove necessario e di proteggere sempre il profilo principale con l'[AFM](multi-factor-authentication.md).
+OAuth può essere particolarmente utile nelle situazioni in cui puoi beneficiare di un'integrazione più profonda tra i servizi. Il nostro consiglio è quello di limitare l'utilizzo di OAuth soltanto laddove necessario e di proteggere sempre il profilo principale con l'[AFM](multi-factor-authentication.md).
-Tutti i servizi che utilizzano OAuth saranno sicuri tanto quanto il profilo del tuo fornitore principale. Ad esempio, se desideri proteggere un profilo con una chiave hardware, ma tale servizio non le supporta, puoi proteggerlo con OAuth e una chiave hardware e, ora, hai essenzialmente l'AFM su tutti i tuoi profili. Tuttavia, vale la pena di notare che un'autenticazione debole sul profilo del tuo fornitore OAuth, implica che qualsiasi profilo collegato a tale accesso, sarà anch'esso debole.
+Tutti i servizi che utilizzano OAuth saranno sicuri quanto l'account del provider OAuth sottostante. Ad esempio, se desideri proteggere un profilo con una chiave hardware, ma tale servizio non le supporta, puoi proteggerlo con OAuth e una chiave hardware e, ora, hai essenzialmente l'AFM su tutti i tuoi profili. Tuttavia, vale la pena di notare che un'autenticazione debole sul profilo del tuo fornitore OAuth, implica che qualsiasi profilo collegato a tale accesso, sarà anch'esso debole.
+
+C'è un ulteriore pericolo quando si utilizza *Accedi con Google*, *Facebook*, o un altro servizio, e cioè che di solito il processo OAuth consente la condivisione *bidirezionale* dei dati. Ad esempio, l'accesso a un forum con il proprio account Twitter potrebbe garantire a tale forum l'accesso a operazioni sul tuo account Twitter, come la pubblicazione di post, la lettura di messaggi o l'accesso ad altri dati personali. I provider OAuth di solito presentano un elenco di cose a cui si concede l'accesso al servizio esterno e bisogna sempre assicurarsi di leggere l'elenco e di non concedere inavvertitamente al servizio esterno l'accesso a qualcosa che non è necessario.
+
+Anche le applicazioni dannose, in particolare sui dispositivi mobile dove l'applicazione ha accesso alla sessione WebView utilizzata per l'accesso al provider OAuth, possono abusare di questo processo, dirottando la sessione dell'utente con il provider OAuth e ottenendo l'accesso al suo account OAuth attraverso questi mezzi. L'uso dell'opzione *Accedi con* con qualsiasi provider dovrebbe essere considerato una questione di convenienza da utilizzare solo con i servizi di cui ci si fida che non siano attivamente dannosi.
### Numero telefonico
diff --git a/i18n/it/device-integrity.md b/i18n/it/device-integrity.md
index 50d4bf1e..5c66e693 100644
--- a/i18n/it/device-integrity.md
+++ b/i18n/it/device-integrity.md
@@ -124,7 +124,7 @@ These are apps you can install which check your device and operating system for
!!! warning "Attenzione"
```
-Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
+L'uso di queste applicazioni non è sufficiente a determinare che un dispositivo sia "pulito" e non sia stato preso di mira da un particolare strumento spyware.
```
### Auditor (Android)
@@ -135,13 +135,13 @@ Using these apps is insufficient to determine that a device is "clean", and not
{ align=right }
{ align=right }
-**Auditor** is an app which leverages hardware security features to provide device integrity monitoring by actively validating the identity of a device and the integrity of its operating system. Currently, it only works with GrapheneOS or the stock operating system for [supported devices](https://attestation.app/about#device-support).
+**Auditor** è un app che sfrutta le caratteristiche di sicurezza dell'hardware per fornire un monitoraggio dell'integrità del dispositivo, convalidando attivatemnte l'identità di un dispositivo e l'integrità del suo sistema operativo. Attualmente funziona solo con GrapheneOS o con il sistema operativo stock per i [dispositivi supportati](https://attestation.app/about#device-support).
[:octicons-home-16: Homepage](https://attestation.app){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://attestation.app/about){ .card-link title=Documentation}
-[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
+[:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Informativa sulla Privacy" }
+[:octicons-info-16:](https://attestation.app/about){ .card-link title=Documentazione}
+[:octicons-code-16:](https://attestation.app/source){ .card-link title="Codice sorgente" }
+[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribuisci }
??? downloads
@@ -173,7 +173,7 @@ These are apps you can install on your device which scan your device for signs o
!!! warning "Attenzione"
```
-Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
+L'uso di queste applicazioni non è sufficiente a determinare che un dispositivo sia "pulito" e non sia stato preso di mira da un particolare strumento spyware.
```
### Hypatia (Android)
diff --git a/i18n/it/os/android-overview.md b/i18n/it/os/android-overview.md
index 88c73148..5c386a2c 100644
--- a/i18n/it/os/android-overview.md
+++ b/i18n/it/os/android-overview.md
@@ -12,7 +12,7 @@ Il **Progetto Open Source di Androd** è un sistema operativo mobile sicuro, che
### Scegliere una distribuzione di Android
-When you buy an Android phone, the default operating system comes bundled with apps and functionality that are not part of the Android Open Source Project. Many of these apps—even apps like the dialer which provide basic system functionality—require invasive integrations with Google Play Services, which in turn asks for privileges to access your files, contacts storage, call logs, SMS messages, location, camera, microphone, and numerous other things on your device in order for those basic system apps and many other apps to function in the first place. Frameworks like Google Play Services increase the attack surface of your device and are the source of various privacy concerns with Android.
+Quando acquisti un telefono Android, il sistema operativo predefinito viene fornito con applicazioni e funzionalità che non fanno parte dell'Android Open Source Project. Molte di queste app, anche quelle come il dialer che forniscono le funzionalità di base del sistema, richiedono integrazioni invasive con Google Play Services, che a sua volta richiede i privilegi di accesso ai file, all'archiviazione dei contatti, ai registri delle chiamate, ai messaggi SMS, alla posizione, alla fotocamera, al microfono e a numerosi altri elementi del dispositivo per far funzionare le app di base del sistema e molte altre applicazioni. Framework come Google Play Services aumentano la superficie di attacco del dispositivo e sono all'origine di vari problemi di privacy con Android.
Questo problema potrebbe essere risolto utilizzando una distribuzione modificata di Android che non preveda un'integrazione così invasiva. Purtroppo, molte distribuzioni di Android personalizzate spesso violano il modello di sicurezza di Android, non supportando funzioni di sicurezza critiche come AVB, protezione rollback, aggiornamenti del firmware e così via. Alcune distribuzioni forniscono anche build [`userdebug`](https://source.android.com/setup/build/building#choose-a-target) che espongono root tramite [ADB](https://developer.android.com/studio/command-line/adb) e richiedono politiche SELinux [più permissive](https://github.com/LineageOS/android_system_sepolicy/search?q=userdebug&type=code) per ospitare le funzionalità di debug, con conseguente ulteriore aumento della superficie di attacco e indebolimento del modello di sicurezza.
@@ -60,11 +60,11 @@ Inoltre, molti OEM dispongono di un'implementazione corrotta dell'Avvio Verifica
Gli aggiornamenti del firmware sono fondamentali per mantenere la sicurezza e, senza di essi, il tuo dispositivo non può essere sicuro. Gli OEM stipulano accordi di supporto coi propri partner per fornire i componenti closed-source per un periodo di supporto limitato. Questi sono mensilmente riportati nei [Bollettini di Sicurezza di Android](https://source.android.com/security/bulletin).
-Poiché i componenti del telefono, come il processore e le tecnologie radio, si affidano a componenti closed-source, gli aggiornamenti devono essere forniti dai rispettivi produttori. Dunque, è importante che tu acquisti un dispositivo entro un ciclo di supporto attivo. [Qualcomm](https://www.qualcomm.com/news/releases/2020/12/16/qualcomm-and-google-announce-collaboration-extend-android-os-support-and) e [Samsung](https://news.samsung.com/us/samsung-galaxy-security-extending-updates-knox/) supportano i propri dispositivi per 4 anni, mentre i prodotti più economici prevedono spesso cicli di supporto più brevi. With the introduction of the [Pixel 6](https://support.google.com/pixelphone/answer/4457705), Google now makes their own SoC, and they will provide a minimum of 5 years of support. With the introduction of the Pixel 8 series, Google increased that support window to 7 years.
+Poiché i componenti del telefono, come il processore e le tecnologie radio, si affidano a componenti closed-source, gli aggiornamenti devono essere forniti dai rispettivi produttori. Dunque, è importante che tu acquisti un dispositivo entro un ciclo di supporto attivo. [Qualcomm](https://www.qualcomm.com/news/releases/2020/12/16/qualcomm-and-google-announce-collaboration-extend-android-os-support-and) e [Samsung](https://news.samsung.com/us/samsung-galaxy-security-extending-updates-knox/) supportano i propri dispositivi per 4 anni, mentre i prodotti più economici prevedono spesso cicli di supporto più brevi. Con l'introduzione del [Pixel 6](https://support.google.com/pixelphone/answer/4457705), Google produce ora il proprio SoC e fornirà un supporto di almeno 5 anni. Con l'introduzione della serie Pixel 8, Google ha aumentato la finestra di supporto a 7 anni.
I dispositivi EOL, non più supportati dal produttore del SoC, non possono ricevere aggiornamenti del firmware dai fornitori OEM o dai distributori di ricambi per Android. Ciò significa che i problemi di sicurezza di questi dispositivi non saranno risolti.
-Fairphone, for example, markets their Fairphone 4 device as receiving 6 years of support. Tuttavia, il SoC (Qualcomm Snapdragon 750G sul Fairphone 4), ha una data di scadenza considerevolmente più breve. Ciò significa che gli aggiornamenti di sicurezza di quel firmware da Qualcomm per il Fairphone 4 termineranno a settembre 2023, indipendentemente dal fatto che Fairphone continui a rilasciare aggiornamenti di sicurezza del software.
+Fairphone, ad esempio, commercializza il proprio dispositivo Fairphone 4 con 6 anni di assistenza. Tuttavia, il SoC (Qualcomm Snapdragon 750G sul Fairphone 4), ha una data di scadenza considerevolmente più breve. Ciò significa che gli aggiornamenti di sicurezza di quel firmware da Qualcomm per il Fairphone 4 termineranno a settembre 2023, indipendentemente dal fatto che Fairphone continui a rilasciare aggiornamenti di sicurezza del software.
### Autorizzazioni di Android
@@ -91,7 +91,7 @@ Android 12:
Android 13:
-- A permission for [nearby Wi-Fi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby Wi-Fi access points was a popular way for apps to track a user's location.
+- Un'autorizzazione per l'[accesso alle Wi-Fi nelle vicinanze](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). Gli indirizzi MAC dei punti di accesso Wi-Fi nelle vicinanze erano un modo molto diffuso per le app di tracciare la posizione di un utente.
- Ulteriori [autorizzazioni multimediali granulari](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), a significare che puoi concedere l'accesso aai soli filee immagine, video o audio.
- L'utilizzo in background dei sensori richiede adesso l'autorizzazione [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission).
@@ -121,13 +121,13 @@ I [Profili di Lavoro](https://support.google.com/work/android/answer/6191949) so
Un'app di **controllo del dispositivo**, come [Shelter](../android.md#shelter), è necessaria per creare un Profilo di Lavoro senza un MDM imprenditoriale, a meno che tu non stia utilizzando un OS personalizzato di Android che ne includa uno.
-Il profilo di lavoro dipende da un controllore del dispositivo per funzionare. Le funzionalità come *File Shuttle* e *blocco della ricerca dei contatti* o qualsiasi tipo di funzionalità d'isolamento, devono essere implementate dal controllore. You must also fully trust the device controller app, as it has full access to your data inside the work profile.
+Il profilo di lavoro dipende da un controllore del dispositivo per funzionare. Le funzionalità come *File Shuttle* e *blocco della ricerca dei contatti* o qualsiasi tipo di funzionalità d'isolamento, devono essere implementate dal controllore. È inoltre necessario fidarsi completamente dell'app di controllo del dispositivo, che ha pieno accesso ai dati dell'utente all'interno del profilo di lavoro.
Questo metodo, generalmente, è meno sicuro di un profilo utente secondario; tuttavia, ti consente la comodità di eseguire le app nei profili lavorativi e personali, simultaneamente.
-### Interruttore d'Emergenza per VPN
+### Killswitch per VPN
-Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. Questa funzionalità può prevenire fughe, se la VPN è disconnessa. Si trova in :gear: **Impostazioni** → **Rete e Internet** → **VPN** → :gear: → **Blocca connessioni senza VPN**.
+Android 7 e successivi supporta un kill switch VPN, disponibile senza la necessità d'installare applicazioni di terze parti. Questa funzionalità può prevenire fughe, se la VPN è disconnessa. Si trova in :gear: **Impostazioni** → **Rete e Internet** → **VPN** → :gear: → **Blocca connessioni senza VPN**.
### Interruttori globali
@@ -143,7 +143,7 @@ Se possiedi un profilo Google, ti suggeriamo di iscriverti al [Programma di Prot
Il Programma di Protezione Avanzata fornisce un migliore monitoraggio delle minacce, e consente:
-- Stricter two-factor authentication; e.g. that [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) **must** be used and disallows the use of [SMS OTPs](../basics/multi-factor-authentication.md#sms-or-email-mfa), [TOTP](../basics/multi-factor-authentication.md#time-based-one-time-password-totp) and [OAuth](https://en.wikipedia.org/wiki/OAuth)
+- Autenticazione a due fattori più rigida; ad esempio, [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) **deve** essere utilizzato e non è consentito l'uso di [SMS OTP](../basics/multi-factor-authentication.md#sms-or-email-mfa), [TOTP](../basics/multi-factor-authentication.md#time-based-one-time-password-totp) e [OAuth](https://en.wikipedia.org/wiki/OAuth)
- L'accesso ai dati del profilo soltanto a Google e alle app verificate di terze parti
- Scansione delle email in entrata sui profili Gmail, in cerca di tentativi di [phishing](https://en.wikipedia.org/wiki/Phishing#Email_phishing)
- [Scansione del browser sicura](https://www.google.com/chrome/privacy/whitepaper.html#malware) e più rigida, con Google Chrome
@@ -151,7 +151,7 @@ Il Programma di Protezione Avanzata fornisce un migliore monitoraggio delle mina
Se utilizzi Google Play Services non 'sandboxed' (comune sui sistemi operativi di fabbrica), il Programma di Protezione Avanzata fornisce anche dei [benefici aggiuntivi](https://support.google.com/accounts/answer/9764949?hl=en), come:
-- Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge)
+- Non permette l'installazione di app al di fuori del Google Play Store, dell'app store del fornitore del sistema operativo o tramite [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge)
- Scansione del dispositivo automatica e obbligatoria con [Play Protect](https://support.google.com/googleplay/answer/2812853?hl=en#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work)
- Avviso sulle applicazioni non verificate
@@ -178,4 +178,4 @@ Potrai eliminare il tuo ID pubblicitario o *Rinunciare agli annunci basati sugli
[SafetyNet](https://developer.android.com/training/safetynet/attestation) e le [API di Play Integrity](https://developer.android.com/google/play/integrity) sono generalmente utilizzati per le [app bancarie](https://grapheneos.org/usage#banking-apps). Molte app bancarie funzioneranno bene su GrapheneOS con i servizi Play in modalità sandbox, tuttavia, alcune app non finanziarie dispongono di meccanismi anti-manomissione che potrebbero fallire. GrapheneOS supera il controllo `basicIntegrity`, ma non il controllo del certificato `ctsProfileMatch`. I dispositivi con Android 8 o successive, dispongono di supporto dell'attestazione del hardware, non superabile con chiavi trapelate o gravi vulnerabilità.
-As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt out if you don't want your credit rating and personal information shared with affiliate marketing services.
+Per quanto riguarda Google Wallet, lo sconsigliamo a causa della loro [informativa sulla privacy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), che prevede che l'utente debba rinunciare se non vuole che il suo rating creditizio e le sue informazioni personali siano condivise con i servizi di marketing affiliati.
diff --git a/i18n/ja/about/notices.md b/i18n/ja/about/notices.md
index 1294d037..9a1d2feb 100644
--- a/i18n/ja/about/notices.md
+++ b/i18n/ja/about/notices.md
@@ -40,7 +40,7 @@ You may not use this website in any way that causes or may cause damage to the w
You must not conduct any systematic or automated data collection activities on or in relation to this website without express written consent, including:
* Excessive Automated Scans
-* Denial of Service Attacks
+* サービス拒否(DoS)攻撃
* スクレイピング
* データマイニング
* 'Framing' (IFrames)
diff --git a/i18n/ja/advanced/communication-network-types.md b/i18n/ja/advanced/communication-network-types.md
index ff434f24..6f9f8705 100644
--- a/i18n/ja/advanced/communication-network-types.md
+++ b/i18n/ja/advanced/communication-network-types.md
@@ -23,7 +23,7 @@ Some self-hosted messengers allow you to set up your own server. Self-hosting ca
- Most mature and stable features ecosystems, as they are easier to program in a centralized software.
- Privacy issues may be reduced when you trust a server that you're self-hosting.
-**Disadvantages:**
+**デメリット:**
- Can include [restricted control or access](https://drewdevault.com/2018/08/08/Signal.html). これは次のようなものも含みます。
- Being [forbidden from connecting third-party clients](https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165) to the centralized network that might provide for greater customization or a better experience. Often defined in Terms and Conditions of usage.
@@ -46,7 +46,7 @@ When self-hosted, members of a federated server can discover and communicate wit
- Often allows for third-party clients which can provide a more native, customized, or accessible experience.
- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member).
-**Disadvantages:**
+**デメリット:**
- Adding new features is more complex because these features need to be standardized and tested to ensure they work with all servers on the network.
- Due to the previous point, features can be lacking, or incomplete or working in unexpected ways compared to centralized platforms, such as message relay when offline or message deletion.
@@ -71,7 +71,7 @@ P2P networks do not use servers, as peers communicate directly between each othe
- Minimal information is exposed to third-parties.
- Modern P2P platforms implement E2EE by default. There are no servers that could potentially intercept and decrypt your transmissions, unlike centralized and federated models.
-**Disadvantages:**
+**デメリット:**
- Reduced feature set:
- Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online.
@@ -94,7 +94,7 @@ Self-hosting a node in an anonymous routing network does not provide the hoster
- Minimal to no information is exposed to other parties.
- Messages can be relayed in a decentralized manner even if one of the parties is offline.
-**Disadvantages:**
+**デメリット:**
- Slow message propagation.
- Often limited to fewer media types, mostly text, since the network is slow.
diff --git a/i18n/ja/advanced/payments.md b/i18n/ja/advanced/payments.md
index b88883ac..1c77fdff 100644
--- a/i18n/ja/advanced/payments.md
+++ b/i18n/ja/advanced/payments.md
@@ -67,7 +67,7 @@ Privacy coins have been subject to increasing scrutiny by government agencies. I
==最もよい選択肢は、これらの暗号通貨は一切使わず、デフォルトでプライバシーを保証する暗号通貨だけを使うことです。== 他の暗号通貨を使用しようとすることは、本サイトで扱う範囲を超えており、全く推奨されません。
-### Wallet Custody
+### ウォレットのカストディー
With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies.
diff --git a/i18n/ja/basics/account-creation.md b/i18n/ja/basics/account-creation.md
index 89f1ae1d..bb85bdeb 100644
--- a/i18n/ja/basics/account-creation.md
+++ b/i18n/ja/basics/account-creation.md
@@ -53,17 +53,21 @@ When you sign in with OAuth, it will open a login page with the provider you cho
The main advantages are:
-- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Ease of use**: multiple accounts are managed by a single login.
しかし、以下のデメリットもあります。
- **Privacy**: the OAuth provider you log in with will know the services you use.
-- **Centralization**: if the account you use for OAuth is compromised or you aren't able to login to it, all other accounts connected to it are affected.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth authentication can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
-All the services that use OAuth will be as secure as your underlying provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### 電話番号
diff --git a/i18n/ja/basics/common-threats.md b/i18n/ja/basics/common-threats.md
index 48f94a0b..4d391dbe 100644
--- a/i18n/ja/basics/common-threats.md
+++ b/i18n/ja/basics/common-threats.md
@@ -27,7 +27,7 @@ Whistleblowers and journalists, for example, can have a much more extreme threat
## セキュリティーとプライバシー
-:material-bug-outline: Passive Attacks
+:material-bug-outline: パッシブ攻撃
Security and privacy are also often confused, because you need security to obtain any semblance of privacy: Using tools—even if they're private by design—is futile if they could be easily exploited by attackers who later release your data. However, the inverse isn't necessarily true: The most secure service in the world *isn't necessarily* private. The best example of this is trusting data to Google who, given their scale, have had few security incidents by employing industry-leading security experts to secure their infrastructure. Even though Google provides very secure services, very few people would consider their data private in Google's free consumer products (Gmail, YouTube, etc.)
@@ -125,7 +125,7 @@ If you've already submitted your real information to sites which shouldn't have
## 検閲の回避
-:material-close-outline: Censorship
+:material-close-outline: 検閲
Censorship online can be carried out (to varying degrees) by actors including totalitarian governments, network administrators, and service providers. These efforts to control communication and restrict access to information will always be incompatible with the human right to Freedom of Expression.[^5]
diff --git a/i18n/ja/os/android-overview.md b/i18n/ja/os/android-overview.md
index 8d0d84b8..87ace29c 100644
--- a/i18n/ja/os/android-overview.md
+++ b/i18n/ja/os/android-overview.md
@@ -66,7 +66,7 @@ EOL devices which are no longer supported by the SoC manufacturer cannot receive
Fairphone, for example, markets their Fairphone 4 device as receiving 6 years of support. However, the SoC (Qualcomm Snapdragon 750G on the Fairphone 4) has a considerably shorter EOL date. This means that firmware security updates from Qualcomm for the Fairphone 4 will end in September 2023, regardless of whether Fairphone continues to release software security updates.
-### Android Permissions
+### Androidのアクセス許可
[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps.
@@ -161,7 +161,7 @@ In the past, Android security updates had to be shipped by the operating system
If you have an EOL device shipped with Android 10 or above and are unable to run any of our recommended operating systems on your device, you are likely going to be better off sticking with your OEM Android installation (as opposed to an operating system not listed here such as LineageOS or /e/ OS). This will allow you to receive **some** security fixes from Google, while not violating the Android security model by using an insecure Android derivative and increasing your attack surface. We would still recommend upgrading to a supported device as soon as possible.
-### Advertising ID
+### 広告ID
All devices with Google Play Services installed automatically generate an [advertising ID](https://support.google.com/googleplay/android-developer/answer/6048248?hl=en) used for targeted advertising. Disable this feature to limit the data collected about you.
diff --git a/i18n/ja/os/macos-overview.md b/i18n/ja/os/macos-overview.md
index 6815e357..ecfe04bc 100644
--- a/i18n/ja/os/macos-overview.md
+++ b/i18n/ja/os/macos-overview.md
@@ -94,7 +94,7 @@ Click the small :material-information-outline: icon next to **Automatic Updates*
Whenever an application requests a permission, it will show up here. You can decide which applications you want to allow or deny specific permissions.
-##### Location Services
+##### 位置情報サービス
You can individually allow location services per-app. If you don't need apps to use your location, turning off location services entirely is the most private option.
diff --git a/i18n/ja/vpn.md b/i18n/ja/vpn.md
index 32535bf9..6fa2691d 100644
--- a/i18n/ja/vpn.md
+++ b/i18n/ja/vpn.md
@@ -135,7 +135,7 @@ IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-repo
As of February 2020 [IVPN applications are now open source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn).
-#### :material-check:{ .pg-green } Accepts Cash and Monero
+#### :material-check:{ .pg-green } 現金とMoneroが利用可能
In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment.
@@ -205,7 +205,7 @@ In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021
Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app).
-#### :material-check:{ .pg-green } Accepts Cash and Monero
+#### :material-check:{ .pg-green } 現金とMoneroが利用可能
Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers.
@@ -215,7 +215,7 @@ MullvadはWireGuard®️プロトコルをサポートしています。 [WireGu
Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
-#### :material-check:{ .pg-green } IPv6 Support
+#### :material-check:{ .pg-green } IPv6のサポート
Mullvad allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/), as opposed to other providers which block IPv6 connections.
diff --git a/i18n/ko/basics/account-creation.md b/i18n/ko/basics/account-creation.md
index 63e9a88b..5a0908d1 100644
--- a/i18n/ko/basics/account-creation.md
+++ b/i18n/ko/basics/account-creation.md
@@ -53,17 +53,21 @@ Oauth 로그인을 선택할 경우, OAuth 제공 업체의 로그인 페이지
주요 장점은 다음과 같습니다:
-- **보안**: 웹사이트에 여러분의 자격 증명이 저장되지 않으므로, [데이터 유출](https://en.wikipedia.org/wiki/Data_breach) 위험성이 없습니다.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **사용 편의성**: 하나의 로그인으로 여러 계정을 관리할 수 있습니다.
단점은 다음과 같습니다:
- **프라이버시**: OAuth 제공 업체는 사용자가 어떤 서비스를 사용하는지 알 수 있습니다.
-- **중앙 집중화**: OAuth 계정이 손상되거나 로그인할 수 없는 경우, 해당 계정에 연결된 계정도 전부 영향을 받습니다.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth 인증은 서비스 간 연동을 통해 이점을 얻을 수 있는 경우 특히 유용합니다. 되도록 OAuth는 필요한 경우에만 사용하고, 주요 계정은 [MFA](multi-factor-authentication.md)로 보호할 것을 권장드립니다.
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. 되도록 OAuth는 필요한 경우에만 사용하고, 주요 계정은 [MFA](multi-factor-authentication.md)로 보호할 것을 권장드립니다.
-OAuth를 사용하는 모든 서비스는 OAuth 계정과 동일한 보안 수준을 갖습니다. 예를 들어, 하드웨어 키를 사용해 계정을 보호하고 싶은데 해당 서비스는 하드웨어 키를 지원하지 않는 경우, OAuth 계정을 하드웨어 키로 보호하면 결과적으로 모든 계정을 하드웨어 키로 보호하는 효과를 얻습니다. 하지만 동시에, OAuth 계정 인증이 취약할 경우에는 해당 계정에 연결된 모든 계정의 인증 또한 취약해진다는 점을 명심해야합니다.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. 예를 들어, 하드웨어 키를 사용해 계정을 보호하고 싶은데 해당 서비스는 하드웨어 키를 지원하지 않는 경우, OAuth 계정을 하드웨어 키로 보호하면 결과적으로 모든 계정을 하드웨어 키로 보호하는 효과를 얻습니다. 하지만 동시에, OAuth 계정 인증이 취약할 경우에는 해당 계정에 연결된 모든 계정의 인증 또한 취약해진다는 점을 명심해야합니다.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### 전화번호
diff --git a/i18n/ku-IQ/basics/account-creation.md b/i18n/ku-IQ/basics/account-creation.md
index dcd9f988..30337e41 100644
--- a/i18n/ku-IQ/basics/account-creation.md
+++ b/i18n/ku-IQ/basics/account-creation.md
@@ -53,17 +53,21 @@ When you sign in with OAuth, it will open a login page with the provider you cho
The main advantages are:
-- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Ease of use**: multiple accounts are managed by a single login.
But there are disadvantages:
- **Privacy**: the OAuth provider you log in with will know the services you use.
-- **Centralization**: if the account you use for OAuth is compromised or you aren't able to login to it, all other accounts connected to it are affected.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth authentication can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
-All the services that use OAuth will be as secure as your underlying provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Phone number
diff --git a/i18n/nl/basics/account-creation.md b/i18n/nl/basics/account-creation.md
index 781c91ae..07e4be87 100644
--- a/i18n/nl/basics/account-creation.md
+++ b/i18n/nl/basics/account-creation.md
@@ -53,17 +53,21 @@ Wanneer je met OAuth inlogt, wordt een inlogpagina geopend met de aanbieder die
De belangrijkste voordelen zijn:
-- **Beveiliging**: geen risico om betrokken te raken bij een [datalek](https://en.wikipedia.org/wiki/Data_breach) omdat de website uw inlog gegevens niet opslaat.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Gebruiksgemak**: meerdere accounts worden beheerd door één enkele login.
Maar er zijn ook nadelen:
- **Privacy**: de OAuth provider waarmee je je aanmeldt kent de diensten die je gebruikt.
-- **Centralisatie**: als het account dat je voor OAuth gebruikt, gecompromitteerd is of je niet kunt inloggen alle andere accounts die ermee verbonden zijn worden beïnvloed.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth authenticatie kan vooral nuttig zijn in situaties waarin je zou kunnen profiteren van een diepere integratie tussen services. Onze aanbeveling is om OAuth alleen te gebruiken waar je het nodig hebt, en altijd de hoofdaccount te beschermen met [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Onze aanbeveling is om OAuth alleen te gebruiken waar je het nodig hebt, en altijd de hoofdaccount te beschermen met [MFA](multi-factor-authentication.md).
-Alle diensten die OAuth gebruiken zijn net zo veilig als jouw onderliggende account van de aanbieder. Als je bijvoorbeeld een account wilt beveiligen met een hardwaresleutel, maar die dienst ondersteunt geen hardwaresleutels, dan kun je jouw OAuth account beveiligen met een hardwaresleutel en nu hebt je in wezen hardware-MFA op al jouw accounts. Het is de moeite waard om op te merken dat zwakke authenticatie op jouw OAuth provider-account betekent dat elke account gekoppeld aan die login ook zwak zal zijn.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. Als je bijvoorbeeld een account wilt beveiligen met een hardwaresleutel, maar die dienst ondersteunt geen hardwaresleutels, dan kun je jouw OAuth account beveiligen met een hardwaresleutel en nu hebt je in wezen hardware-MFA op al jouw accounts. Het is de moeite waard om op te merken dat zwakke authenticatie op jouw OAuth provider-account betekent dat elke account gekoppeld aan die login ook zwak zal zijn.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Telefoonnummer
diff --git a/i18n/pl/basics/account-creation.md b/i18n/pl/basics/account-creation.md
index dcd9f988..30337e41 100644
--- a/i18n/pl/basics/account-creation.md
+++ b/i18n/pl/basics/account-creation.md
@@ -53,17 +53,21 @@ When you sign in with OAuth, it will open a login page with the provider you cho
The main advantages are:
-- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Ease of use**: multiple accounts are managed by a single login.
But there are disadvantages:
- **Privacy**: the OAuth provider you log in with will know the services you use.
-- **Centralization**: if the account you use for OAuth is compromised or you aren't able to login to it, all other accounts connected to it are affected.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth authentication can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
-All the services that use OAuth will be as secure as your underlying provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Phone number
diff --git a/i18n/pt-BR/basics/account-creation.md b/i18n/pt-BR/basics/account-creation.md
index 5ac9afb0..380000f7 100644
--- a/i18n/pt-BR/basics/account-creation.md
+++ b/i18n/pt-BR/basics/account-creation.md
@@ -53,17 +53,21 @@ When you sign in with OAuth, it will open a login page with the provider you cho
The main advantages are:
-- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Ease of use**: multiple accounts are managed by a single login.
But there are disadvantages:
- **Privacy**: the OAuth provider you log in with will know the services you use.
-- **Centralization**: if the account you use for OAuth is compromised or you aren't able to login to it, all other accounts connected to it are affected.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth authentication can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
-All the services that use OAuth will be as secure as your underlying provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Phone number
diff --git a/i18n/pt/basics/account-creation.md b/i18n/pt/basics/account-creation.md
index 9a1055ba..df1bc2a3 100644
--- a/i18n/pt/basics/account-creation.md
+++ b/i18n/pt/basics/account-creation.md
@@ -54,17 +54,21 @@ Quando iniciar sessão com o OAuth, será aberta uma página de início de sess
As principais vantagens são:
-- **Segurança**: não há risco de estar envolvido numa violação de dados [](https://en.wikipedia.org/wiki/Data_breach) porque o sítio web não armazena as suas credenciais.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Facilidade de utilização**: várias contas são geridas por um único início de sessão.
Mas há desvantagens:
- **Privacidade**: o fornecedor OAuth com o qual inicia sessão conhecerá os serviços que utiliza.
-- **Centralização**: se a conta que utiliza para o OAuth for comprometida ou se não conseguir iniciar sessão nela, todas as outras contas ligadas a essa conta são afetadas.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-A autenticação OAuth pode ser especialmente útil nas situações em que pode beneficiar de uma integração mais profunda entre serviços. A nossa recomendação é limitar a utilização do OAuth apenas onde for necessário e proteger sempre a conta principal com [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. A nossa recomendação é limitar a utilização do OAuth apenas onde for necessário e proteger sempre a conta principal com [MFA](multi-factor-authentication.md).
-Todos os serviços que utilizam o OAuth serão tão seguros como a conta do seu fornecedor subjacente. Por exemplo, se quiser proteger uma conta com uma chave de hardware, mas esse serviço não suportar chaves de hardware, pode proteger a conta que utiliza com o OAuth com uma chave de hardware, e agora tem essencialmente MFA de hardware em todas as suas contas. No entanto, vale a pena notar que uma autenticação fraca na sua conta de fornecedor OAuth significa que qualquer conta associada a esse início de sessão também será fraca.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. Por exemplo, se quiser proteger uma conta com uma chave de hardware, mas esse serviço não suportar chaves de hardware, pode proteger a conta que utiliza com o OAuth com uma chave de hardware, e agora tem essencialmente MFA de hardware em todas as suas contas. No entanto, vale a pena notar que uma autenticação fraca na sua conta de fornecedor OAuth significa que qualquer conta associada a esse início de sessão também será fraca.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Número de telemóvel
diff --git a/i18n/ru/basics/account-creation.md b/i18n/ru/basics/account-creation.md
index 7a896c9e..fd908609 100644
--- a/i18n/ru/basics/account-creation.md
+++ b/i18n/ru/basics/account-creation.md
@@ -53,17 +53,21 @@ OAuth - это протокол аутентификации, который п
Основными преимуществами являются:
-- **Безопасность**: нет риска быть подверженным [утечке данных](https://en.wikipedia.org/wiki/Data_breach), поскольку сайт не хранит ваши учетные данные.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Простота использования**: управление несколькими учетными записями осуществляется с помощью одного логина.
Но есть и недостатки:
- **Конфиденциальность**: провайдер OAuth, с помощью которого вы входите в систему, будет знать, какими услугами вы пользуетесь.
-- **Централизация**: если учетная запись, которую вы используете для OAuth, скомпрометирована или вы не можете войти в нее, все остальные учетные записи, подключенные к ней, будут также недоступны.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-Аутентификация OAuth может быть особенно полезна в тех ситуациях, когда вы можете выиграть от более тесной интеграции между сервисами. Наша рекомендация - ограничить использование OAuth только там, где это необходимо, и всегда защищать основной аккаунт с помощью [МФА](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Наша рекомендация - ограничить использование OAuth только там, где это необходимо, и всегда защищать основной аккаунт с помощью [МФА](multi-factor-authentication.md).
-Все сервисы, использующие OAuth, будут безопасны настолько, насколько безопасна ваша основная учетная запись. Например, если вы хотите защитить учетную запись аппаратным ключом, но сервис не поддерживает аппаратные ключи, вы можете защитить учетную запись, используемую с помощью OAuth, аппаратным ключом, и теперь у вас есть аппаратная МФА для всех ваших учетных записей. Однако стоит отметить, что слабая аутентификация в учетной записи поставщика OAuth означает, что любая учетная запись, привязанная к этому логину, также будет слабой.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. Например, если вы хотите защитить учетную запись аппаратным ключом, но сервис не поддерживает аппаратные ключи, вы можете защитить учетную запись, используемую с помощью OAuth, аппаратным ключом, и теперь у вас есть аппаратная МФА для всех ваших учетных записей. Однако стоит отметить, что слабая аутентификация в учетной записи поставщика OAuth означает, что любая учетная запись, привязанная к этому логину, также будет слабой.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Номер телефона
diff --git a/i18n/sv/basics/account-creation.md b/i18n/sv/basics/account-creation.md
index 8e90d123..9db38ff7 100644
--- a/i18n/sv/basics/account-creation.md
+++ b/i18n/sv/basics/account-creation.md
@@ -53,17 +53,21 @@ When you sign in with OAuth, it will open a login page with the provider you cho
The main advantages are:
-- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Ease of use**: multiple accounts are managed by a single login.
But there are disadvantages:
- **Privacy**: the OAuth provider you log in with will know the services you use.
-- **Centralization**: if the account you use for OAuth is compromised or you aren't able to login to it, all other accounts connected to it are affected.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth authentication can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
-All the services that use OAuth will be as secure as your underlying provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Phone number
diff --git a/i18n/tr/basics/account-creation.md b/i18n/tr/basics/account-creation.md
index 4b1baa40..cadf5427 100644
--- a/i18n/tr/basics/account-creation.md
+++ b/i18n/tr/basics/account-creation.md
@@ -53,17 +53,21 @@ When you sign in with OAuth, it will open a login page with the provider you cho
The main advantages are:
-- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Ease of use**: multiple accounts are managed by a single login.
But there are disadvantages:
- **Privacy**: the OAuth provider you log in with will know the services you use.
-- **Centralization**: if the account you use for OAuth is compromised or you aren't able to login to it, all other accounts connected to it are affected.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth authentication can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
-All the services that use OAuth will be as secure as your underlying provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Telefon numarası
diff --git a/i18n/uk/basics/account-creation.md b/i18n/uk/basics/account-creation.md
index dcd9f988..30337e41 100644
--- a/i18n/uk/basics/account-creation.md
+++ b/i18n/uk/basics/account-creation.md
@@ -53,17 +53,21 @@ When you sign in with OAuth, it will open a login page with the provider you cho
The main advantages are:
-- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Ease of use**: multiple accounts are managed by a single login.
But there are disadvantages:
- **Privacy**: the OAuth provider you log in with will know the services you use.
-- **Centralization**: if the account you use for OAuth is compromised or you aren't able to login to it, all other accounts connected to it are affected.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth authentication can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
-All the services that use OAuth will be as secure as your underlying provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Phone number
diff --git a/i18n/vi/basics/account-creation.md b/i18n/vi/basics/account-creation.md
index dcd9f988..30337e41 100644
--- a/i18n/vi/basics/account-creation.md
+++ b/i18n/vi/basics/account-creation.md
@@ -53,17 +53,21 @@ When you sign in with OAuth, it will open a login page with the provider you cho
The main advantages are:
-- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials.
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **Ease of use**: multiple accounts are managed by a single login.
But there are disadvantages:
- **Privacy**: the OAuth provider you log in with will know the services you use.
-- **Centralization**: if the account you use for OAuth is compromised or you aren't able to login to it, all other accounts connected to it are affected.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth authentication can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
-All the services that use OAuth will be as secure as your underlying provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### Phone number
diff --git a/i18n/zh-Hant/basics/account-creation.md b/i18n/zh-Hant/basics/account-creation.md
index d01c4602..46ea16cb 100644
--- a/i18n/zh-Hant/basics/account-creation.md
+++ b/i18n/zh-Hant/basics/account-creation.md
@@ -53,17 +53,21 @@ OAuth 是一種驗證協定可在註冊服務時無須對供應商分享註冊
主要優勢是:
-- **安全性**:沒有涉及 [資料外洩](https://en.wikipedia.org/wiki/Data_breach) 的風險,因為網站沒有儲存您的憑證。
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **易用性**:多個帳戶由單一登入管理。
但也有一些缺陷:
- **隱私**: OAuth 讓您利用已註冊的服務作登入新服務。
-- **集中化**: 如果您使用的 OAuth 帳戶被駭或是無法利用它登入,與之連結的其它帳戶也會受到影響。
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth 在那些服務之間深度整合情況下,可以特別有用。 我們建議將 OAuth 限制在需要的地方,用 [MFA](multi-factor-authentication.md)來保護主帳戶。
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. 我們建議將 OAuth 限制在需要的地方,用 [MFA](multi-factor-authentication.md)來保護主帳戶。
-所有使用 OAuth 的服務都將與您的基礎提供商帳戶一樣安全。 例如,想用硬體密鑰保護某個帳戶,但該服務不支持硬體密鑰,則可用硬體密鑰保護您的 OAuth 帳戶,現在您所有帳戶基本上都有硬體 MFA。 但值得注意的是,OAuth 帳戶的弱認證意味著與該登入方式相關的其它帳戶也會很弱。
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. 例如,想用硬體密鑰保護某個帳戶,但該服務不支持硬體密鑰,則可用硬體密鑰保護您的 OAuth 帳戶,現在您所有帳戶基本上都有硬體 MFA。 但值得注意的是,OAuth 帳戶的弱認證意味著與該登入方式相關的其它帳戶也會很弱。
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### 電話號碼
diff --git a/i18n/zh/basics/account-creation.md b/i18n/zh/basics/account-creation.md
index d9934dd5..b836f770 100644
--- a/i18n/zh/basics/account-creation.md
+++ b/i18n/zh/basics/account-creation.md
@@ -53,17 +53,21 @@ When you sign in with OAuth, it will open a login page with the provider you cho
主要的优点是:
-- **安全性**:没有卷入 [数据泄露的风险](https://en.wikipedia.org/wiki/Data_breach) ,因为网站不储存你的凭证。
+- **Security**: you don't have to trust the security practices of the service you're logging into when it comes to storing your login credentials, because they are stored with the external OAuth provider, which when it comes to services like Apple and Google typically follow the best security practices, continuously audit their authentication systems, and don't store credentials inappropriately (such as in plain text).
- **易用性**:多个账户由一个登录账号管理。
但也有弊端:
- **Privacy**: the OAuth provider you log in with will know the services you use.
-- **Centralization**: if the account you use for OAuth is compromised or you aren't able to login to it, all other accounts connected to it are affected.
+- **Centralization**: if the account you use for OAuth is compromised, or you aren't able to log in to it, all other accounts connected to it are affected.
-OAuth authentication can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
+OAuth can be especially useful in those situations where you could benefit from deeper integration between services. Our recommendation is to limit using OAuth to only where you need it, and always protect the main account with [MFA](multi-factor-authentication.md).
-All the services that use OAuth will be as secure as your underlying provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+All the services that use OAuth will be as secure as your underlying OAuth provider's account. For example, if you want to secure an account with a hardware key, but that service doesn't support hardware keys, you can secure the account you use with OAuth with a hardware key instead, and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your OAuth provider account means that any account tied to that login will also be weak.
+
+There is an additional danger when using *Sign in with Google*, *Facebook*, or another service, which is that typically the OAuth process allows for *bidirectional* data sharing. For example, logging in to a forum with your Twitter account could grant that forum access to do things on your Twitter account such as post, read your messages, or access other personal data. OAuth providers will typically present you with a list of things you are granting the external service access to, and you should always ensure that you read through that list and don't inadvertently grant the external service access to anything it doesn't require.
+
+Malicious applications, particularly on mobile devices where the application has access to the WebView session used for logging in to the OAuth provider, can also abuse this process by hijacking your session with the OAuth provider and gaining access to your OAuth account through those means. Using the *Sign in with* option with any provider should usually be considered a matter of convenience that you only use with services you trust to not be actively malicious.
### 手机号